summaryrefslogtreecommitdiff
path: root/libjava/classpath/java/security/cert
diff options
context:
space:
mode:
authorupstream source tree <ports@midipix.org>2015-03-15 20:14:05 -0400
committerupstream source tree <ports@midipix.org>2015-03-15 20:14:05 -0400
commit554fd8c5195424bdbcabf5de30fdc183aba391bd (patch)
tree976dc5ab7fddf506dadce60ae936f43f58787092 /libjava/classpath/java/security/cert
downloadcbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.bz2
cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.xz
obtained gcc-4.6.4.tar.bz2 from upstream website;upstream
verified gcc-4.6.4.tar.bz2.sig; imported gcc-4.6.4 source tree from verified upstream tarball. downloading a git-generated archive based on the 'upstream' tag should provide you with a source tree that is binary identical to the one extracted from the above tarball. if you have obtained the source via the command 'git clone', however, do note that line-endings of files in your working directory might differ from line-endings of the respective files in the upstream repository.
Diffstat (limited to 'libjava/classpath/java/security/cert')
-rw-r--r--libjava/classpath/java/security/cert/CRL.java98
-rw-r--r--libjava/classpath/java/security/cert/CRLException.java95
-rw-r--r--libjava/classpath/java/security/cert/CRLSelector.java69
-rw-r--r--libjava/classpath/java/security/cert/CertPath.java254
-rw-r--r--libjava/classpath/java/security/cert/CertPathBuilder.java251
-rw-r--r--libjava/classpath/java/security/cert/CertPathBuilderException.java159
-rw-r--r--libjava/classpath/java/security/cert/CertPathBuilderResult.java63
-rw-r--r--libjava/classpath/java/security/cert/CertPathBuilderSpi.java74
-rw-r--r--libjava/classpath/java/security/cert/CertPathParameters.java58
-rw-r--r--libjava/classpath/java/security/cert/CertPathValidator.java264
-rw-r--r--libjava/classpath/java/security/cert/CertPathValidatorException.java226
-rw-r--r--libjava/classpath/java/security/cert/CertPathValidatorResult.java63
-rw-r--r--libjava/classpath/java/security/cert/CertPathValidatorSpi.java81
-rw-r--r--libjava/classpath/java/security/cert/CertSelector.java58
-rw-r--r--libjava/classpath/java/security/cert/CertStore.java305
-rw-r--r--libjava/classpath/java/security/cert/CertStoreException.java159
-rw-r--r--libjava/classpath/java/security/cert/CertStoreParameters.java60
-rw-r--r--libjava/classpath/java/security/cert/CertStoreSpi.java103
-rw-r--r--libjava/classpath/java/security/cert/Certificate.java306
-rw-r--r--libjava/classpath/java/security/cert/CertificateEncodingException.java93
-rw-r--r--libjava/classpath/java/security/cert/CertificateException.java96
-rw-r--r--libjava/classpath/java/security/cert/CertificateExpiredException.java71
-rw-r--r--libjava/classpath/java/security/cert/CertificateFactory.java355
-rw-r--r--libjava/classpath/java/security/cert/CertificateFactorySpi.java224
-rw-r--r--libjava/classpath/java/security/cert/CertificateNotYetValidException.java71
-rw-r--r--libjava/classpath/java/security/cert/CertificateParsingException.java93
-rw-r--r--libjava/classpath/java/security/cert/CollectionCertStoreParameters.java122
-rw-r--r--libjava/classpath/java/security/cert/LDAPCertStoreParameters.java140
-rw-r--r--libjava/classpath/java/security/cert/PKIXBuilderParameters.java149
-rw-r--r--libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java104
-rw-r--r--libjava/classpath/java/security/cert/PKIXCertPathChecker.java134
-rw-r--r--libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java142
-rw-r--r--libjava/classpath/java/security/cert/PKIXParameters.java547
-rw-r--r--libjava/classpath/java/security/cert/PolicyNode.java108
-rw-r--r--libjava/classpath/java/security/cert/PolicyQualifierInfo.java169
-rw-r--r--libjava/classpath/java/security/cert/TrustAnchor.java185
-rw-r--r--libjava/classpath/java/security/cert/X509CRL.java397
-rw-r--r--libjava/classpath/java/security/cert/X509CRLEntry.java169
-rw-r--r--libjava/classpath/java/security/cert/X509CRLSelector.java442
-rw-r--r--libjava/classpath/java/security/cert/X509CertSelector.java1319
-rw-r--r--libjava/classpath/java/security/cert/X509Certificate.java589
-rw-r--r--libjava/classpath/java/security/cert/X509Extension.java113
-rw-r--r--libjava/classpath/java/security/cert/package.html46
43 files changed, 8624 insertions, 0 deletions
diff --git a/libjava/classpath/java/security/cert/CRL.java b/libjava/classpath/java/security/cert/CRL.java
new file mode 100644
index 000000000..1eaa70fa9
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CRL.java
@@ -0,0 +1,98 @@
+/* CRL.java --- Certificate Revocation List
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ Certificate Revocation List class for managing CRLs that
+ have different formats but the same general use. They
+ all serve as lists of revoked certificates and can
+ be queried for a given certificate.
+
+ Specialized CRLs extend this class.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class CRL
+{
+
+ private String type;
+
+ /**
+ Creates a new CRL for the specified type. An example
+ is "X.509".
+
+ @param type the standard name for the CRL type.
+ */
+ protected CRL(String type)
+ {
+ this.type = type;
+ }
+
+ /**
+ Returns the CRL type.
+
+ @return a string representing the CRL type
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ Returns a string representing the CRL.
+
+ @return a string representing the CRL.
+ */
+ public abstract String toString();
+
+ /**
+ Determines whether or not the specified Certificate
+ is revoked.
+
+ @param cert A certificate to check if it is revoked
+
+ @return true if the certificate is revoked,
+ false otherwise.
+ */
+ public abstract boolean isRevoked(Certificate cert);
+
+
+}
diff --git a/libjava/classpath/java/security/cert/CRLException.java b/libjava/classpath/java/security/cert/CRLException.java
new file mode 100644
index 000000000..10171c418
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CRLException.java
@@ -0,0 +1,95 @@
+/* CRLException.java -- Certificate Revocation List Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Exception for a Certificate Revocation List.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.5
+*/
+public class CRLException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = -6694728944094197147L;
+
+ /**
+ * Constructs an CRLExceptionwithout a message string.
+ */
+ public CRLException()
+ {
+ }
+
+ /**
+ * Constructs an CRLException with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public CRLException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CRLException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CRLException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CRLSelector.java b/libjava/classpath/java/security/cert/CRLSelector.java
new file mode 100644
index 000000000..6cd657c7f
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CRLSelector.java
@@ -0,0 +1,69 @@
+/* CRLSelector.java -- matches CRLs against criteria.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * A generic interface to classes that match certificate revocation
+ * lists (CRLs) to some given criteria. Implementations of this
+ * interface are useful for finding {@link CRL} objects in a {@link
+ * CertStore}.
+ *
+ * @see CertStore
+ * @see CertSelector
+ * @see X509CRLSelector
+ */
+public interface CRLSelector extends Cloneable
+{
+
+ /**
+ * Returns a clone of this instance.
+ *
+ * @return The clone.
+ */
+ Object clone();
+
+ /**
+ * Match a given certificate revocation list to this selector's
+ * criteria, returning true if it matches, false otherwise.
+ *
+ * @param crl The certificate revocation list to test.
+ * @return The boolean result of this test.
+ */
+ boolean match(CRL crl);
+}
diff --git a/libjava/classpath/java/security/cert/CertPath.java b/libjava/classpath/java/security/cert/CertPath.java
new file mode 100644
index 000000000..7211647a4
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPath.java
@@ -0,0 +1,254 @@
+/* CertPath.java -- a sequence of certificates
+ Copyright (C) 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import java.io.ByteArrayInputStream;
+import java.io.NotSerializableException;
+import java.io.ObjectStreamException;
+import java.io.Serializable;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * This class represents an immutable sequence, or path, of security
+ * certificates. The path type must match the type of each certificate in the
+ * path, or in other words, for all instances of cert in a certpath object,
+ * <code>cert.getType().equals(certpath.getType())</code> will return true.
+ *
+ * <p>Since this class is immutable, it is thread-safe. During serialization,
+ * the path is consolidated into a {@link CertPathRep}, which preserves the
+ * data regardless of the underlying implementation of the path.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @since 1.4
+ * @status updated to 1.4
+ */
+public abstract class CertPath implements Serializable
+{
+ /**
+ * The serialized representation of a path.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ */
+ protected static class CertPathRep implements Serializable
+ {
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = 3015633072427920915L;
+
+ /**
+ * The certificate type.
+ *
+ * @serial the type of the certificate path
+ */
+ private final String type;
+
+ /**
+ * The encoded form of the path.
+ *
+ * @serial the encoded form
+ */
+ private final byte[] data;
+
+ /**
+ * Create the new serial representation.
+ *
+ * @param type the path type
+ * @param data the encoded path data
+ */
+ protected CertPathRep(String type, byte[] data)
+ {
+ this.type = type;
+ this.data = data;
+ }
+
+ /**
+ * Decode the data into an actual {@link CertPath} upon deserialization.
+ *
+ * @return the replacement object
+ * @throws ObjectStreamException if replacement fails
+ */
+ protected Object readResolve() throws ObjectStreamException
+ {
+ try
+ {
+ return CertificateFactory.getInstance(type)
+ .generateCertPath(new ByteArrayInputStream(data));
+ }
+ catch (CertificateException e)
+ {
+ throw (ObjectStreamException)
+ new NotSerializableException("java.security.cert.CertPath: "
+ + type).initCause(e);
+ }
+ }
+ } // class CertPathRep
+
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = 6068470306649138683L;
+
+ /**
+ * The path type.
+ *
+ * @serial the type of all certificates in this path
+ */
+ private final String type;
+
+ /**
+ * Create a certificate path with the given type. Most code should use
+ * {@link CertificateFactory} to create CertPaths.
+ *
+ * @param type the type of the path
+ */
+ protected CertPath(String type)
+ {
+ this.type = type;
+ }
+
+ /**
+ * Get the (non-null) type of all certificates in the path.
+ *
+ * @return the path certificate type
+ */
+ public String getType()
+ {
+ return type;
+ }
+
+ /**
+ * Get an immutable iterator over the path encodings (all String names),
+ * starting with the default encoding. The iterator will throw an
+ * <code>UnsupportedOperationException</code> if an attempt is made to
+ * remove items from the list.
+ *
+ * @return the iterator of supported encodings in the path
+ */
+ public abstract Iterator<String> getEncodings();
+
+ /**
+ * Compares this path to another for semantic equality. To be equal, both
+ * must be instances of CertPath, with the same type, and identical
+ * certificate lists. Overriding classes must not change this behavior.
+ *
+ * @param o the object to compare to
+ * @return true if the two are equal
+ */
+ public boolean equals(Object o)
+ {
+ if (! (o instanceof CertPath))
+ return false;
+ CertPath cp = (CertPath) o;
+ return type.equals(cp.type)
+ && getCertificates().equals(cp.getCertificates());
+ }
+
+ /**
+ * Returns the hashcode of this certificate path. This is defined as:<br>
+ * <code>31 * getType().hashCode() + getCertificates().hashCode()</code>.
+ *
+ * @return the hashcode
+ */
+ public int hashCode()
+ {
+ return 31 * type.hashCode() + getCertificates().hashCode();
+ }
+
+ public String toString()
+ {
+ List l = getCertificates();
+ int size = l.size();
+ int i = 0;
+ CPStringBuilder result = new CPStringBuilder(type);
+ result.append(" Cert Path: length = ").append(size).append(".\n[\n");
+ while (--size >= 0)
+ result.append(l.get(i++)).append('\n');
+ return result.append("\n]").toString();
+ }
+
+ /**
+ * Returns the encoded form of this path, via the default encoding.
+ *
+ * @return the encoded form
+ * @throws CertificateEncodingException if encoding fails
+ */
+ public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+ /**
+ * Returns the encoded form of this path, via the specified encoding.
+ *
+ * @param encoding the encoding to use
+ * @return the encoded form
+ * @throws CertificateEncodingException if encoding fails or does not exist
+ */
+ public abstract byte[] getEncoded(String encoding)
+ throws CertificateEncodingException;
+
+ /**
+ * Returns the immutable, thread-safe list of certificates in this path.
+ *
+ * @return the list of certificates, non-null but possibly empty
+ */
+ public abstract List<? extends Certificate> getCertificates();
+
+ /**
+ * Serializes the path in its encoded form, to ensure reserialization with
+ * the appropriate factory object without worrying about list implementation.
+ * The result will always be an instance of {@link CertPathRep}.
+ *
+ * @return the replacement object
+ * @throws ObjectStreamException if the replacement creation fails
+ */
+ protected Object writeReplace() throws ObjectStreamException
+ {
+ try
+ {
+ return new CertPathRep(type, getEncoded());
+ }
+ catch (CertificateEncodingException e)
+ {
+ throw (ObjectStreamException)
+ new NotSerializableException("java.security.cert.CertPath: "
+ + type).initCause(e);
+ }
+ }
+} // class CertPath
diff --git a/libjava/classpath/java/security/cert/CertPathBuilder.java b/libjava/classpath/java/security/cert/CertPathBuilder.java
new file mode 100644
index 000000000..47bae6db8
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathBuilder.java
@@ -0,0 +1,251 @@
+/* CertPathBuilder.java -- bulids CertPath objects from Certificates.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * This class builds certificate paths (also called certificate chains),
+ * which can be used to establish trust for a particular certificate by
+ * building a path from a trusted certificate (a trust anchor) to the
+ * untrusted certificate.
+ *
+ * @see CertPath
+ */
+public class CertPathBuilder
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Service name for CertPathBuilder. */
+ private static final String CERT_PATH_BUILDER = "CertPathBuilder";
+
+ /** The underlying implementation. */
+ private CertPathBuilderSpi cpbSpi;
+
+ /** The provider of this implementation. */
+ private Provider provider;
+
+ /** The name of this implementation. */
+ private String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CertPathBuilder.
+ *
+ * @param cpbSpi The underlying implementation.
+ * @param provider The provider of the implementation.
+ * @param algorithm This implementation's name.
+ */
+ protected CertPathBuilder(CertPathBuilderSpi cpbSpi, Provider provider,
+ String algorithm)
+ {
+ this.cpbSpi = cpbSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the default cert path builder type.
+ *
+ * <p>This value can be set at run-time by the security property
+ * <code>"certpathbuilder.type"</code>. If this property is not set,
+ * then the value returned is <code>"PKIX"</code>.
+ *
+ * @return The default CertPathBuilder algorithm.
+ */
+ public static final String getDefaultType()
+ {
+ String type = Security.getProperty("certpathbuilder.type");
+ if (type == null)
+ type = "PKIX";
+ return type;
+ }
+
+ /**
+ * Returns an instance of a named <code>CertPathBuilder</code> from the
+ * first provider that implements it.
+ *
+ * @param algorithm The name of the <code>CertPathBuilder</code> to create.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * named algorithm.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static CertPathBuilder getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of a named <code>CertPathBuilder</code> from a named
+ * provider.
+ *
+ * @param algorithm The name of the <code>CertPathBuilder</code> to create.
+ * @param provider The name of the provider to use.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * named algorithm.
+ * @throws NoSuchProviderException If the named provider does not exist.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static CertPathBuilder getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of a named <code>CertPathBuilder</code> from the
+ * specified provider.
+ *
+ * @param algorithm The name of the <code>CertPathBuilder</code> to create.
+ * @param provider The provider to use.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * named algorithm.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static CertPathBuilder getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("CertPathBuilder for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(CERT_PATH_BUILDER, algorithm, provider);
+ return new CertPathBuilder((CertPathBuilderSpi) spi, provider, algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Return the name of this CertPathBuilder algorithm.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the provider of this instance's implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Builds a certificate path. The {@link CertPathParameters} parameter
+ * passed to this method is implementation-specific, but in general
+ * should contain some number of certificates and some number of
+ * trusted certificates (or "trust anchors").
+ *
+ * @param params The parameters.
+ * @retrun The certificate path result.
+ * @throws CertPathBuilderException If the certificate path cannot be
+ * built.
+ * @throws InvalidAlgorithmParameterException If the implementation
+ * rejects the specified parameters.
+ */
+ public final CertPathBuilderResult build(CertPathParameters params)
+ throws CertPathBuilderException, InvalidAlgorithmParameterException
+ {
+ return cpbSpi.engineBuild(params);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertPathBuilderException.java b/libjava/classpath/java/security/cert/CertPathBuilderException.java
new file mode 100644
index 000000000..985151010
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathBuilderException.java
@@ -0,0 +1,159 @@
+/* CertPathBuilderException.java -- wraps an exception during certificate
+ path building
+ Copyright (C) 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+
+/**
+ * Indicates a problem while using a <code>CertPathBuilder</code>, wrapping
+ * the lower exception. This class is not thread-safe.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see CertPathBuilder
+ * @since 1.4
+ * @status updated to 1.4
+*/
+public class CertPathBuilderException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = 5316471420178794402L;
+
+ /**
+ * Create an exception without a message. The cause may be initialized.
+ */
+ public CertPathBuilderException()
+ {
+ }
+
+ /**
+ * Create an exception with a message. The cause may be initialized.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertPathBuilderException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create an exception with a cause. The message will be
+ * <code>cause == null ? null : cause.toString()</code>.
+ *
+ * @param cause the cause
+ */
+ public CertPathBuilderException(Throwable cause)
+ {
+ this(cause == null ? null : cause.toString(), cause);
+ }
+
+ /**
+ * Create an exception with a cause and a message.
+ *
+ * @param msg the message
+ * @param cause the cause
+ */
+ public CertPathBuilderException(String msg, Throwable cause)
+ {
+ super(msg);
+ initCause(cause);
+ }
+
+ /**
+ * Get the detail message.
+ *
+ * @return the detail message
+ */
+ public String getMessage()
+ {
+ return super.getMessage();
+ }
+
+ /**
+ * Get the cause, null if unknown.
+ *
+ * @return the cause
+ */
+ public Throwable getCause()
+ {
+ return super.getCause();
+ }
+
+ /**
+ * Convert this to a string, including its cause.
+ *
+ * @return the string conversion
+ */
+ public String toString()
+ {
+ return super.toString();
+ }
+
+ /**
+ * Print the stack trace to <code>System.err</code>.
+ */
+ public void printStackTrace()
+ {
+ super.printStackTrace();
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintStream stream)
+ {
+ super.printStackTrace(stream);
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintWriter stream)
+ {
+ super.printStackTrace(stream);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertPathBuilderResult.java b/libjava/classpath/java/security/cert/CertPathBuilderResult.java
new file mode 100644
index 000000000..edae88f64
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathBuilderResult.java
@@ -0,0 +1,63 @@
+/* CertPathBuilderResult -- results from building cert paths.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * A standard interface for the result of building a certificate path.
+ * All implementations of this class must provide a way to get the
+ * certificate path, but may also define additional methods for
+ * returning other result data generated by the certificate path
+ * builder.
+ */
+public interface CertPathBuilderResult extends Cloneable {
+
+ /**
+ * Creates a copy of this builder result.
+ *
+ * @return The copy.
+ */
+ Object clone();
+
+ /**
+ * Get the certificate path that was built.
+ *
+ * @retrn The certificate path.
+ */
+ CertPath getCertPath();
+}
diff --git a/libjava/classpath/java/security/cert/CertPathBuilderSpi.java b/libjava/classpath/java/security/cert/CertPathBuilderSpi.java
new file mode 100644
index 000000000..afc7fc073
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathBuilderSpi.java
@@ -0,0 +1,74 @@
+/* CertPathBuilderSpi -- CertPathBuilder service provider interface.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.cert;
+
+/**
+ * The {@link CertPathBuilder} <i>Service Provider Interface</i>
+ * (<b>SPI</b>).
+ *
+ * @see CertPathBuilder
+ */
+public abstract class CertPathBuilderSpi {
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CertPathBuilderSpi.
+ */
+ public CertPathBuilderSpi() {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a certificate path from the specified parameters.
+ *
+ * @param params The parameters to use.
+ * @return The certificate path result.
+ * @throws CertPathBuilderException If the certificate path cannot be
+ * built.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * implementation rejects the specified parameters.
+ */
+ public abstract CertPathBuilderResult engineBuild(CertPathParameters params)
+ throws CertPathBuilderException,
+ java.security.InvalidAlgorithmParameterException;
+}
diff --git a/libjava/classpath/java/security/cert/CertPathParameters.java b/libjava/classpath/java/security/cert/CertPathParameters.java
new file mode 100644
index 000000000..62a5cb6a6
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathParameters.java
@@ -0,0 +1,58 @@
+/* CertPathParameters.java -- parameters for CertPathBuilder.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.cert;
+
+/**
+ * Parameters for generating and validating certificate paths. This
+ * class does not define any methods (except a required cloneable
+ * interface) and is provided only to provide type safety for
+ * implementations. Concrete implementations implement this interface
+ * in accord with thier own needs.
