summaryrefslogtreecommitdiff
path: root/libjava/classpath/java/security
diff options
context:
space:
mode:
authorupstream source tree <ports@midipix.org>2015-03-15 20:14:05 -0400
committerupstream source tree <ports@midipix.org>2015-03-15 20:14:05 -0400
commit554fd8c5195424bdbcabf5de30fdc183aba391bd (patch)
tree976dc5ab7fddf506dadce60ae936f43f58787092 /libjava/classpath/java/security
downloadcbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.bz2
cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.xz
obtained gcc-4.6.4.tar.bz2 from upstream website;upstream
verified gcc-4.6.4.tar.bz2.sig; imported gcc-4.6.4 source tree from verified upstream tarball. downloading a git-generated archive based on the 'upstream' tag should provide you with a source tree that is binary identical to the one extracted from the above tarball. if you have obtained the source via the command 'git clone', however, do note that line-endings of files in your working directory might differ from line-endings of the respective files in the upstream repository.
Diffstat (limited to 'libjava/classpath/java/security')
-rw-r--r--libjava/classpath/java/security/AccessControlContext.java218
-rw-r--r--libjava/classpath/java/security/AccessControlException.java97
-rw-r--r--libjava/classpath/java/security/AccessController.java229
-rw-r--r--libjava/classpath/java/security/AlgorithmParameterGenerator.java277
-rw-r--r--libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java94
-rw-r--r--libjava/classpath/java/security/AlgorithmParameters.java317
-rw-r--r--libjava/classpath/java/security/AlgorithmParametersSpi.java149
-rw-r--r--libjava/classpath/java/security/AllPermission.java198
-rw-r--r--libjava/classpath/java/security/BasicPermission.java308
-rw-r--r--libjava/classpath/java/security/Certificate.java125
-rw-r--r--libjava/classpath/java/security/CodeSource.java356
-rw-r--r--libjava/classpath/java/security/DigestException.java92
-rw-r--r--libjava/classpath/java/security/DigestInputStream.java167
-rw-r--r--libjava/classpath/java/security/DigestOutputStream.java158
-rw-r--r--libjava/classpath/java/security/DomainCombiner.java67
-rw-r--r--libjava/classpath/java/security/DummyKeyPairGenerator.java75
-rw-r--r--libjava/classpath/java/security/DummyMessageDigest.java90
-rw-r--r--libjava/classpath/java/security/DummySignature.java102
-rw-r--r--libjava/classpath/java/security/GeneralSecurityException.java97
-rw-r--r--libjava/classpath/java/security/Guard.java60
-rw-r--r--libjava/classpath/java/security/GuardedObject.java121
-rw-r--r--libjava/classpath/java/security/Identity.java346
-rw-r--r--libjava/classpath/java/security/IdentityScope.java216
-rw-r--r--libjava/classpath/java/security/IntersectingDomainCombiner.java82
-rw-r--r--libjava/classpath/java/security/InvalidAlgorithmParameterException.java95
-rw-r--r--libjava/classpath/java/security/InvalidKeyException.java91
-rw-r--r--libjava/classpath/java/security/InvalidParameterException.java70
-rw-r--r--libjava/classpath/java/security/Key.java94
-rw-r--r--libjava/classpath/java/security/KeyException.java94
-rw-r--r--libjava/classpath/java/security/KeyFactory.java280
-rw-r--r--libjava/classpath/java/security/KeyFactorySpi.java134
-rw-r--r--libjava/classpath/java/security/KeyManagementException.java93
-rw-r--r--libjava/classpath/java/security/KeyPair.java87
-rw-r--r--libjava/classpath/java/security/KeyPairGenerator.java313
-rw-r--r--libjava/classpath/java/security/KeyPairGeneratorSpi.java102
-rw-r--r--libjava/classpath/java/security/KeyStore.java503
-rw-r--r--libjava/classpath/java/security/KeyStoreException.java92
-rw-r--r--libjava/classpath/java/security/KeyStoreSpi.java275
-rw-r--r--libjava/classpath/java/security/MessageDigest.java382
-rw-r--r--libjava/classpath/java/security/MessageDigestSpi.java174
-rw-r--r--libjava/classpath/java/security/NoSuchAlgorithmException.java92
-rw-r--r--libjava/classpath/java/security/NoSuchProviderException.java70
-rw-r--r--libjava/classpath/java/security/Permission.java202
-rw-r--r--libjava/classpath/java/security/PermissionCollection.java169
-rw-r--r--libjava/classpath/java/security/Permissions.java254
-rw-r--r--libjava/classpath/java/security/Policy.java297
-rw-r--r--libjava/classpath/java/security/Principal.java85
-rw-r--r--libjava/classpath/java/security/PrivateKey.java62
-rw-r--r--libjava/classpath/java/security/PrivilegedAction.java64
-rw-r--r--libjava/classpath/java/security/PrivilegedActionException.java109
-rw-r--r--libjava/classpath/java/security/PrivilegedExceptionAction.java65
-rw-r--r--libjava/classpath/java/security/ProtectionDomain.java252
-rw-r--r--libjava/classpath/java/security/Provider.java218
-rw-r--r--libjava/classpath/java/security/ProviderException.java92
-rw-r--r--libjava/classpath/java/security/PublicKey.java60
-rw-r--r--libjava/classpath/java/security/SecureClassLoader.java148
-rw-r--r--libjava/classpath/java/security/SecureRandom.java420
-rw-r--r--libjava/classpath/java/security/SecureRandomSpi.java85
-rw-r--r--libjava/classpath/java/security/Security.java711
-rw-r--r--libjava/classpath/java/security/SecurityPermission.java178
-rw-r--r--libjava/classpath/java/security/Signature.java593
-rw-r--r--libjava/classpath/java/security/SignatureException.java92
-rw-r--r--libjava/classpath/java/security/SignatureSpi.java316
-rw-r--r--libjava/classpath/java/security/SignedObject.java203
-rw-r--r--libjava/classpath/java/security/Signer.java148
-rw-r--r--libjava/classpath/java/security/UnrecoverableKeyException.java71
-rw-r--r--libjava/classpath/java/security/UnresolvedPermission.java345
-rw-r--r--libjava/classpath/java/security/acl/Acl.java153
-rw-r--r--libjava/classpath/java/security/acl/AclEntry.java143
-rw-r--r--libjava/classpath/java/security/acl/AclNotFoundException.java60
-rw-r--r--libjava/classpath/java/security/acl/Group.java90
-rw-r--r--libjava/classpath/java/security/acl/LastOwnerException.java62
-rw-r--r--libjava/classpath/java/security/acl/NotOwnerException.java62
-rw-r--r--libjava/classpath/java/security/acl/Owner.java95
-rw-r--r--libjava/classpath/java/security/acl/Permission.java67
-rw-r--r--libjava/classpath/java/security/acl/package.html46
-rw-r--r--libjava/classpath/java/security/cert/CRL.java98
-rw-r--r--libjava/classpath/java/security/cert/CRLException.java95
-rw-r--r--libjava/classpath/java/security/cert/CRLSelector.java69
-rw-r--r--libjava/classpath/java/security/cert/CertPath.java254
-rw-r--r--libjava/classpath/java/security/cert/CertPathBuilder.java251
-rw-r--r--libjava/classpath/java/security/cert/CertPathBuilderException.java159
-rw-r--r--libjava/classpath/java/security/cert/CertPathBuilderResult.java63
-rw-r--r--libjava/classpath/java/security/cert/CertPathBuilderSpi.java74
-rw-r--r--libjava/classpath/java/security/cert/CertPathParameters.java58
-rw-r--r--libjava/classpath/java/security/cert/CertPathValidator.java264
-rw-r--r--libjava/classpath/java/security/cert/CertPathValidatorException.java226
-rw-r--r--libjava/classpath/java/security/cert/CertPathValidatorResult.java63
-rw-r--r--libjava/classpath/java/security/cert/CertPathValidatorSpi.java81
-rw-r--r--libjava/classpath/java/security/cert/CertSelector.java58
-rw-r--r--libjava/classpath/java/security/cert/CertStore.java305
-rw-r--r--libjava/classpath/java/security/cert/CertStoreException.java159
-rw-r--r--libjava/classpath/java/security/cert/CertStoreParameters.java60
-rw-r--r--libjava/classpath/java/security/cert/CertStoreSpi.java103
-rw-r--r--libjava/classpath/java/security/cert/Certificate.java306
-rw-r--r--libjava/classpath/java/security/cert/CertificateEncodingException.java93
-rw-r--r--libjava/classpath/java/security/cert/CertificateException.java96
-rw-r--r--libjava/classpath/java/security/cert/CertificateExpiredException.java71
-rw-r--r--libjava/classpath/java/security/cert/CertificateFactory.java355
-rw-r--r--libjava/classpath/java/security/cert/CertificateFactorySpi.java224
-rw-r--r--libjava/classpath/java/security/cert/CertificateNotYetValidException.java71
-rw-r--r--libjava/classpath/java/security/cert/CertificateParsingException.java93
-rw-r--r--libjava/classpath/java/security/cert/CollectionCertStoreParameters.java122
-rw-r--r--libjava/classpath/java/security/cert/LDAPCertStoreParameters.java140
-rw-r--r--libjava/classpath/java/security/cert/PKIXBuilderParameters.java149
-rw-r--r--libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java104
-rw-r--r--libjava/classpath/java/security/cert/PKIXCertPathChecker.java134
-rw-r--r--libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java142
-rw-r--r--libjava/classpath/java/security/cert/PKIXParameters.java547
-rw-r--r--libjava/classpath/java/security/cert/PolicyNode.java108
-rw-r--r--libjava/classpath/java/security/cert/PolicyQualifierInfo.java169
-rw-r--r--libjava/classpath/java/security/cert/TrustAnchor.java185
-rw-r--r--libjava/classpath/java/security/cert/X509CRL.java397
-rw-r--r--libjava/classpath/java/security/cert/X509CRLEntry.java169
-rw-r--r--libjava/classpath/java/security/cert/X509CRLSelector.java442
-rw-r--r--libjava/classpath/java/security/cert/X509CertSelector.java1319
-rw-r--r--libjava/classpath/java/security/cert/X509Certificate.java589
-rw-r--r--libjava/classpath/java/security/cert/X509Extension.java113
-rw-r--r--libjava/classpath/java/security/cert/package.html46
-rw-r--r--libjava/classpath/java/security/interfaces/DSAKey.java56
-rw-r--r--libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java85
-rw-r--r--libjava/classpath/java/security/interfaces/DSAParams.java72
-rw-r--r--libjava/classpath/java/security/interfaces/DSAPrivateKey.java61
-rw-r--r--libjava/classpath/java/security/interfaces/DSAPublicKey.java61
-rw-r--r--libjava/classpath/java/security/interfaces/RSAKey.java57
-rw-r--r--libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java112
-rw-r--r--libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java95
-rw-r--r--libjava/classpath/java/security/interfaces/RSAPrivateKey.java60
-rw-r--r--libjava/classpath/java/security/interfaces/RSAPublicKey.java60
-rw-r--r--libjava/classpath/java/security/interfaces/package.html46
-rw-r--r--libjava/classpath/java/security/package.html46
-rw-r--r--libjava/classpath/java/security/spec/AlgorithmParameterSpec.java52
-rw-r--r--libjava/classpath/java/security/spec/DSAParameterSpec.java101
-rw-r--r--libjava/classpath/java/security/spec/DSAPrivateKeySpec.java113
-rw-r--r--libjava/classpath/java/security/spec/DSAPublicKeySpec.java113
-rw-r--r--libjava/classpath/java/security/spec/EncodedKeySpec.java85
-rw-r--r--libjava/classpath/java/security/spec/InvalidKeySpecException.java96
-rw-r--r--libjava/classpath/java/security/spec/InvalidParameterSpecException.java76
-rw-r--r--libjava/classpath/java/security/spec/KeySpec.java52
-rw-r--r--libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java81
-rw-r--r--libjava/classpath/java/security/spec/PSSParameterSpec.java87
-rw-r--r--libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java97
-rw-r--r--libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java223
-rw-r--r--libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java126
-rw-r--r--libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java151
-rw-r--r--libjava/classpath/java/security/spec/RSAPrivateKeySpec.java88
-rw-r--r--libjava/classpath/java/security/spec/RSAPublicKeySpec.java88
-rw-r--r--libjava/classpath/java/security/spec/X509EncodedKeySpec.java82
-rw-r--r--libjava/classpath/java/security/spec/package.html46
149 files changed, 24291 insertions, 0 deletions
diff --git a/libjava/classpath/java/security/AccessControlContext.java b/libjava/classpath/java/security/AccessControlContext.java
new file mode 100644
index 000000000..fd964751c
--- /dev/null
+++ b/libjava/classpath/java/security/AccessControlContext.java
@@ -0,0 +1,218 @@
+/* AccessControlContext.java --- Access Control Context Class
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.util.HashSet;
+
+/**
+ * AccessControlContext makes system resource access decsion
+ * based on permission rights.
+ *
+ * It is used for a specific context and has only one method
+ * checkPermission. It is similar to AccessController except
+ * that it makes decsions based on the current context instead
+ * of the the current thread.
+ *
+ * It is created by call AccessController.getContext method.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ */
+public final class AccessControlContext
+{
+ private final ProtectionDomain[] protectionDomains;
+ private final DomainCombiner combiner;
+
+ /**
+ * Construct a new AccessControlContext with the specified
+ * ProtectionDomains. <code>context</code> must not be
+ * null and duplicates will be removed.
+ *
+ * @param context The ProtectionDomains to use
+ */
+ public AccessControlContext(ProtectionDomain[] context)
+ {
+ HashSet domains = new HashSet (context.length);
+ for (int i = 0; i < context.length; i++)
+ domains.add (context[i]);
+ protectionDomains = (ProtectionDomain[])
+ domains.toArray (new ProtectionDomain[domains.size()]);
+ combiner = null;
+ }
+
+ /**
+ * Construct a new AccessControlContext with the specified
+ * {@link ProtectionDomain}s and {@link DomainCombiner}.
+ *
+ * <p>Code calling this constructor must have a {@link
+ * SecurityPermission} of <i>createAccessControlContext</i>.</p>
+ *
+ * @throws SecurityException If the caller does not have permission
+ * to create an access control context.
+ * @since 1.3
+ */
+ public AccessControlContext(AccessControlContext acc,
+ DomainCombiner combiner)
+ {
+ AccessControlContext acc2 = null;
+ SecurityManager sm = System.getSecurityManager ();
+ if (sm != null)
+ {
+ Permission perm =
+ new SecurityPermission ("createAccessControlContext");
+
+ // The default SecurityManager.checkPermission(perm) just calls
+ // AccessController.checkPermission(perm) which in turn just
+ // calls AccessController.getContext().checkPermission(perm).
+ // This means AccessController.getContext() is called twice,
+ // once for the security check and once by us. It's a very
+ // expensive call (on gcj at least) so if we're using the
+ // default security manager we avoid this duplication.
+ if (sm.getClass() == SecurityManager.class)
+ {
+ acc2 = AccessController.getContext ();
+ acc2.checkPermission (perm);
+ }
+ else
+ sm.checkPermission (perm);
+ }
+ if (acc2 == null)
+ acc2 = AccessController.getContext ();
+ protectionDomains = combiner.combine (acc2.protectionDomains,
+ acc.protectionDomains);
+ this.combiner = combiner;
+ }
+
+ AccessControlContext (ProtectionDomain[] domains, AccessControlContext acc,
+ DomainCombiner combiner)
+ {
+ protectionDomains = combiner.combine (domains, acc.protectionDomains);
+ this.combiner = combiner;
+ }
+
+ /**
+ * Returns the Domain Combiner associated with the AccessControlContext
+ *
+ * @return the DomainCombiner
+ */
+ public DomainCombiner getDomainCombiner()
+ {
+ return combiner;
+ }
+
+ /**
+ * Determines whether or not the specific permission is granted
+ * depending on the context it is within.
+ *
+ * @param perm a permission to check
+ *
+ * @throws AccessControlException if the permssion is not permitted
+ */
+ public void checkPermission(Permission perm) throws AccessControlException
+ {
+ if (protectionDomains.length == 0)
+ throw new AccessControlException ("permission "
+ + perm
+ + " not granted: no protection domains");
+
+ for (int i = 0; i < protectionDomains.length; i++)
+ {
+ final ProtectionDomain domain = protectionDomains[i];
+ if (!domain.implies(perm))
+ throw new AccessControlException ("permission "
+ + perm
+ + " not granted: "
+ + domain
+ + " does not imply it.");
+ }
+ }
+
+ /**
+ * Checks if two AccessControlContexts are equal.
+ *
+ * It first checks if obj is an AccessControlContext class, and
+ * then checks if each ProtectionDomain matches.
+ *
+ * @param obj The object to compare this class to
+ *
+ * @return true if equal, false otherwise
+ */
+ public boolean equals(Object obj)
+ {
+ if (obj instanceof AccessControlContext)
+ {
+ AccessControlContext acc = (AccessControlContext) obj;
+
+ if (acc.protectionDomains.length != protectionDomains.length)
+ return false;
+
+ int i, j;
+ for (i = 0; i < protectionDomains.length; i++)
+ {
+ for (j = 0; j < acc.protectionDomains.length; j++)
+ {
+ if (acc.protectionDomains[j].equals (protectionDomains[i]))
+ break;
+ }
+ if (j == acc.protectionDomains.length)
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Computes a hash code of this class
+ *
+ * @return a hash code representing this class
+ */
+ public int hashCode()
+ {
+ int h = 0;
+ for (int i = 0; i < protectionDomains.length; i++)
+ h ^= protectionDomains[i].hashCode();
+
+ return h;
+ }
+
+ ProtectionDomain[] getProtectionDomains ()
+ {
+ return protectionDomains;
+ }
+}
diff --git a/libjava/classpath/java/security/AccessControlException.java b/libjava/classpath/java/security/AccessControlException.java
new file mode 100644
index 000000000..27aee7c86
--- /dev/null
+++ b/libjava/classpath/java/security/AccessControlException.java
@@ -0,0 +1,97 @@
+/* AccessControlException.java -- Permission is denied
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception is thrown when the <code>AccessController</code> denies
+ * an attempt to perform an operation. This often keeps track of the
+ * permission that was not granted.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see AccessController
+ * @status updated to 1.4
+ */
+public class AccessControlException extends SecurityException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 5138225684096988535L;
+
+ /**
+ * The <code>Permission</code> associated with this exception.
+ *
+ * @serial the permission
+ */
+ private final Permission perm;
+
+ /**
+ * Create a new instance with a descriptive error message, and a null
+ * <code>Permission</code> object.
+ *
+ * @param msg the descriptive error message
+ */
+ public AccessControlException(String msg)
+ {
+ this(msg, null);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and an associated
+ * <code>Permission</code> object.
+ *
+ * @param msg the descriptive error message
+ * @param perm the permission that caused this
+ */
+ public AccessControlException(String msg, Permission perm)
+ {
+ super(msg);
+ this.perm = perm;
+ }
+
+ /**
+ * This method returns the <code>Permission</code> object that caused
+ * this exception to be thrown.
+ *
+ * @return the denied permission, or null
+ */
+ public Permission getPermission()
+ {
+ return perm;
+ }
+}
diff --git a/libjava/classpath/java/security/AccessController.java b/libjava/classpath/java/security/AccessController.java
new file mode 100644
index 000000000..ec5b14c9e
--- /dev/null
+++ b/libjava/classpath/java/security/AccessController.java
@@ -0,0 +1,229 @@
+/* AccessController.java --- Access control context and permission checker
+ Copyright (C) 2001, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * Access control context and permission checker.
+ * Can check permissions in the access control context of the current thread
+ * through the <code>checkPermission()</code> method.
+ * Manipulates the access control context for code that needs to be executed
+ * the protection domain of the calling class (by explicitly ignoring the
+ * context of the calling code) in the <code>doPrivileged()</code> methods.
+ * And provides a <code>getContext()</code> method which gives the access
+ * control context of the current thread that can be used for checking
+ * permissions at a later time and/or in another thread.
+ *
+ * @author Mark Wielaard (mark@klomp.org)
+ * @since 1.2
+ */
+public final class AccessController
+{
+ /**
+ * This class only has static methods so there is no public contructor.
+ */
+ private AccessController()
+ {
+ }
+
+ /**
+ * Checks wether the access control context of the current thread allows
+ * the given Permission. Throws an <code>AccessControlException</code>
+ * when the permission is not allowed in the current context. Otherwise
+ * returns silently without throwing an exception.
+ *
+ * @param perm the permission to be checked.
+ * @exception AccessControlException thrown if the current context does not
+ * allow the given permission.
+ */
+ public static void checkPermission(Permission perm)
+ throws AccessControlException
+ {
+ getContext().checkPermission(perm);
+ }
+
+ /**
+ * Calls the <code>run()</code> method of the given action with as
+ * (initial) access control context only the protection domain of the
+ * calling class. Calls to <code>checkPermission()</code> in the
+ * <code>run()</code> method ignore all earlier protection domains of
+ * classes in the call chain. Note that the protection domains of classes
+ * called by the code in the <code>run()</code> method are not ignored.
+ *
+ * @param action the <code>PrivilegedAction</code> whose <code>run()</code>
+ * should be be called.
+ * @return the result of the <code>action.run()</code> method.
+ */
+ public static <T> T doPrivileged(PrivilegedAction<T> action)
+ {
+ VMAccessController.pushContext(null);
+ try
+ {
+ return action.run();
+ }
+ finally
+ {
+ VMAccessController.popContext();
+ }
+ }
+
+ /**
+ * Calls the <code>run()</code> method of the given action with as
+ * (initial) access control context the given context combined with the
+ * protection domain of the calling class. Calls to
+ * <code>checkPermission()</code> in the <code>run()</code> method ignore
+ * all earlier protection domains of classes in the call chain, but add
+ * checks for the protection domains given in the supplied context.
+ *
+ * @param action the <code>PrivilegedAction</code> whose <code>run()</code>
+ * should be be called.
+ * @param context the <code>AccessControlContext</code> whose protection
+ * domains should be added to the protection domain of the calling class.
+ * @return the result of the <code>action.run()</code> method.
+ */
+ public static <T> T doPrivileged(PrivilegedAction<T> action,
+ AccessControlContext context)
+ {
+ VMAccessController.pushContext(context);
+ try
+ {
+ return action.run();
+ }
+ finally
+ {
+ VMAccessController.popContext();
+ }
+ }
+
+ /**
+ * Calls the <code>run()</code> method of the given action with as
+ * (initial) access control context only the protection domain of the
+ * calling class. Calls to <code>checkPermission()</code> in the
+ * <code>run()</code> method ignore all earlier protection domains of
+ * classes in the call chain. Note that the protection domains of classes
+ * called by the code in the <code>run()</code> method are not ignored.
+ * If the <code>run()</code> method throws an exception then this method
+ * will wrap that exception in an <code>PrivilegedActionException</code>.
+ *
+ * @param action the <code>PrivilegedExceptionAction</code> whose
+ * <code>run()</code> should be be called.
+ * @return the result of the <code>action.run()</code> method.
+ * @exception PrivilegedActionException wrapped around any checked exception
+ * that is thrown in the <code>run()</code> method.
+ */
+ public static <T> T doPrivileged(PrivilegedExceptionAction<T> action)
+ throws PrivilegedActionException
+ {
+ VMAccessController.pushContext(null);
+ try
+ {
+ return action.run();
+ }
+ catch (RuntimeException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ finally
+ {
+ VMAccessController.popContext();
+ }
+ }
+
+ /**
+ * Calls the <code>run()</code> method of the given action with as
+ * (initial) access control context the given context combined with the
+ * protection domain of the calling class. Calls to
+ * <code>checkPermission()</code> in the <code>run()</code> method ignore
+ * all earlier protection domains of classes in the call chain, but add
+ * checks for the protection domains given in the supplied context.
+ * If the <code>run()</code> method throws an exception then this method
+ * will wrap that exception in an <code>PrivilegedActionException</code>.
+ *
+ * @param action the <code>PrivilegedExceptionAction</code> whose
+ * <code>run()</code> should be be called.
+ * @param context the <code>AccessControlContext</code> whose protection
+ * domains should be added to the protection domain of the calling class.
+ * @return the result of the <code>action.run()</code> method.
+ * @exception PrivilegedActionException wrapped around any checked exception
+ * that is thrown in the <code>run()</code> method.
+ */
+ public static <T> T doPrivileged(PrivilegedExceptionAction<T> action,
+ AccessControlContext context)
+ throws PrivilegedActionException
+ {
+ VMAccessController.pushContext(context);
+ try
+ {
+ return action.run();
+ }
+ catch (RuntimeException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ finally
+ {
+ VMAccessController.popContext();
+ }
+ }
+
+ /**
+ * Returns the complete access control context of the current thread.
+ * The returned object encompasses all {@link ProtectionDomain} objects
+ * for all classes in the current call stack, or the set of protection
+ * domains until the last call to {@link
+ * #doPrivileged(java.security.PrivilegedAction)}.
+ *
+ * <p>Additionally, if a call was made to {@link
+ * #doPrivileged(java.security.PrivilegedAction,java.security.AccessControlContext)}
+ * that supplied an {@link AccessControlContext}, then that context
+ * will be intersected with the calculated one.
+ *
+ * @return The context.
+ */
+ public static AccessControlContext getContext()
+ {
+ return VMAccessController.getContext();
+ }
+}
diff --git a/libjava/classpath/java/security/AlgorithmParameterGenerator.java b/libjava/classpath/java/security/AlgorithmParameterGenerator.java
new file mode 100644
index 000000000..a92552b9e
--- /dev/null
+++ b/libjava/classpath/java/security/AlgorithmParameterGenerator.java
@@ -0,0 +1,277 @@
+/* AlgorithmParameterGenerator.java --- Algorithm Parameter Generator
+ Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * <code>AlgorithmParameterGenerator</code> is used to generate algorithm
+ * parameters for specified algorithms.
+ *
+ * <p>In case the client does not explicitly initialize the
+ * <code>AlgorithmParameterGenerator</code> (via a call to an
+ * <code>init()</code> method), each provider must supply (and document) a
+ * default initialization. For example, the <b>GNU</b> provider uses a default
+ * modulus prime size of <code>1024</code> bits for the generation of <i>DSA</i>
+ * parameters.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @see AlgorithmParameters
+ * @see AlgorithmParameterSpec
+ */
+public class AlgorithmParameterGenerator
+{
+ /** Service name for algorithm parameter generators. */
+ private static final String ALGORITHM_PARAMETER_GENERATOR =
+ "AlgorithmParameterGenerator";
+
+ private AlgorithmParameterGeneratorSpi paramGenSpi;
+ private Provider provider;
+ private String algorithm;
+
+ /**
+ * Constructs a new instance of <code>AlgorithmParameterGenerator</code>.
+ *
+ * @param paramGenSpi
+ * the generator to use.
+ * @param provider
+ * the provider to use.
+ * @param algorithm
+ * the algorithm to use.
+ */
+ protected AlgorithmParameterGenerator(AlgorithmParameterGeneratorSpi
+ paramGenSpi, Provider provider,
+ String algorithm)
+ {
+ this.paramGenSpi = paramGenSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ /** @return the name of the algorithm. */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Returns a new <code>AlgorithmParameterGenerator</code> instance which
+ * generates algorithm parameters for the specified algorithm.
+ *
+ * @param algorithm the name of algorithm to use.
+ * @return the new instance.
+ * @throws NoSuchAlgorithmException if <code>algorithm</code> is not
+ * implemented by any provider.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static AlgorithmParameterGenerator getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns a new <code>AlgorithmParameterGenerator</code> instance which
+ * generates algorithm parameters for the specified algorithm.
+ *
+ * @param algorithm the name of algorithm to use.
+ * @param provider the name of the {@link Provider} to use.
+ * @return the new instance.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by the
+ * named provider.
+ * @throws NoSuchProviderException if the named provider was not found.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code> or empty.
+ */
+ public static AlgorithmParameterGenerator getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ provider = provider.trim();
+ if (provider.length() == 0)
+ throw new IllegalArgumentException("provider MUST NOT be empty");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns a new <code>AlgorithmParameterGenerator</code> instance which
+ * generates algorithm parameters for the specified algorithm.
+ *
+ * @param algorithm the name of algorithm to use.
+ * @param provider the {@link Provider} to use.
+ * @return the new instance.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by
+ * {@link Provider}.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ * @since 1.4
+ * @see Provider
+ */
+ public static AlgorithmParameterGenerator getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder()
+ .append("AlgorithmParameterGenerator for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(ALGORITHM_PARAMETER_GENERATOR,
+ algorithm,
+ provider);
+ return new AlgorithmParameterGenerator((AlgorithmParameterGeneratorSpi) spi,
+ provider,
+ algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /** @return the {@link Provider} of this generator. */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initializes this instance with the specified size. Since no source of
+ * randomness is supplied, a default one will be used.
+ *
+ * @param size
+ * size (in bits) to use.
+ */
+ public final void init(int size)
+ {
+ init(size, new SecureRandom());
+ }
+
+ /**
+ * Initializes this instance with the specified key-size and source of
+ * randomness.
+ *
+ * @param size
+ * the size (in bits) to use.
+ * @param random
+ * the {@link SecureRandom} to use.
+ */
+ public final void init(int size, SecureRandom random)
+ {
+ paramGenSpi.engineInit(size, random);
+ }
+
+ /**
+ * Initializes this instance with the specified {@link AlgorithmParameterSpec}.
+ * Since no source of randomness is supplied, a default one will be used.
+ *
+ * @param genParamSpec
+ * the {@link AlgorithmParameterSpec} to use.
+ * @throws InvalidAlgorithmParameterException
+ * if <code>genParamSpec</code> is invalid.
+ */
+ public final void init(AlgorithmParameterSpec genParamSpec)
+ throws InvalidAlgorithmParameterException
+ {
+ init(genParamSpec, new SecureRandom());
+ }
+
+ /**
+ * Initializes this instance with the specified {@link AlgorithmParameterSpec}
+ * and source of randomness.
+ *
+ * @param genParamSpec
+ * the {@link AlgorithmParameterSpec} to use.
+ * @param random
+ * the {@link SecureRandom} to use.
+ * @throws InvalidAlgorithmParameterException
+ * if <code>genParamSpec</code> is invalid.
+ */
+ public final void init(AlgorithmParameterSpec genParamSpec,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
+ paramGenSpi.engineInit(genParamSpec, random);
+ }
+
+ /** @return a new instance of {@link AlgorithmParameters}. */
+ public final AlgorithmParameters generateParameters()
+ {
+ return paramGenSpi.engineGenerateParameters();
+ }
+}
diff --git a/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java b/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java
new file mode 100644
index 000000000..15f39f646
--- /dev/null
+++ b/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java
@@ -0,0 +1,94 @@
+/* AlgorithmParameterGeneratorSpi.java --- Algorithm Parameter Generator SPI
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ AlgorithmParameterGeneratorSpi is the Service Provider
+ Interface for the AlgorithmParameterGenerator class.
+ This class is used to generate the algorithm parameters
+ for a specific algorithm.
+
+ @since JDK 1.2
+ @author Mark Benvenuto
+ */
+public abstract class AlgorithmParameterGeneratorSpi
+{
+
+ /**
+ Constructs a new AlgorithmParameterGeneratorSpi
+ */
+ public AlgorithmParameterGeneratorSpi()
+ {
+ }
+
+ /**
+ Initializes the parameter generator with the specified size
+ and SecureRandom
+
+ @param size the size( in number of bits)
+ @param random the SecureRandom class to use for randomness
+ */
+ protected abstract void engineInit(int size, SecureRandom random);
+
+ /**
+ Initializes the parameter generator with the specified
+ AlgorithmParameterSpec and SecureRandom classes.
+
+ If genParamSpec is an invalid AlgorithmParameterSpec for this
+ AlgorithmParameterGeneratorSpi then it throws
+ InvalidAlgorithmParameterException
+
+ @param genParamSpec the AlgorithmParameterSpec class to use
+ @param random the SecureRandom class to use for randomness
+
+ @throws InvalidAlgorithmParameterException genParamSpec is invalid
+ */
+ protected abstract void engineInit(AlgorithmParameterSpec genParamSpec,
+ SecureRandom random) throws
+ InvalidAlgorithmParameterException;
+
+
+ /**
+ Generate a new set of AlgorithmParameters.
+
+ @returns a new set of algorithm parameters
+ */
+ protected abstract AlgorithmParameters engineGenerateParameters();
+
+}
diff --git a/libjava/classpath/java/security/AlgorithmParameters.java b/libjava/classpath/java/security/AlgorithmParameters.java
new file mode 100644
index 000000000..ba805143e
--- /dev/null
+++ b/libjava/classpath/java/security/AlgorithmParameters.java
@@ -0,0 +1,317 @@
+/* AlgorithmParameters.java --- Algorithm Parameters Implementation Class
+ Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.io.IOException;
+import java.lang.reflect.InvocationTargetException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+
+/**
+ * <code>AlgorithmParameters</code> is an Algorithm Parameters class which
+ * provides an interface through which the user can manage the parameters of an
+ * Algorithm.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @see AlgorithmParameterSpec
+ * @see java.security.spec.DSAParameterSpec
+ * @see KeyPairGenerator
+ */
+public class AlgorithmParameters
+{
+ /** Service name for algorithm parameters. */
+ private static final String ALGORITHM_PARAMETERS = "AlgorithmParameters";
+
+ private AlgorithmParametersSpi paramSpi;
+ private Provider provider;
+ private String algorithm;
+
+ /**
+ * Constructs a new instance of <code>AlgorithmParameters</code>.
+ *
+ * @param paramSpi
+ * the engine to use.
+ * @param provider
+ * the provider to use.
+ * @param algorithm
+ * the algorithm to use.