+ *
+ * @see CertPathBuilder
+ * @see CertPathValidator
+ */
+public interface CertPathParameters extends Cloneable {
+
+ /**
+ * Makes a copy of this CertPathParameters instance.
+ *
+ * @return The copy.
+ */
+ Object clone();
+}
diff --git a/libjava/classpath/java/security/cert/CertPathValidator.java b/libjava/classpath/java/security/cert/CertPathValidator.java
new file mode 100644
index 000000000..8bd7b58e8
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathValidator.java
@@ -0,0 +1,264 @@
+/* CertPathValidator -- validates certificate paths.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * Generic interface to classes that validate certificate paths.
+ *
+ * <p>Using this class is similar to all the provider-based security
+ * classes; the method of interest, {@link
+ * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
+ * which takes provider-specific implementations of {@link
+ * CertPathParameters}, and return provider-specific implementations of
+ * {@link CertPathValidatorResult}.
+ *
+ * @since JDK 1.4
+ * @see CertPath
+ */
+public class CertPathValidator {
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Service name for CertPathValidator. */
+ private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
+
+ /** The underlying implementation. */
+ private final CertPathValidatorSpi validatorSpi;
+
+ /** The provider of this implementation. */
+ private final Provider provider;
+
+ /** The algorithm's name. */
+ private final String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CertPathValidator.
+ *
+ * @param validatorSpi The underlying implementation.
+ * @param provider The provider of the implementation.
+ * @param algorithm The algorithm name.
+ */
+ protected CertPathValidator(CertPathValidatorSpi validatorSpi,
+ Provider provider, String algorithm)
+ {
+ this.validatorSpi = validatorSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the default validator type.
+ *
+ * <p>This value may be set at run-time via the security property
+ * "certpathvalidator.type", or the value "PKIX" if this property is
+ * not set.
+ *
+ * @return The default validator type.
+ */
+ public static synchronized String getDefaultType() {
+ String type = (String) AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty("certpathvalidator.type");
+ }
+ }
+ );
+ if (type == null)
+ type = "PKIX";
+ return type;
+ }
+
+ /**
+ * Returns an instance of the given validator from the first provider that
+ * implements it.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * requested algorithm.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static CertPathValidator getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of the given validator from the named provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The name of the provider from which to get the
+ * implementation.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If the named provider does not implement
+ * the algorithm.
+ * @throws NoSuchProviderException If no provider named <i>provider</i> is
+ * installed.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static CertPathValidator getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of the given validator from the given provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The provider from which to get the implementation.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * algorithm.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static CertPathValidator getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("CertPathValidator for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider);
+ return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Return the name of this validator.
+ *
+ * @return This validator's name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the provider of this implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Attempt to validate a certificate path.
+ *
+ * @param certPath The path to validate.
+ * @param params The algorithm-specific parameters.
+ * @return The result of this validation attempt.
+ * @throws CertPathValidatorException If the certificate path cannot
+ * be validated.
+ * @throws InvalidAlgorithmParameterException If this implementation
+ * rejects the specified parameters.
+ */
+ public final CertPathValidatorResult validate(CertPath certPath,
+ CertPathParameters params)
+ throws CertPathValidatorException, InvalidAlgorithmParameterException
+ {
+ return validatorSpi.engineValidate(certPath, params);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertPathValidatorException.java b/libjava/classpath/java/security/cert/CertPathValidatorException.java
new file mode 100644
index 000000000..f3195be29
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathValidatorException.java
@@ -0,0 +1,226 @@
+/* CertPathValidatorException.java -- wraps an exception during validation
+ of a CertPath
+ Copyright (C) 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+
+/**
+ * Indicates a problem while validating a certification path. In addition,
+ * it can store the path an index in that path that caused the problem. This
+ * class is not thread-safe.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see CertPathValidator
+ * @since 1.4
+ * @status updated to 1.4
+*/
+public class CertPathValidatorException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = -3083180014971893139L;
+
+ /**
+ * The index of the certificate path that failed, or -1.
+ *
+ * @serial the failed index
+ */
+ private final int index;
+
+ /**
+ * The <code>CertPath</code> that failed.
+ *
+ * @serial the object being validated at time of failure
+ */
+ private final CertPath certPath;
+
+ /**
+ * Create an exception without a message. The cause may be initialized. The
+ * index is set to -1 and the failed CertPath object to null.
+ */
+ public CertPathValidatorException()
+ {
+ this((String) null);
+ }
+
+ /**
+ * Create an exception with a message. The cause may be initialized. The
+ * index is set to -1 and the failed CertPath object to null.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertPathValidatorException(String msg)
+ {
+ super(msg);
+ index = -1;
+ certPath = null;
+ }
+
+ /**
+ * Create an exception with a cause. The message will be
+ * <code>cause == null ? null : cause.toString()</code>. The index is set
+ * to -1 and the failed CertPath object to null.
+ *
+ * @param cause the cause
+ */
+ public CertPathValidatorException(Throwable cause)
+ {
+ this(cause == null ? null : cause.toString(), cause, null, -1);
+ }
+
+ /**
+ * Create an exception with a cause and a message. The index is set to -1
+ * and the failed CertPath object to null.
+ *
+ * @param msg the message
+ * @param cause the cause
+ */
+ public CertPathValidatorException(String msg, Throwable cause)
+ {
+ this(msg, cause, null, -1);
+ }
+
+ /**
+ * Create an exception with a cause, message, failed object, and index of
+ * failure in that CertPath.
+ *
+ * @param msg the message
+ * @param cause the cause
+ * @param certPath the path that was being validated, or null
+ * @param index the index of the path, or -1
+ * @throws IndexOutOfBoundsException if index is &lt; -1 or
+ * &gt; certPath.getCertificates().size()
+ * @throws IllegalArgumentException if certPath is null but index != -1
+ */
+ public CertPathValidatorException(String msg, Throwable cause,
+ CertPath certPath, int index)
+ {
+ super(msg);
+ initCause(cause);
+ if (index < -1 || (certPath != null
+ && index >= certPath.getCertificates().size()))
+ throw new IndexOutOfBoundsException();
+ if ((certPath == null) != (index == -1))
+ throw new IllegalArgumentException();
+ this.certPath = certPath;
+ this.index = index;
+ }
+
+ /**
+ * Get the detail message.
+ *
+ * @return the detail message
+ */
+ public String getMessage()
+ {
+ return super.getMessage();
+ }
+
+ /**
+ * Get the certificate path that had the failure, or null.
+ *
+ * @return the culprit path
+ */
+ public CertPath getCertPath()
+ {
+ return certPath;
+ }
+
+ /**
+ * Get the index that failed, or -1.
+ *
+ * @return the colprit index
+ */
+ public int getIndex()
+ {
+ return index;
+ }
+
+ /**
+ * Get the cause, null if unknown.
+ *
+ * @return the cause
+ */
+ public Throwable getCause()
+ {
+ return super.getCause();
+ }
+
+ /**
+ * Convert this to a string, including its cause.
+ *
+ * @return the string conversion
+ */
+ public String toString()
+ {
+ return super.toString();
+ }
+
+ /**
+ * Print the stack trace to <code>System.err</code>.
+ */
+ public void printStackTrace()
+ {
+ super.printStackTrace();
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintStream stream)
+ {
+ super.printStackTrace(stream);
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintWriter stream)
+ {
+ super.printStackTrace(stream);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertPathValidatorResult.java b/libjava/classpath/java/security/cert/CertPathValidatorResult.java
new file mode 100644
index 000000000..0ccd1be78
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathValidatorResult.java
@@ -0,0 +1,63 @@
+/* CertPathValidatorResult -- result of validating certificate paths
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Interface to the result of calling {@link
+ * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}.
+ *
+ * <p>This interface defines no methods other than the required
+ * {@link java.lang.Cloneable} interface, and is intended to group and
+ * provide type safety for validator results. Providers that implement
+ * a certificate path validator must also provide an implementation of
+ * this interface, possibly defining additional methods.
+ *
+ * @since JDK 1.4
+ * @see CertPathValidator
+ */
+public interface CertPathValidatorResult extends Cloneable
+{
+
+ /**
+ * Returns a copy of this validator result.
+ *
+ * @return The copy.
+ */
+ Object clone();
+}
diff --git a/libjava/classpath/java/security/cert/CertPathValidatorSpi.java b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java
new file mode 100644
index 000000000..d4531e716
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java
@@ -0,0 +1,81 @@
+/* CertPathValidatorSpi -- cert path validator service provider interface
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.InvalidAlgorithmParameterException;
+
+/**
+ * The <i>service provider interface</i> (<b>SPI</b>) for the {@link
+ * CertPathValidator} class. Providers implementing certificate path
+ * validators must subclass this class and implement its abstract
+ * methods.
+ */
+public abstract class CertPathValidatorSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Default constructor.
+ */
+ public CertPathValidatorSpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Attempt to validate a certificate path.
+ *
+ * @param certPath The path to validate.
+ * @param params The algorithm-specific parameters.
+ * @return The result of this validation attempt.
+ * @throws CertPathValidatorException If the certificate path cannot
+ * be validated.
+ * @throws InvalidAlgorithmParameterException If this implementation
+ * rejects the specified parameters.
+ */
+ public abstract CertPathValidatorResult
+ engineValidate(CertPath certPath, CertPathParameters params)
+ throws CertPathValidatorException,
+ InvalidAlgorithmParameterException;
+}
diff --git a/libjava/classpath/java/security/cert/CertSelector.java b/libjava/classpath/java/security/cert/CertSelector.java
new file mode 100644
index 000000000..4a2e7d921
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertSelector.java
@@ -0,0 +1,58 @@
+/* CertSelector.java -- certificate selector interface.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+public interface CertSelector extends Cloneable
+{
+
+ /**
+ * Returns a copy of this CertSelector.
+ *
+ * @return The copy.
+ */
+ Object clone();
+
+ /**
+ * Match a certificate according to this selector's criteria.
+ *
+ * @param cert The certificate to match.
+ * @return true if the certificate matches thin criteria.
+ */
+ boolean match(Certificate cert);
+}
diff --git a/libjava/classpath/java/security/cert/CertStore.java b/libjava/classpath/java/security/cert/CertStore.java
new file mode 100644
index 000000000..630e96762
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertStore.java
@@ -0,0 +1,305 @@
+/* CertStore -- stores and retrieves certificates.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Collection;
+
+/**
+ * A CertStore is a read-only repository for certificates and
+ * certificate revocation lists.
+ *
+ * @since 1.4
+ */
+public class CertStore
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Service name for CertStore. */
+ private static final String CERT_STORE = "CertStore";
+
+ /** The underlying implementation. */
+ private CertStoreSpi storeSpi;
+
+ /** This implementation's provider. */
+ private Provider provider;
+
+ /** The name of this key store type. */
+ private String type;
+
+ /** The parameters used to initialize this instance, if any. */
+ private CertStoreParameters params;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new CertStore.
+ *
+ * @param storeSpi The underlying implementation.
+ * @param provider The provider of this implementation.
+ * @param type The type of CertStore this class represents.
+ * @param params The parameters used to initialize this instance, if any.
+ */
+ protected CertStore(CertStoreSpi storeSpi, Provider provider, String type,
+ CertStoreParameters params)
+ {
+ this.storeSpi = storeSpi;
+ this.provider = provider;
+ this.type = type;
+ this.params = params;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the default certificate store type.
+ *
+ * <p>This value can be set at run-time via the security property
+ * "certstore.type"; if not specified than the default type will be
+ * "LDAP".
+ *
+ * @return The default CertStore type.
+ */
+ public static final synchronized String getDefaultType()
+ {
+ String type = null;
+ type = (String) java.security.AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return Security.getProperty("certstore.type");
+ }
+ }
+ );
+ if (type == null)
+ type = "LDAP";
+ return type;
+ }
+
+ /**
+ * Returns an instance of the given certificate store type from the first
+ * installed provider.
+ *
+ * @param type The type of <code>CertStore</code> to create.
+ * @param params The parameters to initialize this cert store with.
+ * @return The new instance.
+ * @throws InvalidAlgorithmParameterException If the instance rejects the
+ * specified parameters.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * specified CertStore.
+ * @throws IllegalArgumentException if <code>type</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static CertStore getInstance(String type, CertStoreParameters params)
+ throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(type, params, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(type);
+ }
+
+ /**
+ * Returns an instance of the given certificate store type from a named
+ * provider.
+ *
+ * @param type The type of <code>CertStore</code> to create.
+ * @param params The parameters to initialize this cert store with.
+ * @param provider The name of the provider to use.
+ * @return The new instance.
+ * @throws InvalidAlgorithmParameterException If the instance rejects the
+ * specified parameters.
+ * @throws NoSuchAlgorithmException If the specified provider does not
+ * implement the specified CertStore.
+ * @throws NoSuchProviderException If no provider named <i>provider</i> is
+ * installed.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ */
+ public static CertStore getInstance(String type, CertStoreParameters params,
+ String provider)
+ throws InvalidAlgorithmParameterException, NoSuchAlgorithmException,
+ NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(type, params, p);
+ }
+
+ /**
+ * Returns an instance of the given certificate store type from a given
+ * provider.
+ *
+ * @param type The type of <code>CertStore</code> to create.
+ * @param params The parameters to initialize this cert store with.
+ * @param provider The provider to use.
+ * @return The new instance.
+ * @throws InvalidAlgorithmParameterException If the instance rejects
+ * the specified parameters.
+ * @throws NoSuchAlgorithmException If the specified provider does not
+ * implement the specified CertStore.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ */
+ public static CertStore getInstance(String type, CertStoreParameters params,
+ Provider provider)
+ throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("CertStore of type [")
+ .append(type).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object[] args = new Object[] { params };
+ Object spi = Engine.getInstance(CERT_STORE, type, provider, args);
+ return new CertStore((CertStoreSpi) spi, provider, type, params);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Return the type of certificate store this instance represents.
+ *
+ * @return The CertStore type.
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ * Return the provider of this implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Get the parameters this instance was created with, if any. The
+ * parameters will be cloned before they are returned.
+ *
+ * @return The parameters, or null.
+ */
+ public final CertStoreParameters getCertStoreParameters()
+ {
+ return params != null ? (CertStoreParameters) params.clone() : null;
+ }
+
+ /**
+ * Get a collection of certificates from this CertStore, optionally
+ * filtered by the specified CertSelector. The Collection returned may
+ * be empty, but will never be null.
+ *
+ * <p>Implementations may not allow a null argument, even if no
+ * filtering is desired.
+ *
+ * @param selector The certificate selector.
+ * @return The collection of certificates.
+ * @throws CertStoreException If the certificates cannot be retrieved.
+ */
+ public final Collection<? extends Certificate> getCertificates(CertSelector selector)
+ throws CertStoreException
+ {
+ return storeSpi.engineGetCertificates(selector);
+ }
+
+ /**
+ * Get a collection of certificate revocation lists from this CertStore,
+ * optionally filtered by the specified CRLSelector. The Collection
+ * returned may be empty, but will never be null.
+ *
+ * <p>Implementations may not allow a null argument, even if no
+ * filtering is desired.
+ *
+ * @param selector The certificate selector.
+ * @return The collection of certificate revocation lists.
+ * @throws CertStoreException If the CRLs cannot be retrieved.
+ */
+ public final Collection<? extends CRL> getCRLs(CRLSelector selector)
+ throws CertStoreException
+ {
+ return storeSpi.engineGetCRLs(selector);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertStoreException.java b/libjava/classpath/java/security/cert/CertStoreException.java
new file mode 100644
index 000000000..a4d8b7a46
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertStoreException.java
@@ -0,0 +1,159 @@
+/* CertStoreException.java -- wraps an exception during certificate storage
+ Copyright (C) 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+
+/**
+ * Indicates a problem while retrieving certificates and CRLs from
+ * <code>CertStore</code>, wrapping the lower exception. This class is not
+ * thread-safe.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see CertStore
+ * @since 1.4
+ * @status updated to 1.4
+*/
+public class CertStoreException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = 2395296107471573245L;
+
+ /**
+ * Create an exception without a message. The cause may be initialized.
+ */
+ public CertStoreException()
+ {
+ }
+
+ /**
+ * Create an exception with a message. The cause may be initialized.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertStoreException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create an exception with a cause. The message will be
+ * <code>cause == null ? null : cause.toString()</code>.
+ *
+ * @param cause the cause
+ */
+ public CertStoreException(Throwable cause)
+ {
+ this(cause == null ? null : cause.toString(), cause);
+ }
+
+ /**
+ * Create an exception with a cause and a message.
+ *
+ * @param msg the message
+ * @param cause the cause
+ */
+ public CertStoreException(String msg, Throwable cause)
+ {
+ super(msg);
+ initCause(cause);
+ }
+
+ /**
+ * Get the detail message.
+ *
+ * @return the detail message
+ */
+ public String getMessage()
+ {
+ return super.getMessage();
+ }
+
+ /**
+ * Get the cause, null if unknown.
+ *
+ * @return the cause
+ */
+ public Throwable getCause()
+ {
+ return super.getCause();
+ }
+
+ /**
+ * Convert this to a string, including its cause.
+ *
+ * @return the string conversion
+ */
+ public String toString()
+ {
+ return super.toString();
+ }
+
+ /**
+ * Print the stack trace to <code>System.err</code>.
+ */
+ public void printStackTrace()
+ {
+ super.printStackTrace();
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintStream stream)
+ {
+ super.printStackTrace(stream);
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintWriter stream)
+ {
+ super.printStackTrace(stream);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertStoreParameters.java b/libjava/classpath/java/security/cert/CertStoreParameters.java
new file mode 100644
index 000000000..71bcd6109
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertStoreParameters.java
@@ -0,0 +1,60 @@
+/* CertStoreParameters -- interface to CertStore parameters.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Parameters used when creating instances of {@link CertStore}. This
+ * class does not define any methods (except a required cloneable
+ * interface) and is provided only to provide type safety for
+ * implementations. Concrete implementations implement this interface
+ * in accord with thier own needs.
+ *
+ * @see LDAPCertStoreParameters
+ * @see CollectionCertStoreParameters
+ */
+public interface CertStoreParameters extends Cloneable
+{
+
+ /**
+ * Create a copy of these parameters.
+ *
+ * @return The copy.
+ */
+ Object clone();
+}
diff --git a/libjava/classpath/java/security/cert/CertStoreSpi.java b/libjava/classpath/java/security/cert/CertStoreSpi.java
new file mode 100644
index 000000000..a47978a22
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertStoreSpi.java
@@ -0,0 +1,103 @@
+/* CertStoreSpi -- certificate store service provider interface.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.util.Collection;
+
+/**
+ * The <i>service provider interface</i> (<b>SPI</b>) for the {@link
+ * CertStore} class.
+ *
+ * <p>Providers wishing to implement a CertStore must subclass this
+ * class, implementing all the abstract methods. Providers may also
+ * implement the {@link CertStoreParameters} interface, if they require
+ * parameters.
+ *
+ * @since 1.4
+ * @see CertStore
+ * @see CollectionCertStoreParameters
+ * @see LDAPCertStoreParameters
+ */
+public abstract class CertStoreSpi
+{
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CertStoreSpi.
+ *
+ * @param params The parameters to initialize this instance with, or
+ * null if no parameters are required.
+ * @throws InvalidAlgorithmParameterException If the specified
+ * parameters are inappropriate for this class.
+ */
+ public CertStoreSpi(CertStoreParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the certificates from this store, filtering them through the
+ * specified CertSelector.
+ *
+ * @param selector The CertSelector to filter certificates.
+ * @return A (non-null) collection of certificates.
+ * @throws CertStoreException If the certificates cannot be retrieved.
+ */
+ public abstract Collection<? extends Certificate> engineGetCertificates(CertSelector selector)
+ throws CertStoreException;
+
+ /**
+ * Get the certificate revocation list from this store, filtering them
+ * through the specified CRLSelector.
+ *
+ * @param selector The CRLSelector to filter certificate revocation
+ * lists.
+ * @return A (non-null) collection of certificate revocation list.
+ * @throws CertStoreException If the CRLs cannot be retrieved.
+ */
+ public abstract Collection<? extends CRL> engineGetCRLs(CRLSelector selector)
+ throws CertStoreException;
+}
diff --git a/libjava/classpath/java/security/cert/Certificate.java b/libjava/classpath/java/security/cert/Certificate.java
new file mode 100644
index 000000000..be1713cbf
--- /dev/null
+++ b/libjava/classpath/java/security/cert/Certificate.java
@@ -0,0 +1,306 @@
+/* Certificate.java --- Certificate class
+ Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.ByteArrayInputStream;
+import java.io.InvalidObjectException;
+import java.io.ObjectStreamException;
+import java.io.Serializable;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.SignatureException;
+
+/**
+ * The Certificate class is an abstract class used to manage
+ * identity certificates. An identity certificate is a
+ * combination of a principal and a public key which is
+ * certified by another principal. This is the puprose of
+ * Certificate Authorities (CA).
+ *
+ * <p>This class is used to manage different types of certificates
+ * but have important common puposes. Different types of
+ * certificates like X.509 and OpenPGP share general certificate
+ * functions (like encoding and verifying) and information like
+ * public keys.
+ *
+ * <p>X.509, OpenPGP, and SDSI can be implemented by subclassing this
+ * class even though they differ in storage methods and information
+ * stored.
+ *
+ * @see CertificateFactory
+ * @see X509Certificate
+ * @since JDK 1.2
+ * @author Mark Benvenuto
+ * @author Casey Marshall
+ */
+public abstract class Certificate implements Serializable
+{
+ private static final long serialVersionUID = -3585440601605666277L;
+
+ private String type;
+
+ /**
+ Constructs a new certificate of the specified type. An example
+ is "X.509".
+
+ @param type a valid standard name for a certificate.
+ */
+ protected Certificate(String type)
+ {
+ this.type = type;
+ }
+
+ /**
+ Returns the Certificate type.
+
+ @return a string representing the Certificate type
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ Compares this Certificate to other. It checks if the
+ object if instanceOf Certificate and then checks if
+ the encoded form matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+ */
+ public boolean equals(Object other)
+ {
+ if( other instanceof Certificate ) {
+ try {
+ Certificate x = (Certificate) other;
+ if( getEncoded().length != x.getEncoded().length )
+ return false;
+
+ byte[] b1 = getEncoded();
+ byte[] b2 = x.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CertificateEncodingException cee ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ Returns a hash code for this Certificate in its encoded
+ form.
+
+ @return A hash code of this class
+ */
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ /**
+ Gets the DER ASN.1 encoded format for this Certificate.
+ It assumes each certificate has only one encoding format.
+ Ex: X.509 is encoded as ASN.1 DER
+
+ @return byte array containg encoded form
+
+ @throws CertificateEncodingException if an error occurs
+ */
+ public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+ /**
+ Verifies that this Certificate was properly signed with the
+ PublicKey that corresponds to its private key.
+
+ @param key PublicKey to verify with
+
+ @throws CertificateException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException no provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key)
+ throws CertificateException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Verifies that this Certificate was properly signed with the
+ PublicKey that corresponds to its private key and uses
+ the signature engine provided by the provider.
+
+ @param key PublicKey to verify with
+ @param sigProvider Provider to use for signature algorithm
+
+ @throws CertificateException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException incorrect provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key,
+ String sigProvider)
+ throws CertificateException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Returns a string representing the Certificate.
+
+ @return a string representing the Certificate.
+ */
+ public abstract String toString();
+
+
+ /**
+ Returns the public key stored in the Certificate.
+
+ @return The public key
+ */
+ public abstract PublicKey getPublicKey();
+
+ // Protected methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns a replacement for this certificate to be serialized. This
+ * method returns the equivalent to the following for this class:
+ *
+ * <blockquote>
+ * <pre>new CertificateRep(getType(), getEncoded());</pre>
+ * </blockquote>
+ *
+ * <p>This thusly replaces the certificate with its name and its
+ * encoded form, which can be deserialized later with the {@link
+ * CertificateFactory} implementation for this certificate's type.
+ *
+ * @return The replacement object to be serialized.
+ * @throws ObjectStreamException If the replacement could not be
+ * created.
+ */
+ protected Object writeReplace() throws ObjectStreamException
+ {
+ try
+ {
+ return new CertificateRep(getType(), getEncoded());
+ }
+ catch (CertificateEncodingException cee)
+ {
+ throw new InvalidObjectException(cee.toString());
+ }
+ }
+
+ // Inner class.
+ // ------------------------------------------------------------------------
+
+ /**
+ Certificate.CertificateRep is an inner class used to provide an alternate
+ storage mechanism for serialized Certificates.
+ */
+ protected static class CertificateRep implements java.io.Serializable
+ {
+
+ /** From JDK1.4. */
+ private static final long serialVersionUID = -8563758940495660020L;
+
+ /** The certificate type, e.g. "X.509". */
+ private String type;
+
+ /** The encoded certificate data. */
+ private byte[] data;
+
+ /**
+ * Create an alternative representation of this certificate. The
+ * <code>(type, data)</code> pair is typically the certificate's
+ * type as returned by {@link Certificate#getType()} (i.e. the
+ * canonical name of the certificate type) and the encoded form as
+ * returned by {@link Certificate#getEncoded()}.
+ *
+ * <p>For example, X.509 certificates would create an instance of
+ * this class with the parameters "X.509" and the ASN.1
+ * representation of the certificate, encoded as DER bytes.
+ *
+ * @param type The certificate type.
+ * @param data The encoded certificate data.
+ */
+ protected CertificateRep(String type, byte[] data)
+ {
+ this.type = type;
+ this.data = data;
+ }
+
+ /**
+ * Deserialize this certificate replacement into the appropriate
+ * certificate object. That is, this method attempts to create a
+ * {@link CertificateFactory} for this certificate's type, then
+ * attempts to parse the encoded data with that factory, returning
+ * the resulting certificate.
+ *
+ * @return The deserialized certificate.
+ * @throws ObjectStreamException If there is no appropriate
+ * certificate factory for the given type, or if the encoded form
+ * cannot be parsed.
+ */
+ protected Object readResolve() throws ObjectStreamException
+ {
+ try
+ {
+ CertificateFactory fact = CertificateFactory.getInstance(type);
+ return fact.generateCertificate(new ByteArrayInputStream(data));
+ }
+ catch (Exception e)
+ {
+ throw new InvalidObjectException(e.toString());
+ }
+ }
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateEncodingException.java b/libjava/classpath/java/security/cert/CertificateEncodingException.java
new file mode 100644
index 000000000..3f871691d
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateEncodingException.java
@@ -0,0 +1,93 @@
+/* CertificateEncodingException.java -- Certificate Encoding Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Exception for a Certificate Encoding.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.5
+ */
+public class CertificateEncodingException extends CertificateException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 6219492851589449162L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateEncodingException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg A message to display with exception
+ */
+ public CertificateEncodingException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateEncodingException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateEncodingException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateException.java b/libjava/classpath/java/security/cert/CertificateException.java
new file mode 100644
index 000000000..8a6f383bb
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateException.java
@@ -0,0 +1,96 @@
+/* CertificateException.java -- Certificate Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Exception for a Certificate.
+ *
+ * @author Mark Benvenuto
+ * @see Certificate
+ * @since 1.2
+ * @status updated to 1.5
+ */
+public class CertificateException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 3192535253797119798L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertificateException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateExpiredException.java b/libjava/classpath/java/security/cert/CertificateExpiredException.java
new file mode 100644
index 000000000..5b37142b5
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateExpiredException.java
@@ -0,0 +1,71 @@
+/* CertificateExpiredException.java --- Certificate Expired Exception
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Exception for a Certificate Expiring.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.4
+ */
+public class CertificateExpiredException extends CertificateException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 9071001339691533771L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateExpiredException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertificateExpiredException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateFactory.java b/libjava/classpath/java/security/cert/CertificateFactory.java
new file mode 100644
index 000000000..4fd5b3965
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateFactory.java
@@ -0,0 +1,355 @@
+/* CertificateFactory.java -- Certificate Factory Class
+ Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.security.Engine;
+
+import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * This class implements the CertificateFactory class interface used to
+ * generate certificates, certificate revocation lists (CRLs), and certificate
+ * paths objects from their encoded forms.
+ *
+ * @author Mark Benvenuto
+ * @author Casey Marshall
+ * @since 1.2
+ * @status Fully compatible with JDK 1.4.
+ */
+public class CertificateFactory
+{
+
+ /** The service name for certificate factories. */
+ private static final String CERTIFICATE_FACTORY = "CertificateFactory";
+
+ private CertificateFactorySpi certFacSpi;
+ private Provider provider;
+ private String type;
+
+ /**
+ * Creates an instance of CertificateFactory.
+ *
+ * @param certFacSpi The underlying CertificateFactory engine.
+ * @param provider The provider of this implementation.
+ * @param type The type of Certificate this factory creates.
+ */
+ protected CertificateFactory(CertificateFactorySpi certFacSpi,
+ Provider provider, String type)
+ {
+ this.certFacSpi = certFacSpi;
+ this.provider = provider;
+ this.type = type;
+ }
+
+ /**
+ * Returns an instance of a <code>CertificateFactory</code> representing the
+ * specified certificate factory type.
+ *
+ * @param type The type of certificate factory to create.
+ * @return A <code>CertificateFactory</code> of the desired type.
+ * @throws CertificateException If the type of certificate factory is not
+ * implemented by any installed provider.
+ * @throws IllegalArgumentException if <code>type</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static final CertificateFactory getInstance(String type)
+ throws CertificateException
+ {
+ Provider[] p = Security.getProviders();
+ CertificateException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(type, p[i]);
+ }
+ catch (CertificateException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new CertificateException(type);
+ }
+
+ /**
+ * Returns an instance of a <code>CertificateFactory</code> representing the
+ * specified certificate factory type from the named provider.
+ *
+ * @param type The type of certificate factory to create.
+ * @param provider The name of the provider to use.
+ * @return A <code>CertificateFactory</code> for the desired type.
+ * @throws CertificateException If the type of certificate is not implemented
+ * by the named provider.
+ * @throws NoSuchProviderException If the named provider is not installed.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ */
+ public static final CertificateFactory getInstance(String type,
+ String provider)
+ throws CertificateException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(type, p);
+ }
+
+ /**
+ * Returns an instance of a <code>CertificateFactory</code> representing the
+ * specified certificate factory type from the designated provider.
+ *
+ * @param type The type of certificate factory to create.
+ * @param provider The provider from which to get the implementation.
+ * @return A <code>CertificateFactory</code> for the desired type.
+ * @throws CertificateException If the type of certificate is not implemented
+ * by the provider.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ */
+ public static final CertificateFactory getInstance(String type,
+ Provider provider)
+ throws CertificateException
+ {
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(CERTIFICATE_FACTORY, type, provider);
+ return new CertificateFactory((CertificateFactorySpi) spi, provider, type);
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause() != null ? x.getCause() : x;
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ cause = x;
+ }
+ CertificateException x = new CertificateException(type);
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Gets the provider of this implementation.
+ *
+ * @return The provider of this implementation.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the type of the certificate this factory creates.
+ *
+ * @return A string with the type of certificate
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ * Generates a Certificate from the encoded data read
+ * from an InputStream.
+ *
+ * <p>The input stream must contain only one certificate.
+ *
+ * <p>If there exists a specialized certificate class for the
+ * certificate format handled by the certificate factory
+ * then the return Ceritificate should be a typecast of it.
+ * Ex: A X.509 CertificateFactory should return X509Certificate.
+ *
+ * <p>For X.509 certificates, the certificate in inStream must be
+ * DER encoded and supplied in binary or printable (Base64)
+ * encoding. If the certificate is in Base64 encoding, it must be
+ * bounded by -----BEGINCERTIFICATE-----, and
+ * -----END CERTIFICATE-----.
+ *
+ * @param inStream An input stream containing the certificate data.
+ * @return A certificate initialized from the decoded InputStream data.
+ * @throws CertificateException If an error occurs decoding the
+ * certificate.
+ */
+ public final Certificate generateCertificate(InputStream inStream)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertificate(inStream);
+ }
+
+ /**
+ * Returns a collection of certificates that were read from the
+ * input stream. It may be empty, have only one, or have
+ * multiple certificates.
+ *
+ * For a X.509 certificate factory, the stream may contain a
+ * single DER encoded certificate or a PKCS#7 certificate
+ * chain. This is a PKCS#7 <I>SignedData</I> object with the
+ * most significant field being <I>certificates</I>. If no
+ * CRLs are present, then an empty collection is returned.
+ *
+ * @param inStream An input stream containing the certificate data.
+ * @return A collection of certificates initialized from the decoded
+ * InputStream data.
+ * @throws CertificateException If an error occurs decoding the
+ * certificates.
+ */
+ public final Collection<? extends Certificate> generateCertificates(InputStream inStream)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertificates(inStream);
+ }
+
+ /**
+ * Generates a CRL based on the encoded data read
+ * from the InputStream.
+ *
+ * <p>The input stream must contain only one CRL.
+ *
+ * <p>If there exists a specialized CRL class for the
+ * CRL format handled by the certificate factory
+ * then the return CRL should be a typecast of it.
+ * Ex: A X.509 CertificateFactory should return X509CRL.
+ *
+ * @param inStream An input stream containing the CRL data.
+ * @return A CRL initialized from the decoded InputStream data.
+ * @throws CRLException If an error occurs decoding the CRL.
+ */
+ public final CRL generateCRL(InputStream inStream)
+ throws CRLException
+ {
+ return certFacSpi.engineGenerateCRL(inStream);
+ }
+
+ /**
+ * <p>Generates CRLs based on the encoded data read
+ * from the InputStream.
+ *
+ * <p>For a X.509 certificate factory, the stream may contain a
+ * single DER encoded CRL or a PKCS#7 CRL set. This is a
+ * PKCS#7 <I>SignedData</I> object with the most significant
+ * field being <I>crls</I>. If no CRLs are present, then an
+ * empty collection is returned.
+ *
+ * @param inStream an input stream containing the CRLs.
+ * @return a collection of CRLs initialized from the decoded
+ * InputStream data.
+ * @throws CRLException If an error occurs decoding the CRLs.
+ */
+ public final Collection<? extends CRL> generateCRLs(InputStream inStream)
+ throws CRLException
+ {
+ return certFacSpi.engineGenerateCRLs( inStream );
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with data parsed from
+ * the input stream. The default encoding of this factory is used.
+ *
+ * @param inStream The InputStream containing the CertPath data.
+ * @return A CertPath initialized from the input stream data.
+ * @throws CertificateException If an error occurs decoding the
+ * CertPath.
+ */
+ public final CertPath generateCertPath(InputStream inStream)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertPath(inStream);
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with data parsed from
+ * the input stream, using the specified encoding.
+ *
+ * @param inStream The InputStream containing the CertPath data.
+ * @param encoding The encoding of the InputStream data.
+ * @return A CertPath initialized from the input stream data.
+ * @throws CertificateException If an error occurs decoding the
+ * CertPath.
+ */
+ public final CertPath generateCertPath(InputStream inStream, String encoding)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertPath(inStream, encoding);
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with the certificates
+ * in the {@link java.util.List} argument.
+ *
+ * @param certificates The list of certificates with which to create
+ * the CertPath.
+ * @return A CertPath initialized from the certificates.
+ * @throws CertificateException If an error occurs generating the
+ * CertPath.
+ */
+ public final CertPath generateCertPath(List<? extends Certificate> certificates)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertPath(certificates);
+ }
+
+ /**
+ * Returns an Iterator of CertPath encodings supported by this
+ * factory, with the default encoding first. The returned Iterator
+ * cannot be modified.
+ *
+ * @return The Iterator of supported encodings.
+ */
+ public final Iterator<String> getCertPathEncodings()
+ {
+ return certFacSpi.engineGetCertPathEncodings();
+ }
+} // class CertificateFactory
diff --git a/libjava/classpath/java/security/cert/CertificateFactorySpi.java b/libjava/classpath/java/security/cert/CertificateFactorySpi.java
new file mode 100644
index 000000000..2c9ca5d38
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateFactorySpi.java
@@ -0,0 +1,224 @@
+/* CertificateFactorySpi.java --- Certificate Factory Class
+ Copyright (C) 1999,2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.InputStream;
+
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ CertificateFactorySpi is the abstract class Service Provider
+ Interface (SPI) for the CertificateFactory class. A provider
+ must implement all the abstract methods if they wish to
+ supply a certificate factory for a particular certificate
+ type. Ex: X.509
+
+ Certificate factories are used to generate certificates and
+ certificate revocation lists (CRL) from their encoding.
+
+ @since 1.2
+
+ @author Mark Benvenuto
+ */
+public abstract class CertificateFactorySpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Constructs a new CertificateFactorySpi
+ */
+ public CertificateFactorySpi()
+ {}
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ Generates a Certificate based on the encoded data read
+ from the InputStream.
+
+ The input stream must contain only one certificate.
+
+ If there exists a specialized certificate class for the
+ certificate format handled by the certificate factory
+ then the return Ceritificate should be a typecast of it.
+ Ex: A X.509 CertificateFactory should return X509Certificate.
+
+ For X.509 certificates, the certificate in inStream must be
+ DER encoded and supplied in binary or printable (Base64)
+ encoding. If the certificate is in Base64 encoding, it must be
+ bounded by -----BEGIN CERTIFICATE-----, and
+ -----END CERTIFICATE-----.
+
+ @param inStream an input stream containing the certificate data
+
+ @return a certificate initialized with InputStream data.
+
+ @throws CertificateException Certificate parsing error
+ */
+ public abstract Certificate engineGenerateCertificate(InputStream inStream)
+ throws CertificateException;
+
+ /**
+ Returns a collection of certificates that were read from the
+ input stream. It may be empty, have only one, or have
+ multiple certificates.
+
+ For a X.509 certificate factory, the stream may contain a
+ single DER encoded certificate or a PKCS#7 certificate
+ chain. This is a PKCS#7 <I>SignedData</I> object with the
+ most significant field being <I>certificates</I>. If no
+ CRLs are present, then an empty collection is returned.
+
+ @param inStream an input stream containing the certificates
+
+ @return a collection of certificates initialized with
+ the InputStream data.
+
+ @throws CertificateException Certificate parsing error
+ */
+ public abstract Collection<? extends Certificate> engineGenerateCertificates(InputStream inStream)
+ throws CertificateException;
+
+ /**
+ Generates a CRL based on the encoded data read
+ from the InputStream.
+
+ The input stream must contain only one CRL.
+
+ If there exists a specialized CRL class for the
+ CRL format handled by the certificate factory
+ then the return CRL should be a typecast of it.
+ Ex: A X.509 CertificateFactory should return X509CRL.
+
+ @param inStream an input stream containing the CRL data
+
+ @return a CRL initialized with InputStream data.
+
+ @throws CRLException CRL parsing error
+ */
+ public abstract CRL engineGenerateCRL(InputStream inStream)
+ throws CRLException;
+
+ /**
+ Generates CRLs based on the encoded data read
+ from the InputStream.
+
+ For a X.509 certificate factory, the stream may contain a
+ single DER encoded CRL or a PKCS#7 CRL set. This is a
+ PKCS#7 <I>SignedData</I> object with the most significant
+ field being <I>crls</I>. If no CRLs are present, then an
+ empty collection is returned.
+
+ @param inStream an input stream containing the CRLs
+
+ @return a collection of CRLs initialized with
+ the InputStream data.
+
+ @throws CRLException CRL parsing error
+ */
+ public abstract Collection<? extends CRL> engineGenerateCRLs(InputStream inStream)
+ throws CRLException;
+
+ // 1.4 instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Generate a {@link CertPath} and initialize it with data parsed from
+ * the input stream. The default encoding of this factory is used.
+ *
+ * @param inStream The InputStream containing the CertPath data.
+ * @return A CertPath initialized from the input stream data.
+ * @throws CertificateException If an error occurs decoding the
+ * CertPath.
+ */
+ public CertPath engineGenerateCertPath(InputStream inStream)
+ throws CertificateException
+ {
+ throw new UnsupportedOperationException("not implemented");
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with data parsed from
+ * the input stream, using the specified encoding.
+ *
+ * @param inStream The InputStream containing the CertPath data.
+ * @param encoding The encoding of the InputStream data.
+ * @return A CertPath initialized from the input stream data.
+ * @throws CertificateException If an error occurs decoding the
+ * CertPath.
+ */
+ public CertPath engineGenerateCertPath(InputStream inStream, String encoding)
+ throws CertificateException
+ {
+ throw new UnsupportedOperationException("not implemented");
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with the certificates
+ * in the {@link java.util.List} argument.
+ *
+ * @param certificates The list of certificates with which to create
+ * the CertPath.
+ * @return A CertPath initialized from the certificates.
+ * @throws CertificateException If an error occurs generating the
+ * CertPath.
+ */
+ public CertPath engineGenerateCertPath(List<? extends Certificate> certificates)
+ throws CertificateException
+ {
+ throw new UnsupportedOperationException("not implemented");
+ }
+
+ /**
+ * Returns an Iterator of CertPath encodings supported by this
+ * factory, with the default encoding first. The returned Iterator
+ * cannot be modified.
+ *
+ * @return The Iterator of supported encodings.