+ */
+ protected AlgorithmParameters(AlgorithmParametersSpi paramSpi,
+ Provider provider, String algorithm)
+ {
+ this.paramSpi = paramSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ /** @return A string with the name of the algorithm used. */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Returns a new instance of <code>AlgorithmParameters</code> representing
+ * the specified algorithm parameters.
+ * <p>
+ * The returned <code>AlgorithmParameters</code> must still be initialized
+ * with an <code>init()</code> method.
+ *
+ * @param algorithm the algorithm to use.
+ * @return the new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by any
+ * provider.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static AlgorithmParameters getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns a new instance of <code>AlgorithmParameters</code> representing
+ * the specified algorithm parameters from a named provider.
+ * <p>
+ * The returned <code>AlgorithmParameters</code> must still be intialized
+ * with an <code>init()</code> method.
+ * </p>
+ *
+ * @param algorithm the algorithm to use.
+ * @param provider the name of the {@link Provider} to use.
+ * @return the new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by the
+ * named provider.
+ * @throws NoSuchProviderException if the named provider was not found.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code> or empty.
+ */
+ public static AlgorithmParameters getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ provider = provider.trim();
+ if (provider.length() == 0)
+ throw new IllegalArgumentException("provider MUST NOT be empty");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns a new instance of <code>AlgorithmParameters</code> representing
+ * the specified algorithm parameters from the specified {@link Provider}.
+ * <p>
+ * The returned <code>AlgorithmParameters</code> must still be intialized
+ * with an <code>init()</code> method.
+ *
+ * @param algorithm the algorithm to use.
+ * @param provider the {@link Provider} to use.
+ * @return the new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by the
+ * {@link Provider}.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ * @since 1.4
+ */
+ public static AlgorithmParameters getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("AlgorithmParameters for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(ALGORITHM_PARAMETERS, algorithm, provider);
+ return new AlgorithmParameters((AlgorithmParametersSpi) spi,
+ provider,
+ algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /** @return the provider of this parameter object. */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initializes the engine with the specified {@link AlgorithmParameterSpec}.
+ *
+ * @param paramSpec
+ * A {@link AlgorithmParameterSpec} to use.
+ * @throws InvalidParameterSpecException
+ * if <code>paramSpec</code> is invalid.
+ */
+ public final void init(AlgorithmParameterSpec paramSpec)
+ throws InvalidParameterSpecException
+ {
+ paramSpi.engineInit(paramSpec);
+ }
+
+ /**
+ * Initializes the engine with the specified parameters stored in the byte
+ * array and decodes them according to the ASN.1 specification. If the ASN.1
+ * specification exists then it succeeds otherwise an {@link IOException} is
+ * thrown.
+ *
+ * @param params
+ * the parameters to use.
+ * @throws IOException
+ * if a decoding error occurs.
+ */
+ public final void init(byte[]params) throws IOException
+ {
+ paramSpi.engineInit(params);
+ }
+
+ /**
+ * Initializes the engine with the specified parameters stored in the byte
+ * array and decodes them according to the specified decoding specification.
+ * If <code>format</code> is <code>null</code>, then this method decodes the
+ * byte array using the ASN.1 specification if it exists, otherwise it throws
+ * an {@link IOException}.
+ *
+ * @param params
+ * the parameters to use.
+ * @param format
+ * the name of decoding format to use.
+ * @throws IOException
+ * if a decoding error occurs.
+ */
+ public final void init(byte[]params, String format) throws IOException
+ {
+ paramSpi.engineInit(params, format);
+ }
+
+ /**
+ * Returns a new instance of <code>AlgorithmParameters</code> as a
+ * designated parameter specification {@link Class}.
+ *
+ * @param paramSpec
+ * the {@link Class} to use.
+ * @return the parameter specification.
+ * @throws InvalidParameterSpecException
+ * if <code>paramSpec</code> is invalid.
+ */
+ public final <T extends AlgorithmParameterSpec>
+ T getParameterSpec(Class<T> paramSpec)
+ throws InvalidParameterSpecException
+ {
+ return paramSpi.engineGetParameterSpec(paramSpec);
+ }
+
+ /**
+ * Returns the parameters in the default encoding format. The primary encoding
+ * format is ASN.1 if it exists for the specified type.
+ *
+ * @return byte array representing the parameters.
+ */
+ public final byte[] getEncoded() throws IOException
+ {
+ return paramSpi.engineGetEncoded();
+ }
+
+ /**
+ * Returns the parameters in the specified encoding format. If
+ * <code>format</code> is <code>null</code> then the ASN.1 encoding
+ * format is used if it exists for the specified type.
+ *
+ * @param format
+ * the name of the encoding format to use.
+ * @return the parameters encoded using the specified encoding scheme.
+ * @throws IOException
+ * if an encoding exception occurs, or if this parameter object has
+ * not been initialized.
+ */
+ public final byte[] getEncoded(String format) throws IOException
+ {
+ return paramSpi.engineGetEncoded(format);
+ }
+
+ /**
+ * Returns a string representation of the encoded form.
+ *
+ * @return a string representation of the encoded form.
+ */
+ public final String toString()
+ {
+ return paramSpi.engineToString();
+ }
+}
diff --git a/libjava/classpath/java/security/AlgorithmParametersSpi.java b/libjava/classpath/java/security/AlgorithmParametersSpi.java
new file mode 100644
index 000000000..15cc1c657
--- /dev/null
+++ b/libjava/classpath/java/security/AlgorithmParametersSpi.java
@@ -0,0 +1,149 @@
+/* AlgorithmParametersSpi.java --- Algorithm Parameters SPI
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.io.IOException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+
+/**
+ * AlgorithmParametersSpi is the Service Provider Interface
+ * for the Algorithm Parameters class. This class is used
+ * to manage the algorithm parameters.
+ *
+ * @since 1.2
+ * @author Mark Benvenuto
+ */
+public abstract class AlgorithmParametersSpi
+{
+ /**
+ * Creates a new instance of AlgorithmParametersSpi
+ */
+ public AlgorithmParametersSpi()
+ {
+ }
+
+ /**
+ * Initializes the engine with the specified
+ * AlgorithmParameterSpec class.
+ *
+ * @param paramSpec A AlgorithmParameterSpec to initialize with
+ *
+ * @throws InvalidParameterSpecException For an inapporiate
+ * ParameterSpec class
+ */
+ protected abstract void engineInit(AlgorithmParameterSpec paramSpec)
+ throws InvalidParameterSpecException;
+
+ /**
+ * Initializes the engine with the specified
+ * parameters stored in the byte array and decodes them
+ * according to the ASN.1 specification. If the ASN.1
+ * specification exists then it succeeds or else it throws
+ * IOException.
+ *
+ * @param params Parameters to initialize with
+ *
+ * @throws IOException Decoding Error
+ */
+ protected abstract void engineInit(byte[]params) throws IOException;
+
+ /**
+ * Initializes the engine with the specified
+ * parameters stored in the byte array and decodes them
+ * according to the specified decoding specification.
+ * If format is null, then it is decoded using the ASN.1
+ * specification if it exists or else it throws
+ * IOException.
+ *
+ * @param params Parameters to initialize with
+ * @param format Name of decoding format to use
+ *
+ * @throws IOException Decoding Error
+ */
+ protected abstract void engineInit(byte[]params, String format)
+ throws IOException;
+
+
+ /**
+ * Returns a specification of this AlgorithmParameters object.
+ * paramSpec identifies the class to return the AlgortihmParameters
+ * in.
+ *
+ * @param paramSpec Class to return AlgorithmParameters in
+ *
+ * @return the parameter specification
+ *
+ * @throws InvalidParameterSpecException if the paramSpec is an
+ * invalid parameter class
+ */
+ protected abstract <T extends AlgorithmParameterSpec>
+ T engineGetParameterSpec(Class<T> paramSpec)
+ throws InvalidParameterSpecException;
+
+
+ /**
+ * Returns the parameters in the default encoding format.
+ * The primary encoding format is ASN.1 format if it exists
+ * for the specified type.
+ *
+ * @return byte array representing the parameters
+ */
+ protected abstract byte[] engineGetEncoded() throws IOException;
+
+
+ /**
+ * Returns the parameters in the specified encoding format.
+ * If <code>format</code> is <code>null</code> then the
+ * primary encoding format is used, the ASN.1 format,
+ * if it exists for the specified type.
+ *
+ * @return byte array representing the parameters
+ */
+ protected abstract byte[] engineGetEncoded(String format)
+ throws IOException;
+
+ /**
+ * Returns a string describing the parameters in the
+ * AlgorithmParametersSpi class.
+ *
+ * @return A string representing the format of the parameters.
+ */
+ protected abstract String engineToString();
+}
diff --git a/libjava/classpath/java/security/AllPermission.java b/libjava/classpath/java/security/AllPermission.java
new file mode 100644
index 000000000..6adcd8c9c
--- /dev/null
+++ b/libjava/classpath/java/security/AllPermission.java
@@ -0,0 +1,198 @@
+/* AllPermission.java -- Permission to do anything
+ Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.java.util.EmptyEnumeration;
+
+import java.util.Collections;
+import java.util.Enumeration;
+
+/**
+ * This class is a permission that implies all other permissions. Granting
+ * this permission effectively grants all others. Extreme caution should
+ * be exercised in granting this permission.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see AccessController
+ * @see Permissions
+ * @see SecurityManager
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public final class AllPermission extends Permission
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -2916474571451318075L;
+
+ /**
+ * Create a new AllPermission object.
+ */
+ public AllPermission()
+ {
+ super("*");
+ }
+
+ /**
+ * Create a new AllPermission object. The parameters are ignored, as all
+ * permission implies ALL PERMISSION.
+ *
+ * @param name ignored
+ * @param actions ignored
+ */
+ public AllPermission(String name, String actions)
+ {
+ super("*");
+ }
+
+ /**
+ * This method always returns <code>true</code> to indicate that this
+ * permission always implies that any other permission is also granted.
+ *
+ * @param perm ignored
+ * @return true, the permission is implied
+ */
+ public boolean implies(Permission perm)
+ {
+ return true;
+ }
+
+ /**
+ * Checks an object for equality. All AllPermissions are equal.
+ *
+ * @param obj the <code>Object</code> to test for equality
+ */
+ public boolean equals(Object obj)
+ {
+ return obj instanceof AllPermission;
+ }
+
+ /**
+ * This method returns a hash code for this object. This returns 1.
+ *
+ * @return a hash value for this object
+ */
+ public int hashCode()
+ {
+ return 1;
+ }
+
+ /**
+ * This method returns the list of actions associated with this object.
+ * This will always be the empty string ("") for this class.
+ *
+ * @return the action list
+ */
+ public String getActions()
+ {
+ return "";
+ }
+
+ /**
+ * Returns a PermissionCollection which can hold AllPermission.
+ *
+ * @return a permission collection
+ */
+ public PermissionCollection newPermissionCollection()
+ {
+ return new AllPermissionCollection();
+ }
+
+ /**
+ * Implements AllPermission.newPermissionCollection, and obeys serialization
+ * of JDK.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ */
+ private static final class AllPermissionCollection extends PermissionCollection
+ {
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -4023755556366636806L;
+
+ /**
+ * Whether an AllPermission has been added to the collection.
+ *
+ * @serial if all permission is in the collection yet
+ */
+ private boolean all_allowed;
+
+ /**
+ * Add an AllPermission.
+ *
+ * @param perm the permission to add
+ * @throws IllegalArgumentException if perm is not an AllPermission
+ * @throws SecurityException if the collection is read-only
+ */
+ public void add(Permission perm)
+ {
+ if (isReadOnly())
+ throw new SecurityException();
+ if (! (perm instanceof AllPermission))
+ throw new IllegalArgumentException();
+ all_allowed = true;
+ }
+
+ /**
+ * Returns true if this collection implies a permission.
+ *
+ * @param perm the permission to check
+ * @return true if this collection contains an AllPermission
+ */
+ public boolean implies(Permission perm)
+ {
+ return all_allowed;
+ }
+
+ /**
+ * Returns an enumeration of the elements in the collection.
+ *
+ * @return the elements in the collection
+ */
+ public Enumeration elements()
+ {
+ return all_allowed
+ ? Collections.enumeration(Collections.singleton(new AllPermission()))
+ : EmptyEnumeration.getInstance();
+ }
+ } // class AllPermissionCollection
+} // class AllPermission
diff --git a/libjava/classpath/java/security/BasicPermission.java b/libjava/classpath/java/security/BasicPermission.java
new file mode 100644
index 000000000..6296cffea
--- /dev/null
+++ b/libjava/classpath/java/security/BasicPermission.java
@@ -0,0 +1,308 @@
+/* BasicPermission.java -- implements a simple named permission
+ Copyright (C) 1998, 1999, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.io.Serializable;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+/**
+ * This class implements a simple model for named permissions without an
+ * associated action list. That is, either the named permission is granted
+ * or it is not.
+ *
+ * <p>It also supports trailing wildcards to allow the easy granting of
+ * permissions in a hierarchical fashion. (For example, the name "org.gnu.*"
+ * might grant all permissions under the "org.gnu" permissions hierarchy).
+ * The only valid wildcard character is a '*' which matches anything. It
+ * must be the rightmost element in the permission name and must follow a
+ * '.' or else the Permission name must consist of only a '*'. Any other
+ * occurrence of a '*' is not valid.
+ *
+ * <p>This class ignores the action list. Subclasses can choose to implement
+ * actions on top of this class if desired.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see Permission
+ * @see Permissions
+ * @see PermissionCollection
+ * @see RuntimePermission
+ * @see SecurityPermission
+ * @see PropertyPermission
+ * @see AWTPermission
+ * @see NetPermission
+ * @see SecurityManager
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public abstract class BasicPermission extends Permission
+ implements Serializable
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 6279438298436773498L;
+
+ /**
+ * Create a new instance with the specified permission name. If the
+ * name is empty an exception is thrown.
+ *
+ * @param name the name of this permission
+ * @throws NullPointerException if name is null
+ * @throws IllegalArgumentException if name is invalid
+ */
+ public BasicPermission(String name)
+ {
+ super(name);
+
+ // This routine used to check for illegal wildcards, but no such
+ // requirement exists in the specification and Sun's runtime
+ // doesn't appear to do it.
+
+ if (name.equals(""))
+ throw new IllegalArgumentException("Empty name");
+ }
+
+ /**
+ * Create a new instance with the specified permission name. If the name
+ * is empty, or contains an illegal wildcard character, an exception is
+ * thrown. The actions parameter is ignored.
+ *
+ * @param name the name of this permission
+ * @param actions ignored
+ * @throws NullPointerException if name is null
+ * @throws IllegalArgumentException if name is invalid
+ */
+ public BasicPermission(String name, String actions)
+ {
+ this(name);
+ }
+
+ /**
+ * This method tests to see if the specified permission is implied by this
+ * permission. This will be true if the following conditions are met:<ul>
+ * <li>The specified object is an instance of the same class as this
+ * object.</li>
+ * <li>The name of the specified permission is implied by this permission's
+ * name based on wildcard matching. For example, "a.*" implies "a.b".</li>
+ * </ul>
+ *
+ * @param perm the <code>Permission</code> object to test against
+ * @return true if the specified permission is implied
+ */
+ public boolean implies(Permission perm)
+ {
+ if (! getClass().isInstance(perm))
+ return false;
+
+ String otherName = perm.getName();
+ String name = getName();
+
+ if (name.equals(otherName))
+ return true;
+
+ int last = name.length() - 1;
+ return name.charAt(last) == '*'
+ && otherName.startsWith(name.substring(0, last));
+ }
+
+ /**
+ * This method tests to see if this object is equal to the specified
+ * <code>Object</code>. This will be true if and only if the specified
+ * object meets the following conditions:<ul>
+ * <li>It is an instance of the same class as this.</li>
+ * <li>It has the same name as this permission.</li>
+ * </ul>
+ *
+ * @param obj the <code>Object</code> to test for equality
+ * @return true if obj is semantically equal to this
+ */
+ public boolean equals(Object obj)
+ {
+ return getClass().isInstance(obj)
+ && getName().equals(((BasicPermission) obj).getName());
+ }
+
+ /**
+ * This method returns a hash code for this permission object. The hash
+ * code returned is the value returned by calling the <code>hashCode</code>
+ * method on the <code>String</code> that is the name of this permission.
+ *
+ * @return a hash value for this object
+ */
+ public int hashCode()
+ {
+ return getName().hashCode();
+ }
+
+ /**
+ * This method returns a list of the actions associated with this
+ * permission. This method always returns the empty string ("") since
+ * this class ignores actions.
+ *
+ * @return the action list
+ */
+ public String getActions()
+ {
+ return "";
+ }
+
+ /**
+ * This method returns an instance of <code>PermissionCollection</code>
+ * suitable for storing <code>BasicPermission</code> objects. The
+ * collection returned can only store objects of the same type as this.
+ * Subclasses which use actions must override this method; but a class with
+ * no actions will work fine with this.
+ *
+ * @return a new empty <code>PermissionCollection</code> object
+ */
+ public PermissionCollection newPermissionCollection()
+ {
+ return new BasicPermissionCollection(getClass());
+ }
+
+ /**
+ * Implements AllPermission.newPermissionCollection, and obeys serialization
+ * of JDK.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ */
+ private static final class BasicPermissionCollection extends PermissionCollection
+ {
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 739301742472979399L;
+
+ /**
+ * The permissions in the collection.
+ *
+ * @serial a hash mapping name to permissions, all of type permClass
+ */
+ private final Hashtable permissions = new Hashtable();
+
+ /**
+ * If "*" is in the collection.
+ *
+ * @serial true if a permission named "*" is in the collection
+ */
+ private boolean all_allowed;
+
+ /**
+ * The runtime class which all entries in the table must belong to.
+ *
+ * @serial the limiting subclass of this collection
+ */
+ private final Class permClass;
+
+ /**
+ * Construct a collection over the given runtime class.
+ *
+ * @param c the class
+ */
+ BasicPermissionCollection(Class c)
+ {
+ permClass = c;
+ }
+
+ /**
+ * Add a Permission. It must be of the same type as the permission which
+ * created this collection.
+ *
+ * @param perm the permission to add
+ * @throws IllegalArgumentException if perm is not the correct type
+ * @throws SecurityException if the collection is read-only
+ */
+ public void add(Permission perm)
+ {
+ if (isReadOnly())
+ throw new SecurityException("readonly");
+ if (! permClass.isInstance(perm))
+ throw new IllegalArgumentException("Expecting instance of " + permClass);
+ BasicPermission bp = (BasicPermission) perm;
+ String name = bp.getName();
+ if (name.equals("*"))
+ all_allowed = true;
+ permissions.put(name, bp);
+ }
+
+ /**
+ * Returns true if this collection implies the given permission.
+ *
+ * @param permission the permission to check
+ * @return true if it is implied by this
+ */
+ public boolean implies(Permission permission)
+ {
+ if (! permClass.isInstance(permission))
+ return false;
+ if (all_allowed)
+ return true;
+ BasicPermission toImply = (BasicPermission) permission;
+ String name = toImply.getName();
+ if (name.equals("*"))
+ return false;
+ int prefixLength = name.length();
+ if (name.endsWith("*"))
+ prefixLength -= 2;
+
+ while (true)
+ {
+ if (permissions.get(name) != null)
+ return true;
+ prefixLength = name.lastIndexOf('.', prefixLength);
+ if (prefixLength < 0)
+ return false;
+ name = name.substring(0, prefixLength + 1) + '*';
+ }
+ }
+
+ /**
+ * Enumerate over the collection.
+ *
+ * @return an enumeration of the collection contents
+ */
+ public Enumeration elements()
+ {
+ return permissions.elements();
+ }
+ } // class BasicPermissionCollection
+} // class BasicPermission
diff --git a/libjava/classpath/java/security/Certificate.java b/libjava/classpath/java/security/Certificate.java
new file mode 100644
index 000000000..5cdba6e10
--- /dev/null
+++ b/libjava/classpath/java/security/Certificate.java
@@ -0,0 +1,125 @@
+/* Certificate.java -- deprecated interface for modeling digital certificates
+ Copyright (C) 1998, 2002, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+/**
+ * This interface models a digital certificate which verifies the
+ * authenticity of a party. This class simply allows certificate
+ * information to be queried, it does not guarantee that the certificate
+ * is valid.
+ *
+ * <p>This class is deprecated in favor of the new java.security.cert package.
+ * It exists for backward compatibility only.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @since 1.1
+ * @deprecated use {@link java.security.cert} instead
+ * @status updated to 1.4
+ */
+public interface Certificate
+{
+ /**
+ * This method returns the <code>Principal</code> that is guaranteeing
+ * this certificate.
+ *
+ * @return the <code>Principal</code> guaranteeing the certificate
+ */
+ Principal getGuarantor();
+
+ /**
+ * This method returns the <code>Principal</code> being guaranteed by
+ * this certificate.
+ *
+ * @return the <code>Principal</code> guaranteed by this certificate
+ */
+ Principal getPrincipal();
+
+ /**
+ * This method returns the public key for the <code>Principal</code> that
+ * is being guaranteed.
+ *
+ * @return the <code>PublicKey</code> of the Principal being guaranteed
+ */
+ PublicKey getPublicKey();
+
+ /**
+ * This method writes the certificate to an <code>OutputStream</code> in
+ * a format that can be understood by the <code>decode</code> method.
+ *
+ * @param out the <code>OutputStream</code> to write to
+ * @throws KeyException if there is a problem with the certificate
+ * @throws IOException if an error occurs writing to the stream
+ * @see #decode(InputStream)
+ * @see #getFormat()
+ */
+ void encode(OutputStream out) throws KeyException, IOException;
+
+ /**
+ * This method reads an encoded certificate from an <code>InputStream</code>.
+ *
+ * @param in the <code>InputStream</code> to read from
+ * @throws KeyException if there is a problem with the certificate data
+ * @throws IOException if an error occurs reading from the stream
+ * @see #encode(OutputStream)
+ * @see #getFormat()
+ */
+ void decode(InputStream in) throws KeyException, IOException;
+
+ /**
+ * This method returns the encoding format of the certificate (e.g., "PGP",
+ * "X.509"). This format is used by the <code>encode</code> and
+ * <code>decode</code> methods.
+ *
+ * @return the encoding format being used
+ */
+ String getFormat();
+
+ /**
+ * This method returns a <code>String</code> representation of the contents
+ * of this certificate.
+ *
+ * @param detail true to provided more detailed information
+ * @return the string representation
+ */
+ String toString(boolean detail);
+} // interface Certificate
diff --git a/libjava/classpath/java/security/CodeSource.java b/libjava/classpath/java/security/CodeSource.java
new file mode 100644
index 000000000..dd353eda0
--- /dev/null
+++ b/libjava/classpath/java/security/CodeSource.java
@@ -0,0 +1,356 @@
+/* CodeSource.java -- Code location and certifcates
+ Copyright (C) 1998, 2002, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.net.SocketPermission;
+import java.net.URL;
+// Note that this overrides Certificate in this package.
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Iterator;
+
+/**
+ * This class represents a location from which code is loaded (as
+ * represented by a URL), and the list of certificates that are used to
+ * check the signatures of signed code loaded from this source.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public class CodeSource implements Serializable
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 4977541819976013951L;
+
+ /**
+ * This is the URL that represents the code base from which code will
+ * be loaded.
+ *
+ * @serial the code location
+ */
+ private final URL location;
+
+ /** The set of certificates for this code base. */
+ private transient HashSet certs;
+
+ /**
+ * This creates a new instance of <code>CodeSource</code> that loads code
+ * from the specified URL location and which uses the specified certificates
+ * for verifying signatures.
+ *
+ * @param location the location from which code will be loaded
+ * @param certs the list of certificates
+ */
+ public CodeSource(URL location, Certificate[] certs)
+ {
+ this.location = location;
+ if (certs != null)
+ this.certs = new HashSet(Arrays.asList(certs));
+ }
+
+ /**
+ * This method returns a hash value for this object.
+ *
+ * @return a hash value for this object
+ */
+ public int hashCode()
+ {
+ return (location == null ? 0 : location.hashCode())
+ ^ (certs == null ? 0 : certs.hashCode());
+ }
+
+ /**
+ * This method tests the specified <code>Object</code> for equality with
+ * this object. This will be true if and only if the locations are equal
+ * and the certificate sets are identical (ignoring order).
+ *
+ * @param obj the <code>Object</code> to test against
+ * @return true if the specified object is equal to this one
+ */
+ public boolean equals(Object obj)
+ {
+ if (! (obj instanceof CodeSource))
+ return false;
+ CodeSource cs = (CodeSource) obj;
+ return (certs == null ? cs.certs == null : certs.equals(cs.certs))
+ && (location == null ? cs.location == null
+ : location.equals(cs.location));
+ }
+
+ /**
+ * This method returns the URL specifying the location from which code
+ * will be loaded under this <code>CodeSource</code>.
+ *
+ * @return the code location for this <code>CodeSource</code>
+ */
+ public final URL getLocation()
+ {
+ return location;
+ }
+
+ /**
+ * This method returns the list of digital certificates that can be used
+ * to verify the signatures of code loaded under this
+ * <code>CodeSource</code>.
+ *
+ * @return the certifcate list for this <code>CodeSource</code>
+ */
+ public final Certificate[] getCertificates()
+ {
+ if (certs == null)
+ return null;
+ Certificate[] c = new Certificate[certs.size()];
+ certs.toArray(c);
+ return c;
+ }
+
+ /**
+ * This method tests to see if a specified <code>CodeSource</code> is
+ * implied by this object. Effectively, to meet this test, the specified
+ * object must have all the certifcates this object has (but may have more),
+ * and must have a location that is a subset of this object's. In order
+ * for this object to imply the specified object, the following must be
+ * true:
+ *
+ * <ol>
+ * <li><em>codesource</em> must not be <code>null</code>.</li>
+ * <li>If <em>codesource</em> has a certificate list, all of it's
+ * certificates must be present in the certificate list of this
+ * code source.</li>
+ * <li>If this object does not have a <code>null</code> location, then
+ * the following addtional tests must be passed.
+ *
+ * <ol>
+ * <li><em>codesource</em> must not have a <code>null</code>
+ * location.</li>
+ * <li><em>codesource</em>'s location must be equal to this object's
+ * location, or
+ * <ul>
+ * <li><em>codesource</em>'s location protocol, port, and ref (aka,
+ * anchor) must equal this objects</li>
+ * <li><em>codesource</em>'s location host must imply this object's
+ * location host, as determined by contructing
+ * <code>SocketPermission</code> objects from each with no
+ * action list and using that classes's <code>implies</code>
+ * method</li>
+ * <li>If this object's location file ends with a '/', then the
+ * specified object's location file must start with this
+ * object's location file. Otherwise, the specified object's
+ * location file must start with this object's location file
+ * with the '/' character appended to it.</li>
+ * </ul></li>
+ * </ol></li>
+ * </ol>
+ *
+ * <p>For example, each of these locations imply the location
+ * "http://java.sun.com/classes/foo.jar":</p>
+ *
+ * <pre>
+ * http:
+ * http://*.sun.com/classes/*
+ * http://java.sun.com/classes/-
+ * http://java.sun.com/classes/foo.jar
+ * </pre>
+ *
+ * <p>Note that the code source with null location and null certificates implies
+ * all other code sources.</p>
+ *
+ * @param cs the <code>CodeSource</code> to test against this object
+ * @return true if this specified <code>CodeSource</code> is implied
+ */
+ public boolean implies(CodeSource cs)
+ {
+ if (cs == null)
+ return false;
+ // First check the certificate list.
+ if (certs != null && (cs.certs == null || ! certs.containsAll(cs.certs)))
+ return false;
+ // Next check the location.
+ if (location == null)
+ return true;
+ if (cs.location == null
+ || ! location.getProtocol().equals(cs.location.getProtocol())
+ || (location.getPort() != -1
+ && location.getPort() != cs.location.getPort())
+ || (location.getRef() != null
+ && ! location.getRef().equals(cs.location.getRef())))
+ return false;
+ if (location.getHost() != null)
+ {
+ String their_host = cs.location.getHost();
+ if (their_host == null)
+ return false;
+ SocketPermission our_sockperm =
+ new SocketPermission(location.getHost(), "accept");
+ SocketPermission their_sockperm =
+ new SocketPermission(their_host, "accept");
+ if (! our_sockperm.implies(their_sockperm))
+ return false;
+ }
+ String our_file = location.getFile();
+ if (our_file != null)
+ {
+ if (! our_file.endsWith("/"))
+ our_file += "/";
+ String their_file = cs.location.getFile();
+ if (their_file == null
+ || ! their_file.startsWith(our_file))
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * This method returns a <code>String</code> that represents this object.
+ * The result is in the format <code>"(" + getLocation()</code> followed
+ * by a space separated list of certificates (or "&lt;no certificates&gt;"),
+ * followed by <code>")"</code>.
+ *
+ * @return a <code>String</code> for this object
+ */
+ public String toString()
+ {
+ CPStringBuilder sb = new CPStringBuilder("(").append(location);
+ if (certs == null || certs.isEmpty())
+ sb.append(" <no certificates>");
+ else
+ {
+ Iterator iter = certs.iterator();
+ for (int i = certs.size(); --i >= 0; )
+ sb.append(' ').append(iter.next());
+ }
+ return sb.append(")").toString();
+ }
+
+ /**
+ * Reads this object from a serialization stream.
+ *
+ * @param s the input stream
+ * @throws IOException if reading fails
+ * @throws ClassNotFoundException if deserialization fails
+ * @serialData this reads the location, then expects an int indicating the
+ * number of certificates. Each certificate is a String type
+ * followed by an int encoding length, then a byte[] encoding
+ */
+ private void readObject(ObjectInputStream s)
+ throws IOException, ClassNotFoundException
+ {
+ s.defaultReadObject();
+ int count = s.readInt();
+ certs = new HashSet();
+ while (--count >= 0)
+ {
+ String type = (String) s.readObject();
+ int bytes = s.readInt();
+ byte[] encoded = new byte[bytes];
+ for (int i = 0; i < bytes; i++)
+ encoded[i] = s.readByte();
+ ByteArrayInputStream stream = new ByteArrayInputStream(encoded);
+ try
+ {
+ CertificateFactory factory = CertificateFactory.getInstance(type);
+ certs.add(factory.generateCertificate(stream));
+ }
+ catch (CertificateException e)
+ {
+ // XXX Should we ignore this certificate?
+ }
+ }
+ }
+
+ /**
+ * Writes this object to a serialization stream.
+ *
+ * @param s the output stream
+ * @throws IOException if writing fails
+ * @serialData this writes the location, then writes an int indicating the
+ * number of certificates. Each certificate is a String type
+ * followed by an int encoding length, then a byte[] encoding
+ */
+ private void writeObject(ObjectOutputStream s) throws IOException
+ {
+ s.defaultWriteObject();
+ if (certs == null)
+ s.writeInt(0);
+ else
+ {
+ int count = certs.size();
+ s.writeInt(count);
+ Iterator iter = certs.iterator();
+ while (--count >= 0)
+ {
+ Certificate c = (Certificate) iter.next();
+ s.writeObject(c.getType());
+ byte[] encoded;
+ try
+ {
+ encoded = c.getEncoded();
+ }
+ catch (CertificateEncodingException e)
+ {
+ // XXX Should we ignore this certificate?
+ encoded = null;
+ }
+ if (encoded == null)
+ s.writeInt(0);
+ else
+ {
+ s.writeInt(encoded.length);
+ for (int i = 0; i < encoded.length; i++)
+ s.writeByte(encoded[i]);
+ }
+ }
+ }
+ }
+} // class CodeSource
diff --git a/libjava/classpath/java/security/DigestException.java b/libjava/classpath/java/security/DigestException.java
new file mode 100644
index 000000000..b4df0c1d5
--- /dev/null
+++ b/libjava/classpath/java/security/DigestException.java
@@ -0,0 +1,92 @@
+/* DigestException.java -- A generic message digest exception
+ Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception indicates that a generic message digest exception has
+ * occurred.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @status updated to 1.4
+ */
+public class DigestException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 5821450303093652515L;
+
+ /**
+ * Create a new instance with no descriptive message.
+ */
+ public DigestException()
+ {
+ }
+
+ /**
+ * Create a new instance with a descriptive error message.
+ *
+ * @param msg the descriptive message
+ */
+ public DigestException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public DigestException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public DigestException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/DigestInputStream.java b/libjava/classpath/java/security/DigestInputStream.java
new file mode 100644
index 000000000..c0a74f3ab
--- /dev/null
+++ b/libjava/classpath/java/security/DigestInputStream.java
@@ -0,0 +1,167 @@
+/* DigestInputStream.java --- An Input stream tied to a message digest
+ Copyright (C) 1999, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * DigestInputStream is a class that ties an InputStream with a
+ * MessageDigest. The Message Digest is used by the class to
+ * update it self as bytes are read from the InputStream.
+ *
+ * The updating to the digest depends on the on flag which is set
+ * to true by default to tell the class to update the data
+ * in the message digest.
+ *
+ * @version 0.0
+ * @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ */
+public class DigestInputStream extends FilterInputStream
+{
+ /**
+ * The message digest for the DigestInputStream
+ */
+ protected MessageDigest digest;
+
+ //Manages the on flag
+ private boolean state = true;
+
+ /**
+ * Constructs a new DigestInputStream.
+ * It associates a MessageDigest with the stream to
+ * compute the stream as data is written.
+ *
+ * @param stream An InputStream to associate this stream with
+ * @param digest A MessageDigest to hash the stream with
+ */
+ public DigestInputStream(InputStream stream, MessageDigest digest)
+ {
+ super(stream);
+ //this.in = stream;
+ this.digest = digest;
+ }
+
+ /**
+ * Returns the MessageDigest associated with this DigestInputStream
+ *
+ * @return The MessageDigest used to hash this stream
+ */
+ public MessageDigest getMessageDigest()
+ {
+ return digest;
+ }
+
+ /**
+ * Sets the current MessageDigest to current parameter
+ *
+ * @param digest A MessageDigest to associate with this stream
+ */
+ public void setMessageDigest(MessageDigest digest)
+ {
+ this.digest = digest;
+ }
+
+ /**
+ * Reads a byte from the input stream and updates the digest.