+ */
+ public Iterator<String> engineGetCertPathEncodings()
+ {
+ throw new UnsupportedOperationException("not implemented");
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateNotYetValidException.java b/libjava/classpath/java/security/cert/CertificateNotYetValidException.java
new file mode 100644
index 000000000..dfb4b4837
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateNotYetValidException.java
@@ -0,0 +1,71 @@
+/* CertificateNotYetValidException.java -- Certificate Not Yet Valid Exception
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Exception for a Certificate that is not yet valid.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.4
+*/
+public class CertificateNotYetValidException extends CertificateException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 4355919900041064702L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateNotYetValidException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg A message to display with exception
+ */
+ public CertificateNotYetValidException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateParsingException.java b/libjava/classpath/java/security/cert/CertificateParsingException.java
new file mode 100644
index 000000000..5a930f41b
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateParsingException.java
@@ -0,0 +1,93 @@
+/* CertificateParsingException.java -- Certificate Parsing Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Exception for parsing a DER-encoded Certificate.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.5
+*/
+public class CertificateParsingException extends CertificateException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = -7989222416793322029L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateParsingException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertificateParsingException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateParsingException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateParsingException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java
new file mode 100644
index 000000000..389874854
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java
@@ -0,0 +1,122 @@
+/* CollectionCertStoreParameters -- collection-based cert store parameters
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * An implementation of {@link CertStoreParameters} with a simple,
+ * in-memory {@link Collection} of certificates and certificate
+ * revocation list.
+ *
+ * <p>Note that this class is not thread-safe, and its underlying
+ * collection may be changed at any time.
+ *
+ * @see CertStore
+ * @since 1.4
+ */
+public class CollectionCertStoreParameters implements CertStoreParameters
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** The underlying collection. */
+ private final Collection collection;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CollectionCertStoreParameters with an empty,
+ * immutable collection.
+ */
+ public CollectionCertStoreParameters()
+ {
+ this(Collections.EMPTY_LIST);
+ }
+
+ /**
+ * Create a new CollectionCertStoreParameters with the specified
+ * collection. The argument is not copied, and subsequent changes to
+ * the collection will change this class's collection.
+ *
+ * @param collection The collection.
+ * @throws NullPointerException If <i>collection</i> is null.
+ */
+ public CollectionCertStoreParameters(Collection<?> collection)
+ {
+ if (collection == null)
+ throw new NullPointerException();
+ this.collection = collection;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ public Object clone()
+ {
+ return new CollectionCertStoreParameters(new ArrayList(collection));
+ }
+
+ /**
+ * Return the underlying collection. The collection is not copied
+ * before being returned, so callers may update the collection that is
+ * returned.
+ *
+ * @return The collection.
+ */
+ public Collection<?> getCollection()
+ {
+ return collection;
+ }
+
+ /**
+ * Return a string representation of these parameters.
+ *
+ * @return The string representation of these parameters.
+ */
+ public String toString()
+ {
+ return "CollectionCertStoreParameters: [ collection: "
+ + collection + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java
new file mode 100644
index 000000000..f2dff764a
--- /dev/null
+++ b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java
@@ -0,0 +1,140 @@
+/* LDAPCertStoreParameters.java -- LDAP CertStore parameters.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Parameters for CertStores that are retrieved via the <i>lightweight
+ * directory access protocol</i> (<b>LDAP</b>).
+ *
+ * @see CertStore
+ */
+public class LDAPCertStoreParameters implements CertStoreParameters
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** The default LDAP port. */
+ private static final int LDAP_PORT = 389;
+
+ /** The server name. */
+ private final String serverName;
+
+ /** The LDAP port. */
+ private final int port;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new LDAPCertStoreParameters object, with a servername of
+ * "localhost" and a port of 389.
+ */
+ public LDAPCertStoreParameters()
+ {
+ this("localhost", LDAP_PORT);
+ }
+
+ /**
+ * Create a new LDAPCertStoreParameters object, with a specified
+ * server name and a port of 389.
+ *
+ * @param serverName The LDAP server name.
+ * @throws NullPointerException If <i>serverName</i> is null.
+ */
+ public LDAPCertStoreParameters(String serverName)
+ {
+ this(serverName, LDAP_PORT);
+ }
+
+ /**
+ * Create a new LDAPCertStoreParameters object, with a specified
+ * server name and port.
+ *
+ * @param serverName The LDAP server name.
+ * @param port The LDAP port.
+ * @throws NullPointerException If <i>serverName</i> is null.
+ */
+ public LDAPCertStoreParameters(String serverName, int port)
+ {
+ if (serverName == null)
+ throw new NullPointerException();
+ this.serverName = serverName;
+ this.port = port;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ public Object clone()
+ {
+ return new LDAPCertStoreParameters(serverName, port);
+ }
+
+ /**
+ * Return the server name.
+ *
+ * @return The server name.
+ */
+ public String getServerName()
+ {
+ return serverName;
+ }
+
+ /**
+ * Return the port.
+ *
+ * @return the port.
+ */
+ public int getPort()
+ {
+ return port;
+ }
+
+ /**
+ * Return a string representation of these parameters.
+ *
+ * @return The string representation of these parameters.
+ */
+ public String toString()
+ {
+ return "LDAPCertStoreParameters: [ serverName: " + serverName
+ + "; port: " + port + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PKIXBuilderParameters.java b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java
new file mode 100644
index 000000000..3a29b5218
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java
@@ -0,0 +1,149 @@
+/* PKIXBuilderParameters.java -- parameters for PKIX cert path builders
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+import java.util.Set;
+
+/**
+ * Parameters for building certificate paths using the PKIX algorithm.
+ *
+ * @see CertPathBuilder
+ * @since 1.4
+ */
+public class PKIXBuilderParameters extends PKIXParameters
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The maximum path length. */
+ private int maxPathLength;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new PKIXBuilderParameters object, populating the trusted
+ * certificates set with all X.509 certificates found in the given key
+ * store. All certificates found in the key store are assumed to be
+ * trusted by this constructor.
+ *
+ * @param keystore The key store.
+ * @param targetConstraints The target certificate constraints.
+ * @throws KeyStoreException If the certificates cannot be retrieved
+ * from the key store.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the key store.
+ * @throws NullPointerException If <i>keystore</i> is null.
+ */
+ public PKIXBuilderParameters(KeyStore keystore,
+ CertSelector targetConstraints)
+ throws KeyStoreException, InvalidAlgorithmParameterException
+ {
+ super(keystore);
+ setTargetCertConstraints(targetConstraints);
+ maxPathLength = 5;
+ }
+
+ /**
+ * Create a new PKIXBuilderParameters object, populating the trusted
+ * certificates set with the elements of the given set, each of which
+ * must be a {@link TrustAnchor}.
+ *
+ * @param trustAnchors The set of trust anchors.
+ * @param targetConstraints The target certificate constraints.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the set.
+ * @throws NullPointerException If <i>trustAnchors</i> is null.
+ * @throws ClassCastException If every element in <i>trustAnchors</i>
+ * is not a {@link TrustAnchor}.
+ */
+ public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors,
+ CertSelector targetConstraints)
+ throws InvalidAlgorithmParameterException
+ {
+ super(trustAnchors);
+ setTargetCertConstraints(targetConstraints);
+ maxPathLength = 5;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the maximum length of certificate paths to build.
+ *
+ * <p>If this value is 0 it is taken to mean that the certificate path
+ * should contain only one certificate. A value of -1 means that the
+ * certificate path length is unconstrained. The default value is 5.
+ *
+ * @return The maximum path length.
+ */
+ public int getMaxPathLength()
+ {
+ return maxPathLength;
+ }
+
+ /**
+ * Sets the maximum length of certificate paths to build.
+ *
+ * @param maxPathLength The new path length.
+ * @throws IllegalArgumentException If <i>maxPathLength</i> is less
+ * than -1.
+ */
+ public void setMaxPathLength(int maxPathLength)
+ {
+ if (maxPathLength < -1)
+ throw new IllegalArgumentException();
+ this.maxPathLength = maxPathLength;
+ }
+
+ public String toString()
+ {
+ CPStringBuilder buf = new CPStringBuilder(super.toString());
+ buf.insert(buf.length() - 2, "; Max Path Length=" + maxPathLength);
+ return buf.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java
new file mode 100644
index 000000000..52984b543
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java
@@ -0,0 +1,104 @@
+/* PKIXCertPathBuilderResult.java -- PKIX cert path bulider result
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+/**
+ * The result of calling the {@link
+ * CertPathBuilder#build(java.security.cert.CertPathParameters)} method
+ * of PKIX {@link CertPathBuilder}s.
+ *
+ * @see CertPathBuilder
+ * @see CertPathBuilderResult
+ */
+public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
+ implements CertPathBuilderResult
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The certificate path. */
+ private CertPath certPath;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new PKIXCertPathBuilderResult.
+ *
+ * @param certPath The certificate path.
+ * @param trustAnchor The trust anchor.
+ * @param policyTree The root node of the policy tree.
+ * @param subjectPublicKey The public key.
+ * @throws NullPointerException If <i>certPath</i>, <i>trustAnchor</i> or
+ * <i>subjectPublicKey</i> is null.
+ */
+ public PKIXCertPathBuilderResult(CertPath certPath,
+ TrustAnchor trustAnchor,
+ PolicyNode policyTree,
+ java.security.PublicKey subjectPublicKey)
+ {
+ super(trustAnchor, policyTree, subjectPublicKey);
+ if (certPath == null)
+ throw new NullPointerException();
+ this.certPath = certPath;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the certificate path that was built.
+ *
+ * @return The certificate path that was built.
+ */
+ public CertPath getCertPath()
+ {
+ return certPath;
+ }
+
+ public String toString()
+ {
+ CPStringBuilder buf = new CPStringBuilder(super.toString());
+ buf.insert(buf.length() - 2, "; CertPath=" + certPath);
+ return buf.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PKIXCertPathChecker.java b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java
new file mode 100644
index 000000000..0bedf401a
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java
@@ -0,0 +1,134 @@
+/* PKIXCertPathChecker.java -- checks X.509 certificate paths.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.util.Collection;
+import java.util.Set;
+
+/**
+ * A validator for X.509 certificates when approving certificate chains.
+ *
+ * <p>Concrete subclasses can be passed to the {@link
+ * PKIXParameters#setCertPathCheckers(java.util.List)} and {@link
+ * PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker)}
+ * methods, which are then used to set up PKIX certificate chain
+ * builders or validators. These classes then call the {@link
+ * #check(java.security.cert.Certificate,java.util.Collection)} method
+ * of this class, performing whatever checks on the certificate,
+ * throwing an exception if any check fails.
+ *
+ * <p>Subclasses of this must be able to perform their checks in the
+ * backward direction -- from the most-trusted certificate to the target
+ * -- and may optionally support forward checking -- from the target to
+ * the most-trusted certificate.
+ *
+ * @see PKIXParameters
+ * @since 1.4
+ */
+public abstract class PKIXCertPathChecker implements Cloneable
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /** Default constructor. */
+ protected PKIXCertPathChecker()
+ {
+ super();
+ }
+
+ // Cloneable interface.
+ // ------------------------------------------------------------------------
+
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException cnse)
+ {
+ throw new InternalError(cnse.getMessage());
+ }
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Initialize this PKIXCertPathChecker. If subclasses support forward
+ * checking, a value of true can be passed to this method, and
+ * certificates can be validated from the target certificate to the
+ * most-trusted certifcate.
+ *
+ * @param forward The direction of this PKIXCertPathChecker.
+ * @throws CertPathValidatorException If <i>forward</i> is true and
+ * this class does not support forward checking.
+ */
+ public abstract void init(boolean forward) throws CertPathValidatorException;
+
+ /**
+ * Returns whether or not this class supports forward checking.
+ *
+ * @return Whether or not this class supports forward checking.
+ */
+ public abstract boolean isForwardCheckingSupported();
+
+ /**
+ * Returns an immutable set of X.509 extension object identifiers (OIDs)
+ * supported by this PKIXCertPathChecker.
+ *
+ * @return An immutable set of Strings of the supported X.509 OIDs, or
+ * null if no extensions are supported.
+ */
+ public abstract Set<String> getSupportedExtensions();
+
+ /**
+ * Checks a certificate, removing any critical extensions that are
+ * resolved in this check.
+ *
+ * @param cert The certificate to check.
+ * @param unresolvedCritExts The (mutable) collection of as-of-yet
+ * unresolved critical extensions, as OID strings.
+ * @throws CertPathValidatorException If this certificate fails this
+ * check.
+ */
+ public abstract void check(Certificate cert, Collection<String> unresolvedCritExts)
+ throws CertPathValidatorException;
+}
diff --git a/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java
new file mode 100644
index 000000000..17b5c86f8
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java
@@ -0,0 +1,142 @@
+/* PKIXCertPathValidatorResult.java -- PKIX cert path builder result
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.PublicKey;
+
+/**
+ * Results returned by the {@link
+ * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}
+ * method for PKIX {@link CertPathValidator}s.
+ *
+ * @see CertPathValidator
+ */
+public class PKIXCertPathValidatorResult implements CertPathValidatorResult
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The trust anchor. */
+ private final TrustAnchor trustAnchor;
+
+ /** The root node of the policy tree. */
+ private final PolicyNode policyTree;
+
+ /** The subject's public key. */
+ private final PublicKey subjectPublicKey;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new PKIXCertPathValidatorResult.
+ *
+ * @param trustAnchor The trust anchor.
+ * @param policyTree The root node of the policy tree.
+ * @param subjectPublicKey The public key.
+ * @throws NullPointerException If either <i>trustAnchor</i> or
+ * <i>subjectPublicKey</i> is null.
+ */
+ public PKIXCertPathValidatorResult(TrustAnchor trustAnchor,
+ PolicyNode policyTree,
+ PublicKey subjectPublicKey)
+ {
+ if (trustAnchor == null || subjectPublicKey == null)
+ throw new NullPointerException();
+ this.trustAnchor = trustAnchor;
+ this.policyTree = policyTree;
+ this.subjectPublicKey = subjectPublicKey;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the trust anchor.
+ *
+ * @return The trust anchor.
+ */
+ public TrustAnchor getTrustAnchor()
+ {
+ return trustAnchor;
+ }
+
+ /**
+ * Returns the root node of the policy tree.
+ *
+ * @return The root node of the policy tree.
+ */
+ public PolicyNode getPolicyTree()
+ {
+ return policyTree;
+ }
+
+ /**
+ * Returns the subject public key.
+ *
+ * @return The subject public key.
+ */
+ public PublicKey getPublicKey()
+ {
+ return subjectPublicKey;
+ }
+
+ /**
+ * Returns a copy of this object.
+ *
+ * @return The copy.
+ */
+ public Object clone()
+ {
+ return new PKIXCertPathValidatorResult(trustAnchor, policyTree,
+ subjectPublicKey);
+ }
+
+ /**
+ * Returns a printable string representation of this result.
+ *
+ * @return A printable string representation of this result.
+ */
+ public String toString()
+ {
+ return "[ Trust Anchor=" + trustAnchor + "; Policy Tree="
+ + policyTree + "; Subject Public Key=" + subjectPublicKey + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PKIXParameters.java b/libjava/classpath/java/security/cert/PKIXParameters.java
new file mode 100644
index 000000000..bbb75571f
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXParameters.java
@@ -0,0 +1,547 @@
+/* PKIXParameters.java -- parameters for the PKIX cert path algorithm
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Parameters for verifying certificate paths using the PKIX
+ * (Public-Key Infrastructure (X.509)) algorithm.
+ *
+ * @see CertPathBuilder
+ * @since 1.4
+ */
+public class PKIXParameters implements CertPathParameters
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The trusted certificates. */
+ private final Set trustAnchors;
+
+ /** The set of initial policy identifiers. */
+ private final Set initPolicies;
+
+ /** The list of certificate stores. */
+ private final List certStores;
+
+ /** The list of path checkers. */
+ private final List pathCheckers;
+
+ /** The revocation enabled flag. */
+ private boolean revocationEnabled;
+
+ /** The explicit policy required flag. */
+ private boolean exPolicyRequired;
+
+ /** The policy mapping inhibited flag. */
+ private boolean policyMappingInhibited;
+
+ /** The any policy inhibited flag. */
+ private boolean anyPolicyInhibited;
+
+ /** The policy qualifiers rejected flag. */
+ private boolean policyQualRejected;
+
+ /** The target validation date. */
+ private Date date;
+
+ /** The signature algorithm provider. */
+ private String sigProvider;
+
+ /** The target constraints. */
+ private CertSelector targetConstraints;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new PKIXParameters object, populating the trusted
+ * certificates set with all certificates found in the given key
+ * store. All certificates found in the key store are assumed to be
+ * trusted by this constructor.
+ *
+ * @param keystore The key store.
+ * @throws KeyStoreException If the certificates cannot be retrieved
+ * from the key store.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the key store.
+ * @throws NullPointerException If <i>keystore</i> is null.
+ */
+ public PKIXParameters(KeyStore keystore)
+ throws KeyStoreException, InvalidAlgorithmParameterException
+ {
+ this();
+ for (Enumeration e = keystore.aliases(); e.hasMoreElements(); )
+ {
+ String alias = (String) e.nextElement();
+ if (!keystore.isCertificateEntry(alias))
+ continue;
+ Certificate cert = keystore.getCertificate(alias);
+ if (cert instanceof X509Certificate)
+ trustAnchors.add(new TrustAnchor((X509Certificate) cert, null));
+ }
+ if (trustAnchors.isEmpty())
+ throw new InvalidAlgorithmParameterException("no certs in the key store");
+ }
+
+ /**
+ * Create a new PKIXParameters object, populating the trusted
+ * certificates set with the elements of the given set, each of which
+ * must be a {@link TrustAnchor}.
+ *
+ * @param trustAnchors The set of trust anchors.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the set.
+ * @throws NullPointerException If <i>trustAnchors</i> is null.
+ * @throws ClassCastException If every element in <i>trustAnchors</i>
+ * is not a {@link TrustAnchor}.
+ */
+ public PKIXParameters(Set<TrustAnchor> trustAnchors)
+ throws InvalidAlgorithmParameterException
+ {
+ this();
+ setTrustAnchors(trustAnchors);
+ }
+
+ /**
+ * Default constructor.
+ */
+ private PKIXParameters()
+ {
+ trustAnchors = new HashSet();
+ initPolicies = new HashSet();
+ certStores = new LinkedList();
+ pathCheckers = new LinkedList();
+ revocationEnabled = true;
+ exPolicyRequired = false;
+ policyMappingInhibited = false;
+ anyPolicyInhibited = false;
+ policyQualRejected = true;
+ }
+
+ /**
+ * Copying constructor for cloning.
+ *
+ * @param that The instance being cloned.
+ */
+ private PKIXParameters(PKIXParameters that)
+ {
+ this();
+ this.trustAnchors.addAll(that.trustAnchors);
+ this.initPolicies.addAll(that.initPolicies);
+ this.certStores.addAll(that.certStores);
+ this.pathCheckers.addAll(that.pathCheckers);
+ this.revocationEnabled = that.revocationEnabled;
+ this.exPolicyRequired = that.exPolicyRequired;
+ this.policyMappingInhibited = that.policyMappingInhibited;
+ this.anyPolicyInhibited = that.anyPolicyInhibited;
+ this.policyQualRejected = that.policyQualRejected;
+ this.date = that.date;
+ this.sigProvider = that.sigProvider;
+ this.targetConstraints = that.targetConstraints != null
+ ? (CertSelector) that.targetConstraints.clone() : null;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns an immutable set of trust anchors. The set returned will
+ * never be null and will never be empty.
+ *
+ * @return A (never null, never empty) immutable set of trust anchors.
+ */
+ public Set<TrustAnchor> getTrustAnchors()
+ {
+ return Collections.unmodifiableSet(trustAnchors);
+ }
+
+ /**
+ * Sets the trust anchors of this class, replacing the current trust
+ * anchors with those in the given set. The supplied set is copied to
+ * prevent modification.
+ *
+ * @param trustAnchors The new set of trust anchors.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the set.
+ * @throws NullPointerException If <i>trustAnchors</i> is null.
+ * @throws ClassCastException If every element in <i>trustAnchors</i>
+ * is not a {@link TrustAnchor}.
+ */
+ public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
+ throws InvalidAlgorithmParameterException
+ {
+ if (trustAnchors.isEmpty())
+ throw new InvalidAlgorithmParameterException("no trust anchors");
+ this.trustAnchors.clear();
+ for (Iterator i = trustAnchors.iterator(); i.hasNext(); )
+ {
+ this.trustAnchors.add((TrustAnchor) i.next());
+ }
+ }
+
+ /**
+ * Returns the set of initial policy identifiers (as OID strings). If
+ * any policy is accepted, this method returns the empty set.
+ *
+ * @return An immutable set of initial policy OID strings, or the
+ * empty set if any policy is acceptable.
+ */
+ public Set<String> getInitialPolicies()
+ {
+ return Collections.unmodifiableSet(initPolicies);
+ }
+
+ /**
+ * Sets the initial policy identifiers (as OID strings). If the
+ * argument is null or the empty set, then any policy identifier will
+ * be accepted.
+ *
+ * @param initPolicies The new set of policy strings, or null.
+ * @throws ClassCastException If any element in <i>initPolicies</i> is
+ * not a string.
+ */
+ public void setInitialPolicies(Set<String> initPolicies)
+ {
+ this.initPolicies.clear();
+ if (initPolicies == null)
+ return;
+ for (Iterator i = initPolicies.iterator(); i.hasNext(); )
+ {
+ this.initPolicies.add((String) i.next());
+ }
+ }
+
+ /**
+ * Add a {@link CertStore} to the list of cert stores.