+ * This method reads the underlying input stream and if the
+ * on flag is true then updates the message digest.
+ *
+ * @return Returns a byte from the input stream, -1 is returned to indicate that
+ * the end of stream was reached before this read call
+ *
+ * @throws IOException if an IO error occurs in the underlying input stream,
+ * this error is thrown
+ */
+ public int read() throws IOException
+ {
+ int temp = in.read();
+
+ if (state == true && temp != -1)
+ digest.update((byte) temp);
+
+ return temp;
+ }
+
+ /**
+ * Reads bytes from the input stream and updates the digest.
+ * This method reads the underlying input stream and if the
+ * on flag is true then updates the message digest.
+ *
+ * @param b a byte array to store the data from the input stream
+ * @param off an offset to start at in the array
+ * @param len length of data to read
+ * @return Returns count of bytes read, -1 is returned to indicate that
+ * the end of stream was reached before this read call
+ *
+ * @throws IOException if an IO error occurs in the underlying input stream,
+ * this error is thrown
+ */
+ public int read(byte[]b, int off, int len) throws IOException
+ {
+ int temp = in.read(b, off, len);
+
+ if (state == true && temp != -1)
+ digest.update(b, off, temp);
+
+ return temp;
+ }
+
+ /**
+ * Sets the flag specifing if this DigestInputStream updates the
+ * digest in the write() methods. The default is on;
+ *
+ * @param on True means it digests stream, false means it does not
+ */
+ public void on(boolean on)
+ {
+ state = on;
+ }
+
+ /**
+ * Converts the input stream and underlying message digest to a string.
+ *
+ * @return A string representing the input stream and message digest.
+ */
+ public String toString()
+ {
+ return "[Digest Input Stream] " + digest.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/DigestOutputStream.java b/libjava/classpath/java/security/DigestOutputStream.java
new file mode 100644
index 000000000..748f83d79
--- /dev/null
+++ b/libjava/classpath/java/security/DigestOutputStream.java
@@ -0,0 +1,158 @@
+/* DigestOutputStream.java --- An output stream tied to a message digest
+ Copyright (C) 1999, 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * DigestOutputStream is a class that ties an OutputStream with a
+ * MessageDigest. The Message Digest is used by the class to update it
+ * self as bytes are written to the OutputStream.
+ *
+ * The updating to the digest depends on the on flag which is set to
+ * true by default that tells the class to update the data in the
+ * message digest.
+ *
+ * @version 0.0
+ * @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ */
+public class DigestOutputStream extends FilterOutputStream
+{
+ /**
+ * The message digest for the DigestOutputStream
+ */
+ protected MessageDigest digest;
+
+ //Manages the on flag
+ private boolean state = true;
+
+ /**
+ * Constructs a new DigestOutputStream. It associates a
+ * MessageDigest with the stream to compute the stream as data is
+ * written.
+ *
+ * @param stream An OutputStream to associate this stream with
+ * @param digest A MessageDigest to hash the stream with
+ */
+ public DigestOutputStream(OutputStream stream, MessageDigest digest)
+ {
+ super(stream);
+ this.digest = digest;
+ }
+
+ /**
+ * Returns the MessageDigest associated with this DigestOutputStream
+ *
+ * @return The MessageDigest used to hash this stream
+ */
+ public MessageDigest getMessageDigest()
+ {
+ return digest;
+ }
+
+ /**
+ * Sets the current MessageDigest to current parameter
+ *
+ * @param digest A MessageDigest to associate with this stream
+ */
+ public void setMessageDigest(MessageDigest digest)
+ {
+ this.digest = digest;
+ }
+
+
+ /**
+ * Updates the hash if the on flag is true and then writes a byte to
+ * the underlying output stream.
+ *
+ * @param b A byte to write to the output stream
+ *
+ * @exception IOException if the underlying output stream
+ * cannot write the byte, this is thrown.
+ */
+ public void write(int b) throws IOException
+ {
+ if (state)
+ digest.update((byte) b);
+
+ out.write(b);
+ }
+
+ /**
+ * Updates the hash if the on flag is true and then writes the bytes
+ * to the underlying output stream.
+ *
+ * @param b Bytes to write to the output stream
+ * @param off Offset to start to start at in array
+ * @param len Length of data to write
+ *
+ * @exception IOException if the underlying output stream
+ * cannot write the bytes, this is thrown.
+ */
+ public void write(byte[]b, int off, int len) throws IOException
+ {
+ if (state)
+ digest.update(b, off, len);
+
+ out.write(b, off, len);
+ }
+
+ /**
+ * Sets the flag specifying if this DigestOutputStream updates the
+ * digest in the write() methods. The default is on;
+ *
+ * @param on True means it digests stream, false means it does not
+ */
+ public void on(boolean on)
+ {
+ state = on;
+ }
+
+ /**
+ * Converts the output stream and underlying message digest to a string.
+ *
+ * @return A string representing the output stream and message digest.
+ */
+ public String toString()
+ {
+ return "[Digest Output Stream] " + digest.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/DomainCombiner.java b/libjava/classpath/java/security/DomainCombiner.java
new file mode 100644
index 000000000..9ec680c63
--- /dev/null
+++ b/libjava/classpath/java/security/DomainCombiner.java
@@ -0,0 +1,67 @@
+/* DomainCombiner.java -- Combines ProtectionDomains
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * A public interface used to combine two ProtectionDomains in a new
+ * ProtectionDomain and update the current Protection Domains
+ * associated with the current AccessControlContext.
+ *
+ * It can add, subtract, or update ProtectionDomains or possibly
+ * remove duplicates or any possible complex action but just not add
+ * ones that do not already exist in either array.
+ *
+ * @author Mark Benvenuto
+ * @see AccessControlContext
+ * @see AccessController
+ * @since 1.3
+ * @status updated to 1.4
+ */
+public interface DomainCombiner
+{
+ /**
+ * Combines the current ProtectionDomains of the Thread with new
+ * ProtectionDomains.
+ *
+ * @param currentDomains - the ProtectionDomains for the current thread.
+ * @param assignedDomains - ProtectionsDomains to add
+ * @return a new array of all the ProtectionDomains
+ */
+ ProtectionDomain[] combine(ProtectionDomain[] currentDomains,
+ ProtectionDomain[] assignedDomains);
+} // interface DomainCombiner
diff --git a/libjava/classpath/java/security/DummyKeyPairGenerator.java b/libjava/classpath/java/security/DummyKeyPairGenerator.java
new file mode 100644
index 000000000..da8c362eb
--- /dev/null
+++ b/libjava/classpath/java/security/DummyKeyPairGenerator.java
@@ -0,0 +1,75 @@
+/* DummyKeyPairGenerator.java - Wrapper for KeyPairGeneratorSpi
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+final class DummyKeyPairGenerator extends KeyPairGenerator
+{
+ private KeyPairGeneratorSpi kpgSpi = null;
+
+ public DummyKeyPairGenerator(KeyPairGeneratorSpi kpgSpi, String algorithm)
+ {
+ super(algorithm);
+ this.kpgSpi = kpgSpi;
+ }
+
+ public Object clone() throws CloneNotSupportedException
+ {
+ KeyPairGenerator result = new DummyKeyPairGenerator
+ ((KeyPairGeneratorSpi) kpgSpi.clone(), this.getAlgorithm());
+ result.provider = this.getProvider();
+ return result;
+ }
+
+ public void initialize(int keysize, SecureRandom random)
+ {
+ kpgSpi.initialize(keysize, random);
+ }
+
+ public void initialize(AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
+ kpgSpi.initialize(params, random);
+ }
+
+ public KeyPair generateKeyPair()
+ {
+ return kpgSpi.generateKeyPair();
+ }
+}
diff --git a/libjava/classpath/java/security/DummyMessageDigest.java b/libjava/classpath/java/security/DummyMessageDigest.java
new file mode 100644
index 000000000..6cecdcf68
--- /dev/null
+++ b/libjava/classpath/java/security/DummyMessageDigest.java
@@ -0,0 +1,90 @@
+/* DummyMessageDigest.java - Wrapper for MessageDigestSpi
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+final class DummyMessageDigest extends MessageDigest
+{
+ private MessageDigestSpi mdSpi = null;
+
+ public DummyMessageDigest(MessageDigestSpi mdSpi, String algorithm)
+ {
+ super(algorithm);
+ this.mdSpi = mdSpi;
+ }
+
+ public Object clone() throws CloneNotSupportedException
+ {
+ MessageDigest result = new DummyMessageDigest
+ ((MessageDigestSpi) mdSpi.clone(), this.getAlgorithm());
+ result.provider = this.getProvider();
+ return result;
+ }
+
+ // java.security.MessageDigestSpi abstract methods implementation ---------
+
+ public byte[] engineDigest()
+ {
+ return mdSpi.engineDigest();
+ }
+
+ public int engineDigest(byte[] buf, int offset, int len)
+ throws DigestException
+ {
+ return mdSpi.engineDigest(buf, offset, len);
+ }
+
+ public int engineGetDigestLength()
+ {
+ return mdSpi.engineGetDigestLength();
+ }
+
+ public void engineReset()
+ {
+ mdSpi.engineReset();
+ }
+
+ public void engineUpdate(byte input)
+ {
+ mdSpi.engineUpdate(input);
+ }
+
+ public void engineUpdate(byte[] input, int offset, int len)
+ {
+ mdSpi.engineUpdate(input, offset, len);
+ }
+}
diff --git a/libjava/classpath/java/security/DummySignature.java b/libjava/classpath/java/security/DummySignature.java
new file mode 100644
index 000000000..b74885c99
--- /dev/null
+++ b/libjava/classpath/java/security/DummySignature.java
@@ -0,0 +1,102 @@
+/* DummySignature.java - Signature wrapper for SignatureSpi.
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+final class DummySignature extends Signature
+{
+ private SignatureSpi sigSpi = null;
+
+ public DummySignature(SignatureSpi sigSpi, String algorithm)
+ {
+ super(algorithm);
+ this.sigSpi = sigSpi;
+ }
+
+ public Object clone() throws CloneNotSupportedException
+ {
+ Signature result = new DummySignature
+ ((SignatureSpi) sigSpi.clone(), this.getAlgorithm());
+ result.provider = this.getProvider();
+ return result;
+ }
+
+ protected void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException
+ {
+ sigSpi.engineInitVerify(publicKey);
+ }
+
+ protected void engineInitSign(PrivateKey privateKey)
+ throws InvalidKeyException
+ {
+ sigSpi.engineInitSign(privateKey);
+ }
+
+ protected void engineUpdate(byte b) throws SignatureException
+ {
+ sigSpi.engineUpdate(b);
+ }
+
+ protected void engineUpdate(byte[]b, int off, int len)
+ throws SignatureException
+ {
+ sigSpi.engineUpdate(b, off, len);
+ }
+
+ protected byte[] engineSign() throws SignatureException
+ {
+ return sigSpi.engineSign();
+ }
+
+ protected boolean engineVerify(byte[]sigBytes) throws SignatureException
+ {
+ return sigSpi.engineVerify(sigBytes);
+ }
+
+ protected void engineSetParameter(String param, Object value)
+ throws InvalidParameterException
+ {
+ sigSpi.engineSetParameter(param, value);
+ }
+
+ protected Object engineGetParameter(String param)
+ throws InvalidParameterException
+ {
+ return sigSpi.engineGetParameter(param);
+ }
+}
diff --git a/libjava/classpath/java/security/GeneralSecurityException.java b/libjava/classpath/java/security/GeneralSecurityException.java
new file mode 100644
index 000000000..b2594c5fb
--- /dev/null
+++ b/libjava/classpath/java/security/GeneralSecurityException.java
@@ -0,0 +1,97 @@
+/* GeneralSecurityException.java -- Common superclass of security exceptions
+ Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This class is the common superclass of all security exceptions. All
+ * exceptions in java.security extend this class with the exception (no
+ * pun intended) of <code>AccessControlException</code> and
+ * <code>CertificateException</code> (which extend
+ * <code>SecurityException</code>), <code>ProviderException</code>
+ * (<code>RuntimeException</code>), and <code>InvalidParamterException</code>
+ * (<code>IllegalArgumentException</code>).
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @status updated to 1.4
+ */
+public class GeneralSecurityException extends Exception
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 894798122053539237L;
+
+ /**
+ * Create a new instance with no descriptive error message.
+ */
+ public GeneralSecurityException()
+ {
+ }
+
+ /**
+ * Create a new instance with a descriptive error message.
+ *
+ * @param msg the descriptive error message
+ */
+ public GeneralSecurityException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public GeneralSecurityException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public GeneralSecurityException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/Guard.java b/libjava/classpath/java/security/Guard.java
new file mode 100644
index 000000000..4f22360a4
--- /dev/null
+++ b/libjava/classpath/java/security/Guard.java
@@ -0,0 +1,60 @@
+/* Guard.java -- Check access to a guarded object
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This interface specifies a mechanism for querying whether or not
+ * access is allowed to a guarded object.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see GuardedObject
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public interface Guard
+{
+ /**
+ * This method tests whether or not access is allowed to the specified
+ * guarded object. Access is allowed if this method returns silently. If
+ * access is denied, an exception is generated.
+ *
+ * @param obj the <code>Object</code> to test
+ * @throws SecurityException if access to the object is denied
+ */
+ void checkGuard(Object obj);
+} // interface Guard
diff --git a/libjava/classpath/java/security/GuardedObject.java b/libjava/classpath/java/security/GuardedObject.java
new file mode 100644
index 000000000..5ca08835d
--- /dev/null
+++ b/libjava/classpath/java/security/GuardedObject.java
@@ -0,0 +1,121 @@
+/* GuardedObject.java -- An object protected by a Guard
+ Copyright (C) 1998, 2002, 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+/**
+ * This class is an object that is guarded by a <code>Guard</code> object.
+ * The object that is being guarded is retrieved by a call to the only
+ * method in this class - <code>getObject</code>. That method returns the
+ * guarded <code>Object</code> after first checking with the
+ * <code>Guard</code>. If the <code>Guard</code> disallows access, an
+ * exception will be thrown.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public class GuardedObject implements Serializable
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -5240450096227834308L;
+
+ /**
+ * This is the Guard that is protecting the object.
+ *
+ * @serial the guard
+ */
+ private final Guard guard;
+
+ /**
+ * This is the object that is being guarded.
+ *
+ * @serial the protected object
+ */
+ private final Object object;
+
+ /**
+ * This method initializes a new instance of <code>GuardedObject</code>
+ * that protects the specified <code>Object</code> using the specified
+ * <code>Guard</code>. A null guard means there are no restrictions on
+ * accessing the object.
+ *
+ * @param object the <code>Object</code> to guard
+ * @param guard the <code>Guard</code> that is protecting the object
+ */
+ public GuardedObject(Object object, Guard guard)
+ {
+ this.object = object;
+ this.guard = guard;
+ }
+
+ /**
+ * This method first call the <code>checkGuard</code> method on the
+ * <code>Guard</code> object protecting the guarded object. If the
+ * <code>Guard</code> disallows access, an exception is thrown, otherwise
+ * the <code>Object</code> is returned.
+ *
+ * @return The object being guarded
+ * @throws SecurityException if access is denied
+ */
+ public Object getObject()
+ {
+ if (guard != null)
+ guard.checkGuard(object);
+ return object;
+ }
+
+ /**
+ * Ensures that serialization is legal, by checking the guard.
+ *
+ * @param s the stream to write to
+ * @throws IOException if the underlying stream fails
+ */
+ private void writeObject(ObjectOutputStream s) throws IOException
+ {
+ if (guard != null)
+ guard.checkGuard(object);
+ s.defaultWriteObject();
+ }
+} // class GuardedObject
diff --git a/libjava/classpath/java/security/Identity.java b/libjava/classpath/java/security/Identity.java
new file mode 100644
index 000000000..83ec4c8e1
--- /dev/null
+++ b/libjava/classpath/java/security/Identity.java
@@ -0,0 +1,346 @@
+/* Identity.java --- Identity Class
+ Copyright (C) 1999, 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.io.Serializable;
+import java.util.Vector;
+
+/**
+ * The <code>Identity</code> class is used to represent people and companies
+ * that can be authenticated using public key encryption. The identities can
+ * also be abstract objects such as smart cards.
+ *
+ * <p><code>Identity</code> objects store a name and public key for each
+ * identity. The names cannot be changed and the identities can be scoped. Each
+ * identity (name and public key) within a scope are unique to that scope.</p>
+ *
+ * <p>Each identity has a set of ceritificates which all specify the same
+ * public key, but not necessarily the same name.</p>
+ *
+ * <p>The <code>Identity</code> class can be subclassed to allow additional
+ * information to be attached to it.</p>
+ *
+ * @author Mark Benvenuto
+ * @see IdentityScope
+ * @see Signer
+ * @see Principal
+ * @deprecated Replaced by <code>java.security.KeyStore</code>, the
+ * <code>java.security.cert</code> package, and
+ * <code>java.security.Principal</code>.
+ */
+public abstract class Identity implements Principal, Serializable
+{
+ private static final long serialVersionUID = 3609922007826600659L;
+
+ private String name;
+ private IdentityScope scope;
+ private PublicKey publicKey;
+ private String info;
+ private Vector certificates;
+
+ /** Constructor for serialization only. */
+ protected Identity()
+ {
+ }
+
+ /**
+ * Constructs a new instance of <code>Identity</code> with the specified
+ * name and scope.
+ *
+ * @param name
+ * the name to use.
+ * @param scope
+ * the scope to use.
+ * @throws KeyManagementException
+ * if the identity is already present.
+ */
+ public Identity(String name, IdentityScope scope)
+ throws KeyManagementException
+ {
+ this.name = name;
+ this.scope = scope;
+ }
+
+ /**
+ * Constructs a new instance of <code>Identity</code> with the specified
+ * name and no scope.
+ *
+ * @param name
+ * the name to use.
+ */
+ public Identity(String name)
+ {
+ this.name = name;
+ this.scope = null;
+ }
+
+ /** @return the name of this identity. */
+ public final String getName()
+ {
+ return name;
+ }
+
+ /** @return the scope of this identity. */
+ public final IdentityScope getScope()
+ {
+ return scope;
+ }
+
+ /**
+ * @return the public key of this identity.
+ * @see #setPublicKey(java.security.PublicKey)
+ */
+ public PublicKey getPublicKey()
+ {
+ return publicKey;
+ }
+
+ /**
+ * Sets the public key for this identity. The old key and all certificates
+ * are removed.
+ *
+ * @param key
+ * the public key to use.
+ * @throws KeyManagementException
+ * if this public key is used by another identity in the current
+ * scope.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public void setPublicKey(PublicKey key) throws KeyManagementException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("setIdentityPublicKey");
+
+ this.publicKey = key;
+ }
+
+ /**
+ * Sets the general information string.
+ *
+ * @param info
+ * the general information string.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public void setInfo(String info)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("setIdentityInfo");
+
+ this.info = info;
+ }
+
+ /**
+ * @return the general information string of this identity.
+ * @see #setInfo(String)
+ */
+ public String getInfo()
+ {
+ return info;
+ }
+
+ /**
+ * Adds a certificate to the list of ceritificates for this identity. The
+ * public key in this certificate must match the existing public key if it
+ * exists.
+ *
+ * @param certificate
+ * the certificate to add.
+ * @throws KeyManagementException
+ * if the certificate is invalid, or the public key conflicts.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public void addCertificate(Certificate certificate)
+ throws KeyManagementException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("addIdentityCertificate");
+
+ // Check public key of this certificate against the first one in the vector
+ if (certificates.size() > 0)
+ {
+ if (((Certificate) certificates.firstElement()).getPublicKey() != publicKey)
+ throw new KeyManagementException("Public key does not match");
+ }
+ certificates.addElement(certificate);
+ }
+
+ /**
+ * Removes a certificate from the list of ceritificates for this identity.
+ *
+ * @param certificate
+ * the certificate to remove.
+ * @throws KeyManagementException
+ * if the certificate is invalid.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public void removeCertificate(Certificate certificate)
+ throws KeyManagementException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("removeIdentityCertificate");
+
+ if (certificates.contains(certificate) == false)
+ throw new KeyManagementException("Certificate not found");
+
+ certificates.removeElement(certificate);
+ }
+
+ /** @return an array of {@link Certificate}s for this identity. */
+ public Certificate[] certificates()
+ {
+ Certificate[] certs = new Certificate[certificates.size()];
+ int max = certificates.size();
+ for (int i = 0; i < max; i++)
+ certs[i] = (Certificate) certificates.elementAt(i);
+
+ return certs;
+ }
+
+ /**
+ * Checks for equality between this Identity and a specified object. It first
+ * checks if they are the same object, then if the name and scope match and
+ * returns <code>true</code> if successful. If these tests fail, the
+ * {@link #identityEquals(Identity)} method is called.
+ *
+ * @return <code>true</code> if they are equal, <code>false</code>
+ * otherwise.
+ */
+ public final boolean equals(Object identity)
+ {
+ if (identity instanceof Identity)
+ {
+ if (identity == this)
+ return true;
+
+ if ((((Identity) identity).getName().equals(this.name)) &&
+ (((Identity) identity).getScope().equals(this.scope)))
+ return true;
+
+ return identityEquals((Identity) identity);
+ }
+ return false;
+ }
+
+ /**
+ * Checks for equality between this Identity and a specified object. A
+ * subclass should override this method. The default behavior is to return
+ * <code>true</code> if the public key and names match.
+ *
+ * @return <code>true</code> if they are equal, <code>false</code>
+ * otherwise.
+ */
+ protected boolean identityEquals(Identity identity)
+ {
+ return ((identity.getName().equals(this.name)) &&
+ (identity.getPublicKey().equals(this.publicKey)));
+ }
+
+ /**
+ * Returns a string representation of this Identity.
+ *
+ * @return a string representation of this Identity.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public String toString()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("printIdentity");
+
+ /* TODO: Insert proper format here */
+ return (name + ":@" + scope + " Public Key: " + publicKey);
+ }
+
+ /**
+ * Returns a detailed string representation of this Identity.
+ *
+ * @param detailed
+ * indicates whether or detailed information is desired.
+ * @return a string representation of this Identity.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public String toString(boolean detailed)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("printIdentity");
+
+ if (detailed)
+ {
+ /* TODO: Insert proper detailed format here */
+ return (name + ":@" + scope + " Public Key: " + publicKey);
+ }
+ else
+ {
+ /* TODO: Insert proper format here */
+ return (name + ":@" + scope + " Public Key: " + publicKey);
+ }
+ }
+
+ /** @return a hashcode of this identity. */
+ public int hashCode()
+ {
+ int ret = name.hashCode();
+ if (publicKey != null)
+ ret |= publicKey.hashCode();
+ if (scope != null)
+ ret |= scope.hashCode();
+ if (info != null)
+ ret |= info.hashCode();
+ if (certificates != null)
+ ret |= certificates.hashCode();
+
+ return ret;
+ }
+}
diff --git a/libjava/classpath/java/security/IdentityScope.java b/libjava/classpath/java/security/IdentityScope.java
new file mode 100644
index 000000000..4391fbd49
--- /dev/null
+++ b/libjava/classpath/java/security/IdentityScope.java
@@ -0,0 +1,216 @@
+/* IdentityScope.java --- IdentityScope Class
+ Copyright (C) 1999, 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.util.Enumeration;
+
+/**
+ * <code>IdentityScope</code> represents a scope of an identity.
+ * <code>IdentityScope</code> is also an {@link Identity} and can have a name
+ * and scope along with the other qualitites identities possess.
+ *
+ * <p>An <code>IdentityScope</code> contains other {@link Identity} objects.
+ * All {@link Identity} objects are manipulated in the scope the same way. The
+ * scope is supposed to apply different scope to different type of
+ * Identities.</p>
+ *
+ * <p>No identity within the same scope can have the same public key.</p>
+ *
+ * @author Mark Benvenuto
+ * @see Identity
+ * @see Signer
+ * @see Principal
+ * @see Key
+ * @deprecated Use java.security.KeyStore, the java.security.cert package, and
+ * java.security.Principal.
+ */
+public abstract class IdentityScope extends Identity
+{
+ private static final long serialVersionUID = -2337346281189773310L;
+ private static IdentityScope systemScope;
+
+ /** Constructor for serialization purposes. */
+ protected IdentityScope()
+ {
+ super();
+ }
+
+ /**
+ * Constructs a new instance of <code>IdentityScope</code> with the
+ * specified name and no scope.
+ *
+ * @param name
+ * the name to use.
+ */
+ public IdentityScope(String name)
+ {
+ super(name);
+ }
+
+ /**
+ * Constructs a new instance of <code>IdentityScope</code> with the
+ * specified name and {@link IdentityScope}.
+ *
+ * @param name
+ * the name to use.
+ * @param scope
+ * the scope to use.
+ * @throws KeyManagementException
+ * if the identity scope is already present.
+ */
+ public IdentityScope(String name, IdentityScope scope)
+ throws KeyManagementException
+ {
+ super(name, scope);
+ }
+
+ /**
+ * Returns the system's Scope.
+ *
+ * @return the system's Scope.
+ */
+ public static IdentityScope getSystemScope()
+ {
+ if (systemScope == null)
+ {
+ //Load it
+ //systemScope;
+ }
+ return systemScope;
+ }
+
+ /**
+ * Sets the scope of the system.
+ *
+ * @param scope
+ * the new system scope.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ protected static void setSystemScope(IdentityScope scope)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("setSystemScope");
+
+ systemScope = scope;
+ }
+
+ /**
+ * Returns the number of entries within this <code>IdentityScope</code>.
+ *
+ * @return the number of entries within this <code>IdentityScope</code>.
+ */
+ public abstract int size();
+
+ /**
+ * Returns the specified {@link Identity}, by name, within this scope.
+ *
+ * @param name
+ * name of {@link Identity} to get.
+ * @return an {@link Identity} representing the name or <code>null</code> if
+ * it cannot be found.
+ */
+ public abstract Identity getIdentity(String name);
+
+ /**
+ * Returns the specified {@link Identity}, by {@link Principal}, within this
+ * scope.
+ *
+ * @param principal
+ * the {@link Principal} to use.
+ * @return an identity representing the {@link Principal} or <code>null</code>
+ * if it cannot be found.
+ */
+ public Identity getIdentity(Principal principal)
+ {
+ return getIdentity(principal.getName());
+ }
+
+ /**
+ * Returns the specified {@link Identity}, by public key, within this scope.
+ *
+ * @param key
+ * the {@link PublicKey} to use.
+ * @return an identity representing the public key or <code>null</code> if
+ * it cannot be found.
+ */
+ public abstract Identity getIdentity(PublicKey key);
+
+ /**
+ * Adds an identity to his scope.
+ *
+ * @param identity
+ * the {@link Identity} to add.
+ * @throws KeyManagementException
+ * if it is an invalid identity, an identity with the same key
+ * exists, or if another error occurs.
+ */
+ public abstract void addIdentity(Identity identity)
+ throws KeyManagementException;
+
+ /**
+ * Removes an identity in this scope.
+ *
+ * @param identity
+ * the {@link Identity} to remove.
+ * @throws KeyManagementException
+ * if it is a missing identity, or if another error occurs.
+ */
+ public abstract void removeIdentity(Identity identity)
+ throws KeyManagementException;
+
+ /**
+ * Returns an {@link Enumeration} of identities in this scope.
+ *
+ * @return an {@link Enumeration} of the identities in this scope.
+ */
+ public abstract Enumeration<Identity> identities();
+
+ /**
+ * Returns a string representing this instance. It includes the name, the
+ * scope name, and number of identities.
+ *
+ * @return a string representation of this instance.
+ */
+ public String toString()
+ {
+ return (super.getName() + " " + super.getScope().getName() + " " + size());
+ }
+}
diff --git a/libjava/classpath/java/security/IntersectingDomainCombiner.java b/libjava/classpath/java/security/IntersectingDomainCombiner.java
new file mode 100644
index 000000000..2bfcfb442
--- /dev/null
+++ b/libjava/classpath/java/security/IntersectingDomainCombiner.java
@@ -0,0 +1,82 @@
+/* IntersectingDomainCombiner.java --
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.util.HashSet;
+
+/**
+ * A trivial implementation of {@link DomainCombiner} that produces the
+ * intersection of the supplied {@link ProtectionDomain} objects.
+ */
+final class IntersectingDomainCombiner implements DomainCombiner
+{
+
+ // Contstant.
+ // -------------------------------------------------------------------------
+
+ static final IntersectingDomainCombiner SINGLETON = new IntersectingDomainCombiner();
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ private IntersectingDomainCombiner()
+ {
+ }
+
+ // Methods.
+ // -------------------------------------------------------------------------
+
+ public ProtectionDomain[] combine (ProtectionDomain[] currentDomains,
+ ProtectionDomain[] assignedDomains)
+ {
+ HashSet newDomains = new HashSet ();
+ for (int i = 0; i < currentDomains.length; i++)
+ {
+ if (currentDomains[i] == null)
+ continue;
+ for (int j = 0; j < assignedDomains.length; j++)
+ {
+ if (currentDomains[i].equals (assignedDomains[j]))
+ newDomains.add (currentDomains[i]);
+ }
+ }
+ return (ProtectionDomain[])
+ newDomains.toArray(new ProtectionDomain[newDomains.size()]);
+ }
+}
diff --git a/libjava/classpath/java/security/InvalidAlgorithmParameterException.java b/libjava/classpath/java/security/InvalidAlgorithmParameterException.java
new file mode 100644
index 000000000..aa77937fb
--- /dev/null
+++ b/libjava/classpath/java/security/InvalidAlgorithmParameterException.java
@@ -0,0 +1,95 @@
+/* InvalidAlgorithmParameterException.java -- an invalid parameter to a
+ security algorithm
+ Copyright (C) 2000, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * Thrown for an invalid security algorithm parameter.
+ *
+ * @author Warren Levy (warrenl@cygnus.com)
+ * @since 1.2
+ * @status updated to 1.4
+ */
+public class InvalidAlgorithmParameterException
+ extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 2864672297499471472L;
+
+ /**
+ * Construct an exception with no message.
+ */
+ public InvalidAlgorithmParameterException()
+ {
+ super();
+ }
+
+ /**
+ * Construct an exception with a message.
+ *
+ * @param msg the message
+ */
+ public InvalidAlgorithmParameterException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public InvalidAlgorithmParameterException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public InvalidAlgorithmParameterException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/InvalidKeyException.java b/libjava/classpath/java/security/InvalidKeyException.java
new file mode 100644
index 000000000..39aa3df43
--- /dev/null
+++ b/libjava/classpath/java/security/InvalidKeyException.java
@@ -0,0 +1,91 @@
+/* InvalidKeyException -- thrown for an invalid key
+ Copyright (C) 2000, 2002, 2006 Free Software Foundation
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * Thrown for an invalid key.
+ *
+ * @author Warren Levy (warrenl@cygnus.com)
+ * @status updated to 1.4
+ */
+public class InvalidKeyException extends KeyException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 5698479920593359816L;
+
+ /**
+ * Construct an exception with no message.
+ */
+ public InvalidKeyException()
+ {
+ }
+
+ /**
+ * Construct an exception with a message.
+ *
+ * @param msg the message
+ */
+ public InvalidKeyException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public InvalidKeyException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public InvalidKeyException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/InvalidParameterException.java b/libjava/classpath/java/security/InvalidParameterException.java
new file mode 100644
index 000000000..c5218a049
--- /dev/null
+++ b/libjava/classpath/java/security/InvalidParameterException.java
@@ -0,0 +1,70 @@
+/* InvalidParameterException.java -- an invalid parameter in the JCA/JCE engine
+ Copyright (C) 2000, 2002 Free Software Foundation
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * Thrown when an invalid parameter is passed to a method of the JCA/JCE
+ * engine classes.
+ *
+ * @author Warren Levy (warrenl@cygnus.com)
+ * @status updated to 1.4
+ */
+public class InvalidParameterException extends IllegalArgumentException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -857968536935667808L;
+
+ /**
+ * Construct an exception with no message.
+ */
+ public InvalidParameterException()
+ {
+ }
+
+ /**
+ * Construct an exception with a message.
+ *
+ * @param msg the message
+ */
+ public InvalidParameterException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/classpath/java/security/Key.java b/libjava/classpath/java/security/Key.java
new file mode 100644
index 000000000..23652b6e7
--- /dev/null
+++ b/libjava/classpath/java/security/Key.java
@@ -0,0 +1,94 @@
+/* Key.java -- A abstract representation of a digital key
+ Copyright (C) 1998, 2000, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.io.Serializable;
+
+/**
+ * This interfaces models the base characteristics that all keys must
+ * have. These are: a key algorithm, an encoded form, and a format used
+ * to encode the key. Specific key types inherit from this interface.
+ * Note that since this interface extends <code>Serializable</code>, all
+ * keys may be serialized. Keys are generally obtained through key generators,
+ * including {@link KeyFactory}.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see PublicKey
+ * @see PrivateKey
+ * @see KeyPair
+ * @see KeyPairGenerator
+ * @see KeyFactory
+ * @see KeySpec
+ * @see Identity
+ * @see Signer
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public interface Key extends Serializable
+{
+ /**
+ * The version identifier used for serialization.
+ */
+ long serialVersionUID = 6603384152749567654L;
+
+ /**
+ * This method returns the name of the algorithm for this key. This is a
+ * <code>String</code> such as "RSA".
+ *
+ * @return the name of the algorithm in use
+ */
+ String getAlgorithm();
+
+ /**
+ * This method returns the name of the encoding format for this key. This
+ * is the name of the ASN.1 data format used for this key, such as
+ * "X.509" or "PKCS#8". This method returns <code>null</code> if this key
+ * does not have an encoding format.
+ *
+ * @return the name of the encoding format for this key, or null
+ */
+ String getFormat();
+
+ /**
+ * This method returns the encoded form of the key. If this key does not
+ * support encoding, this method returns <code>null</code>.
+ *
+ * @return the encoded form of the key, or null
+ */
+ byte[] getEncoded();
+} // interface Key
diff --git a/libjava/classpath/java/security/KeyException.java b/libjava/classpath/java/security/KeyException.java
new file mode 100644
index 000000000..66f1feb64
--- /dev/null
+++ b/libjava/classpath/java/security/KeyException.java
@@ -0,0 +1,94 @@
+/* KeyException.java -- Thrown when there is a problem with a key
+ Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception is thrown when there is a problem with a key.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see Key
+ * @status updated to 1.4
+ */
+public class KeyException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -7483676942812432108L;
+
+ /**
+ * This method initializes a new instance of <code>KeyException</code>
+ * with no descriptive message.
+ */
+ public KeyException()
+ {
+ }
+
+ /**
+ * This method initializes a new instance of <code>KeyException</code>
+ * with a descriptive message.
+ *
+ * @param msg the descriptive message
+ */
+ public KeyException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public KeyException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public KeyException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/KeyFactory.java b/libjava/classpath/java/security/KeyFactory.java
new file mode 100644
index 000000000..6f47de044
--- /dev/null
+++ b/libjava/classpath/java/security/KeyFactory.java
@@ -0,0 +1,280 @@
+/* KeyFactory.java --- Key Factory Class
+ Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+/**
+ * Key factories are used to convert keys (opaque cryptographic keys of type
+ * {@link Key}) into key specifications (transparent representations of the
+ * underlying key material).
+ *
+ * <p>Key factories are bi-directional. They allow a key class to be converted
+ * into a key specification (key material) and back again. For example DSA
+ * public keys can be specified as <code>DSAPublicKeySpec</code> or
+ * <code>X509EncodedKeySpec</code>. A key factory translates these key
+ * specifications.</p>
+ *
+ * @since 1.2
+ * @see Key
+ * @see KeySpec
+ * @see java.security.spec.DSAPublicKeySpec
+ * @see java.security.spec.X509EncodedKeySpec
+ @author Mark Benvenuto
+ */
+public class KeyFactory
+{
+ /** The service name for key factories. */
+ private static final String KEY_FACTORY = "KeyFactory";
+
+ private KeyFactorySpi keyFacSpi;
+ private Provider provider;
+ private String algorithm;
+
+ /**
+ * Constructs a new instance of <code>KeyFactory</code> with the specified
+ * parameters.
+ *
+ * @param keyFacSpi
+ * the key factory to use.
+ * @param provider
+ * the provider to use.
+ * @param algorithm
+ * the name of the key algorithm to use.
+ */
+ protected KeyFactory(KeyFactorySpi keyFacSpi, Provider provider,
+ String algorithm)
+ {
+ this.keyFacSpi = keyFacSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ /**
+ * Returns a new instance of <code>KeyFactory</code> representing the
+ * specified key factory.
+ *
+ * @param algorithm the name of algorithm to use.
+ * @return a new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by any
+ * provider.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static KeyFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns a new instance of <code>KeyFactory</code> representing the
+ * specified key factory from the specified provider.
+ *
+ * @param algorithm the name of algorithm to use.
+ * @param provider the name of the provider to use.
+ * @return a new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by the
+ * named provider.
+ * @throws NoSuchProviderException if the named provider was not found.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code> or empty.
+ */
+ public static KeyFactory getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ provider = provider.trim();
+ if (provider.length() == 0)
+ throw new IllegalArgumentException("provider MUST NOT be empty");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns a new instance of <code>KeyFactory</code> representing the
+ * specified key factory from the designated {@link Provider}.
+ *
+ * @param algorithm the name of algorithm to use.
+ * @param provider the {@link Provider} to use.
+ * @return a new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by
+ * {@link Provider}.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ * @since 1.4
+ * @see Provider
+ */
+ public static KeyFactory getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("KeyFactory for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(KEY_FACTORY, algorithm, provider);
+ return new KeyFactory((KeyFactorySpi) spi, provider, algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Returns the {@link Provider} of this instance.
+ *
+ * @return the {@link Provider} of this instance.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the name of the algorithm used.
+ *
+ * @return the name of the algorithm used.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Generates a public key from the provided key specification.
+ *
+ * @param keySpec
+ * the key specification.
+ * @return the public key.
+ * @throws InvalidKeySpecException
+ * if the key specification is invalid.
+ */
+ public final PublicKey generatePublic(KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ return keyFacSpi.engineGeneratePublic(keySpec);
+ }
+
+ /**
+ * Generates a private key from the provided key specification.
+ *
+ * @param keySpec
+ * the key specification.
+ * @return the private key.
+ * @throws InvalidKeySpecException
+ * if the key specification is invalid.
+ */
+ public final PrivateKey generatePrivate(KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ return keyFacSpi.engineGeneratePrivate(keySpec);
+ }
+
+ /**
+ * Returns a key specification for the given key. <code>keySpec</code>
+ * identifies the specification class to return the key material in.
+ *
+ * @param key
+ * the key to use.
+ * @param keySpec
+ * the specification class to use.
+ * @return the key specification in an instance of the requested specification
+ * class.
+ * @throws InvalidKeySpecException
+ * the requested key specification is inappropriate for this key or
+ * the key is unrecognized.
+ */
+ public final <T extends KeySpec> T getKeySpec(Key key, Class<T> keySpec)
+ throws InvalidKeySpecException
+ {
+ return keyFacSpi.engineGetKeySpec(key, keySpec);
+ }
+
+ /**
+ * Translates the key from an unknown or untrusted provider into a key from
+ * this key factory.
+ *
+ * @param key
+ * the key to translate from.
+ * @return the translated key.
+ * @throws InvalidKeyException
+ * if the key cannot be processed by this key factory.
+ */
+ public final Key translateKey(Key key) throws InvalidKeyException
+ {
+ return keyFacSpi.engineTranslateKey(key);
+ }
+}
diff --git a/libjava/classpath/java/security/KeyFactorySpi.java b/libjava/classpath/java/security/KeyFactorySpi.java
new file mode 100644
index 000000000..b8424638f
--- /dev/null
+++ b/libjava/classpath/java/security/KeyFactorySpi.java
@@ -0,0 +1,134 @@
+/* KeyFactorySpi.java --- Key Factory Service Provider Interface
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+/**
+ * KeyFactorySpi is the Service Provider Interface (SPI) for the
+ * KeyFactory class. This is the interface for providers to
+ * supply to implement a key factory for an algorithm.
+ *
+ * Key factories are used to convert keys (opaque cryptographic
+ * keys of type Key) into key specifications (transparent
+ * representations of the underlying key material).
+ *
+ * Key factories are bi-directional. They allow a key class
+ * to be converted into a key specification (key material) and
+ * back again.
+ *
+ * For example DSA public keys can be specified as
+ * DSAPublicKeySpec or X509EncodedKeySpec. The key factory
+ * translate these key specifications.
+ *
+ * @since JDK 1.2
+ * @author Mark Benvenuto
+ */
+public abstract class KeyFactorySpi
+{
+ /**
+ * Constucts a new KeyFactorySpi.
+ */
+ public KeyFactorySpi()
+ {
+ }
+
+ /**
+ * Generates a public key from the provided key specification.
+ *
+ * @param keySpec key specification
+ *
+ * @return the public key
+ *
+ * @throws InvalidKeySpecException invalid key specification for
+ * this key factory to produce a public key
+ */
+ protected abstract PublicKey engineGeneratePublic(KeySpec keySpec)
+ throws InvalidKeySpecException;
+
+
+ /**
+ * Generates a private key from the provided key specification.
+ *
+ * @param keySpec key specification
+ *
+ * @return the private key
+ *
+ * @throws InvalidKeySpecException invalid key specification for
+ * this key factory to produce a private key
+ */
+ protected abstract PrivateKey engineGeneratePrivate(KeySpec keySpec)
+ throws InvalidKeySpecException;
+
+ /**
+ * Returns a key specification for the given key. keySpec
+ * identifies the specification class to return the key
+ * material in.
+ *
+ * @param key the key
+ * @param keySpec the specification class to return the
+ * key material in.
+ *
+ * @return the key specification in an instance of the requested
+ * specification class
+ *
+ * @throws InvalidKeySpecException the requested key specification
+ * is inappropriate for this key or the key is
+ * unrecognized.
+ */
+ protected abstract <T extends KeySpec> T engineGetKeySpec(Key key,
+ Class<T> keySpec)
+ throws InvalidKeySpecException;
+
+
+ /**
+ * Translates the key from an unknown or untrusted provider
+ * into a key for this key factory.
+ *
+ * @param key key from an unknown or untrusted provider
+ *
+ * @return the translated key
+ *
+ * @throws InvalidKeyException if the key cannot be
+ * processed by this key factory
+ */
+ protected abstract Key engineTranslateKey(Key key)
+ throws InvalidKeyException;
+}
diff --git a/libjava/classpath/java/security/KeyManagementException.java b/libjava/classpath/java/security/KeyManagementException.java
new file mode 100644
index 000000000..f39fe312e
--- /dev/null
+++ b/libjava/classpath/java/security/KeyManagementException.java
@@ -0,0 +1,93 @@
+/* KeyManagementException.java -- an exception in key management
+ Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception is thrown whenever a problem related to the management of
+ * security keys is encountered.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see Key
+ * @status updated to 1.4
+ */
+public class KeyManagementException extends KeyException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 947674216157062695L;
+
+ /**
+ * Create a new instance with no descriptive error message.
+ */
+ public KeyManagementException()
+ {
+ }
+
+ /**
+ * Create a new instance with a descriptive error message.
+ *
+ * @param msg the descriptive error message
+ */
+ public KeyManagementException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public KeyManagementException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public KeyManagementException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/KeyPair.java b/libjava/classpath/java/security/KeyPair.java
new file mode 100644
index 000000000..bf1a40a23
--- /dev/null
+++ b/libjava/classpath/java/security/KeyPair.java
@@ -0,0 +1,87 @@
+/* KeyPair.java --- Key Pair Class
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+import java.io.Serializable;
+
+/**
+ KeyPair serves as a simple container for public and private keys.
+ If properly initialized, this class should be treated like the
+ private key since it contains it and take approriate security
+ measures.
+
+ @author Mark Benvenuto
+ */
+public final class KeyPair implements Serializable
+{
+ private static final long serialVersionUID = -7565189502268009837L;
+
+ private PublicKey publicKey;
+ private PrivateKey privateKey;
+
+ /**
+ Initializes the KeyPair with a pubilc and private key.
+
+ @param publicKey Public Key to store
+ @param privateKey Private Key to store
+ */
+ public KeyPair(PublicKey publicKey, PrivateKey privateKey)
+ {
+ this.publicKey = publicKey;
+ this.privateKey = privateKey;
+ }
+
+ /**
+ Returns the public key stored in the KeyPair
+
+ @return The public key
+ */
+ public PublicKey getPublic()
+ {
+ return publicKey;
+ }
+
+ /**
+ Returns the private key stored in the KeyPair
+
+ @return The private key
+ */
+ public PrivateKey getPrivate()
+ {
+ return privateKey;
+ }
+}
diff --git a/libjava/classpath/java/security/KeyPairGenerator.java b/libjava/classpath/java/security/KeyPairGenerator.java
new file mode 100644
index 000000000..5e6bb1a3c
--- /dev/null
+++ b/libjava/classpath/java/security/KeyPairGenerator.java
@@ -0,0 +1,313 @@
+/* KeyPairGenerator.java --- Key Pair Generator Class
+ Copyright (C) 1999, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * <code>KeyPairGenerator</code> is a class used to generate key-pairs for a
+ * security algorithm.
+ *
+ * <p>The <code>KeyPairGenerator</code> is created with the
+ * <code>getInstance()</code> Factory methods. It is used to generate a pair of
+ * public and private keys for a specific algorithm and associate this key-pair
+ * with the algorithm parameters it was initialized with.</p>
+ *
+ * @see KeyPair
+ * @see AlgorithmParameterSpec
+ * @author Mark Benvenuto
+ * @author Casey Marshall
+ */
+public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
+{
+ /** The service name for key pair generators. */
+ private static final String KEY_PAIR_GENERATOR = "KeyPairGenerator";
+
+ Provider provider;
+ private String algorithm;
+
+ /**
+ * Constructs a new instance of <code>KeyPairGenerator</code>.
+ *
+ * @param algorithm
+ * the algorithm to use.
+ */
+ protected KeyPairGenerator(String algorithm)
+ {
+ this.algorithm = algorithm;
+ this.provider = null;
+ }
+
+ /**
+ * Returns the name of the algorithm used.
+ *
+ * @return the name of the algorithm used.
+ */
+ public String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Returns a new instance of <code>KeyPairGenerator</code> which generates
+ * key-pairs for the specified algorithm.
+ *
+ * @param algorithm the name of the algorithm to use.
+ * @return a new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by any
+ * provider.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static KeyPairGenerator getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns a new instance of <code>KeyPairGenerator</code> which generates
+ * key-pairs for the specified algorithm from a named provider.
+ *
+ * @param algorithm the name of the algorithm to use.
+ * @param provider the name of a {@link Provider} to use.
+ * @return a new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by the
+ * named provider.
+ * @throws NoSuchProviderException if the named provider was not found.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code> or empty.
+ */
+ public static KeyPairGenerator getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ provider = provider.trim();
+ if (provider.length() == 0)
+ throw new IllegalArgumentException("provider MUST NOT be empty");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns a new instance of <code>KeyPairGenerator</code> which generates
+ * key-pairs for the specified algorithm from a designated {@link Provider}.
+ *
+ * @param algorithm
+ * the name of the algorithm to use.
+ * @param provider
+ * the {@link Provider} to use.
+ * @return a new insatnce repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException
+ * if the algorithm is not implemented by the {@link Provider}.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ * @since 1.4
+ * @see Provider
+ */
+ public static KeyPairGenerator getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("KeyPairGenerator for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] ");
+ Object o;
+ try
+ {
+ o = Engine.getInstance(KEY_PAIR_GENERATOR, algorithm, provider);
+ }
+ catch (InvocationTargetException x)
+ {
+ Throwable cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ sb.append("could not be created");
+ NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString());
+ y.initCause(cause);
+ throw y;
+ }
+ KeyPairGenerator result;
+ if (o instanceof KeyPairGenerator)
+ {
+ result = (KeyPairGenerator) o;
+ result.algorithm = algorithm;
+ }
+ else if (o instanceof KeyPairGeneratorSpi)
+ result = new DummyKeyPairGenerator((KeyPairGeneratorSpi) o, algorithm);
+ else
+ {
+ sb.append("is of an unexpected Type: ").append(o.getClass().getName());
+ throw new NoSuchAlgorithmException(sb.toString());
+ }
+ result.provider = provider;
+ return result;
+ }
+
+ /**
+ * Returns the {@link Provider} of this instance.
+ *
+ * @return the {@link Provider} of this instance.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initializes this instance for the specified key size. Since no source of
+ * randomness is specified, a default one will be used.
+ *
+ * @param keysize
+ * the size of keys to use.
+ */
+ public void initialize(int keysize)
+ {
+ initialize(keysize, new SecureRandom());
+ }
+
+ /**
+ * Initializes this instance for the specified key size and
+ * {@link SecureRandom}.
+ *
+ * @param keysize
+ * the size of keys to use.
+ * @param random
+ * the {@link SecureRandom} to use.
+ * @since 1.2
+ */
+ public void initialize(int keysize, SecureRandom random)
+ {
+ }
+
+ /**
+ * Initializes this instance with the specified
+ * {@link AlgorithmParameterSpec}. Since no source of randomness is specified,
+ * a default one will be used.
+ *
+ * @param params
+ * the {@link AlgorithmParameterSpec} to use.
+ * @throws InvalidAlgorithmParameterException
+ * if the designated specifications are invalid.
+ * @since 1.2
+ */
+ public void initialize(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException
+ {
+ initialize(params, new SecureRandom());
+ }
+
+ /**
+ * Initializes this instance with the specified {@link AlgorithmParameterSpec}
+ * and {@link SecureRandom}.
+ *
+ * @param params
+ * the {@link AlgorithmParameterSpec} to use.
+ * @param random
+ * the {@link SecureRandom} to use.
+ * @throws InvalidAlgorithmParameterException
+ * if the designated specifications are invalid.
+ * @since 1.2
+ */
+ public void initialize(AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
+ super.initialize(params, random);
+ }
+
+ /**
+ * Generates a new "DSA" {@link KeyPair} from the "GNU" security provider.
+ *
+ * <p>This method generates a unique key-pair each time it is called.</p>
+ *
+ * @return a new unique {@link KeyPair}.
+ * @see #generateKeyPair()
+ * @since 1.2
+ */
+ public final KeyPair genKeyPair()
+ {
+ try
+ {
+ return getInstance("DSA", "GNU").generateKeyPair();
+ }
+ catch (Exception e)
+ {
+ System.err.println("genKeyPair failed: " + e);
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Generates a new "DSA" {@link KeyPair} from the "GNU" security provider.
+ *
+ * <p>This method generates a unique key pair each time it is called.</p>
+ *
+ * @return a new unique {@link KeyPair}.
+ * @see #genKeyPair()
+ */
+ public KeyPair generateKeyPair()
+ {
+ return genKeyPair();
+ }
+}
diff --git a/libjava/classpath/java/security/KeyPairGeneratorSpi.java b/libjava/classpath/java/security/KeyPairGeneratorSpi.java
new file mode 100644
index 000000000..1eaad9832
--- /dev/null
+++ b/libjava/classpath/java/security/KeyPairGeneratorSpi.java
@@ -0,0 +1,102 @@
+/* KeyPairGeneratorSpi.java --- Key Pair Generator SPI Class
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ KeyPairGeneratorSpi is the interface used to generate key pairs
+ for security algorithms.
+
+ @author Mark Benvenuto
+ */
+public abstract class KeyPairGeneratorSpi
+{
+ /**
+ Constructs a new KeyPairGeneratorSpi
+ */
+ public KeyPairGeneratorSpi()
+ {
+ }
+
+ /**
+ Initialize the KeyPairGeneratorSpi with the specified
+ key size and source of randomness
+
+ @param keysize size of the key to generate
+ @param random A SecureRandom source of randomness
+ */
+ public abstract void initialize(int keysize, SecureRandom random);
+
+ /**
+ Initialize the KeyPairGeneratorSpi with the specified
+ AlgorithmParameterSpec and source of randomness
+
+ This is a concrete method. It may be overridden by the provider
+ and if the AlgorithmParameterSpec class is invalid
+ throw InvalidAlgorithmParameterException. By default this
+ method just throws UnsupportedOperationException.
+
+ @param params A AlgorithmParameterSpec to intialize with
+ @param random A SecureRandom source of randomness
+
+ @throws InvalidAlgorithmParameterException
+ */
+ public void initialize(AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
+ throw new java.lang.UnsupportedOperationException();
+ }
+
+ /**
+ Generates a KeyPair according the rules for the algorithm.
+ Unless intialized, algorithm defaults will be used. It
+ creates a unique key pair each time.
+
+ @return a key pair
+ */
+ public abstract KeyPair generateKeyPair();
+
+ /**
+ * We override clone here to make it accessible for use by
+ * DummyKeyPairGenerator.
+ */
+ protected Object clone() throws CloneNotSupportedException
+ {
+ return super.clone();
+ }
+}
diff --git a/libjava/classpath/java/security/KeyStore.java b/libjava/classpath/java/security/KeyStore.java
new file mode 100644
index 000000000..b7a0e2ab1
--- /dev/null
+++ b/libjava/classpath/java/security/KeyStore.java
@@ -0,0 +1,503 @@
+/* KeyStore.java --- Key Store Class
+ Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.java.security.Engine;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.security.cert.CertificateException;
+import java.util.Date;
+import java.util.Enumeration;
+
+/**
+ * Keystore represents an in-memory collection of keys and
+ * certificates. There are two types of entries:
+ *
+ * <dl>
+ * <dt>Key Entry</dt>
+ *
+ * <dd><p>This type of keystore entry store sensitive crytographic key
+ * information in a protected format.Typically this is a secret
+ * key or a private key with a certificate chain.</p></dd>
+ *
+ * <dt>Trusted Ceritificate Entry</dt>
+ *
+ * <dd><p>This type of keystore entry contains a single public key
+ * certificate belonging to annother entity. It is called trusted
+ * because the keystore owner trusts that the certificates
+ * belongs to the subject (owner) of the certificate.</p></dd>
+ * </dl>
+ *
+ * <p>Entries in a key store are referred to by their "alias": a simple
+ * unique string.
+ *
+ * <p>The structure and persistentence of the key store is not
+ * specified. Any method could be used to protect sensitive
+ * (private or secret) keys. Smart cards or integrated
+ * cryptographic engines could be used or the keystore could
+ * be simply stored in a file.</p>
+ *
+ * @see java.security.cert.Certificate
+ * @see Key
+ */
+public class KeyStore
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Service name for key stores. */
+ private static final String KEY_STORE = "KeyStore";
+
+ private KeyStoreSpi keyStoreSpi;
+ private Provider provider;
+ private String type;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ Creates an instance of KeyStore
+
+ @param keyStoreSpi A KeyStore engine to use
+ @param provider A provider to use
+ @param type The type of KeyStore
+ */
+ protected KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type)
+ {
+ this.keyStoreSpi = keyStoreSpi;
+ this.provider = provider;
+ this.type = type;
+ }
+
+ /**
+ * Returns an instance of a <code>KeyStore</code> representing the specified
+ * type, from the first provider that implements it.
+ *
+ * @param type the type of keystore to create.
+ * @return a <code>KeyStore</code> repesenting the desired type.
+ * @throws KeyStoreException if the designated type of is not implemented by
+ * any provider, or the implementation could not be instantiated.
+ * @throws IllegalArgumentException if <code>type</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static KeyStore getInstance(String type) throws KeyStoreException
+ {
+ Provider[] p = Security.getProviders();
+ KeyStoreException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(type, p[i]);
+ }
+ catch (KeyStoreException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new KeyStoreException(type);
+ }
+
+ /**
+ * Returns an instance of a <code>KeyStore</code> representing the specified
+ * type, from the named provider.
+ *
+ * @param type the type of keystore to create.
+ * @param provider the name of the provider to use.
+ * @return a <code>KeyStore</code> repesenting the desired type.
+ * @throws KeyStoreException if the designated type is not implemented by the
+ * given provider.
+ * @throws NoSuchProviderException if the provider is not found.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code> or empty.
+ */
+ public static KeyStore getInstance(String type, String provider)
+ throws KeyStoreException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ provider = provider.trim();
+ if (provider.length() == 0)
+ throw new IllegalArgumentException("provider MUST NOT be empty");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(type, p);
+ }
+
+ /**
+ * Returns an instance of a <code>KeyStore</code> representing the specified
+ * type, from the specified provider.
+ *
+ * @param type the type of keystore to create.
+ * @param provider the provider to use.
+ * @return a <code>KeyStore</code> repesenting the desired type.
+ * @throws KeyStoreException if the designated type is not implemented by the
+ * given provider.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ * @since 1.4
+ */
+ public static KeyStore getInstance(String type, Provider provider)
+ throws KeyStoreException
+ {
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(KEY_STORE, type, provider);
+ return new KeyStore((KeyStoreSpi) spi, provider, type);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ cause = x;
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause() != null ? x.getCause() : x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ KeyStoreException x = new KeyStoreException(type);
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Returns the default KeyStore type. This method looks up the
+ * type in &lt;JAVA_HOME&gt;/lib/security/java.security with the
+ * property "keystore.type" or if that fails then "gkr" .
+ */
+ public static final String getDefaultType()
+ {
+ // Security reads every property in java.security so it
+ // will return this property if it exists.
+ String tmp = Security.getProperty("keystore.type");
+
+ if (tmp == null)
+ tmp = "gkr";
+
+ return tmp;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ Gets the provider that the class is from.
+
+ @return the provider of this class
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ Returns the type of the KeyStore supported
+
+ @return A string with the type of KeyStore
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ Returns the key associated with given alias using the
+ supplied password.
+
+ @param alias an alias for the key to get
+ @param password password to access key with
+
+ @return the requested key, or null otherwise
+
+ @throws NoSuchAlgorithmException if there is no algorithm
+ for recovering the key
+ @throws UnrecoverableKeyException key cannot be reocovered
+ (wrong password).
+ */
+ public final Key getKey(String alias, char[]password)
+ throws KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException
+ {
+ return keyStoreSpi.engineGetKey(alias, password);
+ }
+
+ /**
+ Gets a Certificate chain for the specified alias.
+
+ @param alias the alias name
+
+ @return a chain of Certificates ( ordered from the user's
+ certificate to the Certificate Authority's ) or
+ null if the alias does not exist or there is no
+ certificate chain for the alias ( the alias refers
+ to a trusted certificate entry or there is no entry).
+ */
+ public final java.security.cert.
+ Certificate[] getCertificateChain(String alias) throws KeyStoreException
+ {
+ return keyStoreSpi.engineGetCertificateChain(alias);
+ }
+
+ /**
+ Gets a Certificate for the specified alias.
+
+ If there is a trusted certificate entry then that is returned.
+ it there is a key entry with a certificate chain then the
+ first certificate is return or else null.
+
+ @param alias the alias name
+
+ @return a Certificate or null if the alias does not exist
+ or there is no certificate for the alias
+ */
+ public final java.security.cert.Certificate getCertificate(String alias)
+ throws KeyStoreException
+ {
+ return keyStoreSpi.engineGetCertificate(alias);
+ }
+
+ /**
+ Gets entry creation date for the specified alias.
+
+ @param alias the alias name
+
+ @returns the entry creation date or null
+ */
+ public final Date getCreationDate(String alias) throws KeyStoreException
+ {
+ return keyStoreSpi.engineGetCreationDate(alias);
+ }
+
+ /**
+ Assign the key to the alias in the keystore, protecting it
+ with the given password. It will overwrite an existing
+ entry and if the key is a PrivateKey, also add the
+ certificate chain representing the corresponding public key.
+
+ @param alias the alias name
+ @param key the key to add
+ @password the password to protect with
+ @param chain the certificate chain for the corresponding
+ public key
+
+ @throws KeyStoreException if it fails
+ */
+ public final void setKeyEntry(String alias, Key key, char[]password,
+ java.security.cert.
+ Certificate[]chain) throws KeyStoreException
+ {
+ keyStoreSpi.engineSetKeyEntry(alias, key, password, chain);
+ }
+
+ /**
+ Assign the key to the alias in the keystore. It will overwrite
+ an existing entry and if the key is a PrivateKey, also
+ add the certificate chain representing the corresponding
+ public key.
+
+ @param alias the alias name
+ @param key the key to add
+ @param chain the certificate chain for the corresponding
+ public key
+
+ @throws KeyStoreException if it fails
+ */
+ public final void setKeyEntry(String alias, byte[]key,
+ java.security.cert.
+ Certificate[]chain) throws KeyStoreException
+ {
+ keyStoreSpi.engineSetKeyEntry(alias, key, chain);
+ }
+
+ /**
+ Assign the certificate to the alias in the keystore. It
+ will overwrite an existing entry.
+
+ @param alias the alias name
+ @param cert the certificate to add
+
+ @throws KeyStoreException if it fails
+ */
+ public final void setCertificateEntry(String alias,
+ java.security.cert.
+ Certificate cert) throws
+ KeyStoreException
+ {
+ keyStoreSpi.engineSetCertificateEntry(alias, cert);
+ }
+
+ /**
+ Deletes the entry for the specified entry.
+
+ @param alias the alias name
+
+ @throws KeyStoreException if it fails
+ */
+ public final void deleteEntry(String alias) throws KeyStoreException
+ {
+ keyStoreSpi.engineDeleteEntry(alias);
+ }
+
+ /**
+ Generates a list of all the aliases in the keystore.
+
+ @return an Enumeration of the aliases
+ */
+ public final Enumeration<String> aliases() throws KeyStoreException
+ {
+ return keyStoreSpi.engineAliases();
+ }
+
+ /**
+ Determines if the keystore contains the specified alias.
+
+ @param alias the alias name
+
+ @return true if it contains the alias, false otherwise
+ */
+ public final boolean containsAlias(String alias) throws KeyStoreException
+ {
+ return keyStoreSpi.engineContainsAlias(alias);
+ }
+
+ /**
+ Returns the number of entries in the keystore.
+
+ @returns the number of keystore entries.
+ */
+ public final int size() throws KeyStoreException
+ {
+ return keyStoreSpi.engineSize();
+ }
+
+ /**
+ Determines if the keystore contains a key entry for
+ the specified alias.
+
+ @param alias the alias name
+
+ @return true if it is a key entry, false otherwise
+ */
+ public final boolean isKeyEntry(String alias) throws KeyStoreException
+ {
+ return keyStoreSpi.engineIsKeyEntry(alias);
+ }
+
+
+ /**
+ Determines if the keystore contains a certificate entry for
+ the specified alias.
+
+ @param alias the alias name
+
+ @return true if it is a certificate entry, false otherwise
+ */
+ public final boolean isCertificateEntry(String alias)
+ throws KeyStoreException
+ {
+ return keyStoreSpi.engineIsCertificateEntry(alias);
+ }
+
+ /**
+ Determines if the keystore contains the specified certificate
+ entry and returns the alias.
+
+ It checks every entry and for a key entry checks only the
+ first certificate in the chain.
+
+ @param cert Certificate to look for
+
+ @return alias of first matching certificate, null if it
+ does not exist.
+ */
+ public final String getCertificateAlias(java.security.cert.Certificate cert)
+ throws KeyStoreException
+ {
+ return keyStoreSpi.engineGetCertificateAlias(cert);
+ }
+
+ /**
+ Stores the keystore in the specified output stream and it
+ uses the specified key it keep it secure.
+
+ @param stream the output stream to save the keystore to
+ @param password the password to protect the keystore integrity with
+
+ @throws IOException if an I/O error occurs.
+ @throws NoSuchAlgorithmException the data integrity algorithm
+ used cannot be found.
+ @throws CertificateException if any certificates could not be
+ stored in the output stream.
+ */
+ public final void store(OutputStream stream, char[]password)
+ throws KeyStoreException, IOException, NoSuchAlgorithmException,
+ CertificateException
+ {
+ keyStoreSpi.engineStore(stream, password);
+ }
+
+ /**
+ Loads the keystore from the specified input stream and it
+ uses the specified password to check for integrity if supplied.
+
+ @param stream the input stream to load the keystore from
+ @param password the password to check the keystore integrity with
+
+ @throws IOException if an I/O error occurs.
+ @throws NoSuchAlgorithmException the data integrity algorithm
+ used cannot be found.
+ @throws CertificateException if any certificates could not be
+ stored in the output stream.
+ */
+ public final void load(InputStream stream, char[]password)
+ throws IOException, NoSuchAlgorithmException, CertificateException
+ {
+ keyStoreSpi.engineLoad(stream, password);
+ }
+
+}
diff --git a/libjava/classpath/java/security/KeyStoreException.java b/libjava/classpath/java/security/KeyStoreException.java
new file mode 100644
index 000000000..62f906e6e
--- /dev/null
+++ b/libjava/classpath/java/security/KeyStoreException.java
@@ -0,0 +1,92 @@
+/* KeyStoreException.java -- Indicates a problem with the key store
+ Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * Indicates a problem with the key store.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @since 1.2
+ * @status updated to 1.4
+ */
+public class KeyStoreException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = -1119353179322377262L;
+
+ /**
+ * Create a new instance detailed error message.
+ */
+ public KeyStoreException()
+ {
+ }
+
+ /**
+ * Create a new instance with a detailed error message.
+ *
+ * @param msg the descriptive error message
+ */
+ public KeyStoreException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public KeyStoreException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public KeyStoreException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/KeyStoreSpi.java b/libjava/classpath/java/security/KeyStoreSpi.java
new file mode 100644
index 000000000..b44bd84a8
--- /dev/null
+++ b/libjava/classpath/java/security/KeyStoreSpi.java
@@ -0,0 +1,275 @@
+/* KeyStoreSpi.java --- Key Store Service Provider Interface
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.cert.CertificateException;
+import java.util.Date;
+import java.util.Enumeration;
+
+/**
+ * KeyStoreSpi is the Service Provider Interface (SPI) for the
+ * KeyStore class. This is the interface for providers to
+ * supply to implement a keystore for a particular keystore
+ * type.
+ *
+ * @since 1.2
+ * @author Mark Benvenuto
+ */
+public abstract class KeyStoreSpi
+{
+ /**
+ * Constructs a new KeyStoreSpi
+ */
+ public KeyStoreSpi()
+ {
+ }
+
+ /**
+ * Returns the key associated with given alias using the
+ * supplied password.
+ *
+ * @param alias an alias for the key to get
+ * @param password password to access key with
+ *
+ * @return the requested key, or null otherwise
+ *
+ * @throws NoSuchAlgorithmException if there is no algorithm
+ * for recovering the key
+ * @throws UnrecoverableKeyException key cannot be reocovered
+ * (wrong password).
+ */
+ public abstract Key engineGetKey(String alias, char[]password)
+ throws NoSuchAlgorithmException, UnrecoverableKeyException;
+
+ /**
+ * Gets a Certificate chain for the specified alias.
+ *
+ * @param alias the alias name
+ *
+ * @return a chain of Certificates ( ordered from the user's
+ * certificate to the Certificate Authority's ) or
+ * null if the alias does not exist or there is no
+ * certificate chain for the alias ( the alias refers
+ * to a trusted certificate entry or there is no entry).
+ */
+ public abstract java.security.cert.
+ Certificate[] engineGetCertificateChain(String alias);
+
+
+ /**
+ * Gets a Certificate for the specified alias.
+ *
+ * If there is a trusted certificate entry then that is returned.
+ * it there is a key entry with a certificate chain then the
+ * first certificate is return or else null.