+ *
+ * @param store The CertStore to add.
+ */
+ public void addCertStore(CertStore store)
+ {
+ if (store != null)
+ certStores.add(store);
+ }
+
+ /**
+ * Returns an immutable list of cert stores. This method never returns
+ * null.
+ *
+ * @return The list of cert stores.
+ */
+ public List<CertStore> getCertStores()
+ {
+ return Collections.unmodifiableList(certStores);
+ }
+
+ /**
+ * Set the cert stores. If the argument is null the list of cert
+ * stores will be empty.
+ *
+ * @param certStores The cert stores.
+ */
+ public void setCertStores(List<CertStore> certStores)
+ {
+ this.certStores.clear();
+ if (certStores == null)
+ return;
+ for (Iterator i = certStores.iterator(); i.hasNext(); )
+ {
+ this.certStores.add((CertStore) i.next());
+ }
+ }
+
+ /**
+ * Returns the value of the <i>revocation enabled</i> flag. The default
+ * value for this flag is <code>true</code>.
+ *
+ * @return The <i>revocation enabled</i> flag.
+ */
+ public boolean isRevocationEnabled()
+ {
+ return revocationEnabled;
+ }
+
+ /**
+ * Sets the value of the <i>revocation enabled</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setRevocationEnabled(boolean value)
+ {
+ revocationEnabled = value;
+ }
+
+ /**
+ * Returns the value of the <i>explicit policy required</i> flag. The
+ * default value of this flag is <code>false</code>.
+ *
+ * @return The <i>explicit policy required</i> flag.
+ */
+ public boolean isExplicitPolicyRequired()
+ {
+ return exPolicyRequired;
+ }
+
+ /**
+ * Sets the value of the <i>explicit policy required</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setExplicitPolicyRequired(boolean value)
+ {
+ exPolicyRequired = value;
+ }
+
+ /**
+ * Returns the value of the <i>policy mapping inhibited</i> flag. The
+ * default value of this flag is <code>false</code>.
+ *
+ * @return The <i>policy mapping inhibited</i> flag.
+ */
+ public boolean isPolicyMappingInhibited()
+ {
+ return policyMappingInhibited;
+ }
+
+ /**
+ * Sets the value of the <i>policy mapping inhibited</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setPolicyMappingInhibited(boolean value)
+ {
+ policyMappingInhibited = value;
+ }
+
+ /**
+ * Returns the value of the <i>any policy inhibited</i> flag. The
+ * default value of this flag is <code>false</code>.
+ *
+ * @return The <i>any policy inhibited</i> flag.
+ */
+ public boolean isAnyPolicyInhibited()
+ {
+ return anyPolicyInhibited;
+ }
+
+ /**
+ * Sets the value of the <i>any policy inhibited</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setAnyPolicyInhibited(boolean value)
+ {
+ anyPolicyInhibited = value;
+ }
+
+ /**
+ * Returns the value of the <i>policy qualifiers enabled</i> flag. The
+ * default value of this flag is <code>true</code>.
+ *
+ * @return The <i>policy qualifiers enabled</i> flag.
+ */
+ public boolean getPolicyQualifiersRejected()
+ {
+ return policyQualRejected;
+ }
+
+ /**
+ * Sets the value of the <i>policy qualifiers enabled</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setPolicyQualifiersRejected(boolean value)
+ {
+ policyQualRejected = value;
+ }
+
+ /**
+ * Returns the date for which the certificate path should be
+ * validated, or null if the current time should be used. The date
+ * object is copied to prevent subsequent modification.
+ *
+ * @return The date, or null if not set.
+ */
+ public Date getDate()
+ {
+ return date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Sets the date for which the certificate path should be validated,
+ * or null if the current time should be used.
+ *
+ * @param date The new date, or null.
+ */
+ public void setDate(Date date)
+ {
+ if (date != null)
+ this.date = (Date) date.clone();
+ else
+ this.date = null;
+ }
+
+ /**
+ * Add a certificate path checker.
+ *
+ * @param checker The certificate path checker to add.
+ */
+ public void addCertPathChecker(PKIXCertPathChecker checker)
+ {
+ if (checker != null)
+ pathCheckers.add(checker);
+ }
+
+ /**
+ * Returns an immutable list of all certificate path checkers.
+ *
+ * @return An immutable list of all certificate path checkers.
+ */
+ public List<PKIXCertPathChecker> getCertPathCheckers()
+ {
+ return Collections.unmodifiableList(pathCheckers);
+ }
+
+ /**
+ * Sets the certificate path checkers. If the argument is null, the
+ * list of checkers will merely be cleared.
+ *
+ * @param pathCheckers The new list of certificate path checkers.
+ * @throws ClassCastException If any element of <i>pathCheckers</i> is
+ * not a {@link PKIXCertPathChecker}.
+ */
+ public void setCertPathCheckers(List<PKIXCertPathChecker> pathCheckers)
+ {
+ this.pathCheckers.clear();
+ if (pathCheckers == null)
+ return;
+ for (Iterator i = pathCheckers.iterator(); i.hasNext(); )
+ {
+ this.pathCheckers.add((PKIXCertPathChecker) i.next());
+ }
+ }
+
+ /**
+ * Returns the signature algorithm provider, or null if not set.
+ *
+ * @return The signature algorithm provider, or null if not set.
+ */
+ public String getSigProvider()
+ {
+ return sigProvider;
+ }
+
+ /**
+ * Sets the signature algorithm provider, or null if there is no
+ * preferred provider.
+ *
+ * @param sigProvider The signature provider name.
+ */
+ public void setSigProvider(String sigProvider)
+ {
+ this.sigProvider = sigProvider;
+ }
+
+ /**
+ * Returns the constraints placed on the target certificate, or null
+ * if there are none. The target constraints are copied to prevent
+ * subsequent modification.
+ *
+ * @return The target constraints, or null.
+ */
+ public CertSelector getTargetCertConstraints()
+ {
+ return targetConstraints != null
+ ? (CertSelector) targetConstraints.clone() : null;
+ }
+
+ /**
+ * Sets the constraints placed on the target certificate.
+ *
+ * @param targetConstraints The target constraints.
+ */
+ public void setTargetCertConstraints(CertSelector targetConstraints)
+ {
+ this.targetConstraints = targetConstraints != null
+ ? (CertSelector) targetConstraints.clone() : null;
+ }
+
+ /**
+ * Returns a copy of these parameters.
+ *
+ * @return The copy.
+ */
+ public Object clone()
+ {
+ return new PKIXParameters(this);
+ }
+
+ /**
+ * Returns a printable representation of these parameters.
+ *
+ * @return A printable representation of these parameters.
+ */
+ public String toString() {
+ return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs="
+ + (initPolicies != null ? initPolicies.toString() : "any")
+ + "; Validity Date=" + date + "; Signature Provider="
+ + sigProvider + "; Default Revocation Enabled=" + revocationEnabled
+ + "; Explicit Policy Required=" + exPolicyRequired
+ + "; Policy Mapping Inhibited=" + policyMappingInhibited
+ + "; Any Policy Inhibited=" + anyPolicyInhibited
+ + "; Policy Qualifiers Rejected=" + policyQualRejected
+ + "; Target Cert Contstraints=" + targetConstraints
+ + "; Certification Path Checkers=" + pathCheckers
+ + "; CertStores=" + certStores + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PolicyNode.java b/libjava/classpath/java/security/cert/PolicyNode.java
new file mode 100644
index 000000000..5da78c188
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PolicyNode.java
@@ -0,0 +1,108 @@
+/* PolicyNode.java -- a single node in a policy tree
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * @since 1.4
+ */
+public interface PolicyNode
+{
+
+ /**
+ * Get the iterator of the child nodes of this node. The returned
+ * iterator is (naturally) unmodifiable.
+ *
+ * @return An iterator over the child nodes.
+ */
+ Iterator<? extends PolicyNode> getChildren();
+
+ /**
+ * Get the depth of this node within the tree, starting at 0 for the
+ * root node.
+ *
+ * @return The depth of this node.
+ */
+ int getDepth();
+
+ /**
+ * Returns a set of policies (string OIDs) that will satisfy this
+ * node's policy. The root node should always return the singleton set
+ * with the element "any-policy".
+ *
+ * @return The set of expected policies.
+ */
+ Set<String> getExpectedPolicies();
+
+ /**
+ * Returns the parent node of this node, or null if this is the root
+ * node.
+ *
+ * @return The parent node, or null.
+ */
+ PolicyNode getParent();
+
+ /**
+ * Returns a set of {@link PolicyQualifierInfo} objects that qualify
+ * the valid policy of this node. The root node should always return
+ * the empty set.
+ *
+ * @return The set of {@link PolicyQualifierInfo} objects.
+ */
+ Set<? extends PolicyQualifierInfo> getPolicyQualifiers();
+
+ /**
+ * Get the policy OID this node represents. The root node should return
+ * the special value "any-policy".
+ *
+ * @return The policy of this node.
+ */
+ String getValidPolicy();
+
+ /**
+ * Return the criticality flag of this policy node. Nodes who return
+ * true for this method should be considered critical. The root node
+ * is never critical.
+ *
+ * @return The criticality flag.
+ */
+ boolean isCritical();
+}
diff --git a/libjava/classpath/java/security/cert/PolicyQualifierInfo.java b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java
new file mode 100644
index 000000000..b53faa935
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java
@@ -0,0 +1,169 @@
+/* PolicyQualifierInfo.java -- policy qualifier info object.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.io.ASN1ParsingException;
+import gnu.java.security.OID;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+/**
+ * The PolicyQualifierInfo X.509 certificate extension.
+ * PolicyQualifierInfo objects are represented by the ASN.1 structure:
+ *
+ * <pre>
+ * PolicyQualifierInfo ::= SEQUENCE {
+ * policyQualifierId PolicyQualifierId,
+ * qualifier ANY DEFINED BY policyQualifierId
+ * }
+ *
+ * PolicyQualifierId ::= OBJECT IDENTIFIER
+ * </pre>
+ *
+ * @since 1.4
+ * @specnote this class was final in 1.4, but beginning with 1.5 is not
+ */
+public class PolicyQualifierInfo
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The <code>policyQualifierId</code> field. */
+ private OID oid;
+
+ /** The DER encoded form of this object. */
+ private byte[] encoded;
+
+ /** The DER encoded form of the <code>qualifier</code> field. */
+ private DERValue qualifier;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new PolicyQualifierInfo object from the DER encoded form
+ * passed in the byte array. The argument is copied.
+ *
+ * <p>The ASN.1 form of PolicyQualifierInfo is:
+<pre>
+PolicyQualifierInfo ::= SEQUENCE {
+ policyQualifierId PolicyQualifierId,
+ qualifier ANY DEFINED BY policyQualifierId
+}
+
+PolicyQualifierId ::= OBJECT IDENTIFIER
+</pre>
+ *
+ * @param encoded The DER encoded form.
+ * @throws IOException If the structure cannot be parsed from the
+ * encoded bytes.
+ */
+ public PolicyQualifierInfo(byte[] encoded) throws IOException
+ {
+ if (encoded == null)
+ throw new IOException("null bytes");
+ this.encoded = (byte[]) encoded.clone();
+ DERReader in = new DERReader(new ByteArrayInputStream(this.encoded));
+ DERValue qualInfo = in.read();
+ if (!qualInfo.isConstructed())
+ throw new ASN1ParsingException("malformed PolicyQualifierInfo");
+ DERValue val = in.read();
+ if (!(val.getValue() instanceof OID))
+ throw new ASN1ParsingException("value read not an OBJECT IDENTIFIER");
+ oid = (OID) val.getValue();
+ if (val.getEncodedLength() < val.getLength())
+ qualifier = in.read();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the <code>policyQualifierId</code> field of this structure,
+ * as a dotted-decimal representation of the object identifier.
+ *
+ * @return This structure's OID field.
+ */
+ public final String getPolicyQualifierId()
+ {
+ return oid.toString();
+ }
+
+ /**
+ * Returns the DER encoded form of this object; the contents of the
+ * returned byte array are equivalent to those that were passed to the
+ * constructor. The byte array is cloned every time this method is
+ * called.
+ *
+ * @return The encoded form.
+ */
+ public final byte[] getEncoded()
+ {
+ return (byte[]) encoded.clone();
+ }
+
+ /**
+ * Get the <code>qualifier</code> field of this object, as a DER
+ * encoded byte array. The byte array returned is cloned every time
+ * this method is called.
+ *
+ * @return The encoded qualifier.
+ */
+ public final byte[] getPolicyQualifier()
+ {
+ if (qualifier == null)
+ return new byte[0];
+ return qualifier.getEncoded();
+ }
+
+ /**
+ * Returns a printable string representation of this object.
+ *
+ * @return The string representation.
+ */
+ public String toString()
+ {
+ return "PolicyQualifierInfo { policyQualifierId ::= " + oid
+ + ", qualifier ::= " + qualifier + " }";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/TrustAnchor.java b/libjava/classpath/java/security/cert/TrustAnchor.java
new file mode 100644
index 000000000..2110ed518
--- /dev/null
+++ b/libjava/classpath/java/security/cert/TrustAnchor.java
@@ -0,0 +1,185 @@
+/* TrustAnchor.java -- an ultimately-trusted certificate.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.security.x509.X500DistinguishedName;
+
+import java.security.PublicKey;
+
+/**
+ * An ultimately-trusted certificate to serve as the root of a
+ * certificate chain.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class TrustAnchor
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The certificate authority's distinguished name. */
+ private final X500DistinguishedName caName;
+
+ /** The certficate authority's public key. */
+ private final PublicKey caKey;
+
+ /** The certficate authority's certificate. */
+ private final X509Certificate trustedCert;
+
+ /** The encoded name constraints bytes. */
+ private final byte[] nameConstraints;
+
+ // Constnuctors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new trust anchor from a certificate and (optional) name
+ * constraints.
+ *
+ * <p>If the <i>nameConstraints</i> argument in non-null, it will be
+ * copied to prevent modification.
+ *
+ * @param trustedCert The trusted certificate.
+ * @param nameConstraints The encoded nameConstraints.
+ */
+ public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
+ {
+ if (trustedCert == null)
+ throw new NullPointerException();
+ this.trustedCert = trustedCert;
+ caName = null;
+ caKey = null;
+ if (nameConstraints != null)
+ this.nameConstraints = (byte[]) nameConstraints.clone();
+ else
+ this.nameConstraints = null;
+ }
+
+ /**
+ * Create a new trust anchor from a certificate authority's
+ * distinguished name, public key, and (optional) name constraints.
+ *
+ * <p>If the <i>nameConstraints</i> argument in non-null, it will be
+ * copied to prevent modification.
+ *
+ * @params caName The CA's distinguished name.
+ * @params caKey The CA's public key.
+ * @params nameConstraints The encoded nameConstraints.
+ */
+ public TrustAnchor(String caName, PublicKey caKey, byte[] nameConstraints)
+ {
+ if (caName == null || caKey == null)
+ throw new NullPointerException();
+ if (caName.length() == 0)
+ throw new IllegalArgumentException();
+ trustedCert = null;
+ this.caName = new X500DistinguishedName(caName);
+ this.caKey = caKey;
+ if (nameConstraints != null)
+ this.nameConstraints = (byte[]) nameConstraints.clone();
+ else
+ this.nameConstraints = null;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the trusted certificate, or null if none was specified.
+ *
+ * @return The trusted certificate.
+ */
+ public final X509Certificate getTrustedCert()
+ {
+ return trustedCert;
+ }
+
+ /**
+ * Return the certificate authority's distinguished name, or null if
+ * none was specified.
+ *
+ * @return The CA's distinguished name.
+ */
+ public final String getCAName()
+ {
+ if (caName != null)
+ return caName.toString();
+ return null;
+ }
+
+ /**
+ * Return the certificate authority's public key, or null if none was
+ * specified.
+ *
+ * @return The CA's public key.
+ */
+ public final PublicKey getCAPublicKey()
+ {
+ return caKey;
+ }
+
+ /**
+ * Return the encoded name constraints, or null if none was specified.
+ *
+ * <p>The name constraints byte array is copied when this method is
+ * called to prevent modification.
+ *
+ * @return The encoded name constraints.
+ */
+ public final byte[] getNameConstraints()
+ {
+ if (nameConstraints == null)
+ return null;
+ return (byte[]) nameConstraints.clone();
+ }
+
+ /**
+ * Return a printable representation of this trust anchor.
+ *
+ * @return The printable representation.
+ */
+ public String toString()
+ {
+ if (trustedCert == null)
+ return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name="
+ + caName.toString() + " ]";
+ return "[ Trusted CA Certificate=" + trustedCert + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509CRL.java b/libjava/classpath/java/security/cert/X509CRL.java
new file mode 100644
index 000000000..895ba33e7
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CRL.java
@@ -0,0 +1,397 @@
+/* X509CRL.java --- X.509 Certificate Revocation List
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.util.Date;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ The X509CRL class is the abstract class used to manage
+ X.509 Certificate Revocation Lists. The CRL is a list of
+ time stamped entries which indicate which lists have been
+ revoked. The list is signed by a Certificate Authority (CA)
+ and made publically available in a repository.
+
+ Each revoked certificate in the CRL is identified by its
+ certificate serial number. When a piece of code uses a
+ certificate, the certificates validity is checked by
+ validating its signature and determing that it is not
+ only a recently acquired CRL. The recently aquired CRL
+ is depends on the local policy in affect. The CA issues
+ a new CRL periodically and entries are removed as the
+ certificate expiration date is reached
+
+
+ A description of the X.509 v2 CRL follows below from rfc2459.
+
+ "The X.509 v2 CRL syntax is as follows. For signature calculation,
+ the data that is to be signed is ASN.1 DER encoded. ASN.1 DER
+ encoding is a tag, length, value encoding system for each element.
+
+ CertificateList ::= SEQUENCE {
+ tbsCertList TBSCertList,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING }
+
+ TBSCertList ::= SEQUENCE {
+ version Version OPTIONAL,
+ -- if present, shall be v2
+ signature AlgorithmIdentifier,
+ issuer Name,
+ thisUpdate Time,
+ nextUpdate Time OPTIONAL,
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, shall be v2
+ } OPTIONAL,
+ crlExtensions [0] EXPLICIT Extensions OPTIONAL
+ -- if present, shall be v2
+ }"
+
+ @author Mark Benvenuto
+
+ @since 1.2
+*/
+public abstract class X509CRL extends CRL implements X509Extension
+{
+
+ /**
+ Constructs a new X509CRL.
+ */
+ protected X509CRL()
+ {
+ super("X.509");
+ }
+
+ /**
+ Compares this X509CRL to other. It checks if the
+ object if instanceOf X509CRL and then checks if
+ the encoded form matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+ */
+ public boolean equals(Object other)
+ {
+ if( other instanceof X509CRL ) {
+ try {
+ X509CRL x = (X509CRL) other;
+ if( getEncoded().length != x.getEncoded().length )
+ return false;
+
+ byte[] b1 = getEncoded();
+ byte[] b2 = x.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CRLException crle ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ Returns a hash code for this X509CRL in its encoded
+ form.
+
+ @return A hash code of this class
+ */
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ /**
+ Gets the DER ASN.1 encoded format for this X.509 CRL.
+
+ @return byte array containg encoded form
+
+ @throws CRLException if an error occurs
+ */
+ public abstract byte[] getEncoded() throws CRLException;
+
+ /**
+ Verifies that this CRL was properly signed with the
+ PublicKey that corresponds to its private key.
+
+ @param key PublicKey to verify with
+
+ @throws CRLException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException no provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key)
+ throws CRLException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Verifies that this CRL was properly signed with the
+ PublicKey that corresponds to its private key and uses
+ the signature engine provided by the provider.
+
+ @param key PublicKey to verify with
+ @param sigProvider Provider to use for signature algorithm
+
+ @throws CRLException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException incorrect provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key,
+ String sigProvider)
+ throws CRLException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Gets the version of this CRL.
+
+ The ASN.1 encoding is:
+
+ version Version OPTIONAL,
+ -- if present, shall be v2
+
+ Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+ Consult rfc2459 for more information.
+
+ @return the version number, Ex: 1 or 2
+ */
+ public abstract int getVersion();
+
+ /**
+ Returns the issuer (issuer distinguished name) of the CRL.
+ The issuer is the entity who signed and issued the
+ Certificate Revocation List.
+
+ The ASN.1 DER encoding is:
+
+ issuer Name,
+
+ Name ::= CHOICE {
+ RDNSequence }
+
+ RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+ RelativeDistinguishedName ::=
+ SET OF AttributeTypeAndValue
+
+ AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+ AttributeType ::= OBJECT IDENTIFIER
+
+ AttributeValue ::= ANY DEFINED BY AttributeType
+
+ DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1.. MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+ */
+ public abstract Principal getIssuerDN();
+
+ /**
+ Returns the thisUpdate date of the CRL.