+ *
+ * @param alias the alias name
+ *
+ * @return a Certificate or null if the alias does not exist
+ * or there is no certificate for the alias
+ */
+ public abstract java.security.cert.
+ Certificate engineGetCertificate(String alias);
+
+ /**
+ * Gets entry creation date for the specified alias.
+ *
+ * @param alias the alias name
+ *
+ * @returns the entry creation date or null
+ */
+ public abstract Date engineGetCreationDate(String alias);
+
+ /**
+ * Assign the key to the alias in the keystore, protecting it
+ * with the given password. It will overwrite an existing
+ * entry and if the key is a PrivateKey, also add the
+ * certificate chain representing the corresponding public key.
+ *
+ * @param alias the alias name
+ * @param key the key to add
+ * @password the password to protect with
+ * @param chain the certificate chain for the corresponding
+ * public key
+ *
+ * @throws KeyStoreException if it fails
+ */
+ public abstract void engineSetKeyEntry(String alias, Key key,
+ char[]password,
+ java.security.cert.
+ Certificate[]chain) throws
+ KeyStoreException;
+
+ /**
+ * Assign the key to the alias in the keystore. It will overwrite
+ * an existing entry and if the key is a PrivateKey, also
+ * add the certificate chain representing the corresponding
+ * public key.
+ *
+ * @param alias the alias name
+ * @param key the key to add
+ * @param chain the certificate chain for the corresponding
+ * public key
+ *
+ * @throws KeyStoreException if it fails
+ */
+ public abstract void engineSetKeyEntry(String alias, byte[]key,
+ java.security.cert.
+ Certificate[]chain) throws
+ KeyStoreException;
+
+
+ /**
+ * Assign the certificate to the alias in the keystore. It
+ * will overwrite an existing entry.
+ *
+ * @param alias the alias name
+ * @param cert the certificate to add
+ *
+ * @throws KeyStoreException if it fails
+ */
+ public abstract void engineSetCertificateEntry(String alias,
+ java.security.cert.
+ Certificate cert) throws
+ KeyStoreException;
+
+ /**
+ * Deletes the entry for the specified entry.
+ *
+ * @param alias the alias name
+ *
+ * @throws KeyStoreException if it fails
+ */
+ public abstract void engineDeleteEntry(String alias)
+ throws KeyStoreException;
+
+ /**
+ * Generates a list of all the aliases in the keystore.
+ *
+ * @return an Enumeration of the aliases
+ */
+ public abstract Enumeration<String> engineAliases();
+
+ /**
+ * Determines if the keystore contains the specified alias.
+ *
+ * @param alias the alias name
+ *
+ * @return true if it contains the alias, false otherwise
+ */
+ public abstract boolean engineContainsAlias(String alias);
+
+ /**
+ * Returns the number of entries in the keystore.
+ *
+ * @returns the number of keystore entries.
+ */
+ public abstract int engineSize();
+
+ /**
+ * Determines if the keystore contains a key entry for
+ * the specified alias.
+ *
+ * @param alias the alias name
+ *
+ * @return true if it is a key entry, false otherwise
+ */
+ public abstract boolean engineIsKeyEntry(String alias);
+
+ /**
+ * Determines if the keystore contains a certificate entry for
+ * the specified alias.
+ *
+ * @param alias the alias name
+ *
+ * @return true if it is a certificate entry, false otherwise
+ */
+ public abstract boolean engineIsCertificateEntry(String alias);
+
+ /**
+ * Determines if the keystore contains the specified certificate
+ * entry and returns the alias.
+ *
+ * It checks every entry and for a key entry checks only the
+ * first certificate in the chain.
+ *
+ * @param cert Certificate to look for
+ *
+ * @return alias of first matching certificate, null if it
+ * does not exist.
+ */
+ public abstract String engineGetCertificateAlias(java.security.cert.
+ Certificate cert);
+
+ /**
+ * Stores the keystore in the specified output stream and it
+ * uses the specified key it keep it secure.
+ *
+ * @param stream the output stream to save the keystore to
+ * @param password the password to protect the keystore integrity with
+ *
+ * @throws IOException if an I/O error occurs.
+ * @throws NoSuchAlgorithmException the data integrity algorithm
+ * used cannot be found.
+ * @throws CertificateException if any certificates could not be
+ * stored in the output stream.
+ */
+ public abstract void engineStore(OutputStream stream, char[]password)
+ throws IOException, NoSuchAlgorithmException, CertificateException;
+
+
+ /**
+ * Loads the keystore from the specified input stream and it
+ * uses the specified password to check for integrity if supplied.
+ *
+ * @param stream the input stream to load the keystore from
+ * @param password the password to check the keystore integrity with
+ *
+ * @throws IOException if an I/O error occurs.
+ * @throws NoSuchAlgorithmException the data integrity algorithm
+ * used cannot be found.
+ * @throws CertificateException if any certificates could not be
+ * stored in the output stream.
+ */
+ public abstract void engineLoad(InputStream stream, char[]password)
+ throws IOException, NoSuchAlgorithmException, CertificateException;
+}
diff --git a/libjava/classpath/java/security/MessageDigest.java b/libjava/classpath/java/security/MessageDigest.java
new file mode 100644
index 000000000..a4eeab447
--- /dev/null
+++ b/libjava/classpath/java/security/MessageDigest.java
@@ -0,0 +1,382 @@
+/* MessageDigest.java --- The message digest interface.
+ Copyright (C) 1999, 2002, 2003, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+import java.nio.ByteBuffer;
+
+import java.lang.reflect.InvocationTargetException;
+
+/**
+ * Message digests are secure one-way hash functions that take arbitrary-sized
+ * data and output a fixed-length hash value.
+ *
+ * @see MessageDigestSpi
+ * @since JDK 1.1
+ */
+public abstract class MessageDigest extends MessageDigestSpi
+{
+ /** The service name for message digests. */
+ private static final String MESSAGE_DIGEST = "MessageDigest";
+
+ private String algorithm;
+ Provider provider;
+ private byte[] lastDigest;
+
+ /**
+ * Constructs a new instance of <code>MessageDigest</code> representing the
+ * specified algorithm.
+ *
+ * @param algorithm
+ * the name of the digest algorithm to use.
+ */
+ protected MessageDigest(String algorithm)
+ {
+ this.algorithm = algorithm;
+ provider = null;
+ }
+
+ /**
+ * Returns a new instance of <code>MessageDigest</code> representing the
+ * specified algorithm.
+ *
+ * @param algorithm the name of the digest algorithm to use.
+ * @return a new instance representing the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by any
+ * provider.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static MessageDigest getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns a new instance of <code>MessageDigest</code> representing the
+ * specified algorithm from a named provider.
+ *
+ * @param algorithm the name of the digest algorithm to use.
+ * @param provider the name of the provider to use.
+ * @return a new instance representing the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by the
+ * named provider.
+ * @throws NoSuchProviderException if the named provider was not found.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code> or empty.
+ */
+ public static MessageDigest getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ provider = provider.trim();
+ if (provider.length() == 0)
+ throw new IllegalArgumentException("provider MUST NOT be empty");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns a new instance of <code>MessageDigest</code> representing the
+ * specified algorithm from a designated {@link Provider}.
+ *
+ * @param algorithm the name of the digest algorithm to use.
+ * @param provider the {@link Provider} to use.
+ * @return a new instance representing the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by
+ * {@link Provider}.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ * @since 1.4
+ * @see Provider
+ */
+ public static MessageDigest getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("MessageDigest for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] ");
+ Object o;
+ try
+ {
+ o = Engine.getInstance(MESSAGE_DIGEST, algorithm, provider);
+ }
+ catch (InvocationTargetException x)
+ {
+ Throwable cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ sb.append("could not be created");
+ NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString());
+ y.initCause(cause);
+ throw y;
+ }
+ MessageDigest result;
+ if (o instanceof MessageDigestSpi)
+ result = new DummyMessageDigest((MessageDigestSpi) o, algorithm);
+ else if (o instanceof MessageDigest)
+ {
+ result = (MessageDigest) o;
+ result.algorithm = algorithm;
+ }
+ else
+ {
+ sb.append("is of an unexpected Type: ").append(o.getClass().getName());
+ throw new NoSuchAlgorithmException(sb.toString());
+ }
+ result.provider = provider;
+ return result;
+ }
+
+ /**
+ * Returns the {@link Provider} of this instance.
+ *
+ * @return the {@link Provider} of this instance.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Updates the digest with the byte.
+ *
+ * @param input byte to update the digest with.
+ */
+ public void update(byte input)
+ {
+ engineUpdate(input);
+ }
+
+ /**
+ * Updates the digest with the bytes from the array starting from the
+ * specified offset and using the specified length of bytes.
+ *
+ * @param input
+ * bytes to update the digest with.
+ * @param offset
+ * the offset to start at.
+ * @param len
+ * length of the data to update with.
+ */
+ public void update(byte[] input, int offset, int len)
+ {
+ engineUpdate(input, offset, len);
+ }
+
+ /**
+ * Updates the digest with the bytes of an array.
+ *
+ * @param input bytes to update the digest with.
+ */
+ public void update(byte[] input)
+ {
+ engineUpdate(input, 0, input.length);
+ }
+
+ /**
+ * Updates the digest with the remaining bytes of a buffer.
+ *
+ * @param input The input byte buffer.
+ * @since 1.5
+ */
+ public final void update (ByteBuffer input)
+ {
+ engineUpdate (input);
+ }
+
+ /**
+ * Computes the final digest of the stored data.
+ *
+ * @return a byte array representing the message digest.
+ */
+ public byte[] digest()
+ {
+ return lastDigest = engineDigest();
+ }
+
+ /**
+ * Computes the final digest of the stored bytes and returns the result.
+ *
+ * @param buf
+ * an array of bytes to store the result in.
+ * @param offset
+ * an offset to start storing the result at.
+ * @param len
+ * the length of the buffer.
+ * @return Returns the length of the buffer.
+ */
+ public int digest(byte[] buf, int offset, int len) throws DigestException
+ {
+ return engineDigest(buf, offset, len);
+ }
+
+ /**
+ * Computes a final update using the input array of bytes, then computes a
+ * final digest and returns it. It calls {@link #update(byte[])} and then
+ * {@link #digest(byte[])}.
+ *
+ * @param input
+ * an array of bytes to perform final update with.
+ * @return a byte array representing the message digest.
+ */
+ public byte[] digest(byte[] input)
+ {
+ update(input);
+ return digest();
+ }
+
+ /**
+ * Returns a string representation of this instance.
+ *
+ * @return a string representation of this instance.
+ */
+ public String toString()
+ {
+ return (getClass()).getName() + " Message Digest <" + digestToString() + ">";
+ }
+
+ /**
+ * Does a simple byte comparison of the two digests.
+ *
+ * @param digesta
+ * first digest to compare.
+ * @param digestb
+ * second digest to compare.
+ * @return <code>true</code> if both are equal, <code>false</code>
+ * otherwise.
+ */
+ public static boolean isEqual(byte[] digesta, byte[] digestb)
+ {
+ if (digesta.length != digestb.length)
+ return false;
+
+ for (int i = digesta.length - 1; i >= 0; --i)
+ if (digesta[i] != digestb[i])
+ return false;
+
+ return true;
+ }
+
+ /** Resets this instance. */
+ public void reset()
+ {
+ engineReset();
+ }
+
+ /**
+ * Returns the name of message digest algorithm.
+ *
+ * @return the name of message digest algorithm.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Returns the length of the message digest. The default is zero which means
+ * that the concrete implementation does not implement this method.
+ *
+ * @return length of the message digest.
+ * @since 1.2
+ */
+ public final int getDigestLength()
+ {
+ return engineGetDigestLength();
+ }
+
+ /**
+ * Returns a clone of this instance if cloning is supported. If it does not
+ * then a {@link CloneNotSupportedException} is thrown. Cloning depends on
+ * whether the subclass {@link MessageDigestSpi} implements {@link Cloneable}
+ * which contains the actual implementation of the appropriate algorithm.
+ *
+ * @return a clone of this instance.
+ * @throws CloneNotSupportedException
+ * the implementation does not support cloning.
+ */
+ public Object clone() throws CloneNotSupportedException
+ {
+ return super.clone();
+ }
+
+ private String digestToString()
+ {
+ byte[] digest = lastDigest;
+
+ if (digest == null)
+ return "incomplete";
+
+ CPStringBuilder buf = new CPStringBuilder();
+ int len = digest.length;
+ for (int i = 0; i < len; ++i)
+ {
+ byte b = digest[i];
+ byte high = (byte) ((b & 0xff) >>> 4);
+ byte low = (byte) (b & 0xf);
+
+ buf.append(high > 9 ? ('a' - 10) + high : '0' + high);
+ buf.append(low > 9 ? ('a' - 10) + low : '0' + low);
+ }
+
+ return buf.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/MessageDigestSpi.java b/libjava/classpath/java/security/MessageDigestSpi.java
new file mode 100644
index 000000000..63cc96047
--- /dev/null
+++ b/libjava/classpath/java/security/MessageDigestSpi.java
@@ -0,0 +1,174 @@
+/* MessageDigestSpi.java --- The message digest service provider interface.
+ Copyright (C) 1999, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.nio.ByteBuffer;
+
+/**
+ This is the Service Provider Interface (SPI) for MessageDigest
+ class in java.security. It provides the back end functionality
+ for the MessageDigest class so that it can compute message
+ hashes. The default hashes are SHA-1 and MD5. A message hash
+ takes data of arbitrary length and produces a unique number
+ representing it.
+
+ Cryptography service providers who want to implement their
+ own message digest hashes need only to subclass this class.
+
+ The implementation of a Cloneable interface is left to up to
+ the programmer of a subclass.
+
+ @version 0.0
+
+ @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ */
+public abstract class MessageDigestSpi
+{
+ /**
+ Default constructor of the MessageDigestSpi class
+ */
+ public MessageDigestSpi()
+ {
+ }
+
+ /**
+ Returns the length of the digest. It may be overridden by the
+ provider to return the length of the digest. Default is to
+ return 0. It is concrete for backwards compatibility with JDK1.1
+ message digest classes.
+
+ @return Length of Digest in Bytes
+
+ @since 1.2
+ */
+ protected int engineGetDigestLength()
+ {
+ return 0;
+ }
+
+ /**
+ Updates the digest with the specified byte.
+
+ @param input the byte to update digest with
+ */
+ protected abstract void engineUpdate(byte input);
+
+
+ /**
+ Updates the digest with the specified bytes starting with the
+ offset and proceeding for the specified length.
+
+ @param input the byte array to update digest with
+ @param offset the offset of the byte to start with
+ @param len the number of the bytes to update with
+ */
+ protected abstract void engineUpdate(byte[]input, int offset, int len);
+
+ /**
+ * Updates this digest with the remaining bytes of a byte buffer.
+ *
+ * @param input The input buffer.
+ * @since 1.5
+ */
+ protected void engineUpdate (ByteBuffer input)
+ {
+ byte[] buf = new byte[1024];
+ while (input.hasRemaining())
+ {
+ int n = Math.min(input.remaining(), buf.length);
+ input.get (buf, 0, n);
+ engineUpdate (buf, 0, n);
+ }
+ }
+
+ /**
+ Computes the final digest of the stored bytes and returns
+ them. It performs any necessary padding. The message digest
+ should reset sensitive data after performing the digest.
+
+ @return An array of bytes containing the digest
+ */
+ protected abstract byte[] engineDigest();
+
+ /**
+ Computes the final digest of the stored bytes and returns
+ them. It performs any necessary padding. The message digest
+ should reset sensitive data after performing the digest. This
+ method is left concrete for backwards compatibility with JDK1.1
+ message digest classes.
+
+ @param buf An array of bytes to store the digest
+ @param offset An offset to start storing the digest at
+ @param len The length of the buffer
+ @return Returns the length of the buffer
+
+ @since 1.2
+ */
+ protected int engineDigest(byte[]buf, int offset, int len)
+ throws DigestException
+ {
+ if (engineGetDigestLength() > len)
+ throw new DigestException("Buffer is too small.");
+
+ byte[] tmp = engineDigest();
+ if (tmp.length > len)
+ throw new DigestException("Buffer is too small");
+
+ System.arraycopy(tmp, 0, buf, offset, tmp.length);
+ return tmp.length;
+ }
+
+ /**
+ Resets the digest engine. Reinitializes internal variables
+ and clears sensitive data.
+ */
+ protected abstract void engineReset();
+
+ /**
+ Returns a clone of this class.
+
+ If cloning is not supported, then by default the class throws a
+ CloneNotSupportedException. The MessageDigestSpi provider
+ implementation has to overload this class in order to be
+ cloneable.
+ */
+ public Object clone() throws CloneNotSupportedException
+ {
+ return super.clone();
+ }
+}
diff --git a/libjava/classpath/java/security/NoSuchAlgorithmException.java b/libjava/classpath/java/security/NoSuchAlgorithmException.java
new file mode 100644
index 000000000..518f2f726
--- /dev/null
+++ b/libjava/classpath/java/security/NoSuchAlgorithmException.java
@@ -0,0 +1,92 @@
+/* NoSuchAlgorithmException.java -- an algorithm was not available
+ Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception is thrown when the requested security algorithm is
+ * not available
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @status updated to 1.4
+ */
+public class NoSuchAlgorithmException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -7443947487218346562L;
+
+ /**
+ * Create a new instance with no descriptive error message.
+ */
+ public NoSuchAlgorithmException()
+ {
+ }
+
+ /**
+ * Create a new instance with a descriptive error message.
+ *
+ * @param msg the descriptive error message
+ */
+ public NoSuchAlgorithmException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public NoSuchAlgorithmException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public NoSuchAlgorithmException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/NoSuchProviderException.java b/libjava/classpath/java/security/NoSuchProviderException.java
new file mode 100644
index 000000000..bd26df5ef
--- /dev/null
+++ b/libjava/classpath/java/security/NoSuchProviderException.java
@@ -0,0 +1,70 @@
+/* NoSuchProviderException.java -- thrown when a provider is not found
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception is thrown when the requested security provider is
+ * not available.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @status updated to 1.4
+ */
+public class NoSuchProviderException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 8488111756688534474L;
+
+ /**
+ * Create a new instance with no descriptive error message.
+ */
+ public NoSuchProviderException()
+ {
+ }
+
+ /**
+ * Create a new instance with a descriptive error message.
+ *
+ * @param msg the descriptive error message
+ */
+ public NoSuchProviderException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/classpath/java/security/Permission.java b/libjava/classpath/java/security/Permission.java
new file mode 100644
index 000000000..cf6399b16
--- /dev/null
+++ b/libjava/classpath/java/security/Permission.java
@@ -0,0 +1,202 @@
+/* Permission.java -- The superclass for all permission objects
+ Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import java.io.Serializable;
+
+/**
+ * This class is the abstract superclass of all classes that implement
+ * the concept of a permission. A permission consists of a permission name
+ * and optionally a list of actions that relate to the permission. The
+ * actual meaning of the name of the permission is defined only in the
+ * context of a subclass. It may name a resource to which access permissions
+ * are granted (for example, the name of a file) or it might represent
+ * something else entirely. Similarly, the action list only has meaning
+ * within the context of a subclass. Some permission names may have no
+ * actions associated with them. That is, you either have the permission
+ * or you don't.
+ *
+ * <p>The most important method in this class is <code>implies</code>. This
+ * checks whether if one has this permission, then the specified
+ * permission is also implied. As a conceptual example, consider the
+ * permissions "Read All Files" and "Read File foo". The permission
+ * "Read All Files" implies that the caller has permission to read the
+ * file foo.
+ *
+ * <p><code>Permission</code>'s must be immutable - do not change their
+ * state after creation.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see Permissions
+ * @see PermissionCollection
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public abstract class Permission implements Guard, Serializable
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -5636570222231596674L;
+
+ /**
+ * This is the name assigned to this permission object.
+ *
+ * @serial the name of the permission
+ */
+ private String name;
+
+ /**
+ * Create an instance with the specified name.
+ *
+ * @param name the permission name
+ */
+ public Permission(String name)
+ {
+ this.name = name;
+ }
+
+ /**
+ * This method implements the <code>Guard</code> interface for this class.
+ * It calls the <code>checkPermission</code> method in
+ * <code>SecurityManager</code> with this <code>Permission</code> as its
+ * argument. This method returns silently if the security check succeeds
+ * or throws an exception if it fails.
+ *
+ * @param obj the <code>Object</code> being guarded - ignored by this class
+ * @throws SecurityException if the security check fails
+ * @see GuardedObject
+ * @see SecurityManager#checkPermission(Permission)
+ */
+ public void checkGuard(Object obj)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(this);
+ }
+
+ /**
+ * This method tests whether this <code>Permission</code> implies that the
+ * specified <code>Permission</code> is also granted.
+ *
+ * @param perm the <code>Permission</code> to test against
+ * @return true if perm is implied by this
+ */
+ public abstract boolean implies(Permission perm);
+
+ /**
+ * Check to see if this object equals obj. Use <code>implies</code>, rather
+ * than <code>equals</code>, when making access control decisions.
+ *
+ * @param obj the object to compare to
+ */
+ public abstract boolean equals(Object obj);
+
+ /**
+ * This method returns a hash code for this <code>Permission</code>. It
+ * must satisfy the contract of <code>Object.hashCode</code>: it must be
+ * the same for all objects that equals considers to be the same.
+ *
+ * @return a hash value
+ */
+ public abstract int hashCode();
+
+ /**
+ * Get the name of this <code>Permission</code>.
+ *
+ * @return the name
+ */
+ public final String getName()
+ {
+ return name;
+ }
+
+ /**
+ * This method returns the list of actions for this <code>Permission</code>
+ * as a <code>String</code>. The string should be in canonical order, for
+ * example, both <code>new FilePermission(f, "write,read")</code> and
+ * <code>new FilePermission(f, "read,write")</code> have the action list
+ * "read,write".
+ *
+ * @return the action list for this <code>Permission</code>
+ */
+ public abstract String getActions();
+
+ /**
+ * This method returns an empty <code>PermissionCollection</code> object
+ * that can store permissions of this type, or <code>null</code> if no
+ * such collection is defined. Subclasses must override this to provide
+ * an appropriate collection when one is needed to accurately calculate
+ * <code>implies</code>.
+ *
+ * @return a new <code>PermissionCollection</code>
+ */
+ public PermissionCollection newPermissionCollection()
+ {
+ return null;
+ }
+
+ /**
+ * This method returns a <code>String</code> representation of this
+ * <code>Permission</code> object. This is in the format:
+ * <code>'(' + getClass().getName() + ' ' + getName() + ' ' + getActions
+ * + ')'</code>.
+ *
+ * @return this object as a <code>String</code>
+ */
+ public String toString()
+ {
+ CPStringBuilder string = new CPStringBuilder();
+
+ string = string.append('(');
+ string = string.append(getClass().getName());
+ string = string.append(' ');
+ string = string.append(getName());
+
+ if (!(getActions().equals("")))
+ {
+ string = string.append(' ');
+ string = string.append(getActions());
+ }
+
+ string = string.append(')');
+ return string.toString();
+ }
+} // class Permission
diff --git a/libjava/classpath/java/security/PermissionCollection.java b/libjava/classpath/java/security/PermissionCollection.java
new file mode 100644
index 000000000..ef87cc7e1
--- /dev/null
+++ b/libjava/classpath/java/security/PermissionCollection.java
@@ -0,0 +1,169 @@
+/* PermissionCollection.java -- A collection of permission objects
+ Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import java.io.Serializable;
+import java.util.Enumeration;
+
+/**
+ * This class models a group of Java permissions. It has convenient
+ * methods for determining whether or not a given permission is implied
+ * by any of the permissions in this collection.
+ *
+ * <p>Some care must be taken in storing permissions. First, a collection of
+ * the appropriate type must be created. This is done by calling the
+ * <code>newPermissionCollection</code> method on an object of the
+ * permission class you wish to add to the collection. If this method
+ * returns <code>null</code>, any type of <code>PermissionCollection</code>
+ * can be used to store permissions of that type. However, if a
+ * <code>PermissionCollection</code> collection object is returned, that
+ * type must be used.
+ *
+ * <p>A <code>PermissionCollection</code> returned by the
+ * <code>newPermissionCollection</code> method in a subclass of
+ * <code>Permission</code> is a homogeneous collection. It only will
+ * hold permissions of one specified type - instances of the class that
+ * created it. Not all <code>PermissionCollection</code> subclasses
+ * have to hold permissions of only one type however. For example,
+ * the <code>Permissions</code> class holds permissions of many types.
+ *
+ * <p>Since the <code>newPermissionCollection</code> in <code>Permission</code>
+ * itself returns <code>null</code>, by default a permission can be stored
+ * in any type of collection unless it overrides that method to create its
+ * own collection type.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see Permission
+ * @see Permissions
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public abstract class PermissionCollection implements Serializable
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -6727011328946861783L;
+
+ /**
+ * Indicates whether or not this collection is read only.
+ *
+ * @serial if the collection is read-only
+ */
+ private boolean readOnly;
+
+ /**
+ * Create a new collection.
+ */
+ public PermissionCollection()
+ {
+ }
+
+ /**
+ * This method adds a new <code>Permission</code> object to the collection.
+ *
+ * @param perm the <code>Permission</code> to add
+ *
+ * @throws SecurityException if the collection is marked read only
+ * @throws IllegalArgumentException if perm is of the wrong type
+ */
+ public abstract void add(Permission perm);
+
+ /**
+ * This method tests whether the specified <code>Permission</code> object is
+ * implied by this collection of <code>Permission</code> objects.
+ *
+ * @param perm the <code>Permission</code> object to test
+ * @return true if the collection implies perm
+ */
+ public abstract boolean implies(Permission perm);
+
+ /**
+ * This method returns an <code>Enumeration</code> of all the objects in
+ * this collection.
+ *
+ * @return an <code>Enumeration</code> of this collection's objects
+ */
+ public abstract Enumeration<Permission> elements();
+
+ /**
+ * This method sets this <code>PermissionCollection</code> object to be
+ * read only. No further permissions can be added to it after calling this
+ * method.
+ */
+ public void setReadOnly()
+ {
+ readOnly = true;
+ }
+
+ /**
+ * This method tests whether or not this <code>PermissionCollection</code>
+ * object is read only.
+ *
+ * @return true if this collection is read only
+ */
+ public boolean isReadOnly()
+ {
+ return readOnly;
+ }
+
+ /**
+ * This method returns a <code>String</code> representation of this
+ * collection. It is formed by:
+ * <pre>
+ * super.toString()" (\n"
+ * // enumerate all permissions, one per line
+ * ")\n"
+ * </pre>
+ *
+ * @return a <code>String</code> representing this object
+ */
+ public String toString()
+ {
+ CPStringBuilder sb = new CPStringBuilder(super.toString());
+
+ sb.append(" (\n");
+ Enumeration<Permission> e = elements();
+ while (e.hasMoreElements())
+ sb.append(' ').append(e.nextElement()).append('\n');
+ return sb.append(")\n").toString();
+ }
+} // class PermissionCollection
diff --git a/libjava/classpath/java/security/Permissions.java b/libjava/classpath/java/security/Permissions.java
new file mode 100644
index 000000000..d814064e0
--- /dev/null
+++ b/libjava/classpath/java/security/Permissions.java
@@ -0,0 +1,254 @@
+/* Permissions.java -- a collection of permission collections
+ Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import java.io.Serializable;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.NoSuchElementException;
+
+/**
+ * This class is a heterogeneous collection of permissions. It is
+ * organized as a collection of <code>PermissionCollection</code>'s stored
+ * in a hashtable. Each individual <code>PermissionCollection</code>
+ * contains permissions of a single type. If a specific type of
+ * <code>Permission</code> does not provide a collection type to use
+ * via its <code>newPermissionCollection</code> method, then a default
+ * collection type which stores its permissions in a hash table will be
+ * used.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @since 1.1
+ */
+public final class Permissions extends PermissionCollection
+ implements Serializable
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 4858622370623524688L;
+
+ /**
+ * Holds instances of <code>AllPermission</code>.
+ *
+ * @serial the permission collection for AllPermission
+ */
+ private PermissionCollection allPermission;
+
+ // Package-private to avoid a trampoline.
+ /**
+ * This is the <code>Hashtable</code> that contains our collections.
+ *
+ * @serial maps Class to PermissionCollection
+ */
+ final Hashtable perms = new Hashtable();
+
+ /**
+ * This method initializes a new instance of <code>Permissions</code>.
+ */
+ public Permissions()
+ {
+ }
+
+ /**
+ * This method adds a new <code>Permission</code> to this collection. It
+ * will be stored in a <code>PermissionCollection</code> of the appropriate
+ * type, as determined by calling <code>newPermissionCollection</code> on
+ * the specified permission (if an appropriate collection does not already
+ * exist). If this object does not specify a particular type of collection,
+ * a default collection, which stores in permissions in a hash table, will
+ * be used.
+ *
+ * @param perm the <code>Permission</code> to add
+ * @throws SecurityException if this collection is marked as read only
+ */
+ public void add(Permission perm)
+ {
+ if (isReadOnly())
+ throw new SecurityException("PermissionCollection is read only");
+ if (perm instanceof AllPermission)
+ {
+ if (allPermission == null)
+ {
+ allPermission = perm.newPermissionCollection();
+ allPermission.add(perm);
+ perms.put(perm.getClass(), allPermission);
+ }
+ }
+ else
+ {
+ PermissionCollection pc
+ = (PermissionCollection) perms.get(perm.getClass());
+ if (pc == null)
+ {
+ pc = perm.newPermissionCollection();
+ if (pc == null)
+ pc = new PermissionsHash();
+ perms.put(perm.getClass(), pc);
+ }
+ pc.add(perm);
+ }
+ }
+
+ /**
+ * This method tests whether or not the specified <code>Permission</code>
+ * is implied by this <code>PermissionCollection</code>.
+ *
+ * @param perm the <code>Permission</code> to test
+ * @return true if the specified permission is implied by this
+ */
+ public boolean implies(Permission perm)
+ {
+ if (allPermission != null)
+ return true;
+ PermissionCollection pc
+ = (PermissionCollection) perms.get(perm.getClass());
+ return pc == null ? false : pc.implies(perm);
+ }
+
+ /**
+ * This method returns an <code>Enumeration</code> which contains a
+ * list of all <code>Permission</code> objects contained in this
+ * collection.
+ *
+ * @return an <code>Enumeration</code> of this collection's elements
+ */
+ public Enumeration<Permission> elements()
+ {
+ return new Enumeration()
+ {
+ Enumeration main_enum = perms.elements();
+ Enumeration sub_enum;
+
+ public boolean hasMoreElements()
+ {
+ if (sub_enum == null)
+ {
+ if (main_enum == null)
+ return false;
+ if (! main_enum.hasMoreElements())
+ {
+ main_enum = null;
+ return false;
+ }
+ PermissionCollection pc =
+ (PermissionCollection) main_enum.nextElement();
+ sub_enum = pc.elements();
+ }
+ if (! sub_enum.hasMoreElements())
+ {
+ sub_enum = null;
+ return hasMoreElements();
+ }
+ return true;
+ }
+
+ public Object nextElement()
+ {
+ if (! hasMoreElements())
+ throw new NoSuchElementException();
+ return sub_enum.nextElement();
+ }
+ };
+ }
+
+ /**
+ * Implements the permission collection for all permissions without one of
+ * their own, and obeys serialization of JDK.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ */
+ private static final class PermissionsHash extends PermissionCollection
+ {
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -8491988220802933440L;
+
+ /**
+ * Hashtable where we store permissions.
+ *
+ * @serial the stored permissions, both as key and value
+ */
+ private final Hashtable perms = new Hashtable();
+
+ /**
+ * Add a permission. We don't need to check for read-only, as this
+ * collection is never exposed outside of Permissions, which has already
+ * done that check.
+ *
+ * @param perm the permission to add
+ */
+ public void add(Permission perm)
+ {
+ perms.put(perm, perm);
+ }
+
+ /**
+ * Returns true if perm is in the collection.
+ *
+ * @param perm the permission to check
+ * @return true if it is implied
+ */
+ // FIXME: Should this method be synchronized?
+ public boolean implies(Permission perm)
+ {
+ Enumeration elements = elements();
+
+ while (elements.hasMoreElements())
+ {
+ Permission p = (Permission)elements.nextElement();
+ if (p.implies(perm))
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Return the elements.
+ *
+ * @return the elements
+ */
+ public Enumeration elements()
+ {
+ return perms.elements();
+ }
+ } // class PermissionsHash
+} // class Permissions
diff --git a/libjava/classpath/java/security/Policy.java b/libjava/classpath/java/security/Policy.java
new file mode 100644
index 000000000..118626ea1
--- /dev/null
+++ b/libjava/classpath/java/security/Policy.java
@@ -0,0 +1,297 @@
+/* Policy.java --- Policy Manager Class
+ Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * <code>Policy</code> is an abstract class for managing the system security
+ * policy for the Java application environment. It specifies which permissions
+ * are available for code from various sources. The security policy is
+ * represented through a subclass of <code>Policy</code>.
+ *
+ * <p>Only one <code>Policy</code> is in effect at any time. A
+ * {@link ProtectionDomain} initializes itself with information from this class
+ * on the set of permssions to grant.</p>
+ *
+ * <p>The location for the actual <code>Policy</code> could be anywhere in any
+ * form because it depends on the Policy implementation. The default system is
+ * in a flat ASCII file or it could be in a database.</p>
+ *
+ * <p>The current installed <code>Policy</code> can be accessed with
+ * {@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code
+ * has the correct permissions.</p>
+ *
+ * <p>The {@link #refresh()} method causes the <code>Policy</code> instance to
+ * refresh/reload its configuration. The method used to refresh depends on the
+ * <code>Policy</code> implementation.</p>
+ *
+ * <p>When a protection domain initializes its permissions, it uses code like
+ * the following:</p>
+ *
+ * <code>
+ * policy = Policy.getPolicy();
+ * PermissionCollection perms = policy.getPermissions(myCodeSource);
+ * </code>
+ *
+ * <p>The protection domain passes the <code>Policy</code> handler a
+ * {@link CodeSource} instance which contains the codebase URL and a public key.
+ * The <code>Policy</code> implementation then returns the proper set of
+ * permissions for that {@link CodeSource}.</p>
+ *
+ * <p>The default <code>Policy</code> implementation can be changed by setting
+ * the "policy.provider" security provider in the "java.security" file to the
+ * correct <code>Policy</code> implementation class.</p>
+ *
+ * @author Mark Benvenuto
+ * @see CodeSource
+ * @see PermissionCollection
+ * @see SecureClassLoader
+ * @since 1.2
+ */
+public abstract class Policy
+{
+ private static Policy currentPolicy;
+
+ /** Map of ProtectionDomains to PermissionCollections for this instance. */
+ private Map pd2pc = null;
+
+ /** Constructs a new <code>Policy</code> object. */
+ public Policy()
+ {
+ }
+
+ /**
+ * Returns the currently installed <code>Policy</code> handler. The value
+ * should not be cached as it can be changed any time by
+ * {@link #setPolicy(Policy)}.
+ *
+ * @return the current <code>Policy</code>.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public static Policy getPolicy()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(new SecurityPermission("getPolicy"));
+
+ return getCurrentPolicy();
+ }
+
+ /**
+ * Sets the <code>Policy</code> handler to a new value.
+ *
+ * @param policy
+ * the new <code>Policy</code> to use.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public static void setPolicy(Policy policy)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(new SecurityPermission("setPolicy"));
+
+ setup(policy);
+ currentPolicy = policy;
+ }
+
+ private static void setup(final Policy policy)
+ {
+ if (policy.pd2pc == null)
+ policy.pd2pc = Collections.synchronizedMap(new LinkedHashMap());
+
+ ProtectionDomain pd = policy.getClass().getProtectionDomain();
+ if (pd.getCodeSource() != null)
+ {
+ PermissionCollection pc = null;
+ if (currentPolicy != null)
+ pc = currentPolicy.getPermissions(pd);
+
+ if (pc == null) // assume it has all
+ {
+ pc = new Permissions();
+ pc.add(new AllPermission());
+ }
+
+ policy.pd2pc.put(pd, pc); // add the mapping pd -> pc
+ }
+ }
+
+ /**
+ * Ensures/forces loading of the configured policy provider, while bypassing
+ * the {@link SecurityManager} checks for <code>"getPolicy"</code> security
+ * permission. Needed by {@link ProtectionDomain}.
+ */
+ static Policy getCurrentPolicy()
+ {
+ // FIXME: The class name of the Policy provider should really be sourced
+ // from the "java.security" configuration file. For now, just hard-code
+ // a stub implementation.
+ if (currentPolicy == null)
+ {
+ String pp = System.getProperty ("policy.provider");
+ if (pp != null)
+ try
+ {
+ currentPolicy = (Policy) Class.forName(pp).newInstance();
+ }
+ catch (Exception e)
+ {
+ // Ignored.
+ }
+
+ if (currentPolicy == null)
+ currentPolicy = new gnu.java.security.provider.DefaultPolicy();
+ }
+ return currentPolicy;
+ }
+
+ /**
+ * Tests if <code>currentPolicy</code> is not <code>null</code>,
+ * thus allowing clients to not force loading of any policy
+ * provider; needed by {@link ProtectionDomain}.
+ */
+ static boolean isLoaded()
+ {
+ return currentPolicy != null;
+ }
+
+ /**
+ * Returns the set of Permissions allowed for a given {@link CodeSource}.
+ *
+ * @param codesource
+ * the {@link CodeSource} for which, the caller needs to find the
+ * set of granted permissions.
+ * @return a set of permissions for {@link CodeSource} specified by the
+ * current <code>Policy</code>.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public abstract PermissionCollection getPermissions(CodeSource codesource);
+
+ /**
+ * Returns the set of Permissions allowed for a given {@link ProtectionDomain}.
+ *
+ * @param domain
+ * the {@link ProtectionDomain} for which, the caller needs to find
+ * the set of granted permissions.
+ * @return a set of permissions for {@link ProtectionDomain} specified by the
+ * current <code>Policy.</code>.
+ * @since 1.4
+ * @see ProtectionDomain
+ * @see SecureClassLoader
+ */
+ public PermissionCollection getPermissions(ProtectionDomain domain)
+ {
+ if (domain == null)
+ return new Permissions();
+
+ if (pd2pc == null)
+ setup(this);
+
+ PermissionCollection result = (PermissionCollection) pd2pc.get(domain);
+ if (result != null)
+ {
+ Permissions realResult = new Permissions();
+ for (Enumeration e = result.elements(); e.hasMoreElements(); )
+ realResult.add((Permission) e.nextElement());
+
+ return realResult;
+ }
+
+ result = getPermissions(domain.getCodeSource());
+ if (result == null)
+ result = new Permissions();
+
+ PermissionCollection pc = domain.getPermissions();
+ if (pc != null)
+ for (Enumeration e = pc.elements(); e.hasMoreElements(); )
+ result.add((Permission) e.nextElement());
+
+ return result;
+ }
+
+ /**
+ * Checks if the designated {@link Permission} is granted to a designated
+ * {@link ProtectionDomain}.
+ *
+ * @param domain
+ * the {@link ProtectionDomain} to test.
+ * @param permission
+ * the {@link Permission} to check.
+ * @return <code>true</code> if <code>permission</code> is implied by a
+ * permission granted to this {@link ProtectionDomain}. Returns
+ * <code>false</code> otherwise.
+ * @since 1.4
+ * @see ProtectionDomain
+ */
+ public boolean implies(ProtectionDomain domain, Permission permission)
+ {
+ if (pd2pc == null)
+ setup(this);
+
+ PermissionCollection pc = (PermissionCollection) pd2pc.get(domain);
+ if (pc != null)
+ return pc.implies(permission);
+
+ boolean result = false;
+ pc = getPermissions(domain);
+ if (pc != null)
+ {
+ result = pc.implies(permission);
+ pd2pc.put(domain, pc);
+ }
+
+ return result;
+ }
+
+ /**
+ * Causes this <code>Policy</code> instance to refresh / reload its
+ * configuration. The method used to refresh depends on the concrete
+ * implementation.
+ */
+ public abstract void refresh();
+}
diff --git a/libjava/classpath/java/security/Principal.java b/libjava/classpath/java/security/Principal.java
new file mode 100644
index 000000000..6d9de6ccd
--- /dev/null
+++ b/libjava/classpath/java/security/Principal.java
@@ -0,0 +1,85 @@
+/* Principal.java -- A security entity
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+/**
+ * This interface models an entity (such as a user or a certificate authority)
+ * for the purposes of applying the Java security model.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see X509Certificate
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public interface Principal
+{
+ /**
+ * This method tests another <code>Principal</code> object for equality
+ * with this one.
+ *
+ * @param obj the Object to test for equality
+ * @return true if the specified <code>Principal</code> is equal
+ */
+ boolean equals(Object obj);
+
+ /**
+ * This method returns a <code>String</code> representation of this
+ * <code>Principal</code>.
+ *
+ * @return this <code>Principal</code> represented as a <code>String</code>
+ */
+ String toString();
+
+ /**
+ * This method returns a hash code value for this <code>Principal</code>.
+ * Remember the contract of hashCode - two objects which compare as
+ * equals() must have the same hashCode().
+ *
+ * @return a hash value
+ */
+ int hashCode();
+
+ /**
+ * This method returns a <code>String</code> that names this
+ * <code>Principal</code>.
+ *
+ * @return the name of this <code>Principal</code>
+ */
+ String getName();
+} // interface Principal
diff --git a/libjava/classpath/java/security/PrivateKey.java b/libjava/classpath/java/security/PrivateKey.java
new file mode 100644
index 000000000..70607c134
--- /dev/null
+++ b/libjava/classpath/java/security/PrivateKey.java
@@ -0,0 +1,62 @@
+/* PrivateKey.java -- tagging interface for all private keys
+ Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+/**
+ * This interface specified no methods. In simply provides a common
+ * super-interface for all algorithm specific private key values.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see Key
+ * @see PublicKey
+ * @see Certificate
+ * @see Signature#initVerify(PublicKey)
+ * @see DSAPrivateKey
+ * @see RSAPrivateKey
+ * @see RSAPrivateCrtKey
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public interface PrivateKey extends Key
+{
+ /**
+ * The version identifier used for serialization.
+ */
+ long serialVersionUID = 6034044314589513430L;
+} // interface PrivateKey
diff --git a/libjava/classpath/java/security/PrivilegedAction.java b/libjava/classpath/java/security/PrivilegedAction.java
new file mode 100644
index 000000000..1a51eaade
--- /dev/null
+++ b/libjava/classpath/java/security/PrivilegedAction.java
@@ -0,0 +1,64 @@
+/* PrivilegedAction.java -- Perform a privileged action
+ Copyright (C) 1998, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This interface specifes a single <code>run</code> method that
+ * executes a privileged operation. This method is called by
+ * <code>AccessController.doPrivileged()</code> after that method
+ * activiates the required privileges.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see AccessController
+ * @see PrivilegedExceptionAction
+ * @since 1.1
+ * @status updated to 1.5
+ */
+public interface PrivilegedAction<T>
+{
+ /**
+ * This method performs an operation that requires higher privileges to
+ * perform. It is called when a section of code invokes
+ * <code>AccessController.doPrivileged()</code>.
+ *
+ * @return obj An implementation dependent return value
+ * @see AccessController#doPrivileged(PrivilegedAction)
+ * @see AccessController#doPrivileged(PrivilegedAction, AccessControlContext)
+ */
+ T run();
+} // interface PrivilegedAction
diff --git a/libjava/classpath/java/security/PrivilegedActionException.java b/libjava/classpath/java/security/PrivilegedActionException.java
new file mode 100644
index 000000000..3f08c8130
--- /dev/null
+++ b/libjava/classpath/java/security/PrivilegedActionException.java
@@ -0,0 +1,109 @@
+/* PrivilegedActionException.java -- wrap an exception in a privileged action
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception is thrown when an exception is thrown during a
+ * privileged action being performed with the
+ * <code>AccessController.doPrivileged()</code> method. It wraps the
+ * actual exception thrown in the privileged code.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see PrivilegedExceptionAction
+ * @see AccessController#doPrivileged(PrivilegedExceptionAction)
+ * @see AccessController#doPrivileged(PrivilegedExceptionAction, AccessControlContext)
+ * @status updated to 1.4
+ */
+public class PrivilegedActionException extends Exception
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 4724086851538908602L;
+
+ /**
+ * This is the actual exception that occurred.
+ *
+ * @serial the wrapped exception
+ */
+ private Exception exception;
+
+ /**
+ * Create a new instance that wraps the specified <code>Exception</code>.
+ *
+ * @param e the <code>Exception</code> to wrap
+ */
+ public PrivilegedActionException(Exception e)
+ {
+ super(e);
+ exception = e;
+ }
+
+ /**
+ * Get the underlying <code>Exception</code> that caused this one. This
+ * is a legacy method, the preferred way is {@link #getCause()}.
+ *
+ * @return the cause
+ */
+ public Exception getException()
+ {
+ return exception;
+ }
+
+ /**
+ * Gets the cause of this exception.
+ *
+ * @return the cause
+ * @since 1.4
+ */
+ public Throwable getCause()
+ {
+ return exception;
+ }
+
+ /**
+ * Convert this to a String.
+ *
+ * @return the string representation
+ */
+ public String toString()
+ {
+ return super.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/PrivilegedExceptionAction.java b/libjava/classpath/java/security/PrivilegedExceptionAction.java
new file mode 100644
index 000000000..351438e0b
--- /dev/null
+++ b/libjava/classpath/java/security/PrivilegedExceptionAction.java
@@ -0,0 +1,65 @@
+/* PrivilegedExceptionAction.java -- Perform a privileged operation
+ Copyright (C) 1998, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This interface defines a method that is called by
+ * <code>AccessController.doPrivileged()</code> in order to perform a
+ * privileged operation with higher privileges enabled. This interface
+ * differs from <code>PrivilegedAction</code> in that the <code>run</code>
+ * method in this interface may throw a checked exception.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @since 1.1
+ * @status updated to 1.5
+ */
+public interface PrivilegedExceptionAction<T>
+{
+ /**
+ * This method performs an operation that requires higher privileges to
+ * successfully complete. It is called when a section of code invokes
+ * <code>AccessController.doPrivileged()</code>.
+ *
+ * @return obj An implementation defined return value
+ * @throws Exception An implementation specific exception
+ * @see AccessController#doPrivileged(PrivilegedExceptionAction)
+ * @see AccessController#doPrivileged(PrivilegedExceptionAction,
+ * AccessControlContext)
+ */
+ T run() throws Exception;
+} // interface PrivilegedExceptionAction
diff --git a/libjava/classpath/java/security/ProtectionDomain.java b/libjava/classpath/java/security/ProtectionDomain.java
new file mode 100644
index 000000000..d5d657d61
--- /dev/null
+++ b/libjava/classpath/java/security/ProtectionDomain.java
@@ -0,0 +1,252 @@
+/* ProtectionDomain.java -- A security domain
+ Copyright (C) 1998, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import gnu.classpath.SystemProperties;
+
+import gnu.java.lang.CPStringBuilder;
+
+/**
+ * This class represents a group of classes, along with their granted
+ * permissions. The classes are identified by a {@link CodeSource}. Thus, any
+ * class loaded from the specified {@link CodeSource} is treated as part of
+ * this domain. The set of permissions is represented by an instance of
+ * {@link PermissionCollection}.
+ *
+ * <p>Every class in the system will belong to one and only one
+ * <code>ProtectionDomain</code>.</p>
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @version 0.0
+ */
+public class ProtectionDomain
+{
+ /** This is the <code>CodeSource</code> for this protection domain. */
+ private CodeSource code_source;
+
+ /** This is the set of permissions granted to this domain. */
+ private PermissionCollection perms;
+
+ /** The {@link ClassLoader} associated with this domain. */
+ private ClassLoader classloader;
+
+ /** The array of Principals associated with this domain.. */
+ private Principal[] principals;
+
+ /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */
+ private boolean staticBinding;
+
+ /**
+ * Initializes a new instance of <code>ProtectionDomain</code> representing
+ * the specified {@link CodeSource} and set of permissions. No permissions
+ * can be added later to the {@link PermissionCollection} and this contructor
+ * will call the <code>setReadOnly</code> method on the specified set of
+ * permissions.
+ *
+ * @param codesource
+ * The {@link CodeSource} for this domain.
+ * @param permissions
+ * The set of permissions for this domain.
+ * @see PermissionCollection#setReadOnly()
+ */
+ public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
+ {
+ this(codesource, permissions, null, null, true);
+ }
+
+ /**
+ * This method initializes a new instance of <code>ProtectionDomain</code>
+ * given its {@link CodeSource}, granted permissions, associated
+ * {@link ClassLoader} and {@link Principal}s.
+ *
+ * <p>Similar to the previous constructor, if the designated set of
+ * permissions is not <code>null</code>, the <code>setReadOnly</code> method
+ * is called on that set.</p>
+ *
+ * @param codesource
+ * The {@link CodeSource} for this domain.
+ * @param permissions
+ * The permission set for this domain.
+ * @param classloader
+ * the ClassLoader associated with this domain.
+ * @param principals
+ * the array of {@link Principal}s associated with this domain.
+ * @since 1.4
+ * @see PermissionCollection#setReadOnly()
+ */
+ public ProtectionDomain(CodeSource codesource,
+ PermissionCollection permissions,
+ ClassLoader classloader, Principal[] principals)
+ {
+ this(codesource, permissions, classloader, principals, false);
+ }
+
+ private ProtectionDomain(CodeSource codesource,
+ PermissionCollection permissions,
+ ClassLoader classloader, Principal[] principals,
+ boolean staticBinding)
+ {
+ super();
+
+ code_source = codesource;
+ if (permissions != null)
+ {
+ perms = permissions;
+ perms.setReadOnly();
+ }
+
+ this.classloader = classloader;
+ this.principals =
+ (principals != null ? (Principal[]) principals.clone() : new Principal[0]);
+ this.staticBinding = staticBinding;
+ }
+
+ /**
+ * Returns the {@link CodeSource} of this domain.
+ *
+ * @return the {@link CodeSource} of this domain.
+ * @since 1.2
+ */
+ public final CodeSource getCodeSource()
+ {
+ return code_source;
+ }
+
+ /**
+ * Returns the {@link ClassLoader} of this domain.
+ *
+ * @return the {@link ClassLoader} of this domain.
+ * @since 1.4
+ */
+ public final ClassLoader getClassLoader()
+ {
+ return this.classloader;
+ }
+
+ /**
+ * Returns a clone of the {@link Principal}s of this domain.
+ *
+ * @return a clone of the {@link Principal}s of this domain.
+ * @since 1.4
+ */
+ public final Principal[] getPrincipals()
+ {
+ return (Principal[]) principals.clone();
+ }
+
+ /**
+ * Returns the {@link PermissionCollection} of this domain.
+ *
+ * @return The {@link PermissionCollection} of this domain.
+ */
+ public final PermissionCollection getPermissions()
+ {
+ return perms;
+ }
+
+ /**
+ * Tests whether or not the specified {@link Permission} is implied by the
+ * set of permissions granted to this domain.
+ *
+ * @param permission
+ * the {@link Permission} to test.
+ * @return <code>true</code> if the specified {@link Permission} is implied
+ * for this domain, <code>false</code> otherwise.
+ */
+ public boolean implies(Permission permission)
+ {
+ if (staticBinding)
+ return (perms == null ? false : perms.implies(permission));
+ // Else dynamically bound. Do we have it?
+ // NOTE: this will force loading of Policy.currentPolicy
+ return Policy.getCurrentPolicy().implies(this, permission);
+ }
+
+ /**
+ * Returns a string representation of this object. It will include the
+ * {@link CodeSource} and set of permissions associated with this domain.
+ *
+ * @return A string representation of this object.
+ */
+ public String toString()
+ {
+ String linesep = SystemProperties.getProperty("line.separator");
+ CPStringBuilder sb = new CPStringBuilder("ProtectionDomain (").append(linesep);
+
+ if (code_source == null)
+ sb.append("CodeSource:null");
+ else
+ sb.append(code_source);
+
+ sb.append(linesep);
+ if (classloader == null)
+ sb.append("ClassLoader:null");
+ else
+ sb.append(classloader);
+
+ sb.append(linesep);
+ sb.append("Principals:");
+ if (principals != null && principals.length > 0)
+ {
+ sb.append("[");
+ Principal pal;
+ for (int i = 0; i < principals.length; i++)
+ {
+ pal = principals[i];
+ sb.append("'").append(pal.getName())
+ .append("' of type ").append(pal.getClass().getName());
+ if (i < principals.length-1)
+ sb.append(", ");
+ }
+ sb.append("]");
+ }
+ else
+ sb.append("none");
+
+ sb.append(linesep);
+ if (!staticBinding) // include all but dont force loading Policy.currentPolicy
+ if (Policy.isLoaded())
+ sb.append(Policy.getCurrentPolicy().getPermissions(this));
+ else // fallback on this one's permissions
+ sb.append(perms);
+ else
+ sb.append(perms);
+
+ return sb.append(linesep).append(")").append(linesep).toString();
+ }
+}
diff --git a/libjava/classpath/java/security/Provider.java b/libjava/classpath/java/security/Provider.java
new file mode 100644
index 000000000..b1d6d9ce2
--- /dev/null
+++ b/libjava/classpath/java/security/Provider.java
@@ -0,0 +1,218 @@
+/* Provider.java -- Security provider information
+ Copyright (C) 1998, 1999, 2000, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.io.Serializable;
+import java.util.Properties;
+
+/**
+ * This class represents a Java security architecture service provider. The
+ * services provided by a such a provider can range from security algorithms to
+ * key generation.
+ * <p>
+ * Providers are installed by name and version number. See the static
+ * initializer of the {@link java.security.Security} class for the default
+ * security providers installed by this class library.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public abstract class Provider
+ extends Properties
+ implements Serializable
+{
+ private static final long serialVersionUID = -4298000515446427739L;
+
+ /**
+ * This is a textual description of the provider
+ */
+ private String info;
+
+ /**
+ * This is the name of the provider
+ */
+ private String name;
+
+ /**
+ * This is the version number of the provider
+ */
+ private double version;
+
+ /**
+ * This method initializes a new instance of <code>Provider</code> to have
+ * the specified name, version, and description information.
+ *
+ * @param name The name to assign to this <code>Provider</code>.
+ * @param version The version number for this <code>Provider</code>.
+ * @param info A textual description of this provider.
+ */
+ protected Provider(String name, double version, String info)
+ {
+ this.name = name;
+ this.version = version;
+ this.info = info;
+ }
+
+ /**
+ * This method returns the name assigned to this <code>Provider</code>.
+ *
+ * @return The <code>Provider</code>'s name.
+ */
+ public String getName()
+ {
+ return (name);
+ }
+
+ /**
+ * This method retunrs the version number of this <code>Provider</code>.
+ *
+ * @return The <code>Provider</code>'s version number.
+ */
+ public double getVersion()
+ {
+ return (version);
+ }
+
+ /**
+ * This method returns a textual description of the <code>Provider</code>.
+ *
+ * @return A description of the <code>Provider</code>.
+ */
+ public String getInfo()
+ {
+ return (info);
+ }
+
+ /**
+ * Maps a key property to a designated value.
+ * <p>
+ * If there is an installed {@link SecurityManager} object in the underlying
+ * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is
+ * called with the string <code>"putProviderProperty." + name</code>, where
+ * <code>name</code> is this provider's name. For the default implementation
+ * this translates into a {@link SecurityManager#checkPermission(Permission)}
+ * for a <code>SecurityPermission("putProviderProperty." + name)</code>.
+ *
+ * @param key The property key.
+ * @param value The property value.
+ * @return The previous value of the specified property (<code>key</code>),
+ * or <code>null</code> if it did not have one.
+ * @throws SecurityException If a security manager is installed and its
+ * {@link SecurityManager#checkSecurityAccess(String)} method
+ * disallows adding properties at run-time.
+ * @since Classpath 0.4+cvs, JDK 1.2
+ * @see java.lang.Object#equals(Object)
+ * @see java.util.Hashtable#get(Object)
+ */
+ public Object put(Object key, Object value)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("putProviderProperty." + this.name);
+ return super.put(toCanonicalKey(key), value);
+ }
+
+ // overrides same in java.util.Hashtable
+ public Object get(Object key)
+ {
+ return super.get(toCanonicalKey(key));
+ }
+
+ /**
+ * This method removes the specified key entry (and its associated value)
+ * from the property mapping collection.
+ * <p>
+ * If there is an installed {@link SecurityManager} object in the underlying
+ * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is
+ * called with the string <code>"removeProviderProperty." + name</code>, where
+ * <code>name</code> is this provider's name. For the default implementation
+ * this translates into a {@link SecurityManager#checkPermission(Permission)}
+ * for a <code>SecurityPermission("removeProviderProperty." + name)</code>.
+ *
+ * @param key The key to remove
+ * @return The previous value for this key, or <code>null</code> if no
+ * previous value.
+ */
+ public Object remove(Object key)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("removeProviderProperty." + this.name);
+ return super.remove(toCanonicalKey(key));
+ }
+
+ /**
+ * This method clears the entire property collection such that it no longer
+ * contains the properties used to look up the services provided by
+ * this <code>Provider</code>.
+ * <p>
+ * If there is an installed {@link SecurityManager} object in the underlying
+ * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is
+ * called with the string <code>"clearProviderProperties." + name</code>,
+ * where <code>name</code> is this provider's name. For the default
+ * implementation this translates into a
+ * {@link SecurityManager#checkPermission(Permission)} for a
+ * <code>SecurityPermission("clearProviderProperties." + name)</code>.
+ */
+ public void clear()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("clearProviderProperties." + this.name);
+ super.clear();
+ }
+
+ /**
+ * This method returns a <code>String</code> representation of this
+ * object. This will include the <code>Provider</code> name and
+ * version number.
+ *
+ * @return A <code>String</code> representation of this object.
+ */
+ public String toString()
+ {
+ return (getClass().getName() + ": name=" + getName() + " version=" +
+ version);
+ }
+
+ private Object toCanonicalKey(Object key)
+ {
+ if (key.getClass().isAssignableFrom(String.class)) // is it ours?
+ return ((String) key).toUpperCase(); // use default locale
+ return key;
+ }
+}
diff --git a/libjava/classpath/java/security/ProviderException.java b/libjava/classpath/java/security/ProviderException.java
new file mode 100644
index 000000000..a2b469a6a
--- /dev/null
+++ b/libjava/classpath/java/security/ProviderException.java
@@ -0,0 +1,92 @@
+/* ProviderException.java -- Generic security provider runtime exception
+ Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception indicates that a runtime problem was encounterd with
+ * a security provider.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @status updated to 1.4
+ */
+public class ProviderException extends RuntimeException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 5256023526693665674L;
+
+ /**
+ * Create an instance with no descriptive error message.
+ */
+ public ProviderException()
+ {
+ }
+
+ /**
+ * Create an instance with a descriptive error message.
+ *
+ * @param msg the descriptive error message
+ */
+ public ProviderException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public ProviderException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public ProviderException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/PublicKey.java b/libjava/classpath/java/security/PublicKey.java
new file mode 100644
index 000000000..9bf145840
--- /dev/null
+++ b/libjava/classpath/java/security/PublicKey.java
@@ -0,0 +1,60 @@
+/* PublicKey.java -- tagging interface for all public keys
+ Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This interface specified no methods. In simply provides a common
+ * super-interface for all algorithm specific public key values.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see Key
+ * @see PrivateKey
+ * @see Certificate
+ * @see Signature#initVerify(PublicKey)
+ * @see DSAPublicKey
+ * @see RSAPublicKey
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public interface PublicKey extends Key
+{
+ /**
+ * The version identifier used for serialization.
+ */
+ long serialVersionUID = 7187392471159151072L;
+} // interface PublicKey
diff --git a/libjava/classpath/java/security/SecureClassLoader.java b/libjava/classpath/java/security/SecureClassLoader.java
new file mode 100644
index 000000000..1480b7116
--- /dev/null
+++ b/libjava/classpath/java/security/SecureClassLoader.java
@@ -0,0 +1,148 @@
+/* SecureClassLoader.java --- A Secure Class Loader
+ Copyright (C) 1999, 2004, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.nio.ByteBuffer;
+import java.util.HashMap;
+
+/**
+ * A Secure Class Loader for loading classes with additional
+ * support for specifying code source and permissions when
+ * they are retrieved by the system policy handler.
+ *
+ * @since 1.2
+ *
+ * @author Mark Benvenuto
+ */
+public class SecureClassLoader extends ClassLoader
+{
+ private final HashMap<CodeSource,ProtectionDomain> protectionDomainCache
+ = new HashMap<CodeSource, ProtectionDomain>();
+
+ protected SecureClassLoader(ClassLoader parent)
+ {
+ super(parent);
+ }
+
+ protected SecureClassLoader()
+ {
+ }
+
+ /**
+ * Creates a class using an array of bytes and a
+ * CodeSource.
+ *
+ * @param name the name to give the class. null if unknown.
+ * @param b the data representing the classfile, in classfile format.
+ * @param off the offset into the data where the classfile starts.
+ * @param len the length of the classfile data in the array.
+ * @param cs the CodeSource for the class or null when unknown.
+ *
+ * @return the class that was defined and optional CodeSource.
+ *
+ * @exception ClassFormatError if the byte array is not in proper classfile format.
+ */
+ protected final Class<?> defineClass(String name, byte[] b, int off, int len,
+ CodeSource cs)
+ {
+ return super.defineClass(name, b, off, len, getProtectionDomain(cs));
+ }
+
+ /**
+ * Creates a class using an ByteBuffer and a
+ * CodeSource.
+ *
+ * @param name the name to give the class. null if unknown.
+ * @param b the data representing the classfile, in classfile format.
+ * @param cs the CodeSource for the class or null when unknown.
+ *
+ * @return the class that was defined and optional CodeSource.
+ *
+ * @exception ClassFormatError if the byte array is not in proper classfile format.
+ *
+ * @since 1.5
+ */
+ protected final Class<?> defineClass(String name, ByteBuffer b, CodeSource cs)
+ {
+ return super.defineClass(name, b, getProtectionDomain(cs));
+ }
+
+ /* Lookup or create a protection domain for the CodeSource,
+ * if CodeSource is null it will return null. */
+ private ProtectionDomain getProtectionDomain(CodeSource cs)
+ {
+ ProtectionDomain protectionDomain = null;
+ if (cs != null)
+ {
+ synchronized (protectionDomainCache)
+ {
+ protectionDomain = protectionDomainCache.get(cs);
+ }
+
+ if (protectionDomain == null)
+ {
+ protectionDomain
+ = new ProtectionDomain(cs, getPermissions(cs), this, null);
+ synchronized (protectionDomainCache)
+ {
+ ProtectionDomain domain = protectionDomainCache.get(cs);
+ if (domain == null)
+ protectionDomainCache.put(cs, protectionDomain);
+ else
+ protectionDomain = domain;
+ }
+ }
+ }
+ return protectionDomain;
+ }
+
+ /**
+ * Returns a PermissionCollection for the specified CodeSource.
+ * The default implementation invokes
+ * java.security.Policy.getPermissions.
+ *
+ * This method is called by defineClass that takes a CodeSource
+ * argument to build a proper ProtectionDomain for the class
+ * being defined.
+ */
+ protected PermissionCollection getPermissions(CodeSource cs)
+ {
+ Policy policy = Policy.getCurrentPolicy();
+ return policy.getPermissions(cs);
+ }
+}
diff --git a/libjava/classpath/java/security/SecureRandom.java b/libjava/classpath/java/security/SecureRandom.java
new file mode 100644
index 000000000..abf4ff308
--- /dev/null
+++ b/libjava/classpath/java/security/SecureRandom.java
@@ -0,0 +1,420 @@
+/* SecureRandom.java --- Secure Random class implementation
+ Copyright (C) 1999, 2001, 2002, 2003, 2005, 2006
+ Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import gnu.classpath.SystemProperties;
+import gnu.java.lang.CPStringBuilder;
+import gnu.java.security.Engine;
+import gnu.java.security.action.GetSecurityPropertyAction;
+import gnu.java.security.jce.prng.SecureRandomAdapter;
+import gnu.java.security.jce.prng.Sha160RandomSpi;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Enumeration;
+import java.util.Random;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * An interface to a cryptographically secure pseudo-random number
+ * generator (PRNG). Random (or at least unguessable) numbers are used
+ * in all areas of security and cryptography, from the generation of
+ * keys and initialization vectors to the generation of random padding
+ * bytes.
+ *
+ * @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ * @author Casey Marshall
+ */
+public class SecureRandom extends Random
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Service name for PRNGs. */
+ private static final String SECURE_RANDOM = "SecureRandom";
+
+ private static final long serialVersionUID = 4940670005562187L;
+
+ //Serialized Field
+ long counter = 0; //Serialized
+ Provider provider = null;
+ byte[] randomBytes = null; //Always null
+ int randomBytesUsed = 0;
+ SecureRandomSpi secureRandomSpi = null;
+ byte[] state = null;
+ private String algorithm;
+
+ private boolean isSeeded = false;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ Default constructor for SecureRandom. It constructs a
+ new SecureRandom by instantating the first SecureRandom
+ algorithm in the default security provier.
+
+ It is not seeded and should be seeded using setSeed or else
+ on the first call to getnextBytes it will force a seed.
+
+ It is maintained for backwards compatibility and programs
+ should use {@link #getInstance(java.lang.String)}.
+ */
+ public SecureRandom()
+ {
+ Provider[] p = Security.getProviders();
+
+ //Format of Key: SecureRandom.algname
+ String key;
+
+ String classname = null;
+ int i;
+ Enumeration e;
+ for (i = 0; i < p.length; i++)
+ {
+ e = p[i].propertyNames();
+ while (e.hasMoreElements())
+ {
+ key = (String) e.nextElement();
+ if (key.startsWith("SECURERANDOM."))
+ {
+ if ((classname = p[i].getProperty(key)) != null)
+ {
+ try
+ {
+ secureRandomSpi = (SecureRandomSpi) Class.
+ forName(classname).newInstance();
+ provider = p[i];
+ algorithm = key.substring(13); // Minus SecureRandom.
+ return;
+ }
+ catch (ThreadDeath death)
+ {
+ throw death;
+ }
+ catch (Throwable t)
+ {
+ // Ignore.
+ }
+ }
+ }
+ }
+ }
+
+ // Nothing found. Fall back to SHA1PRNG
+ secureRandomSpi = new Sha160RandomSpi();
+ algorithm = "Sha160";
+ }
+
+ /**
+ A constructor for SecureRandom. It constructs a new
+ SecureRandom by instantating the first SecureRandom algorithm
+ in the default security provier.
+
+ It is seeded with the passed function and is useful if the user
+ has access to hardware random device (like a radiation detector).
+
+ It is maintained for backwards compatibility and programs
+ should use getInstance.
+
+ @param seed Seed bytes for class
+ */
+ public SecureRandom(byte[] seed)
+ {
+ this();
+ setSeed(seed);
+ }
+
+ /**
+ A constructor for SecureRandom. It constructs a new
+ SecureRandom using the specified SecureRandomSpi from
+ the specified security provier.
+
+ @param secureRandomSpi A SecureRandomSpi class
+ @param provider A Provider class
+ */
+ protected SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)
+ {
+ this(secureRandomSpi, provider, "unknown");
+ }
+
+ /**
+ * Private constructor called from the getInstance() method.
+ */
+ private SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider,
+ String algorithm)
+ {
+ this.secureRandomSpi = secureRandomSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ /**
+ * Returns an instance of a <code>SecureRandom</code> from the first provider
+ * that implements it.
+ *
+ * @param algorithm The algorithm name.