+
+ The ASN.1 DER encoding is:
+
+ thisUpdate Time,
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the thisUpdate date
+ */
+ public abstract Date getThisUpdate();
+
+ /*
+ Gets the nextUpdate field
+
+ The ASN.1 DER encoding is:
+
+ nextUpdate Time OPTIONAL,
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the nextUpdate date
+ */
+ public abstract Date getNextUpdate();
+
+ /**
+ Gets the requeste dX509Entry for the specified
+ certificate serial number.
+
+ @return a X509CRLEntry representing the X.509 CRL entry
+ */
+ public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
+
+ /**
+ Returns a Set of revoked certificates.
+
+ @return a set of revoked certificates.
+ */
+ public abstract Set<? extends X509CRLEntry> getRevokedCertificates();
+
+ /**
+ Returns the DER ASN.1 encoded tbsCertList which is
+ the basic information of the list and associated certificates
+ in the encoded state. See top for more information.
+
+ The ASN.1 DER encoding is:
+
+ tbsCertList TBSCertList,
+
+ Consult rfc2459 for more information.
+
+ @return byte array representing tbsCertList
+ */
+ public abstract byte[] getTBSCertList() throws CRLException;
+
+
+ /**
+ Returns the signature for the CRL.
+
+ The ASN.1 DER encoding is:
+
+ signatureValue BIT STRING
+
+ Consult rfc2459 for more information.
+ */
+ public abstract byte[] getSignature();
+
+ /**
+ Returns the signature algorithm used to sign the CRL.
+ An examples is "SHA-1/DSA".
+
+ The ASN.1 DER encoding is:
+
+ signatureAlgorithm AlgorithmIdentifier,
+
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ The algorithm name is determined from the OID.
+
+ @return a string with the signature algorithm name
+ */
+ public abstract String getSigAlgName();
+
+ /**
+ Returns the OID for the signature algorithm used.
+ Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+ The ASN.1 DER encoding for the example is:
+
+ id-dsa-with-sha1 ID ::= {
+ iso(1) member-body(2) us(840) x9-57 (10040)
+ x9cm(4) 3 }
+
+ Consult rfc2459 for more information.
+
+ @return a string containing the OID.
+ */
+ public abstract String getSigAlgOID();
+
+ /**
+ Returns the AlgorithmParameters in the encoded form
+ for the signature algorithm used.
+
+ If access to the parameters is need, create an
+ instance of AlgorithmParameters.
+
+ @return byte array containing algorithm parameters, null
+ if no parameters are present in CRL
+ */
+ public abstract byte[] getSigAlgParams();
+
+ // 1.4 instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the X.500 distinguished name of this CRL's issuer.
+ *
+ * @return The issuer's X.500 distinguished name.
+ * @since JDK 1.4
+ */
+ public X500Principal getIssuerX500Principal()
+ {
+ throw new UnsupportedOperationException();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509CRLEntry.java b/libjava/classpath/java/security/cert/X509CRLEntry.java
new file mode 100644
index 000000000..ac5ef4714
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CRLEntry.java
@@ -0,0 +1,169 @@
+/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.math.BigInteger;
+import java.util.Date;
+
+/**
+ Abstract class for entries in the CRL (Certificate Revocation
+ List). The ASN.1 definition for <I>revokedCertificates</I> is
+
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, shall be v2
+ } OPTIONAL,
+
+ CertificateSerialNumber ::= INTEGER
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+ Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING }
+
+ For more information consult rfc2459.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class X509CRLEntry implements X509Extension
+{
+
+ /**
+ Creates a new X509CRLEntry
+ */
+ public X509CRLEntry()
+ {}
+
+ /**
+ Compares this X509CRLEntry to other. It checks if the
+ object if instanceOf X509CRLEntry and then checks if
+ the encoded form( the inner SEQUENCE) matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+ */
+ public boolean equals(Object other)
+ {
+ if( other instanceof X509CRLEntry ) {
+ try {
+ X509CRLEntry xe = (X509CRLEntry) other;
+ if( getEncoded().length != xe.getEncoded().length )
+ return false;
+
+ byte[] b1 = getEncoded();
+ byte[] b2 = xe.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CRLException crle ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ Returns a hash code for this X509CRLEntry in its encoded
+ form.
+
+ @return A hash code of this class
+ */
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ /**
+ Gets the DER ASN.1 encoded format for this CRL Entry,
+ the inner SEQUENCE.
+
+ @return byte array containg encoded form
+
+ @throws CRLException if an error occurs
+ */
+ public abstract byte[] getEncoded() throws CRLException;
+
+ /**
+ Gets the serial number for <I>userCertificate</I> in
+ this X509CRLEntry.
+
+ @return the serial number for this X509CRLEntry.
+ */
+ public abstract BigInteger getSerialNumber();
+
+
+ /**
+ Gets the revocation date in <I>revocationDate</I> for
+ this X509CRLEntry.
+
+ @return the revocation date for this X509CRLEntry.
+ */
+ public abstract Date getRevocationDate();
+
+
+ /**
+ Checks if this X509CRLEntry has extensions.
+
+ @return true if it has extensions, false otherwise
+ */
+ public abstract boolean hasExtensions();
+
+
+ /**
+ Returns a string that represents this X509CRLEntry.
+
+ @return a string representing this X509CRLEntry.
+ */
+ public abstract String toString();
+
+}
diff --git a/libjava/classpath/java/security/cert/X509CRLSelector.java b/libjava/classpath/java/security/cert/X509CRLSelector.java
new file mode 100644
index 000000000..d412a1ae3
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CRLSelector.java
@@ -0,0 +1,442 @@
+/* X509CRLSelector.java -- selects X.509 CRLs by criteria.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.classpath.SystemProperties;
+import gnu.java.lang.CPStringBuilder;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * A class for matching X.509 certificate revocation lists by criteria.
+ *
+ * <p>Use of this class requires extensive knowledge of the Internet
+ * Engineering Task Force's Public Key Infrastructure (X.509). The primary
+ * document describing this standard is <a
+ * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * Public Key Infrastructure Certificate and Certificate Revocation List
+ * (CRL) Profile</a>.
+ *
+ * <p>Note that this class is not thread-safe. If multiple threads will
+ * use or modify this class then they need to synchronize on the object.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class X509CRLSelector implements CRLSelector, Cloneable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static final String CRL_NUMBER_ID = "2.5.29.20";
+
+ private List issuerNames;
+ private BigInteger maxCrlNumber;
+ private BigInteger minCrlNumber;
+ private Date date;
+ private X509Certificate cert;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new CRL selector with no criteria enabled; i.e., every CRL
+ * will be matched.
+ */
+ public X509CRLSelector()
+ {
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Add an issuer name to the set of issuer names criteria, as the DER
+ * encoded form.
+ *
+ * @param name The name to add, as DER bytes.
+ * @throws IOException If the argument is not a valid DER-encoding.
+ */
+ public void addIssuerName(byte[] name) throws IOException
+ {
+ X500Principal p = null;
+ try
+ {
+ p = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ if (issuerNames == null)
+ issuerNames = new LinkedList();
+ issuerNames.add(p);
+ }
+
+ /**
+ * Add an issuer name to the set of issuer names criteria, as a
+ * String representation.
+ *
+ * @param name The name to add.
+ * @throws IOException If the argument is not a valid name.
+ */
+ public void addIssuerName(String name) throws IOException
+ {
+ X500Principal p = null;
+ try
+ {
+ p = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name: " + name);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ if (issuerNames == null)
+ issuerNames = new LinkedList();
+ issuerNames.add(p);
+ }
+
+ /**
+ * Sets the issuer names criterion. Pass <code>null</code> to clear this
+ * value. CRLs matched by this selector must have an issuer name in this
+ * set.
+ *
+ * @param names The issuer names.
+ * @throws IOException If any of the elements in the collection is not
+ * a valid name.
+ */
+ public void setIssuerNames(Collection<?> names) throws IOException
+ {
+ if (names == null)
+ {
+ issuerNames = null;
+ return;
+ }
+ List l = new ArrayList(names.size());
+ for (Iterator it = names.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o instanceof X500Principal)
+ l.add(o);
+ else if (o instanceof String)
+ {
+ try
+ {
+ l.add(new X500Principal((String) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name: " + o);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else if (o instanceof byte[])
+ {
+ try
+ {
+ l.add(new X500Principal((byte[]) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else if (o instanceof InputStream)
+ {
+ try
+ {
+ l.add(new X500Principal((InputStream) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else
+ throw new IOException("not a valid name: " +
+ (o != null ? o.getClass().getName() : "null"));
+
+ }
+ issuerNames = l;
+ }
+
+ /**
+ * Returns the set of issuer names that are matched by this selector,
+ * or <code>null</code> if this criteria is not set. The returned
+ * collection is not modifiable.
+ *
+ * @return The set of issuer names.
+ */
+ public Collection<Object> getIssuerNames()
+ {
+ if (issuerNames != null)
+ return Collections.unmodifiableList(issuerNames);
+ else
+ return null;
+ }
+
+ /**
+ * Returns the maximum value of the CRLNumber extension present in
+ * CRLs matched by this selector, or <code>null</code> if this
+ * criteria is not set.
+ *
+ * @return The maximum CRL number.
+ */
+ public BigInteger getMaxCRL()
+ {
+ return maxCrlNumber;
+ }
+
+ /**
+ * Returns the minimum value of the CRLNumber extension present in
+ * CRLs matched by this selector, or <code>null</code> if this
+ * criteria is not set.
+ *
+ * @return The minimum CRL number.
+ */
+ public BigInteger getMinCRL()
+ {
+ return minCrlNumber;
+ }
+
+ /**
+ * Sets the maximum value of the CRLNumber extension present in CRLs
+ * matched by this selector. Specify <code>null</code> to clear this
+ * criterion.
+ *
+ * @param maxCrlNumber The maximum CRL number.
+ */
+ public void setMaxCRLNumber(BigInteger maxCrlNumber)
+ {
+ this.maxCrlNumber = maxCrlNumber;
+ }
+
+ /**
+ * Sets the minimum value of the CRLNumber extension present in CRLs
+ * matched by this selector. Specify <code>null</code> to clear this
+ * criterion.
+ *
+ * @param minCrlNumber The minimum CRL number.
+ */
+ public void setMinCRLNumber(BigInteger minCrlNumber)
+ {
+ this.minCrlNumber = minCrlNumber;
+ }
+
+ /**
+ * Returns the date when this CRL must be valid; that is, the date
+ * must be after the thisUpdate date, but before the nextUpdate date.
+ * Returns <code>null</code> if this criterion is not set.
+ *
+ * @return The date.
+ */
+ public Date getDateAndTime()
+ {
+ return date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Sets the date at which this CRL must be valid. Specify
+ * <code>null</code> to clear this criterion.
+ *
+ * @param date The date.
+ */
+ public void setDateAndTime(Date date)
+ {
+ this.date = date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Returns the certificate being checked, or <code>null</code> if this
+ * value is not set.
+ *
+ * @return The certificate.
+ */
+ public X509Certificate getCertificateChecking()
+ {
+ return cert;
+ }
+
+ /**
+ * Sets the certificate being checked. This is not a criterion, but
+ * info used by certificate store implementations to aid in searching.
+ *
+ * @param cert The certificate.
+ */
+ public void setCertificateChecking(X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ /**
+ * Returns a string representation of this selector. The string will
+ * only describe the enabled criteria, so if none are enabled this will
+ * return a string that contains little else besides the class name.
+ *
+ * @return The string.
+ */
+ public String toString()
+ {
+ CPStringBuilder str = new CPStringBuilder(X509CRLSelector.class.getName());
+ String nl = SystemProperties.getProperty("line.separator");
+ String eol = ";" + nl;
+
+ str.append(" {").append(nl);
+ if (issuerNames != null)
+ str.append(" issuer names = ").append(issuerNames).append(eol);
+ if (maxCrlNumber != null)
+ str.append(" max CRL = ").append(maxCrlNumber).append(eol);
+ if (minCrlNumber != null)
+ str.append(" min CRL = ").append(minCrlNumber).append(eol);
+ if (date != null)
+ str.append(" date = ").append(date).append(eol);
+ if (cert != null)
+ str.append(" certificate = ").append(cert).append(eol);
+ str.append("}").append(nl);
+ return str.toString();
+ }
+
+ /**
+ * Checks a CRL against the criteria of this selector, returning
+ * <code>true</code> if the given CRL matches all the criteria.
+ *
+ * @param _crl The CRL being checked.
+ * @return True if the CRL matches, false otherwise.
+ */
+ public boolean match(CRL _crl)
+ {
+ if (!(_crl instanceof X509CRL))
+ return false;
+ X509CRL crl = (X509CRL) _crl;
+ if (issuerNames != null)
+ {
+ if (!issuerNames.contains(crl.getIssuerX500Principal()))
+ return false;
+ }
+ BigInteger crlNumber = null;
+ if (maxCrlNumber != null)
+ {
+ byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+ if (b == null)
+ return false;
+ try
+ {
+ DERValue val = DERReader.read(b);
+ if (!(val.getValue() instanceof BigInteger))
+ return false;
+ crlNumber = (BigInteger) val.getValue();
+ }
+ catch (IOException ioe)
+ {
+ return false;
+ }
+ if (maxCrlNumber.compareTo(crlNumber) < 0)
+ return false;
+ }
+ if (minCrlNumber != null)
+ {
+ if (crlNumber == null)
+ {
+ byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+ if (b == null)
+ return false;
+ try
+ {
+ DERValue val = DERReader.read(b);
+ if (!(val.getValue() instanceof BigInteger))
+ return false;
+ crlNumber = (BigInteger) val.getValue();
+ }
+ catch (IOException ioe)
+ {
+ return false;
+ }
+ }
+ if (minCrlNumber.compareTo(crlNumber) > 0)
+ return false;
+ }
+ if (date != null)
+ {
+ if (date.compareTo(crl.getThisUpdate()) < 0 ||
+ date.compareTo(crl.getNextUpdate()) > 0)
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a copy of this object.
+ *
+ * @return The copy.
+ */
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException shouldNotHappen)
+ {
+ throw new Error(shouldNotHappen);
+ }
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509CertSelector.java b/libjava/classpath/java/security/cert/X509CertSelector.java
new file mode 100644
index 000000000..8c1230afb
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CertSelector.java
@@ -0,0 +1,1319 @@
+/* X509CertSelector.java -- selects X.509 certificates by criteria.
+ Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.classpath.SystemProperties;
+import gnu.java.lang.CPStringBuilder;
+import gnu.java.security.OID;
+import gnu.java.security.x509.GnuPKIExtension;
+import gnu.java.security.x509.ext.CertificatePolicies;
+import gnu.java.security.x509.ext.Extension;
+import gnu.java.security.x509.ext.GeneralName;
+import gnu.java.security.x509.ext.GeneralSubtree;
+import gnu.java.security.x509.ext.NameConstraints;
+import gnu.java.security.x509.ext.GeneralName.Kind;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.InetAddress;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * A concrete implementation of {@link CertSelector} for X.509 certificates,
+ * which allows a number of criteria to be set when accepting certificates,
+ * from validity dates, to issuer and subject distinguished names, to some
+ * of the various X.509 extensions.
+ *
+ * <p>Use of this class requires extensive knowledge of the Internet
+ * Engineering Task Force's Public Key Infrastructure (X.509). The primary
+ * document describing this standard is <a
+ * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * Public Key Infrastructure Certificate and Certificate Revocation List
+ * (CRL) Profile</a>.
+ *
+ * <p>Note that this class is not thread-safe. If multiple threads will
+ * use or modify this class then they need to synchronize on the object.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class X509CertSelector implements CertSelector, Cloneable
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ private static final String AUTH_KEY_ID = "2.5.29.35";
+ private static final String SUBJECT_KEY_ID = "2.5.29.14";
+ private static final String NAME_CONSTRAINTS_ID = "2.5.29.30";
+
+ private static boolean checkOid(int[] oid)
+ {
+ return (oid != null && oid.length > 2 &&
+ (oid[0] >= 0 && oid[0] <= 2) && (oid[1] >= 0 && oid[1] <= 39));
+ }
+
+ private static GeneralName makeName(int id, String name) throws IOException
+ {
+ byte[] nameBytes = null;
+ GeneralName.Kind kind = GeneralName.Kind.forTag(id);
+ switch (Kind.forTag(id))
+ {
+ case dNSName:
+ case rfc822Name:
+ case uniformResourceIdentifier:
+ nameBytes = name.getBytes("ASCII");
+ break;
+
+ case iPAddress:
+ InetAddress addr = InetAddress.getByName(name);
+ nameBytes = addr.getAddress();
+ break;
+
+ case registeredId:
+ OID oid = new OID(name);
+ nameBytes = oid.getDER();
+ break;
+
+ case directoryName:
+ X500Principal xname = new X500Principal(name);
+ nameBytes = xname.getEncoded();
+ break;
+
+ case ediPartyName:
+ case x400Address:
+ case otherName:
+ throw new IOException("cannot decode string representation of "
+ + kind);
+ }
+ return new GeneralName(kind, nameBytes);
+ }
+
+ private int basicConstraints;
+ private X509Certificate cert;
+ private BigInteger serialNo;
+ private X500Principal issuer;
+ private X500Principal subject;
+ private byte[] subjectKeyId;
+ private byte[] authKeyId;
+ private boolean[] keyUsage;
+ private Date certValid;
+ private OID sigId;
+ private PublicKey subjectKey;
+ private X509EncodedKeySpec subjectKeySpec;
+ private Set<String> keyPurposeSet;
+ private List<GeneralName> altNames;
+ private boolean matchAllNames;
+ private byte[] nameConstraints;
+ private Set<OID> policy;
+ private List<GeneralName> pathToNames;
+
+ /**
+ * Creates a new X.509 certificate selector. The new selector will be
+ * empty, and will accept any certificate (provided that it is an
+ * {@link X509Certificate}).
+ */
+ public X509CertSelector()
+ {
+ basicConstraints = -1;
+ }
+
+ /**
+ * Add a name to match in the NameConstraints extension. The argument is
+ * the DER-encoded bytes of a GeneralName structure.
+ *
+ * See the method {@link #addSubjectAlternativeName(int, byte[])} for the
+ * format of the GeneralName structure.
+ *
+ * @param id The name identifier. Must be between 0 and 8.
+ * @param name The DER-encoded bytes of the name to match.
+ * @throws IOException If the name DER is malformed.
+ */
+ public void addPathToName(int id, byte[] name) throws IOException
+ {
+ GeneralName generalName = new GeneralName(GeneralName.Kind.forTag(id), name);
+ if (pathToNames == null)
+ pathToNames = new LinkedList<GeneralName>();
+ pathToNames.add(generalName);
+ }
+
+ /**
+ * Add a name to match in the NameConstraints extension. This method will
+ * only recognize certain types of name that have convenient string
+ * encodings. For robustness, you should use the {@link
+ * #addPathToName(int, byte[])} method whenever possible.
+ *
+ * @param id The name identifier. Must be between 0 and 8.
+ * @param name The name.
+ * @throws IOException If the name cannot be decoded.
+ */
+ public void addPathToName(int id, String name) throws IOException
+ {
+ GeneralName generalName = makeName(id, name);
+ if (pathToNames == null)
+ pathToNames = new LinkedList<GeneralName>();
+ pathToNames.add(generalName);
+ }
+
+ /**
+ * Add a name, as DER-encoded bytes, to the subject alternative names
+ * criterion.
+ *
+ * The name is a GeneralName structure, which has the ASN.1 format:
+ *
+ * <pre>
+ GeneralName ::= CHOICE {
+ otherName [0] OtherName,
+ rfc822Name [1] IA5String,
+ dNSName [2] IA5String,
+ x400Address [3] ORAddress,
+ directoryName [4] Name,
+ ediPartyName [5] EDIPartyName,
+ uniformResourceIdentifier [6] IA5String,
+ iPAddress [7] OCTET STRING,
+ registeredID [8] OBJECT IDENTIFIER }
+</pre>
+ *
+ * @param id The type of name this is.
+ * @param name The DER-encoded name.
+ * @throws IOException If the name is not a valid DER sequence.
+ */
+ public void addSubjectAlternativeName(int id, byte[] name)
+ throws IOException
+ {
+ GeneralName generalName = new GeneralName(GeneralName.Kind.forTag(id), name);
+ if (altNames == null)
+ altNames = new LinkedList<GeneralName>();
+ altNames.add(generalName);
+ }
+
+ /**
+ * Add a name to the subject alternative names criterion. This method will
+ * only recognize certain types of name that have convenient string
+ * encodings. For robustness, you should use the {@link
+ * #addSubjectAlternativeName(int, byte[])} method whenever possible.
+ *
+ * This method can only decode certain name kinds of names as strings.
+ *
+ * @param id The type of name this is. Must be in the range [0,8].
+ * @param name The name.
+ * @throws IOException If the id is out of range, or if the name
+ * is null.