+ * @return A new <code>SecureRandom</code> implementing the given algorithm.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * given algorithm.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static SecureRandom getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of a <code>SecureRandom</code> for the specified
+ * algorithm from the named provider.
+ *
+ * @param algorithm The algorithm name.
+ * @param provider The provider name.
+ * @return A new <code>SecureRandom</code> implementing the chosen
+ * algorithm.
+ * @throws NoSuchAlgorithmException If the named provider does not implement
+ * the algorithm, or if the implementation cannot be instantiated.
+ * @throws NoSuchProviderException If no provider named <code>provider</code>
+ * is currently installed.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code> or empty.
+ */
+ public static SecureRandom getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ provider = provider.trim();
+ if (provider.length() == 0)
+ throw new IllegalArgumentException("provider MUST NOT be empty");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of a <code>SecureRandom</code> for the specified
+ * algorithm from the given provider.
+ *
+ * @param algorithm The <code>SecureRandom</code> algorithm to create.
+ * @param provider The provider to use.
+ * @throws NoSuchAlgorithmException If the algorithm cannot be found, or if
+ * the class cannot be instantiated.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static SecureRandom getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("SecureRandom for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(SECURE_RANDOM, algorithm, provider);
+ return new SecureRandom((SecureRandomSpi) spi, provider, algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ Returns the provider being used by the current SecureRandom class.
+
+ @return The provider from which this SecureRandom was attained
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the algorithm name used or "unknown" when the algorithm
+ * used couldn't be determined (as when constructed by the protected
+ * 2 argument constructor).
+ *
+ * @since 1.5
+ */
+ public String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ Seeds the SecureRandom. The class is re-seeded for each call and
+ each seed builds on the previous seed so as not to weaken security.
+
+ @param seed seed bytes to seed with
+ */
+ public void setSeed(byte[] seed)
+ {
+ secureRandomSpi.engineSetSeed(seed);
+ isSeeded = true;
+ }
+
+ /**
+ Seeds the SecureRandom. The class is re-seeded for each call and
+ each seed builds on the previous seed so as not to weaken security.
+
+ @param seed 8 seed bytes to seed with
+ */
+ public void setSeed(long seed)
+ {
+ // This particular setSeed will be called by Random.Random(), via
+ // our own constructor, before secureRandomSpi is initialized. In
+ // this case we can't call a method on secureRandomSpi, and we
+ // definitely don't want to throw a NullPointerException.
+ // Therefore we test.
+ if (secureRandomSpi != null)
+ {
+ byte[] tmp = { (byte) (0xff & (seed >> 56)),
+ (byte) (0xff & (seed >> 48)),
+ (byte) (0xff & (seed >> 40)),
+ (byte) (0xff & (seed >> 32)),
+ (byte) (0xff & (seed >> 24)),
+ (byte) (0xff & (seed >> 16)),
+ (byte) (0xff & (seed >> 8)),
+ (byte) (0xff & seed)
+ };
+ secureRandomSpi.engineSetSeed(tmp);
+ isSeeded = true;
+ }
+ }
+
+ /**
+ Generates a user specified number of bytes. This function
+ is the basis for all the random functions.
+
+ @param bytes array to store generated bytes in
+ */
+ public void nextBytes(byte[] bytes)
+ {
+ if (!isSeeded)
+ setSeed(getSeed(32));
+ randomBytesUsed += bytes.length;
+ counter++;
+ secureRandomSpi.engineNextBytes(bytes);
+ }
+
+ /**
+ Generates an integer containing the user specified
+ number of random bits. It is right justified and padded
+ with zeros.
+
+ @param numBits number of random bits to get, 0 <= numBits <= 32;
+
+ @return the random bits
+ */
+ protected final int next(int numBits)
+ {
+ if (numBits == 0)
+ return 0;
+
+ byte[] tmp = new byte[(numBits + 7) / 8];
+ this.nextBytes(tmp);
+ int ret = 0;
+ for (int i = 0; i < tmp.length; i++)
+ ret |= (tmp[i] & 0xFF) << (8 * i);
+
+ long mask = (1L << numBits) - 1;
+ return (int) (ret & mask);
+ }
+
+ /**
+ Returns the given number of seed bytes. This method is
+ maintained only for backwards capability.
+
+ @param numBytes number of seed bytes to get
+
+ @return an array containing the seed bytes
+ */
+ public static byte[] getSeed(int numBytes)
+ {
+ return SecureRandomAdapter.getSeed(numBytes);
+ }
+
+ /**
+ Returns the specified number of seed bytes.
+
+ @param numBytes number of seed bytes to get
+
+ @return an array containing the seed bytes
+ */
+ public byte[] generateSeed(int numBytes)
+ {
+ return secureRandomSpi.engineGenerateSeed(numBytes);
+ }
+
+}
diff --git a/libjava/classpath/java/security/SecureRandomSpi.java b/libjava/classpath/java/security/SecureRandomSpi.java
new file mode 100644
index 000000000..08488ced7
--- /dev/null
+++ b/libjava/classpath/java/security/SecureRandomSpi.java
@@ -0,0 +1,85 @@
+/* SecureRandomSpi.java --- Secure Random Service Provider Interface
+ Copyright (C) 1999, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+import java.io.Serializable;
+
+/**
+ SecureRandomSpi is the Service Provider Interface for SecureRandom
+ providers. It provides an interface for providers to the
+ SecureRandom engine to write their own pseudo-random number
+ generator.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ */
+public abstract class SecureRandomSpi implements Serializable
+{
+ private static final long serialVersionUID = -2991854161009191830L;
+
+ /**
+ Default Constructor for SecureRandomSpi
+ */
+ public SecureRandomSpi()
+ {
+ }
+
+ /**
+ Updates the seed for SecureRandomSpi but does not reset seed.
+ It does to this so repeated called never decrease randomness.
+ */
+ protected abstract void engineSetSeed(byte[] seed);
+
+ /**
+ Gets a user specified number of bytes depending on the length
+ of the array?
+
+ @param bytes array to fill with random bytes
+ */
+ protected abstract void engineNextBytes(byte[] bytes);
+
+ /**
+ Gets a user specified number of bytes specified by the
+ parameter.
+
+ @param numBytes number of random bytes to generate
+
+ @return an array full of random bytes
+ */
+ protected abstract byte[] engineGenerateSeed(int numBytes);
+}
diff --git a/libjava/classpath/java/security/Security.java b/libjava/classpath/java/security/Security.java
new file mode 100644
index 000000000..6cd98b0fb
--- /dev/null
+++ b/libjava/classpath/java/security/Security.java
@@ -0,0 +1,711 @@
+/* Security.java --- Java base security class implementation
+ Copyright (C) 1999, 2001, 2002, 2003, 2004, 2005, 2006
+ Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.classpath.SystemProperties;
+
+import gnu.classpath.Configuration;
+import gnu.classpath.VMStackWalker;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.Vector;
+
+/**
+ * This class centralizes all security properties and common security methods.
+ * One of its primary uses is to manage security providers.
+ *
+ * @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ */
+public final class Security
+{
+ private static final String ALG_ALIAS = "Alg.Alias.";
+
+ private static Vector providers = new Vector();
+ private static Properties secprops = new Properties();
+
+ static
+ {
+ String base = SystemProperties.getProperty("gnu.classpath.home.url");
+ String vendor = SystemProperties.getProperty("gnu.classpath.vm.shortname");
+
+ // Try VM specific security file
+ boolean loaded = loadProviders (base, vendor);
+
+ // Append classpath standard provider if possible
+ if (!loadProviders (base, "classpath")
+ && !loaded
+ && providers.size() == 0)
+ {
+ if (Configuration.DEBUG)
+ {
+ /* No providers found and both security files failed to
+ * load properly. Give a warning in case of DEBUG is
+ * enabled. Could be done with java.util.logging later.
+ */
+ System.err.println
+ ("WARNING: could not properly read security provider files:");
+ System.err.println
+ (" " + base + "/security/" + vendor
+ + ".security");
+ System.err.println
+ (" " + base + "/security/" + "classpath"
+ + ".security");
+ System.err.println
+ (" Falling back to standard GNU security provider");
+ }
+ // Note that this matches our classpath.security file.
+ providers.addElement (new gnu.java.security.provider.Gnu());
+ providers.addElement(new gnu.javax.crypto.jce.GnuCrypto());
+ providers.addElement(new gnu.javax.crypto.jce.GnuSasl());
+ providers.addElement(new gnu.javax.net.ssl.provider.Jessie());
+ providers.addElement(new gnu.javax.security.auth.callback.GnuCallbacks());
+ }
+ }
+ // This class can't be instantiated.
+ private Security()
+ {
+ }
+
+ /**
+ * Tries to load the vender specific security providers from the given base
+ * URL. Returns true if the resource could be read and completely parsed
+ * successfully, false otherwise.
+ */
+ private static boolean loadProviders(String baseUrl, String vendor)
+ {
+ if (baseUrl == null || vendor == null)
+ return false;
+
+ boolean result = true;
+ String secfilestr = baseUrl + "/security/" + vendor + ".security";
+ try
+ {
+ InputStream fin = new URL(secfilestr).openStream();
+ secprops.load(fin);
+
+ int i = 1;
+ String name;
+ while ((name = secprops.getProperty("security.provider." + i)) != null)
+ {
+ Exception exception = null;
+ try
+ {
+ ClassLoader sys = ClassLoader.getSystemClassLoader();
+ providers.addElement(Class.forName(name, true, sys).newInstance());
+ }
+ catch (ClassNotFoundException x)
+ {
+ exception = x;
+ }
+ catch (InstantiationException x)
+ {
+ exception = x;
+ }
+ catch (IllegalAccessException x)
+ {
+ exception = x;
+ }
+
+ if (exception != null)
+ {
+ System.err.println ("WARNING: Error loading security provider "
+ + name + ": " + exception);
+ result = false;
+ }
+ i++;
+ }
+ }
+ catch (IOException ignored)
+ {
+ result = false;
+ }
+
+ return result;
+ }
+
+ /**
+ * Returns the value associated to a designated property name for a given
+ * algorithm.
+ *
+ * @param algName
+ * the algorithm name.
+ * @param propName
+ * the name of the property to return.
+ * @return the value of the specified property or <code>null</code> if none
+ * found.
+ * @deprecated Use the provider-based and algorithm-independent
+ * {@link AlgorithmParameters} and {@link KeyFactory} engine
+ * classes instead.
+ */
+ public static String getAlgorithmProperty(String algName, String propName)
+ {
+ if (algName == null || propName == null)
+ return null;
+
+ String property = String.valueOf(propName) + "." + String.valueOf(algName);
+ Provider p;
+ for (Iterator i = providers.iterator(); i.hasNext(); )
+ {
+ p = (Provider) i.next();
+ for (Iterator j = p.keySet().iterator(); j.hasNext(); )
+ {
+ String key = (String) j.next();
+ if (key.equalsIgnoreCase(property))
+ return p.getProperty(key);
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Inserts a new designated {@link Provider} at a designated (1-based)
+ * position in the current list of installed {@link Provider}s,
+ *
+ * @param provider
+ * the new {@link Provider} to add.
+ * @param position
+ * the position (starting from 1) of where to install
+ * <code>provider</code>.
+ * @return the actual position, in the list of installed Providers. Returns
+ * <code>-1</code> if <code>provider</code> was laready in the
+ * list. The actual position may be different than the desired
+ * <code>position</code>.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed and it disallows this
+ * operation.
+ * @see #getProvider(String)
+ * @see #removeProvider(String)
+ * @see SecurityPermission
+ */
+ public static int insertProviderAt(Provider provider, int position)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("insertProvider." + provider.getName());
+
+ position--;
+ int max = providers.size ();
+ for (int i = 0; i < max; i++)
+ {
+ if (((Provider) providers.elementAt(i)).getName().equals(provider.getName()))
+ return -1;
+ }
+
+ if (position < 0)
+ position = 0;
+ if (position > max)
+ position = max;
+
+ providers.insertElementAt(provider, position);
+
+ return position + 1;
+ }
+
+ /**
+ * Appends the designated new {@link Provider} to the current list of
+ * installed {@link Provider}s.
+ *
+ * @param provider
+ * the new {@link Provider} to append.
+ * @return the position (starting from 1) of <code>provider</code> in the
+ * current list of {@link Provider}s, or <code>-1</code> if
+ * <code>provider</code> was already there.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed and it disallows this
+ * operation.
+ * @see #getProvider(String)
+ * @see #removeProvider(String)
+ * @see SecurityPermission
+ */
+ public static int addProvider(Provider provider)
+ {
+ return insertProviderAt (provider, providers.size () + 1);
+ }
+
+ /**
+ * Removes an already installed {@link Provider}, given its name, from the
+ * current list of installed {@link Provider}s.
+ *
+ * @param name
+ * the name of an already installed {@link Provider} to remove.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed and it disallows this
+ * operation.
+ * @see #getProvider(String)
+ * @see #addProvider(Provider)
+ */
+ public static void removeProvider(String name)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("removeProvider." + name);
+
+ int max = providers.size ();
+ for (int i = 0; i < max; i++)
+ {
+ if (((Provider) providers.elementAt(i)).getName().equals(name))
+ {
+ providers.remove(i);
+ break;
+ }
+ }
+ }
+
+ /**
+ * Returns the current list of installed {@link Provider}s as an array
+ * ordered according to their installation preference order.
+ *
+ * @return an array of all the installed providers.
+ */
+ public static Provider[] getProviders()
+ {
+ Provider[] array = new Provider[providers.size ()];
+ providers.copyInto (array);
+ return array;
+ }
+
+ /**
+ * Returns an already installed {@link Provider} given its name.
+ *
+ * @param name
+ * the name of an already installed {@link Provider}.
+ * @return the {@link Provider} known by <code>name</code>. Returns
+ * <code>null</code> if the current list of {@link Provider}s does
+ * not include one named <code>name</code>.
+ * @see #removeProvider(String)
+ * @see #addProvider(Provider)
+ */
+ public static Provider getProvider(String name)
+ {
+ if (name == null)
+ return null;
+ else
+ {
+ name = name.trim();
+ if (name.length() == 0)
+ return null;
+ }
+ Provider p;
+ int max = providers.size ();
+ for (int i = 0; i < max; i++)
+ {
+ p = (Provider) providers.elementAt(i);
+ if (p.getName().equals(name))
+ return p;
+ }
+ return null;
+ }
+
+ /**
+ * Returns the value associated with a Security propery.
+ *
+ * @param key
+ * the key of the property to fetch.
+ * @return the value of the Security property associated with
+ * <code>key</code>. Returns <code>null</code> if no such property
+ * was found.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed and it disallows this
+ * operation.
+ * @see #setProperty(String, String)
+ * @see SecurityPermission
+ */
+ public static String getProperty(String key)
+ {
+ // XXX To prevent infinite recursion when the SecurityManager calls us,
+ // don't do a security check if the caller is trusted (by virtue of having
+ // been loaded by the bootstrap class loader).
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null && VMStackWalker.getCallingClassLoader() != null)
+ sm.checkSecurityAccess("getProperty." + key);
+
+ return secprops.getProperty(key);
+ }
+
+ /**
+ * Sets or changes a designated Security property to a designated value.
+ *
+ * @param key
+ * the name of the property to set.
+ * @param datum
+ * the new value of the property.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed and it disallows this
+ * operation.
+ * @see #getProperty(String)
+ * @see SecurityPermission
+ */
+ public static void setProperty(String key, String datum)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("setProperty." + key);
+
+ if (datum == null)
+ secprops.remove(key);
+ else
+ secprops.put(key, datum);
+ }
+
+ /**
+ * For a given <i>service</i> (e.g. Signature, MessageDigest, etc...) this
+ * method returns the {@link Set} of all available algorithm names (instances
+ * of {@link String}, from all currently installed {@link Provider}s.
+ *
+ * @param serviceName
+ * the case-insensitive name of a service (e.g. Signature,
+ * MessageDigest, etc).
+ * @return a {@link Set} of {@link String}s containing the names of all
+ * algorithm names provided by all of the currently installed
+ * {@link Provider}s.
+ * @since 1.4
+ */
+ public static Set<String> getAlgorithms(String serviceName)
+ {
+ HashSet<String> result = new HashSet<String>();
+ if (serviceName == null || serviceName.length() == 0)
+ return result;
+
+ serviceName = serviceName.trim();
+ if (serviceName.length() == 0)
+ return result;
+
+ serviceName = serviceName.toUpperCase()+".";
+ Provider[] providers = getProviders();
+ int ndx;
+ for (int i = 0; i < providers.length; i++)
+ for (Enumeration e = providers[i].propertyNames(); e.hasMoreElements(); )
+ {
+ String service = ((String) e.nextElement()).trim();
+ if (service.toUpperCase().startsWith(serviceName))
+ {
+ service = service.substring(serviceName.length()).trim();
+ ndx = service.indexOf(' '); // get rid of attributes
+ if (ndx != -1)
+ service = service.substring(0, ndx);
+ result.add(service);
+ }
+ }
+ return Collections.unmodifiableSet(result);
+ }
+
+ /**
+ * Returns an array of currently installed {@link Provider}s, ordered
+ * according to their installation preference order, which satisfy a given
+ * <i>selection</i> criterion.
+ *
+ * <p>This implementation recognizes a <i>selection</i> criterion written in
+ * one of two following forms:</p>
+ *
+ * <ul>
+ * <li>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt;: Where
+ * <i>crypto_service</i> is a case-insensitive string, similar to what has
+ * been described in the {@link #getAlgorithms(String)} method, and
+ * <i>algorithm_or_type</i> is a known case-insensitive name of an
+ * Algorithm, or one of its aliases.
+ *
+ * <p>For example, "CertificateFactory.X.509" would return all the installed
+ * {@link Provider}s which provide a <i>CertificateFactory</i>
+ * implementation of <i>X.509</i>.</p></li>
+ *
+ * <li>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt; &lt;attribute_name&gt;:&lt;value&gt;:
+ * Where <i>crypto_service</i> is a case-insensitive string, similar to what
+ * has been described in the {@link #getAlgorithms(String)} method,
+ * <i>algorithm_or_type</i> is a case-insensitive known name of an Algorithm
+ * or one of its aliases, <i>attribute_name</i> is a case-insensitive
+ * property name with no whitespace characters, and no dots, in-between, and
+ * <i>value</i> is a {@link String} with no whitespace characters in-between.
+ *
+ * <p>For example, "Signature.Sha1WithDSS KeySize:1024" would return all the
+ * installed {@link Provider}s which declared their ability to provide
+ * <i>Signature</i> services, using the <i>Sha1WithDSS</i> algorithm with
+ * key sizes of <i>1024</i>.</p></li>
+ * </ul>
+ *
+ * @param filter
+ * the <i>selection</i> criterion for selecting among the installed
+ * {@link Provider}s.
+ * @return all the installed {@link Provider}s which satisfy the <i>selection</i>
+ * criterion. Returns <code>null</code> if no installed
+ * {@link Provider}s were found which satisfy the <i>selection</i>
+ * criterion. Returns ALL installed {@link Provider}s if
+ * <code>filter</code> is <code>null</code> or is an empty string.
+ * @throws InvalidParameterException
+ * if an exception occurs while parsing the <code>filter</code>.
+ * @see #getProviders(Map)
+ */
+ public static Provider[] getProviders(String filter)
+ {
+ if (providers == null || providers.isEmpty())
+ return null;
+
+ if (filter == null || filter.length() == 0)
+ return getProviders();
+
+ HashMap map = new HashMap(1);
+ int i = filter.indexOf(':');
+ if (i == -1) // <service>.<algorithm>
+ map.put(filter, "");
+ else // <service>.<algorithm> <attribute>:<value>
+ map.put(filter.substring(0, i), filter.substring(i+1));
+
+ return getProviders(map);
+ }
+
+ /**
+ * Returns an array of currently installed {@link Provider}s which satisfy a
+ * set of <i>selection</i> criteria.
+ *
+ * <p>The <i>selection</i> criteria are defined in a {@link Map} where each
+ * element specifies a <i>selection</i> querry. The <i>Keys</i> in this
+ * {@link Map} must be in one of the two following forms:</p>
+ *
+ * <ul>
+ * <li>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt;: Where
+ * <i>crypto_service</i> is a case-insensitive string, similar to what has
+ * been described in the {@link #getAlgorithms(String)} method, and
+ * <i>algorithm_or_type</i> is a case-insensitive known name of an
+ * Algorithm, or one of its aliases. The <i>value</i> of the entry in the
+ * {@link Map} for such a <i>Key</i> MUST be the empty string.
+ * {@link Provider}s which provide an implementation for the designated
+ * <i>service algorithm</i> are included in the result.</li>
+ *
+ * <li>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt; &lt;attribute_name&gt;:
+ * Where <i>crypto_service</i> is a case-insensitive string, similar to what
+ * has been described in the {@link #getAlgorithms(String)} method,
+ * <i>algorithm_or_type</i> is a case-insensitive known name of an Algorithm
+ * or one of its aliases, and <i>attribute_name</i> is a case-insensitive
+ * property name with no whitespace characters, and no dots, in-between. The
+ * <i>value</i> of the entry in this {@link Map} for such a <i>Key</i> MUST
+ * NOT be <code>null</code> or an empty string. {@link Provider}s which
+ * declare the designated <i>attribute_name</i> and <i>value</i> for the
+ * designated <i>service algorithm</i> are included in the result.</li>
+ * </ul>
+ *
+ * @param filter
+ * a {@link Map} of <i>selection querries</i>.
+ * @return all currently installed {@link Provider}s which satisfy ALL the
+ * <i>selection</i> criteria defined in <code>filter</code>.
+ * Returns ALL installed {@link Provider}s if <code>filter</code>
+ * is <code>null</code> or empty.
+ * @throws InvalidParameterException
+ * if an exception is encountered while parsing the syntax of the
+ * {@link Map}'s <i>keys</i>.
+ * @see #getProviders(String)
+ */
+ public static Provider[] getProviders(Map<String,String> filter)
+ {
+ if (providers == null || providers.isEmpty())
+ return null;
+
+ if (filter == null)
+ return getProviders();
+
+ Set<String> querries = filter.keySet();
+ if (querries == null || querries.isEmpty())
+ return getProviders();
+
+ LinkedHashSet result = new LinkedHashSet(providers); // assume all
+ int dot, ws;
+ String querry, service, algorithm, attribute, value;
+ LinkedHashSet serviceProviders = new LinkedHashSet(); // preserve insertion order
+ for (Iterator i = querries.iterator(); i.hasNext(); )
+ {
+ querry = (String) i.next();
+ if (querry == null) // all providers
+ continue;
+
+ querry = querry.trim();
+ if (querry.length() == 0) // all providers
+ continue;
+
+ dot = querry.indexOf('.');
+ if (dot == -1) // syntax error
+ throw new InvalidParameterException(
+ "missing dot in '" + String.valueOf(querry)+"'");
+
+ value = filter.get(querry);
+ // deconstruct querry into [service, algorithm, attribute]
+ if (value == null || value.trim().length() == 0) // <service>.<algorithm>
+ {
+ value = null;
+ attribute = null;
+ service = querry.substring(0, dot).trim();
+ algorithm = querry.substring(dot+1).trim();
+ }
+ else // <service>.<algorithm> <attribute>
+ {
+ ws = querry.indexOf(' ');
+ if (ws == -1)
+ throw new InvalidParameterException(
+ "value (" + String.valueOf(value) +
+ ") is not empty, but querry (" + String.valueOf(querry) +
+ ") is missing at least one space character");
+ value = value.trim();
+ attribute = querry.substring(ws+1).trim();
+ // was the dot in the attribute?
+ if (attribute.indexOf('.') != -1)
+ throw new InvalidParameterException(
+ "attribute_name (" + String.valueOf(attribute) +
+ ") in querry (" + String.valueOf(querry) + ") contains a dot");
+
+ querry = querry.substring(0, ws).trim();
+ service = querry.substring(0, dot).trim();
+ algorithm = querry.substring(dot+1).trim();
+ }
+
+ // service and algorithm must not be empty
+ if (service.length() == 0)
+ throw new InvalidParameterException(
+ "<crypto_service> in querry (" + String.valueOf(querry) +
+ ") is empty");
+
+ if (algorithm.length() == 0)
+ throw new InvalidParameterException(
+ "<algorithm_or_type> in querry (" + String.valueOf(querry) +
+ ") is empty");
+
+ selectProviders(service, algorithm, attribute, value, result, serviceProviders);
+ result.retainAll(serviceProviders); // eval next retaining found providers
+ if (result.isEmpty()) // no point continuing
+ break;
+ }
+
+ if (result.isEmpty())
+ return null;
+
+ return (Provider[]) result.toArray(new Provider[result.size()]);
+ }
+
+ private static void selectProviders(String svc, String algo, String attr,
+ String val, LinkedHashSet providerSet,
+ LinkedHashSet result)
+ {
+ result.clear(); // ensure we start with an empty result set
+ for (Iterator i = providerSet.iterator(); i.hasNext(); )
+ {
+ Provider p = (Provider) i.next();
+ if (provides(p, svc, algo, attr, val))
+ result.add(p);
+ }
+ }
+
+ private static boolean provides(Provider p, String svc, String algo,
+ String attr, String val)
+ {
+ Iterator it;
+ String serviceDotAlgorithm = null;
+ String key = null;
+ String realVal;
+ boolean found = false;
+ // if <svc>.<algo> <attr> is in the set then so is <svc>.<algo>
+ // but it may be stored under an alias <algo>. resolve
+ outer: for (int r = 0; r < 3; r++) // guard against circularity
+ {
+ serviceDotAlgorithm = (svc+"."+String.valueOf(algo)).trim();
+ for (it = p.keySet().iterator(); it.hasNext(); )
+ {
+ key = (String) it.next();
+ if (key.equalsIgnoreCase(serviceDotAlgorithm)) // eureka
+ {
+ found = true;
+ break outer;
+ }
+ // it may be there but as an alias
+ if (key.equalsIgnoreCase(ALG_ALIAS + serviceDotAlgorithm))
+ {
+ algo = p.getProperty(key);
+ continue outer;
+ }
+ // else continue inner
+ }
+ }
+
+ if (!found)
+ return false;
+
+ // found a candidate for the querry. do we have an attr to match?
+ if (val == null) // <service>.<algorithm> querry
+ return true;
+
+ // <service>.<algorithm> <attribute>; find the key entry that match
+ String realAttr;
+ int limit = serviceDotAlgorithm.length() + 1;
+ for (it = p.keySet().iterator(); it.hasNext(); )
+ {
+ key = (String) it.next();
+ if (key.length() <= limit)
+ continue;
+
+ if (key.substring(0, limit).equalsIgnoreCase(serviceDotAlgorithm+" "))
+ {
+ realAttr = key.substring(limit).trim();
+ if (! realAttr.equalsIgnoreCase(attr))
+ continue;
+
+ // eveything matches so far. do the value
+ realVal = p.getProperty(key);
+ if (realVal == null)
+ return false;
+
+ realVal = realVal.trim();
+ // is it a string value?
+ if (val.equalsIgnoreCase(realVal))
+ return true;
+
+ // assume value is a number. cehck for greater-than-or-equal
+ return (Integer.parseInt(val) >= Integer.parseInt(realVal));
+ }
+ }
+
+ return false;
+ }
+}
diff --git a/libjava/classpath/java/security/SecurityPermission.java b/libjava/classpath/java/security/SecurityPermission.java
new file mode 100644
index 000000000..6aba18f34
--- /dev/null
+++ b/libjava/classpath/java/security/SecurityPermission.java
@@ -0,0 +1,178 @@
+/* SecurityPermission.java -- Class for named security permissions
+ Copyright (C) 1998, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This class provides a mechanism for specified named permissions
+ * related to the Java security framework. These permissions have no
+ * associated actions list. They are either granted or not granted.
+ *
+ * <p>The list of valid permission names is:<br>
+ * <table border=1>
+ * <tr><th>Permission Name</th><th>Permission Allows</th><th>Risks</th</tr>
+ * <tr>
+ * <td><code>createAccessControlContext</code></td>
+ * <td>Allows creation of an AccessControlContext</td>
+ * <td>The new control context can have a rogue DomainCombiner, leading
+ * to a privacy leak</td></tr>
+ * <tr>
+ * <td><code>getDomainCombiner</code></td>
+ * <td>Get a DomainCombiner from an AccessControlContext</td>
+ * <td>Access to a DomainCombiner can lead to a privacy leak</td></tr>
+ * <tr>
+ * <td><code>getPolicy</code></td>
+ * <td>Allows retrieval of the system security policy</td>
+ * <td>Malicious code can use information from the policy to better plan
+ * an attack</td></tr>
+ * <tr>
+ * <td><code>setPolicy</code></td>
+ * <td>Allows the security policy to be changed</td>
+ * <td>Malicious code can give itself any permission it wants</td></tr>
+ * <tr>
+ * <td><code>getProperty.</code><em>key</em></td>
+ * <td>Retrieve the property specified by the key</td>
+ * <td>Malicious code can use information from the property to better plan
+ * an attack</td></tr>
+ * <tr>
+ * <td><code>setProperty.</code><em>key</em></td>
+ * <td>Allows changing of the value of all properties implied by key</td>
+ * <td>Malicious code can insert rogue classes to steal keys or recreate
+ * the security policy with whatever permissions it desires</td></tr>
+ * <tr>
+ * <td><code>insertProvider.</code><em>key</em></td>
+ * <td>Allows the named provider to be added</td>
+ * <td>Malicious code can insert rogue providers that steal data</td></tr>
+ * <tr>
+ * <td><code>removeProvider.</code><em>key</em></td>
+ * <td>Allows the named provider to be removed</td>
+ * <td>A missing provider can cripple code that relies on it</td></tr>
+ * <tr>
+ * <td><code>setSystemScope</code></td>
+ * <td>Allows the system identity scope to be set</td>
+ * <td>Malicious code can add certificates not available in the original
+ * identity scope, to gain more permissions</td></tr>
+ * <tr>
+ * <td><code>setIdentityPublicKey</code></td>
+ * <td>Allows the public key of an Identity to be set</td>
+ * <td>Malicious code can install its own key to gain permissions not
+ * allowed by the original identity scope</td></tr>
+ * <tr>
+ * <td><code>SetIdentityInfo</code></td>
+ * <td>Allows the description of an Identity to be set</td>
+ * <td>Malicious code can spoof users into trusting a fake identity</td></tr>
+ * <tr>
+ * <td><code>addIdentityCertificate</code></td>
+ * <td>Allows a certificate to be set for the public key of an identity</td>
+ * <td>The public key can become trusted to a wider audience than originally
+ * intended</td></tr>
+ * <tr>
+ * <td><code>removeIdentityCertificate</code></td>
+ * <td>Allows removal of a certificate from an identity's public key</td>
+ * <td>The public key can become less trusted than it should be</td></tr>
+ * <tr>
+ * <td><code>printIdentity</code></td>
+ * <td>View the name of the identity and scope, and whether they are
+ * trusted</td>
+ * <td>The scope may include a filename, which provides an entry point for
+ * further security breaches</td></tr>
+ * <tr>
+ * <td><code>clearProviderProperties.</code><em>key</em></td>
+ * <td>Allows the properties of the named provider to be cleared</td>
+ * <td>This can disable parts of the program which depend on finding the
+ * provider</td></tr>
+ * <tr>
+ * <td><code>putProviderProperty.</code><em>key</em></td>
+ * <td>Allows the properties of the named provider to be changed</td>
+ * <td>Malicious code can replace the implementation of a provider</td></tr>
+ * <tr>
+ * <td><code>removeProviderProperty.</code><em>key</em></td>
+ * <td>Allows the properties of the named provider to be deleted</td>
+ * <td>This can disable parts of the program which depend on finding the
+ * provider</td></tr>
+ * <tr>
+ * <td><code>getSignerPrivateKey</code></td>
+ * <td>Allows the retrieval of the private key for a signer</td>
+ * <td>Anyone that can access the private key can claim to be the
+ * Signer</td></tr>
+ * <tr>
+ * <td><code>setSignerKeyPair</code></td>
+ * <td>Allows the public and private key of a Signer to be changed</td>
+ * <td>The replacement might be a weaker encryption, or the attacker
+ * can use knowledge of the replaced key to decrypt an entire
+ * communication session</td></tr>
+ * </table>
+ *
+ * <p>There is some degree of security risk in granting any of these
+ * permissions. Some of them can completely compromise system security.
+ * Please exercise extreme caution in granting these permissions.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see Permission
+ * @see SecurityManager
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public final class SecurityPermission extends BasicPermission
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 5236109936224050470L;
+
+ /**
+ * Create a new instance with the specified name.
+ *
+ * @param name the name to assign to this permission
+ */
+ public SecurityPermission(String name)
+ {
+ super(name);
+ }
+
+ /**
+ * Create a new instance with the specified name. As SecurityPermission
+ * carries no actions, the second parameter is ignored.
+ *
+ * @param name the name to assign to this permission
+ * @param actions ignored
+ */
+ public SecurityPermission(String name, String actions)
+ {
+ super(name);
+ }
+} // class SecurityPermission
diff --git a/libjava/classpath/java/security/Signature.java b/libjava/classpath/java/security/Signature.java
new file mode 100644
index 000000000..d7186395f
--- /dev/null
+++ b/libjava/classpath/java/security/Signature.java
@@ -0,0 +1,593 @@
+/* Signature.java --- Signature Class
+ Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.nio.ByteBuffer;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * <code>Signature</code> is used to provide an interface to digital signature
+ * algorithms. Digital signatures provide authentication and data integrity of
+ * digital data.
+ *
+ * <p>The GNU provider provides the NIST standard DSA which uses DSA and SHA-1.