+ */
+ public void addSubjectAlternativeName(int id, String name)
+ throws IOException
+ {
+ GeneralName generalName = makeName(id, name);
+ if (altNames == null)
+ altNames = new LinkedList<GeneralName>();
+ altNames.add(generalName);
+ }
+
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException shouldNotHappen)
+ {
+ throw new Error(shouldNotHappen);
+ }
+ }
+
+ /**
+ * Returns the authority key identifier criterion, or <code>null</code> if
+ * this value was not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The authority key identifier.
+ */
+ public byte[] getAuthorityKeyIdentifier()
+ {
+ if (authKeyId != null)
+ return (byte[]) authKeyId.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the basic constraints criterion, or -1 if this value is not set.
+ *
+ * @return The basic constraints.
+ */
+ public int getBasicConstraints()
+ {
+ return basicConstraints;
+ }
+
+ /**
+ * Returns the certificate criterion, or <code>null</code> if this value
+ * was not set.
+ *
+ * @return The certificate.
+ */
+ public X509Certificate getCertificate()
+ {
+ return cert;
+ }
+
+ /**
+ * Returns the date at which certificates must be valid, or <code>null</code>
+ * if this criterion was not set.
+ *
+ * @return The target certificate valitity date.
+ */
+ public Date getCertificateValid()
+ {
+ if (certValid != null)
+ return (Date) certValid.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the set of extended key purpose IDs, as an unmodifiable set
+ * of OID strings. Returns <code>null</code> if this criterion is not
+ * set.
+ *
+ * @return The set of key purpose OIDs (strings).
+ */
+ public Set<String> getExtendedKeyUsage()
+ {
+ if (keyPurposeSet != null)
+ return Collections.unmodifiableSet(keyPurposeSet);
+ else
+ return null;
+ }
+
+ /**
+ * Returns the issuer criterion as a sequence of DER bytes, or
+ * <code>null</code> if this value was not set.
+ *
+ * @return The issuer.
+ */
+ public byte[] getIssuerAsBytes() throws IOException
+ {
+ if (issuer != null)
+ return issuer.getEncoded();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the issuer criterion as a string, or <code>null</code> if this
+ * value was not set.
+ *
+ * @return The issuer.
+ */
+ public String getIssuerAsString()
+ {
+ if (issuer != null)
+ return issuer.getName();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the public key usage criterion, or <code>null</code> if this
+ * value is not set. Note that the array is cloned to prevent modification.
+ *
+ * @return The public key usage.
+ */
+ public boolean[] getKeyUsage()
+ {
+ if (keyUsage != null)
+ return (boolean[]) keyUsage.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Returns whether or not all specified alternative names must match.
+ * If false, a certificate is considered a match if <em>one</em> of the
+ * specified alternative names matches.
+ *
+ * @return true if all names must match.
+ */
+ public boolean getMatchAllSubjectAltNames()
+ {
+ return matchAllNames;
+ }
+
+ /**
+ * Returns the name constraints criterion, or <code>null</code> if this
+ * value is not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The name constraints.
+ */
+ public byte[] getNameConstraints()
+ {
+ if (nameConstraints != null)
+ return (byte[]) nameConstraints.clone();
+ else
+ return null;
+ }
+
+ public Collection<List<?>> getPathToNames()
+ {
+ if (pathToNames != null)
+ {
+ List<List<?>> names = new ArrayList<List<?>>(pathToNames.size());
+ for (GeneralName name : pathToNames)
+ {
+ List<Object> n = new ArrayList<Object>(2);
+ n.add(name.kind().tag());
+ n.add(name.name());
+ names.add(n);
+ }
+
+ return names;
+ }
+ return null;
+ }
+
+ /**
+ * Returns the certificate policy extension that will be matched by this
+ * selector, or null if the certificate policy will not be matched.
+ *
+ * @return The policy to be matched, or null.
+ */
+ public Set<String> getPolicy()
+ {
+ Set<OID> p = this.policy;
+ if (p != null)
+ {
+ Set<String> strings = new HashSet<String>(p.size());
+ for (OID o : p)
+ {
+ strings.add(o.toString());
+ }
+ return strings;
+ }
+ return null;
+ }
+
+ /**
+ * This method, and its related X.509 certificate extension &mdash; the
+ * private key usage period &mdash; is not supported under the Internet
+ * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this
+ * method is not supported either.
+ *
+ * <p>Do not use this method. It is not deprecated, as it is not deprecated
+ * in the Java standard, but it is basically a no-operation and simply
+ * returns <code>null</code>.
+ *
+ * @return Null.
+ */
+ public Date getPrivateKeyValid()
+ {
+ return null;
+ }
+
+ /**
+ * Returns the serial number criterion, or <code>null</code> if this
+ * value was not set.
+ *
+ * @return The serial number.
+ */
+ public BigInteger getSerialNumber()
+ {
+ return serialNo;
+ }
+
+ /**
+ * Get the subject alternative names criterion. The collection returned
+ * is a collection of pairs: the first element is an {@link Integer}
+ * containing the name type, and the second is a byte array containing
+ * the DER-encoded name bytes.
+ *
+ * @return The subject alternative names criterion. Returns null if this
+ * criterion is not set.
+ */
+ public Collection<List<?>> getSubjectAlternativeNames()
+ {
+ if (altNames != null)
+ {
+ List<List<?>> names = new ArrayList<List<?>>(altNames.size());
+ for (GeneralName name : altNames)
+ {
+ List<Object> n = new ArrayList<Object>(2);
+ n.add(name.kind().tag());
+ n.add(name.name());
+ names.add(n);
+ }
+ return names;
+ }
+ return null;
+ }
+
+ /**
+ * Returns the subject criterion as a sequence of DER bytes, or
+ * <code>null</code> if this value is not set.
+ *
+ * @return The subject.
+ */
+ public byte[] getSubjectAsBytes() throws IOException
+ {
+ if (subject != null)
+ return subject.getEncoded();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the subject criterion as a string, of <code>null</code> if
+ * this value was not set.
+ *
+ * @return The subject.
+ */
+ public String getSubjectAsString()
+ {
+ if (subject != null)
+ return subject.getName();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the subject key identifier criterion, or <code>null</code> if
+ * this value was not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The subject key identifier.
+ */
+ public byte[] getSubjectKeyIdentifier()
+ {
+ if (subjectKeyId != null)
+ return (byte[]) subjectKeyId.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the subject public key criterion, or <code>null</code> if this
+ * value is not set.
+ *
+ * @return The subject public key.
+ */
+ public PublicKey getSubjectPublicKey()
+ {
+ return subjectKey;
+ }
+
+ /**
+ * Returns the public key algorithm ID that matching certificates must have,
+ * or <code>null</code> if this criterion was not set.
+ *
+ * @return The public key algorithm ID.
+ */
+ public String getSubjectPublicKeyAlgID()
+ {
+ return String.valueOf(sigId);
+ }
+
+ /**
+ * Match a certificate. This method will check the given certificate
+ * against all the enabled criteria of this selector, and will return
+ * <code>true</code> if the given certificate matches.
+ *
+ * @param certificate The certificate to check.
+ * @return true if the certificate matches all criteria.
+ */
+ public boolean match(Certificate certificate)
+ {
+ if (!(certificate instanceof X509Certificate))
+ return false;
+ X509Certificate cert = (X509Certificate) certificate;
+ if (this.cert != null)
+ {
+ try
+ {
+ byte[] e1 = this.cert.getEncoded();
+ byte[] e2 = cert.getEncoded();
+ if (!Arrays.equals(e1, e2))
+ return false;
+ }
+ catch (CertificateEncodingException cee)
+ {
+ return false;
+ }
+ }
+ if (serialNo != null)
+ {
+ if (!serialNo.equals(cert.getSerialNumber()))
+ return false;
+ }
+ if (certValid != null)
+ {
+ try
+ {
+ cert.checkValidity(certValid);
+ }
+ catch (CertificateException ce)
+ {
+ return false;
+ }
+ }
+ if (issuer != null)
+ {
+ if (!issuer.equals(cert.getIssuerX500Principal()))
+ return false;
+ }
+ if (subject != null)
+ {
+ if (!subject.equals(cert.getSubjectX500Principal()))
+ return false;
+ }
+ if (sigId != null)
+ {
+ if (!sigId.toString().equals(cert.getSigAlgOID()))
+ return false;
+ }
+ if (subjectKeyId != null)
+ {
+ byte[] b = cert.getExtensionValue(SUBJECT_KEY_ID);
+ if (!Arrays.equals(b, subjectKeyId))
+ return false;
+ }
+ if (authKeyId != null)
+ {
+ byte[] b = cert.getExtensionValue(AUTH_KEY_ID);
+ if (!Arrays.equals(b, authKeyId))
+ return false;
+ }
+ if (keyUsage != null)
+ {
+ boolean[] b = cert.getKeyUsage();
+ if (!Arrays.equals(b, keyUsage))
+ return false;
+ }
+ if (basicConstraints >= 0)
+ {
+ if (cert.getBasicConstraints() != basicConstraints)
+ return false;
+ }
+ if (keyPurposeSet != null)
+ {
+ List kp = null;
+ try
+ {
+ kp = cert.getExtendedKeyUsage();
+ }
+ catch (CertificateParsingException cpe)
+ {
+ return false;
+ }
+ if (kp == null)
+ return false;
+ for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); )
+ {
+ if (!kp.contains(it.next()))
+ return false;
+ }
+ }
+ if (altNames != null)
+ {
+ Collection<List<?>> an = null;
+ try
+ {
+ an = cert.getSubjectAlternativeNames();
+ }
+ catch (CertificateParsingException cpe)
+ {
+ return false;
+ }
+ if (an == null)
+ return false;
+ int match = 0;
+ for (GeneralName name : altNames)
+ {
+ for (List<?> list : an)
+ {
+ try
+ {
+ Integer id = (Integer) list.get(0);
+ Object val = list.get(1);
+ GeneralName n = null;
+ if (val instanceof String)
+ n = makeName(id, (String) val);
+ else if (val instanceof byte[])
+ {
+ n = new GeneralName(GeneralName.Kind.forTag(id),
+ (byte[]) val);
+ }
+ else
+ continue;
+ if (name.equals(n))
+ match++;
+ }
+ catch (Exception e)
+ {
+ continue;
+ }
+ }
+ if (match == 0 || (matchAllNames && match < altNames.size()))
+ return false;
+ }
+ }
+ if (nameConstraints != null)
+ {
+ byte[] nc = cert.getExtensionValue(NAME_CONSTRAINTS_ID);
+ if (!Arrays.equals(nameConstraints, nc))
+ return false;
+ }
+
+ if (policy != null)
+ {
+ CertificatePolicies policies = null;
+ if (cert instanceof GnuPKIExtension)
+ {
+ policies = (CertificatePolicies)
+ ((GnuPKIExtension) cert).getExtension(CertificatePolicies.ID).getValue();
+ }
+ else
+ {
+ byte[] policiesDer =
+ cert.getExtensionValue(CertificatePolicies.ID.toString());
+ try
+ {
+ policies = new CertificatePolicies(policiesDer);
+ }
+ catch (IOException ioe)
+ {
+ // ignored
+ }
+ }
+
+ if (policies == null)
+ return false;
+ if (!policies.getPolicies().containsAll(policy))
+ return false;
+ }
+
+ if (pathToNames != null)
+ {
+ NameConstraints nc = null;
+ if (cert instanceof GnuPKIExtension)
+ {
+ Extension e =
+ ((GnuPKIExtension) cert).getExtension(NameConstraints.ID);
+ if (e != null)
+ nc = (NameConstraints) e.getValue();
+ }
+ else
+ {
+ byte[] b = cert.getExtensionValue(NameConstraints.ID.toString());
+ if (b != null)
+ {
+ try
+ {
+ nc = new NameConstraints(b);
+ }
+ catch (IOException ioe)
+ {
+ }
+ }
+ }
+
+ if (nc == null)
+ return false;
+
+ int match = 0;
+ for (GeneralName name : pathToNames)
+ {
+ for (GeneralSubtree subtree : nc.permittedSubtrees())
+ {
+ if (name.equals(subtree.base()))
+ match++;
+ }
+ }
+ if (match == 0 || (matchAllNames && match < pathToNames.size()))
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Sets the authority key identifier criterion, or <code>null</code> to clear
+ * this criterion. Note that the byte array is cloned to prevent modification.
+ *
+ * @param authKeyId The authority key identifier.
+ */
+ public void setAuthorityKeyIdentifier(byte[] authKeyId)
+ {
+ this.authKeyId = authKeyId != null ? (byte[]) authKeyId.clone() : null;
+ }
+
+ /**
+ * Sets the basic constraints criterion. Specify -1 to clear this parameter.
+ *
+ * @param basicConstraints The new basic constraints value.
+ */
+ public void setBasicConstraints(int basicConstraints)
+ {
+ if (basicConstraints < -1)
+ basicConstraints = -1;
+ this.basicConstraints = basicConstraints;
+ }
+
+ /**
+ * Sets the certificate criterion. If set, only certificates that are
+ * equal to the certificate passed here will be accepted.
+ *
+ * @param cert The certificate.
+ */
+ public void setCertificate(X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ /**
+ * Sets the date at which certificates must be valid. Specify
+ * <code>null</code> to clear this criterion.
+ *
+ * @param certValid The certificate validity date.
+ */
+ public void setCertificateValid(Date certValid)
+ {
+ this.certValid = certValid != null ? (Date) certValid.clone() : null;
+ }
+
+ /**
+ * Sets the extended key usage criterion, as a set of OID strings. Specify
+ * <code>null</code> to clear this value.
+ *
+ * @param keyPurposeSet The set of key purpose OIDs.
+ * @throws IOException If any element of the set is not a valid OID string.
+ */
+ public void setExtendedKeyUsage(Set<String> keyPurposeSet) throws IOException
+ {
+ if (keyPurposeSet == null)
+ {
+ this.keyPurposeSet = null;
+ return;
+ }
+ Set<String> s = new HashSet<String>();
+ for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (!(o instanceof String))
+ throw new IOException("not a string: " + o);
+ try
+ {
+ OID oid = new OID((String) o);
+ int[] comp = oid.getIDs();
+ if (!checkOid(comp))
+ throw new IOException("malformed OID: " + o);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed OID: " + o);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ this.keyPurposeSet = s;
+ }
+
+ /**
+ * Sets the issuer, specified as the DER encoding of the issuer's
+ * distinguished name. Only certificates issued by this issuer will
+ * be accepted.
+ *
+ * @param name The DER encoding of the issuer's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setIssuer(byte[] name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ issuer = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ issuer = null;
+ }
+
+ /**
+ * Sets the issuer, specified as a string representation of the issuer's
+ * distinguished name. Only certificates issued by this issuer will
+ * be accepted.
+ *
+ * @param name The string representation of the issuer's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setIssuer(String name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ issuer = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ issuer = null;
+ }
+
+ /**
+ * Sets the public key usage criterion. Specify <code>null</code> to clear
+ * this value.
+ *
+ * @param keyUsage The public key usage.
+ */
+ public void setKeyUsage(boolean[] keyUsage)
+ {
+ this.keyUsage = keyUsage != null ? (boolean[]) keyUsage.clone() : null;
+ }
+
+ /**
+ * Sets whether or not all subject alternative names must be matched.
+ * If false, then a certificate will be considered a match if one
+ * alternative name matches.
+ *
+ * @param matchAllNames Whether or not all alternative names must be
+ * matched.
+ */
+ public void setMatchAllSubjectAltNames(boolean matchAllNames)
+ {
+ this.matchAllNames = matchAllNames;
+ }
+
+ /**
+ * Sets the name constraints criterion; specify <code>null</code> to
+ * clear this criterion. Note that if non-null, the argument will be
+ * cloned to prevent modification.
+ *
+ * @param nameConstraints The new name constraints.
+ * @throws IOException If the argument is not a valid DER-encoded
+ * name constraints.
+ */
+ public void setNameConstraints(byte[] nameConstraints)
+ throws IOException
+ {
+ // Check if the input is well-formed...
+ new NameConstraints(nameConstraints);
+
+ // But we just compare raw byte arrays.
+ this.nameConstraints = nameConstraints != null
+ ? (byte[]) nameConstraints.clone() : null;
+ }
+
+ /**
+ * Sets the pathToNames criterion. The argument is a collection of
+ * pairs, the first element of which is an {@link Integer} giving
+ * the ID of the name, and the second element is either a {@link String}
+ * or a byte array.
+ *
+ * See {@link #addPathToName(int, byte[])} and {@link #addPathToName(int, String)}
+ * for how these arguments are handled.
+ *
+ * @param names The names.
+ * @throws IOException If any argument is malformed.
+ */
+ public void setPathToNames(Collection<List<?>> names) throws IOException
+ {
+ if (names == null || names.size() == 0)
+ {
+ pathToNames = null;
+ }
+ else
+ {
+ pathToNames = new ArrayList<GeneralName>(names.size());
+ for (List<?> name : names)
+ {
+ Integer id = (Integer) name.get(0);
+ Object name2 = name.get(1);
+ if (name2 instanceof String)
+ addPathToName(id, (String) name2);
+ else if (name2 instanceof byte[])
+ addPathToName(id, (byte[]) name2);
+ else
+ throw new IOException("invalid name type: "
+ + name2.getClass().getName());
+ }
+ }
+ }
+
+ /**
+ * Sets the certificate policy to match, or null if this criterion should
+ * not be checked. Each element if the set must be a dotted-decimal form
+ * of certificate policy object identifier.
+ *
+ * @param policy The policy to match.
+ * @throws IOException If some element of the policy is not a valid
+ * policy extenison OID.
+ */
+ public void setPolicy(Set<String> policy) throws IOException
+ {
+ if (policy != null)
+ {
+ HashSet<OID> p = new HashSet<OID>(policy.size());
+ for (String s : policy)
+ {
+ try
+ {
+ OID oid = new OID(s);
+ int[] i = oid.getIDs();
+ if (!checkOid(i))
+ throw new IOException("invalid OID");
+ p.add(oid);
+ }
+ catch (IOException ioe)
+ {
+ throw ioe;
+ }
+ catch (Exception x)
+ {
+ IOException ioe = new IOException("invalid OID");
+ ioe.initCause(x);
+ throw ioe;
+ }
+ }
+ this.policy = p;
+ }
+ else
+ this.policy = null;
+ }
+
+ /**
+ * This method, and its related X.509 certificate extension &mdash; the
+ * private key usage period &mdash; is not supported under the Internet
+ * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this
+ * method is not supported either.
+ *
+ * <p>Do not use this method. It is not deprecated, as it is not deprecated
+ * in the Java standard, but it is basically a no-operation.
+ *
+ * @param UNUSED Is silently ignored.
+ */
+ public void setPrivateKeyValid(Date UNUSED)
+ {
+ }
+
+ /**
+ * Sets the serial number of the desired certificate. Only certificates that
+ * contain this serial number are accepted.
+ *
+ * @param serialNo The serial number.
+ */
+ public void setSerialNumber(BigInteger serialNo)
+ {
+ this.serialNo = serialNo;
+ }
+
+ /**
+ * Sets the subject, specified as the DER encoding of the subject's
+ * distinguished name. Only certificates with the given subject will
+ * be accepted.
+ *
+ * @param name The DER encoding of the subject's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setSubject(byte[] name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ subject = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ subject = null;
+ }
+
+ /**
+ * Sets the subject, specified as a string representation of the
+ * subject's distinguished name. Only certificates with the given
+ * subject will be accepted.
+ *
+ * @param name The string representation of the subject's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setSubject(String name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ subject = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ subject = null;
+ }
+
+ /**
+ * Sets the subject alternative names critertion. Each element of the
+ * argument must be a {@link java.util.List} that contains exactly two
+ * elements: the first an {@link Integer}, representing the type of
+ * name, and the second either a {@link String} or a byte array,
+ * representing the name itself.
+ *
+ * @param altNames The alternative names.
+ * @throws IOException If any element of the argument is invalid.
+ */
+ public void setSubjectAlternativeNames(Collection<List<?>> altNames)
+ throws IOException
+ {
+ if (altNames == null || altNames.isEmpty())
+ {
+ this.altNames = null;
+ return;
+ }
+ List<GeneralName> l = new ArrayList<GeneralName>(altNames.size());
+ for (List<?> list : altNames)
+ {
+ Integer id = (Integer) list.get(0);
+ Object value = list.get(1);
+ GeneralName name = null;
+ if (value instanceof String)
+ name = makeName(id, (String) value);
+ else if (value instanceof byte[])
+ name = new GeneralName(GeneralName.Kind.forTag(id), (byte[]) value);
+ else
+ throw new IOException("invalid name type: " + value.getClass().getName());
+ l.add(name);
+ }
+ this.altNames = l;
+ }
+
+ /**
+ * Sets the subject key identifier criterion, or <code>null</code> to clear
+ * this criterion. Note that the byte array is cloned to prevent modification.
+ *
+ * @param subjectKeyId The subject key identifier.
+ */
+ public void setSubjectKeyIdentifier(byte[] subjectKeyId)
+ {
+ this.subjectKeyId = subjectKeyId != null ? (byte[]) subjectKeyId.clone() :
+ null;
+ }
+
+ /**
+ * Sets the subject public key criterion as a DER-encoded key. Specify
+ * <code>null</code> to clear this value.
+ *
+ * @param key The DER-encoded key bytes.
+ * @throws IOException If the argument is not a valid DER-encoded key.
+ */
+ public void setSubjectPublicKey(byte[] key) throws IOException
+ {
+ if (key == null)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ return;
+ }
+ try
+ {
+ subjectKeySpec = new X509EncodedKeySpec(key);
+ KeyFactory enc = KeyFactory.getInstance("X.509");
+ subjectKey = enc.generatePublic(subjectKeySpec);
+ }
+ catch (Exception x)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ IOException ioe = new IOException(x.getMessage());
+ ioe.initCause(x);
+ throw ioe;
+ }
+ }
+
+ /**
+ * Sets the subject public key criterion as an opaque representation.
+ * Specify <code>null</code> to clear this criterion.
+ *
+ * @param key The public key.
+ */
+ public void setSubjectPublicKey(PublicKey key)
+ {
+ this.subjectKey = key;
+ if (key == null)
+ {
+ subjectKeySpec = null;
+ return;
+ }
+ try
+ {
+ KeyFactory enc = KeyFactory.getInstance("X.509");
+ subjectKeySpec = (X509EncodedKeySpec)
+ enc.getKeySpec(key, X509EncodedKeySpec.class);
+ }
+ catch (Exception x)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ }
+ }
+
+ /**
+ * Sets the public key algorithm ID that matching certificates must have.
+ * Specify <code>null</code> to clear this criterion.
+ *
+ * @param sigId The public key ID.
+ * @throws IOException If the specified ID is not a valid object identifier.
+ */
+ public void setSubjectPublicKeyAlgID(String sigId) throws IOException
+ {
+ if (sigId != null)
+ {
+ try
+ {
+ OID oid = new OID(sigId);
+ int[] comp = oid.getIDs();
+ if (!checkOid(comp))
+ throw new IOException("malformed OID: " + sigId);
+ this.sigId = oid;
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed OID: " + sigId);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else
+ this.sigId = null;
+ }
+
+ public String toString()
+ {
+ CPStringBuilder str = new CPStringBuilder(X509CertSelector.class.getName());
+ String nl = SystemProperties.getProperty("line.separator");
+ String eol = ";" + nl;
+ str.append(" {").append(nl);
+ if (cert != null)
+ str.append(" certificate = ").append(cert).append(eol);
+ if (basicConstraints >= 0)
+ str.append(" basic constraints = ").append(basicConstraints).append(eol);
+ if (serialNo != null)
+ str.append(" serial number = ").append(serialNo).append(eol);
+ if (certValid != null)
+ str.append(" valid date = ").append(certValid).append(eol);
+ if (issuer != null)
+ str.append(" issuer = ").append(issuer).append(eol);
+ if (subject != null)
+ str.append(" subject = ").append(subject).append(eol);
+ if (sigId != null)
+ str.append(" signature OID = ").append(sigId).append(eol);
+ if (subjectKey != null)
+ str.append(" subject public key = ").append(subjectKey).append(eol);
+ if (subjectKeyId != null)
+ {
+ str.append(" subject key ID = ");
+ for (int i = 0; i < subjectKeyId.length; i++)
+ {
+ str.append(Character.forDigit((subjectKeyId[i] & 0xF0) >>> 8, 16));
+ str.append(Character.forDigit((subjectKeyId[i] & 0x0F), 16));
+ if (i < subjectKeyId.length - 1)
+ str.append(':');
+ }
+ str.append(eol);
+ }
+ if (authKeyId != null)
+ {
+ str.append(" authority key ID = ");
+ for (int i = 0; i < authKeyId.length; i++)
+ {
+ str.append(Character.forDigit((authKeyId[i] & 0xF0) >>> 8, 16));
+ str.append(Character.forDigit((authKeyId[i] & 0x0F), 16));
+ if (i < authKeyId.length - 1)
+ str.append(':');
+ }
+ str.append(eol);
+ }
+ if (keyUsage != null)
+ {
+ str.append(" key usage = ");
+ for (int i = 0; i < keyUsage.length; i++)
+ str.append(keyUsage[i] ? '1' : '0');
+ str.append(eol);
+ }
+ if (keyPurposeSet != null)
+ str.append(" key purpose = ").append(keyPurposeSet).append(eol);
+ if (altNames != null)
+ str.append(" alternative names = ").append(altNames).append(eol);
+ if (nameConstraints != null)
+ str.append(" name constraints = <blob of data>").append(eol);
+ if (policy != null)
+ str.append(" policy = ").append(policy).append(eol);
+ if (pathToNames != null)
+ str.append(" pathToNames = ").append(pathToNames).append(eol);
+ str.append("}").append(nl);
+ return str.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509Certificate.java b/libjava/classpath/java/security/cert/X509Certificate.java
new file mode 100644
index 000000000..ab9e1be37
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509Certificate.java
@@ -0,0 +1,589 @@
+/* X509Certificate.java --- X.509 Certificate class
+ Copyright (C) 1999,2003, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * X509Certificate is the abstract class for X.509 certificates.
+ * This provides a stanard class interface for accessing all
+ * the attributes of X.509 certificates.
+ *
+ * <p>In June 1996, the basic X.509 v3 format was finished by
+ * ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
+ *
+ * <blockquote><pre>
+ * Certificate ::= SEQUENCE {
+ * tbsCertificate TBSCertificate,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signatureValue BIT STRING }
+ * </pre></blockquote>
+ *
+ * <p>These certificates are widely used in various Internet
+ * protocols to support authentication. It is used in
+ * Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
+ * Secure Sockets Layer (SSL), code signing for trusted software
+ * distribution, and Secure Electronic Transactions (SET).
+ *
+ * <p>The certificates are managed and vouched for by
+ * <I>Certificate Authorities</I> (CAs). CAs are companies or
+ * groups that create certificates by placing the data in the
+ * X.509 certificate format and signing it with their private
+ * key. CAs serve as trusted third parties by certifying that
+ * the person or group specified in the certificate is who
+ * they say they are.
+ *
+ * <p>The ASN.1 defintion for <I>tbsCertificate</I> is
+ *
+ * <blockquote><pre>
+ * TBSCertificate ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * serialNumber CertificateSerialNumber,
+ * signature AlgorithmIdentifier,
+ * issuer Name,
+ * validity Validity,
+ * subject Name,
+ * subjectPublicKeyInfo SubjectPublicKeyInfo,
+ * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- If present, version shall be v2 or v3
+ * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- If present, version shall be v2 or v3
+ * extensions [3] EXPLICIT Extensions OPTIONAL
+ * -- If present, version shall be v3
+ * }
+ *
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ *
+ * CertificateSerialNumber ::= INTEGER
+ *
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time }
+ *
+ * Time ::= CHOICE {
+ * utcTime UTCTime,
+ * generalTime GeneralizedTime }
+ *
+ * UniqueIdentifier ::= BIT STRING
+ *
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ *
+ * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+ *
+ * Extension ::= SEQUENCE {
+ * extnID OBJECT IDENTIFIER,
+ * critical BOOLEAN DEFAULT FALSE,
+ * extnValue OCTET STRING }
+ * </pre></blockquote>
+ *
+ * Certificates are created with the CertificateFactory.
+ *
+ * <p>References:
+ *
+ * <ol>
+ * <li>Olivier Dubuisson, Philippe Fouquart (Translator) <i>ASN.1 -
+ * Communication between heterogeneous systems</i>, (C) September 2000,
+ * Morgan Kaufmann Publishers, ISBN 0-12-6333361-0. Available on-line at
+ * <a
+ * href="http://www.oss.com/asn1/dubuisson.html">http://www.oss.com/asn1/dubuisson.html</a></li>
+ * <li>R. Housley et al, <i><a href="http://www.ietf.org/rfc/rfc3280.txt">RFC
+ * 3280: Internet X.509 Public Key Infrastructure Certificate and CRL
+ * Profile</a></i>.</li>
+ * </ol>
+ *
+ * @since 1.2
+ * @author Mark Benvenuto
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class X509Certificate
+ extends Certificate
+ implements X509Extension
+{
+ private static final long serialVersionUID = -2491127588187038216L;
+
+ /**
+ * Constructs a new certificate of the specified type.
+ */
+ protected X509Certificate()
+ {
+ super( "X.509" );
+ }
+
+ /**
+ Checks the validity of the X.509 certificate. It is valid
+ if the current date and time are within the period specified
+ by the certificate.
+
+ The ASN.1 DER encoding is:
+
+ validity Validity,
+
+ Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @throws CertificateExpiredException if the certificate expired
+ @throws CertificateNotYetValidException if the certificate is
+ not yet valid
+ */
+ public abstract void checkValidity()
+ throws CertificateExpiredException,
+ CertificateNotYetValidException;
+
+ /**
+ Checks the validity of the X.509 certificate for the
+ specified time and date. It is valid if the specified
+ date and time are within the period specified by
+ the certificate.
+
+ @throws CertificateExpiredException if the certificate expired
+ based on the date
+ @throws CertificateNotYetValidException if the certificate is
+ not yet valid based on the date
+ */
+ public abstract void checkValidity(Date date)
+ throws CertificateExpiredException,
+ CertificateNotYetValidException;
+
+ /**
+ Returns the version of this certificate.
+
+ The ASN.1 DER encoding is:
+
+ version [0] EXPLICIT Version DEFAULT v1,
+
+ Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+ Consult rfc2459 for more information.
+
+ @return version number of certificate
+ */
+ public abstract int getVersion();
+
+ /**
+ Gets the serial number for serial Number in
+ this Certifcate. It must be a unique number
+ unique other serial numbers from the granting CA.
+
+ The ASN.1 DER encoding is:
+
+ serialNumber CertificateSerialNumber,
+
+ CertificateSerialNumber ::= INTEGER
+
+ Consult rfc2459 for more information.
+
+ @return the serial number for this X509CRLEntry.
+ */
+ public abstract BigInteger getSerialNumber();
+
+ /**
+ Returns the issuer (issuer distinguished name) of the
+ Certificate. The issuer is the entity who signed
+ and issued the Certificate.
+
+ The ASN.1 DER encoding is:
+
+ issuer Name,
+
+ Name ::= CHOICE {
+ RDNSequence }
+
+ RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+ RelativeDistinguishedName ::=
+ SET OF AttributeTypeAndValue
+
+ AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+ AttributeType ::= OBJECT IDENTIFIER
+
+ AttributeValue ::= ANY DEFINED BY AttributeType
+
+ DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1.. MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+ */
+ public abstract Principal getIssuerDN();
+
+ /**
+ Returns the subject (subject distinguished name) of the
+ Certificate. The subject is the entity who the Certificate
+ identifies.
+
+ The ASN.1 DER encoding is:
+
+ subject Name,
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+ */
+ public abstract Principal getSubjectDN();
+
+ /**
+ Returns the date that this certificate is not to be used
+ before, <I>notBefore</I>.
+
+ The ASN.1 DER encoding is:
+
+ validity Validity,
+
+ Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the date <I>notBefore</I>
+ */
+ public abstract Date getNotBefore();
+
+ /**
+ Returns the date that this certificate is not to be used
+ after, <I>notAfter</I>.
+
+ @return the date <I>notAfter</I>
+ */
+ public abstract Date getNotAfter();
+
+
+ /**
+ Returns the <I>tbsCertificate</I> from the certificate.
+
+ @return the DER encoded tbsCertificate
+
+ @throws CertificateEncodingException if encoding error occurred
+ */
+ public abstract byte[] getTBSCertificate() throws CertificateEncodingException;
+
+ /**
+ Returns the signature in its raw DER encoded format.
+
+ The ASN.1 DER encoding is:
+
+ signatureValue BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return byte array representing signature
+ */
+ public abstract byte[] getSignature();
+
+ /**
+ Returns the signature algorithm used to sign the CRL.
+ An examples is "SHA-1/DSA".
+
+ The ASN.1 DER encoding is:
+
+ signatureAlgorithm AlgorithmIdentifier,
+
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ The algorithm name is determined from the OID.
+
+ @return a string with the signature algorithm name
+ */
+ public abstract String getSigAlgName();
+
+
+ /**
+ Returns the OID for the signature algorithm used.
+ Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+ The ASN.1 DER encoding for the example is:
+
+ id-dsa-with-sha1 ID ::= {
+ iso(1) member-body(2) us(840) x9-57 (10040)
+ x9cm(4) 3 }
+
+ Consult rfc2459 for more information.
+
+ @return a string containing the OID.
+ */
+ public abstract String getSigAlgOID();
+
+
+ /**
+ Returns the AlgorithmParameters in the encoded form
+ for the signature algorithm used.
+
+ If access to the parameters is need, create an
+ instance of AlgorithmParameters.
+
+ @return byte array containing algorithm parameters, null
+ if no parameters are present in certificate
+ */
+ public abstract byte[] getSigAlgParams();
+
+
+ /**
+ Returns the issuer unique ID for this certificate.
+
+ The ASN.1 DER encoding is:
+
+ issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+
+ UniqueIdentifier ::= BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>issuerUniqueID</I>
+ */
+ public abstract boolean[] getIssuerUniqueID();
+
+ /**
+ Returns the subject unique ID for this certificate.
+
+ The ASN.1 DER encoding is:
+
+ subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+
+ UniqueIdentifier ::= BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>subjectUniqueID</I>
+ */
+ public abstract boolean[] getSubjectUniqueID();
+
+ /**
+ Returns a boolean array representing the <I>KeyUsage</I>
+ extension for the certificate. The KeyUsage (OID = 2.5.29.15)
+ defines the purpose of the key in the certificate.
+
+ The ASN.1 DER encoding is:
+
+ id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
+
+ KeyUsage ::= BIT STRING {
+ digitalSignature (0),
+ nonRepudiation (1),
+ keyEncipherment (2),
+ dataEncipherment (3),
+ keyAgreement (4),
+ keyCertSign (5),
+ cRLSign (6),
+ encipherOnly (7),
+ decipherOnly (8) }
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>KeyUsage</I>
+ */
+ public abstract boolean[] getKeyUsage();
+
+ /**
+ Returns the certificate constraints path length from the
+ critical BasicConstraints extension, (OID = 2.5.29.19).
+
+ The basic constraints extensions is used to determine if
+ the subject of the certificate is a Certificate Authority (CA)
+ and how deep the certification path may exist. The
+ <I>pathLenConstraint</I> only takes affect if <I>cA</I>
+ is set to true. "A value of zero indicates that only an
+ end-entity certificate may follow in the path." (rfc2459)
+
+ The ASN.1 DER encoding is:
+
+ id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
+
+ BasicConstraints ::= SEQUENCE {
+ cA BOOLEAN DEFAULT FALSE,
+ pathLenConstraint INTEGER (0..MAX) OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ @return the length of the path constraint if BasicConstraints
+ is present and cA is TRUE. Otherwise returns -1.
+ */
+ public abstract int getBasicConstraints();
+
+ // 1.4 instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the <code>ExtendedKeyUsage</code> extension of this
+ * certificate, or null if there is no extension present. The returned
+ * value is a {@link java.util.List} strings representing the object
+ * identifiers of the extended key usages. This extension has the OID
+ * 2.5.29.37.
+ *
+ * <p>The ASN.1 definition for this extension is:
+ *
+ * <blockquote><pre>
+ * ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ * </pre></blockquote>
+ *
+ * @return The list of extension OIDs, or null if there are none
+ * present in this certificate.
+ * @throws CertificateParsingException If this extension cannot be
+ * parsed from its encoded form.
+ */
+ public java.util.List<String> getExtendedKeyUsage()
+ throws CertificateParsingException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the alternative names for this certificate's subject (the
+ * owner), or null if there are none.
+ *
+ * <p>This is an X.509 extension with OID 2.5.29.17 and is defined by
+ * the ASN.1 construction:
+ *
+ * <blockquote><pre>
+ * SubjectAltNames ::= GeneralNames
+ *
+ * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+ *
+ * GeneralName ::= CHOICE {
+ * otherName [0] OtherName,
+ * rfc822Name [1] IA5String,
+ * dNSName [2] IA5String,
+ * x400Address [3] ORAddress,
+ * directoryName [4] Name,
+ * ediPartyName [5] EDIPartyName,
+ * uniformResourceIdentifier [6] IA5String,
+ * iPAddress [7] OCTET STRING,
+ * registeredID [8] OBJECT IDENTIFIER
+ * }
+ * </pre></blockquote>
+ *
+ * <p>The returned collection contains one or more two-element Lists,
+ * with the first object being an Integer representing the choice
+ * above (with value 0 through 8) and the second being an (a) String
+ * if the <code>GeneralName</code> is a rfc822Name, dNSName,
+ * uniformResourceIdentifier, iPAddress, or registeredID, or (b) a
+ * byte array of the DER encoded form for any others.
+ *
+ * @return The collection of alternative names, or null if there are
+ * none.
+ * @throws CertificateParsingException If the encoded extension cannot
+ * be parsed.
+ * @since JDK 1.4
+ */
+ public java.util.Collection<List<?>> getSubjectAlternativeNames()
+ throws CertificateParsingException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the alternative names for this certificate's issuer, or
+ * null if there are none.
+ *
+ * <p>This is an X.509 extension with OID 2.5.29.18, and is defined by
+ * the ASN.1 construction:
+ *
+ * <blockquote><pre>
+ * IssuerAltNames ::= GeneralNames
+ * </pre></blockquote>
+ *
+ * <p>The <code>GeneralNames</code> construct and the form of the
+ * returned collection are the same as with {@link
+ * #getSubjectAlternativeNames()}.
+ *
+ * @return The collection of alternative names, or null if there are
+ * none.
+ * @throws CertificateParsingException If the encoded extension cannot
+ * be parsed.
+ * @since JDK 1.4
+ */
+ public java.util.Collection<List<?>> getIssuerAlternativeNames()
+ throws CertificateParsingException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the X.500 distinguished name of this certificate's subject.
+ *
+ * @return The subject's X.500 distinguished name.
+ * @since JDK 1.4
+ */
+ public javax.security.auth.x500.X500Principal getSubjectX500Principal()
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the X.500 distinguished name of this certificate's issuer.
+ *
+ * @return The issuer's X.500 distinguished name.
+ * @since JDK 1.4
+ */
+ public javax.security.auth.x500.X500Principal getIssuerX500Principal()
+ {
+ throw new UnsupportedOperationException();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509Extension.java b/libjava/classpath/java/security/cert/X509Extension.java
new file mode 100644
index 000000000..a0c24f429
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509Extension.java
@@ -0,0 +1,113 @@
+/* X509Extension.java --- X.509 Extension
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+import java.util.Set;
+
+/**
+ Public interface for the X.509 Extension.
+
+ This is used for X.509 v3 Certificates and CRL v2 (Certificate
+ Revocation Lists) for managing attributes assoicated with
+ Certificates, for managing the hierarchy of certificates,
+ and for managing the distribution of CRL. This extension
+ format is used to define private extensions.
+
+ Each extensions for a certificate or CRL must be marked
+ either critical or non-critical. If the certificate/CRL
+ system encounters a critical extension not recognized then
+ it must reject the certificate. A non-critical extension
+ may be just ignored if not recognized.
+
+
+ The ASN.1 definition for this class is:
+
+ Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+ Extension ::= SEQUENCE {
+ extnId OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING
+ -- contains a DER encoding of a value
+ -- of the type registered for use with
+ -- the extnId object identifier value
+ }
+
+ @author Mark Benvenuto
+
+ @since 1.2
+*/
+public interface X509Extension
+{
+
+ /**
+ Returns true if the certificate contains a critical extension
+ that is not supported.
+
+ @return true if has unsupported extension, false otherwise
+ */
+ boolean hasUnsupportedCriticalExtension();
+
+ /**
+ Returns a set of the CRITICAL extension OIDs from the
+ certificate/CRL that the object implementing this interface
+ manages.
+
+ @return A Set containing the OIDs. If there are no CRITICAL
+ extensions or extensions at all this returns null.
+ */
+ Set<String> getCriticalExtensionOIDs();
+
+ /**
+ Returns a set of the NON-CRITICAL extension OIDs from the
+ certificate/CRL that the object implementing this interface
+ manages.
+
+ @return A Set containing the OIDs. If there are no NON-CRITICAL
+ extensions or extensions at all this returns null.
+ */
+ Set<String> getNonCriticalExtensionOIDs();
+
+ /**
+ Returns the DER encoded OCTET string for the specified
+ extension value identified by a OID. The OID is a string
+ of number separated by periods. Ex: 12.23.45.67
+ */
+ byte[] getExtensionValue(String oid);
+
+}
diff --git a/libjava/classpath/java/security/cert/package.html b/libjava/classpath/java/security/cert/package.html
new file mode 100644
index 000000000..14b12d16c
--- /dev/null
+++ b/libjava/classpath/java/security/cert/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in java.security.cert package.
+ Copyright (C) 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - java.security.cert</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>