+ * It can be specified by SHA/DSA, SHA-1/DSA or its OID. If the RSA signature
+ * algorithm is provided then it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The
+ * algorithm must be specified because there is no default.</p>
+ *
+ * <p>Signature provides implementation-independent algorithms which are
+ * requested by the user through the <code>getInstance()<?code> methods. It can
+ * be requested by specifying just the algorithm name or by specifying both the
+ * algorithm name and provider name.</p>
+ *
+ * <p>The three phases of using <code>Signature</code> are:</p>
+ *
+ * <ol>
+ * <li>Initializing:
+ * <ul>
+ * <li>It must be initialized with a private key for signing.</li>
+ * <li>It must be initialized with a public key for verifying.</li>
+ * </li>
+ *
+ * <li>Updating:
+ * <p>Update the bytes for signing or verifying with calls to update.</p>
+ * </li>
+ *
+ * <li>Signing or Verify the signature on the currently stored bytes by
+ * calling sign or verify.</li>
+ * </ol>
+ *
+ * @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ */
+public abstract class Signature extends SignatureSpi
+{
+ /** Service name for signatures. */
+ private static final String SIGNATURE = "Signature";
+
+ /**
+ * Possible state value which signifies that this instance has not yet been
+ * initialized.
+ */
+ protected static final int UNINITIALIZED = 0;
+
+ /**
+ * Possible state value which signifies that this instance has been
+ * initialized for signing purposes.
+ */
+ protected static final int SIGN = 2;
+
+ /**
+ * Possible state value which signifies that this instance has been
+ * initialized for verification purposes.
+ */
+ protected static final int VERIFY = 3;
+
+ /** Current sate of this instance. */
+ protected int state = UNINITIALIZED;
+
+ private String algorithm;
+ Provider provider;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Constructs a new <code>Signature</code> instance for a designated digital
+ * signature algorithm.
+ *
+ * @param algorithm
+ * the algorithm to use.
+ */
+ protected Signature(String algorithm)
+ {
+ this.algorithm = algorithm;
+ state = UNINITIALIZED;
+ }
+
+ /**
+ * Returns an instance of <code>Signature</code> representing the specified
+ * signature.
+ *
+ * @param algorithm the algorithm to use.
+ * @return a new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by any
+ * provider.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static Signature getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of <code>Signature</code> representing the specified
+ * signature from the named provider.
+ *
+ * @param algorithm the algorithm to use.
+ * @param provider the name of the provider to use.
+ * @return a new instance repesenting the desired algorithm.
+ * @throws NoSuchProviderException if the named provider was not found.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by the
+ * named provider.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code> or empty.
+ */
+ public static Signature getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ provider = provider.trim();
+ if (provider.length() == 0)
+ throw new IllegalArgumentException("provider MUST NOT be empty");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of <code>Signature</code> representing the specified
+ * signature from the specified {@link Provider}.
+ *
+ * @param algorithm the algorithm to use.
+ * @param provider the {@link Provider} to use.
+ * @return a new instance repesenting the desired algorithm.
+ * @throws NoSuchAlgorithmException if the algorithm is not implemented by the
+ * {@link Provider}.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static Signature getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("Signature algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] ");
+ Object o;
+ try
+ {
+ o = Engine.getInstance(SIGNATURE, algorithm, provider);
+ }
+ catch (InvocationTargetException x)
+ {
+ Throwable cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ sb.append("could not be created");
+ NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString());
+ y.initCause(cause);
+ throw y;
+ }
+ Signature result;
+ if (o instanceof SignatureSpi)
+ result = new DummySignature((SignatureSpi) o, algorithm);
+ else if (o instanceof Signature)
+ {
+ result = (Signature) o;
+ result.algorithm = algorithm;
+ }
+ else
+ {
+ sb.append("is of an unexpected Type: ").append(o.getClass().getName());
+ throw new NoSuchAlgorithmException(sb.toString());
+ }
+ result.provider = provider;
+ return result;
+ }
+
+ /**
+ * Returns the {@link Provider} of this instance.
+ *
+ * @return the {@link Provider} of this instance.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initializes this instance with the public key for verification purposes.
+ *
+ * @param publicKey
+ * the public key to verify with.
+ * @throws InvalidKeyException
+ * if the key is invalid.
+ */
+ public final void initVerify(PublicKey publicKey) throws InvalidKeyException
+ {
+ state = VERIFY;
+ engineInitVerify(publicKey);
+ }
+
+ /**
+ * Verify a signature with a designated {@link Certificate}. This is a FIPS
+ * 140-1 compatible method since it verifies a signature with a certificate.
+ *
+ * <p>If the {@link Certificate} is an X.509 one, has a <i>KeyUsage</i>
+ * parameter and that parameter indicates this key is not to be used for
+ * signing then an exception is thrown.</p>
+ *
+ * @param certificate
+ * a {@link Certificate} containing a public key to verify with.
+ * @throws InvalidKeyException if the key is invalid.
+ */
+ public final void initVerify(Certificate certificate)
+ throws InvalidKeyException
+ {
+ state = VERIFY;
+ if (certificate.getType().equals("X509"))
+ {
+ X509Certificate cert = (X509Certificate) certificate;
+ boolean[]array = cert.getKeyUsage();
+ if (array != null && array[0] == false)
+ throw new InvalidKeyException(
+ "KeyUsage of this Certificate indicates it cannot be used for digital signing");
+ }
+ this.initVerify(certificate.getPublicKey());
+ }
+
+ /**
+ * Initializes this class with the private key for signing purposes.
+ *
+ * @param privateKey
+ * the private key to sign with.
+ * @throws InvalidKeyException
+ * if the key is invalid.
+ */
+ public final void initSign(PrivateKey privateKey) throws InvalidKeyException
+ {
+ state = SIGN;
+ engineInitSign(privateKey);
+ }
+
+ /**
+ * Initializes this class with the private key and source of randomness for
+ * signing purposes.
+ *
+ * @param privateKey
+ * the private key to sign with.
+ * @param random
+ * the {@link SecureRandom} to use.
+ * @throws InvalidKeyException
+ * if the key is invalid.
+ */
+ public final void initSign(PrivateKey privateKey, SecureRandom random)
+ throws InvalidKeyException
+ {
+ state = SIGN;
+ engineInitSign(privateKey, random);
+ }
+
+ /**
+ * Returns the signature bytes of all the data fed to this instance. The
+ * format of the output depends on the underlying signature algorithm.
+ *
+ * @return the signature bytes.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ */
+ public final byte[] sign() throws SignatureException
+ {
+ if (state == SIGN)
+ return engineSign();
+ else
+ throw new SignatureException();
+ }
+
+ /**
+ * Generates signature bytes of all the data fed to this instance and stores
+ * it in the designated array. The format of the result depends on the
+ * underlying signature algorithm.
+ *
+ * <p>After calling this method, the instance is reset to its initial state
+ * and can then be used to generate additional signatures.</p>
+ *
+ * <p><b>IMPLEMENTATION NOTE:</b> Neither this method nor the GNU provider
+ * will return partial digests. If <code>len</code> is less than the
+ * signature length, this method will throw a {@link SignatureException}. If
+ * it is greater than or equal then it is ignored.</p>
+ *
+ * @param outbuf
+ * array of bytes of where to store the resulting signature bytes.
+ * @param offset
+ * the offset to start at in the array.
+ * @param len
+ * the number of the bytes to use in the array.
+ * @return the real number of bytes used.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ * @since 1.2
+ */
+ public final int sign(byte[] outbuf, int offset, int len)
+ throws SignatureException
+ {
+ if (state == SIGN)
+ return engineSign(outbuf, offset, len);
+ else
+ throw new SignatureException();
+ }
+
+ /**
+ * Verifies a designated signature.
+ *
+ * @param signature
+ * the signature bytes to verify.
+ * @return <code>true</code> if verified, <code>false</code> otherwise.
+ * @throws SignatureException
+ * if the engine is not properly initialized or the signature does
+ * not check.
+ */
+ public final boolean verify(byte[]signature) throws SignatureException
+ {
+ if (state == VERIFY)
+ return engineVerify(signature);
+ else
+ throw new SignatureException();
+ }
+
+ /**
+ * Verifies a designated signature.
+ *
+ * @param signature
+ * the signature bytes to verify.
+ * @param offset
+ * the offset to start at in the array.
+ * @param length
+ * the number of the bytes to use from the array.
+ * @return <code>true</code> if verified, <code>false</code> otherwise.
+ * @throws IllegalArgumentException
+ * if the <code>signature</code> byte array is <code>null</code>,
+ * or the <code>offset</code> or <code>length</code> is less
+ * than <code>0</code>, or the sum of the <code>offset</code>
+ * and <code>length</code> is greater than the length of the
+ * <code>signature</code> byte array.
+ * @throws SignatureException
+ * if the engine is not properly initialized or the signature does
+ * not check.
+ */
+ public final boolean verify(byte[] signature, int offset, int length)
+ throws SignatureException
+ {
+ if (state != VERIFY)
+ throw new SignatureException("illegal state");
+
+ if (signature == null)
+ throw new IllegalArgumentException("signature is null");
+ if (offset < 0)
+ throw new IllegalArgumentException("offset is less than 0");
+ if (length < 0)
+ throw new IllegalArgumentException("length is less than 0");
+ if (offset + length < signature.length)
+ throw new IllegalArgumentException("range is out of bounds");
+
+ return engineVerify(signature, offset, length);
+ }
+
+ /**
+ * Updates the data to be signed or verified with the specified byte.
+ *
+ * @param b
+ * the byte to update with.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ */
+ public final void update(byte b) throws SignatureException
+ {
+ if (state != UNINITIALIZED)
+ engineUpdate(b);
+ else
+ throw new SignatureException();
+ }
+
+ /**
+ * Updates the data to be signed or verified with the specified bytes.
+ *
+ * @param data
+ * the array of bytes to use.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ */
+ public final void update(byte[]data) throws SignatureException
+ {
+ if (state != UNINITIALIZED)
+ engineUpdate(data, 0, data.length);
+ else
+ throw new SignatureException();
+ }
+
+ /**
+ * Updates the data to be signed or verified with the specified bytes.
+ *
+ * @param data
+ * an array of bytes to use.
+ * @param off
+ * the offset to start at in the array.
+ * @param len
+ * the number of bytes to use from the array.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ */
+ public final void update(byte[]data, int off, int len)
+ throws SignatureException
+ {
+ if (state != UNINITIALIZED)
+ engineUpdate(data, off, len);
+ else
+ throw new SignatureException();
+ }
+
+ /**
+ * Update this signature with the {@link java.nio.Buffer#remaining()}
+ * bytes of the input buffer.
+ *
+ * @param input The input buffer.
+ * @throws SignatureException If this instance was not properly
+ * initialized.
+ */
+ public final void update(ByteBuffer input) throws SignatureException
+ {
+ if (state != UNINITIALIZED)
+ engineUpdate(input);
+ else
+ throw new SignatureException("not initialized");
+ }
+
+ /**
+ * Returns the name of the algorithm currently used. The names of algorithms
+ * are usually SHA/DSA or SHA/RSA.
+ *
+ * @return name of algorithm.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Returns a rstring representation of this instance.
+ *
+ * @return a rstring representation of this instance.
+ */
+ public String toString()
+ {
+ return (algorithm + " Signature");
+ }
+
+ /**
+ * Sets the specified algorithm parameter to the specified value.
+ *
+ * @param param
+ * the parameter name.
+ * @param value
+ * the parameter value.
+ * @throws InvalidParameterException
+ * if the parameter is invalid, the parameter is already set and
+ * can not be changed, a security exception occured, etc.
+ * @deprecated use the other setParameter
+ */
+ public final void setParameter(String param, Object value)
+ throws InvalidParameterException
+ {
+ engineSetParameter(param, value);
+ }
+
+ /**
+ * Sets the signature engine with the specified {@link AlgorithmParameterSpec}.
+ *
+ * <p>By default, and unless overriden by the concrete SPI, this method always
+ * throws an {@link UnsupportedOperationException}.</p>
+ *
+ * @param params
+ * the parameters to use for intializing this instance.
+ * @throws InvalidParameterException
+ * if the parameter is invalid, the parameter is already set and
+ * cannot be changed, a security exception occured, etc.
+ */
+ public final void setParameter(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException
+ {
+ engineSetParameter(params);
+ }
+
+ /**
+ * Return the parameters of the algorithm used in this instance as an
+ * {@link AlgorithmParameters}.
+ *
+ * @return the parameters used with this instance, or <code>null</code> if
+ * this instance does not use any parameters.
+ */
+ public final AlgorithmParameters getParameters()
+ {
+ return engineGetParameters();
+ }
+
+ /**
+ * Returns the value for the specified algorithm parameter.
+ *
+ * @param param
+ * the parameter name.
+ * @return the parameter value.
+ * @throws InvalidParameterException
+ * if the parameter is invalid.
+ * @deprecated use the other getParameter
+ */
+ public final Object getParameter(String param)
+ throws InvalidParameterException
+ {
+ return engineGetParameter(param);
+ }
+
+ /**
+ * Returns a clone of this instance.
+ *
+ * @return a clone of this instace.
+ * @throws CloneNotSupportedException
+ * if the implementation does not support cloning.
+ */
+ public Object clone() throws CloneNotSupportedException
+ {
+ return super.clone();
+ }
+}
diff --git a/libjava/classpath/java/security/SignatureException.java b/libjava/classpath/java/security/SignatureException.java
new file mode 100644
index 000000000..b097bacfc
--- /dev/null
+++ b/libjava/classpath/java/security/SignatureException.java
@@ -0,0 +1,92 @@
+/* SignatureException.java -- Generic error in signature
+ Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception is thrown when a problem is encountered with a
+ * digital signature.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @status updated to 1.4
+ */
+public class SignatureException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 7509989324975124438L;
+
+ /**
+ * Create an instance with no descriptive error message.
+ */
+ public SignatureException()
+ {
+ }
+
+ /**
+ * Create an instance with a descriptive error message.
+ *
+ * @param msg the message
+ */
+ public SignatureException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public SignatureException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public SignatureException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/SignatureSpi.java b/libjava/classpath/java/security/SignatureSpi.java
new file mode 100644
index 000000000..1ed078c0b
--- /dev/null
+++ b/libjava/classpath/java/security/SignatureSpi.java
@@ -0,0 +1,316 @@
+/* SignatureSpi.java --- Signature Service Provider Interface
+ Copyright (C) 1999, 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.nio.ByteBuffer;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * <code>SignatureSpi</code> defines the Service Provider Interface (SPI) for
+ * the {@link Signature} class. The signature class provides an interface to a
+ * digital signature algorithm. Digital signatures are used for authentication
+ * and integrity of data.
+ *
+ * @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ * @since 1.2
+ * @see Signature
+ */
+public abstract class SignatureSpi
+{
+ /** Source of randomness. */
+ protected SecureRandom appRandom;
+
+ /**
+ * Creates a new instance of <code>SignatureSpi</code>.
+ */
+ public SignatureSpi()
+ {
+ appRandom = null;
+ }
+
+ /**
+ * Initializes this instance with the public key for verification purposes.
+ *
+ * @param publicKey
+ * the public key to verify with.
+ * @throws InvalidKeyException
+ * if the key is invalid.
+ */
+ protected abstract void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException;
+
+ /**
+ * Initializes this instance with the private key for signing purposes.
+ *
+ * @param privateKey
+ * the private key to sign with.
+ * @throws InvalidKeyException
+ * if the key is invalid.
+ */
+ protected abstract void engineInitSign(PrivateKey privateKey)
+ throws InvalidKeyException;
+
+ /**
+ * Initializes this instance with the private key and source of randomness for
+ * signing purposes.
+ *
+ * <p>This method cannot be abstract for backward compatibility reasons.</p>
+ *
+ * @param privateKey
+ * the private key to sign with.
+ * @param random
+ * the {@link SecureRandom} to use.
+ * @throws InvalidKeyException
+ * if the key is invalid.
+ * @since 1.2
+ */
+ protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
+ throws InvalidKeyException
+ {
+ appRandom = random;
+ engineInitSign(privateKey);
+ }
+
+ /**
+ * Updates the data to be signed or verified with the specified byte.
+ *
+ * @param b
+ * byte to update with.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ */
+ protected abstract void engineUpdate(byte b) throws SignatureException;
+
+ /**
+ * Updates the data to be signed or verified with the specified bytes.
+ *
+ * @param b
+ * the array of bytes to use.
+ * @param off
+ * the offset to start at in the array.
+ * @param len
+ * the number of the bytes to use from the array.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ */
+ protected abstract void engineUpdate(byte[] b, int off, int len)
+ throws SignatureException;
+
+ /**
+ * Update this signature with the {@link java.nio.Buffer#remaining()}
+ * bytes of the given buffer.
+ *
+ * @param input The input buffer.
+ * @throws IllegalStateException if the engine is not properly initialized.
+ */
+ protected void engineUpdate(ByteBuffer input)
+ {
+ byte[] buf = new byte[4096];
+ while (input.hasRemaining())
+ {
+ int l = Math.min(input.remaining(), buf.length);
+ input.get(buf, 0, l);
+ try
+ {
+ engineUpdate(buf, 0, l);
+ }
+ catch (SignatureException se)
+ {
+ throw new IllegalStateException(se);
+ }
+ }
+ }
+
+ /**
+ * Returns the signature bytes of all the data fed to this instance. The
+ * format of the output depends on the underlying signature algorithm.
+ *
+ * @return the signature bytes.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ */
+ protected abstract byte[] engineSign() throws SignatureException;
+
+ /**
+ * Generates signature bytes of all the data fed to this instance and stores
+ * the result in the designated array. The format of the output depends on
+ * the underlying signature algorithm.
+ *
+ * <p>This method cannot be abstract for backward compatibility reasons.
+ * After calling this method, the signature is reset to its initial state and
+ * can be used to generate additional signatures.</p>
+ *
+ * <p><b>IMPLEMENTATION NOTE:</b>: Neither this method nor the GNU provider
+ * will return partial digests. If <code>len</code> is less than the
+ * signature length, this method will throw a {@link SignatureException}. If
+ * it is greater than or equal then it is ignored.</p>
+ *
+ * @param outbuf
+ * the array of bytes to store the result in.
+ * @param offset
+ * the offset to start at in the array.
+ * @param len
+ * the number of the bytes to use in the array.
+ * @return the real number of bytes used.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ * @since 1.2
+ */
+ protected int engineSign(byte[] outbuf, int offset, int len)
+ throws SignatureException
+ {
+ byte[] tmp = engineSign();
+ if (tmp.length > len)
+ throw new SignatureException("Invalid Length");
+
+ System.arraycopy(outbuf, offset, tmp, 0, tmp.length);
+ return tmp.length;
+ }
+
+ /**
+ * Verifies a designated signature.
+ *
+ * @param sigBytes
+ * the signature bytes to verify.
+ * @return <code>true</code> if verified, <code>false</code> otherwise.
+ * @throws SignatureException
+ * if the engine is not properly initialized or if it is the wrong
+ * signature.
+ */
+ protected abstract boolean engineVerify(byte[] sigBytes)
+ throws SignatureException;
+
+ /**
+ * Convenience method which calls the method with the same name and one
+ * argument after copying the designated bytes into a temporary byte array.
+ * Subclasses may override this method for performance reasons.
+ *
+ * @param sigBytes
+ * the array of bytes to use.
+ * @param offset
+ * the offset to start from in the array of bytes.
+ * @param length
+ * the number of bytes to use, starting at offset.
+ * @return <code>true</code> if verified, <code>false</code> otherwise.
+ * @throws SignatureException
+ * if the engine is not properly initialized.
+ */
+ protected boolean engineVerify(byte[] sigBytes, int offset, int length)
+ throws SignatureException
+ {
+ byte[] tmp = new byte[length];
+ System.arraycopy(sigBytes, offset, tmp, 0, length);
+ return engineVerify(tmp);
+ }
+
+ /**
+ * Sets the specified algorithm parameter to the specified value.
+ *
+ * @param param
+ * the parameter name.
+ * @param value
+ * the parameter value.
+ * @throws InvalidParameterException
+ * if the parameter invalid, the parameter is already set and
+ * cannot be changed, a security exception occured, etc.
+ * @deprecated use the other setParameter.
+ */
+ protected abstract void engineSetParameter(String param, Object value)
+ throws InvalidParameterException;
+
+ /**
+ * Sets the signature engine with the specified {@link AlgorithmParameterSpec}.
+ *
+ * <p>This method cannot be abstract for backward compatibility reasons. By
+ * default it always throws {@link UnsupportedOperationException} unless
+ * overridden.</p>
+ *
+ * @param params
+ * the parameters.
+ * @throws InvalidParameterException
+ * if the parameter is invalid, the parameter is already set and
+ * cannot be changed, a security exception occured, etc.
+ */
+ protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * The default implementaion of this method always throws a
+ * {@link UnsupportedOperationException}. It MUST be overridden by concrete
+ * implementations to return the appropriate {@link AlgorithmParameters} for
+ * this signature engine (or <code>null</code> when that engine does not use
+ * any parameters.
+ *
+ * @return the parameters used with this signature engine, or
+ * <code>null</code> if it does not use any parameters.
+ * @throws UnsupportedOperationException
+ * always.
+ */
+ protected AlgorithmParameters engineGetParameters()
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the value for the specified algorithm parameter.
+ *
+ * @param param
+ * the parameter name.
+ * @return the parameter value.
+ * @throws InvalidParameterException
+ * if the parameter is invalid.
+ * @deprecated use the other getParameter
+ */
+ protected abstract Object engineGetParameter(String param)
+ throws InvalidParameterException;
+
+ /**
+ * Returns a clone of this instance.
+ *
+ * @return a clone of this instance.
+ * @throws CloneNotSupportedException
+ * if the implementation does not support cloning.
+ */
+ public Object clone() throws CloneNotSupportedException
+ {
+ return super.clone();
+ }
+}
diff --git a/libjava/classpath/java/security/SignedObject.java b/libjava/classpath/java/security/SignedObject.java
new file mode 100644
index 000000000..79f551cce
--- /dev/null
+++ b/libjava/classpath/java/security/SignedObject.java
@@ -0,0 +1,203 @@
+/* SignedObject.java --- Signed Object Class
+ Copyright (C) 1999, 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInput;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+/**
+ * <code>SignedObject</code> is used for storing runtime objects whose
+ * integrity cannot be compromised without being detected.
+ *
+ * <p><code>SignedObject</code> contains a {@link Serializable} object which is
+ * yet to be signed and a digital signature of that object.</p>
+ *
+ * <p>The signed copy is a "deep copy" (in serialized form) of an original
+ * object. Any changes to that original instance are not reflected in the
+ * enclosed copy inside this <code>SignedObject</code>.</p>
+ *
+ * <p>Several things to note are that, first there is no need to initialize the
+ * signature engine as this class will handle that automatically. Second,
+ * verification will only succeed if the public key corresponds to the private
+ * key used to generate the digital signature inside this
+ * <code>SignedObject</code>.</p>
+ *
+ * <p>For fexibility, the signature engine can be specified in the constructor
+ * or the <code>verify()</code> method. Programmers wishing to verify
+ * <code>SignedObject</code>s should be aware of the {@link Signature} engine
+ * they use. A malicious or flawed {@link Signature} implementation may always
+ * return true on verification thus circumventing the intended secrity check
+ * provided by the <code>SignedObject</code>.</p>
+ *
+ * <p>The GNU security provider offers an implementation of the standard NIST
+ * DSA which uses "DSA" and "SHA-1". It can be specified by "SHA/DSA",
+ * "SHA-1/DSA" or its OID. If the RSA signature algorithm is provided then it
+ * could be "MD2/RSA". "MD5/RSA", or "SHA-1/RSA". The algorithm must be
+ * specified because there is no default.</p>
+ *
+ * @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ * @since 1.2
+ * @see Signature
+ */
+public final class SignedObject implements Serializable
+{
+ private static final long serialVersionUID = 720502720485447167L;
+
+ /** @serial */
+ private byte[] content;
+ /** @serial */
+ private byte[] signature;
+ /** @serial */
+ private String thealgorithm;
+
+ /**
+ * Constructs a new instance of <code>SignedObject</code> from a
+ * {@link Serializable} object. The object is signed with a designated
+ * private key and a signature engine.
+ *
+ * @param object
+ * the object to sign.
+ * @param signingKey
+ * the key to use.
+ * @param signingEngine
+ * the signature engine to use.
+ * @throws IOException
+ * if a serialization error occurred.
+ * @throws InvalidKeyException
+ * if the key is invalid.
+ * @throws SignatureException
+ * if a signing error occurs.
+ */
+ public SignedObject(Serializable object, PrivateKey signingKey,
+ Signature signingEngine)
+ throws IOException, InvalidKeyException, SignatureException
+ {
+ thealgorithm = signingEngine.getAlgorithm();
+
+ ByteArrayOutputStream ostream = new ByteArrayOutputStream();
+ ObjectOutputStream p = new ObjectOutputStream(ostream);
+ p.writeObject(object);
+ p.flush();
+ p.close();
+
+ content = ostream.toByteArray();
+
+ signingEngine.initSign(signingKey);
+ signingEngine.update(content);
+ signature = signingEngine.sign();
+ }
+
+ /**
+ * Returns the encapsulated object. The object is de-serialized before being
+ * returned.
+ *
+ * @return the encapsulated object.
+ * @throws IOException
+ * if a de-serialization error occurs.
+ * @throws ClassNotFoundException
+ * if the encapsulated object's class was not found.
+ */
+ public Object getObject() throws IOException, ClassNotFoundException
+ {
+ ByteArrayInputStream bais = new ByteArrayInputStream(content);
+ ObjectInput oi = new ObjectInputStream(bais);
+ Object obj = oi.readObject();
+ oi.close();
+ bais.close();
+
+ return obj;
+ }
+
+ /**
+ * Returns the signature bytes of the encapsulated object.
+ *
+ * @return the signature bytes of the encapsulated object.
+ */
+ public byte[] getSignature()
+ {
+ return (byte[]) signature.clone();
+
+ }
+
+ /**
+ * Returns the name of the signature algorithm.
+ *
+ * @return the name of the signature algorithm.
+ */
+ public String getAlgorithm()
+ {
+ return thealgorithm;
+ }
+
+ /**
+ * Verifies the encapsulated digital signature by checking that it was
+ * generated by the owner of a designated public key.
+ *
+ * @param verificationKey
+ * the public key to use.
+ * @param verificationEngine
+ * the signature engine to use.
+ * @return <code>true</code> if signature is correct, <code>false</code>
+ * otherwise.
+ * @throws InvalidKeyException
+ * if the key is invalid.
+ * @throws SignatureException
+ * if verification fails.
+ */
+ public boolean verify(PublicKey verificationKey, Signature verificationEngine)
+ throws InvalidKeyException, SignatureException
+ {
+ verificationEngine.initVerify(verificationKey);
+ verificationEngine.update(content);
+ return verificationEngine.verify(signature);
+ }
+
+ /** Called to restore the state of the SignedObject from a stream. */
+ private void readObject(ObjectInputStream s)
+ throws IOException, ClassNotFoundException
+ {
+ s.defaultReadObject();
+ content = (byte[]) content.clone();
+ signature = (byte[]) signature.clone();
+ }
+}
diff --git a/libjava/classpath/java/security/Signer.java b/libjava/classpath/java/security/Signer.java
new file mode 100644
index 000000000..18259c863
--- /dev/null
+++ b/libjava/classpath/java/security/Signer.java
@@ -0,0 +1,148 @@
+/* Signer.java --- Signer Class
+ Copyright (C) 1999, 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * <code>Signer</code> is a subclass of {@link Identity}. It is used to store a
+ * digital signature key with an <i>Identity</i>.
+ *
+ * @author Mark Benvenuto (ivymccough@worldnet.att.net)
+ * @deprecated Replaced by <code>java.security.KeyStore</code>, the
+ * <code>java.security.cert</code> package, and <code>java.security.Principal</code>.
+ */
+public abstract class Signer extends Identity
+{
+ private static final long serialVersionUID = -1763464102261361480L;
+ private PrivateKey privateKey = null;
+
+ /** Trivial constructor for serialization purposes. */
+ protected Signer()
+ {
+ }
+
+ /**
+ * Constructs a new instance of <code>Signer</code> with the specified
+ * identity name.
+ *
+ * @param name
+ * the name of the identity to use.
+ */
+ public Signer(String name)
+ {
+ super(name);
+ }
+
+ /**
+ * Constructs a new instance of <code>Signer</code> with the specified
+ * identity name and {@link IdentityScope}.
+ *
+ * @param name
+ * the name of the the identity to use.
+ * @param scope
+ * the {@link IdentityScope} to use.
+ * @throws KeyManagementException
+ * if a duplicate identity <code>name</code> exists within
+ * <code>scope</code>.
+ */
+ public Signer(String name, IdentityScope scope) throws KeyManagementException
+ {
+ super(name, scope);
+ }
+
+ /**
+ * Returns the private key of this <code>Signer</code>.
+ *
+ * @returns the private key of this <code>Signer</code>.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public PrivateKey getPrivateKey()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("getSignerPrivateKey");
+
+ return privateKey;
+ }
+
+ /**
+ * Specifies the {@link KeyPair} associated with this <code>Signer</code>.
+ *
+ * @param pair
+ * the {@link KeyPair} to use.
+ * @throws InvalidParameterException
+ * if the key-pair is invalid.
+ * @throws KeyException
+ * if any another key-related error occurs.
+ * @throws SecurityException
+ * if a {@link SecurityManager} is installed which disallows this
+ * operation.
+ */
+ public final void setKeyPair(KeyPair pair)
+ throws InvalidParameterException, KeyException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSecurityAccess("setSignerKeyPair");
+
+ try
+ {
+ if (pair.getPublic() != null)
+ setPublicKey(pair.getPublic());
+ else
+ throw new InvalidParameterException();
+
+ }
+ catch (KeyManagementException kme)
+ {
+ throw new KeyException();
+ }
+
+ if (pair.getPrivate() != null)
+ privateKey = pair.getPrivate();
+ else
+ throw new InvalidParameterException();
+ }
+
+ /** @returns a string representing this <code>Signer</code>. */
+ public String toString()
+ {
+ return (getName() + ": " + privateKey);
+ }
+}
diff --git a/libjava/classpath/java/security/UnrecoverableKeyException.java b/libjava/classpath/java/security/UnrecoverableKeyException.java
new file mode 100644
index 000000000..6759c3c7b
--- /dev/null
+++ b/libjava/classpath/java/security/UnrecoverableKeyException.java
@@ -0,0 +1,71 @@
+/* UnrecoverableKeyException.java -- Cannot recover a key from the key store
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security;
+
+/**
+ * This exception is thrown when a key cannot be recovered from the key
+ * store.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @since 1.2
+ * @status updated to 1.4
+ */
+public class UnrecoverableKeyException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 7275063078190151277L;
+
+ /**
+ * Create an instance with no descriptive error message.
+ */
+ public UnrecoverableKeyException()
+ {
+ }
+
+ /**
+ * Create an instance with a descriptive error message.
+ *
+ * @param msg the descriptive error message
+ */
+ public UnrecoverableKeyException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/classpath/java/security/UnresolvedPermission.java b/libjava/classpath/java/security/UnresolvedPermission.java
new file mode 100644
index 000000000..449454aaf
--- /dev/null
+++ b/libjava/classpath/java/security/UnresolvedPermission.java
@@ -0,0 +1,345 @@
+/* UnresolvedPermission.java -- Placeholder for unresolved permissions
+ Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security;
+
+// All uses of Certificate in this file refer to the one in the listed
+// package, not this one.
+import java.security.cert.Certificate;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.NoSuchElementException;
+import java.util.Vector;
+
+/**
+ * This class is used to hold instances of all permissions that cannot
+ * be resolved to available permission classes when the security
+ * <code>Policy</code> object is instantiated. This may happen when the
+ * necessary security class has not yet been downloaded from the network.
+ *
+ * <p>Instances of this class are re-resolved when
+ * <code>AccessController</code> check is done. At that time, a scan is
+ * made of all existing <code>UnresolvedPermission</code> objects and they
+ * are converted to objects of the appropriate permission type if the class
+ * for that type is then available.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see Permission
+ * @see Permissions
+ * @see PermissionCollection
+ * @see Policy
+ * @since 1.1
+ * @status updated to 1.4
+ */
+public final class UnresolvedPermission extends Permission
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -4821973115467008846L;
+
+ /**
+ * The list of actions associated with this permission object.
+ *
+ * @serial the permission actions
+ */
+ private final String actions;
+
+ /**
+ * The list of <code>Certificates</code> associated with this object.
+ */
+ private final transient Certificate[] certs;
+
+ /**
+ * The name of the class this object should be resolved to.
+ *
+ * @serial the fully-qualified classname of the resolved type
+ */
+ // Package visible for use by UnresolvedPermissionCollection.
+ final String type;
+
+ /**
+ * The name of the permission.
+ *
+ * @serial the permission name
+ */
+ private final String name;
+
+ /**
+ * Create a new instance with all the information necessary to resolve it
+ * to an instance of the proper class at a future time.
+ *
+ * @param type the fully-qualified name of the class of this permission
+ * @param name the name of this permission
+ * @param actions the action list for this permission
+ * @param certs the list of certificates that sign this permission
+ */
+ public UnresolvedPermission(String type, String name, String actions,
+ Certificate[] certs)
+ {
+ super(name);
+ this.name = name;
+ this.type = type;
+ this.actions = actions;
+ this.certs = certs;
+ }
+
+ /**
+ * This method returns <code>false</code> always to indicate that this
+ * permission does not imply the specified permission. An
+ * <code>UnresolvedPermission</code> never grants any permissions.
+ *
+ * @param perm the <code>Permission</code> object to test
+ * @return false; until a permission is resolved, it implies nothing
+ */
+ public boolean implies(Permission perm)
+ {
+ return false;
+ }
+
+ /**
+ * This method tests this permission for equality against the specified
+ * <code>Object</code>. This will be true if and only if the following
+ * conditions are met:<ul>
+ * <li>The specified <code>Object</code> is an UnresolvedPermission</li>
+ * <li>The specified permission has the same type (i.e., desired class name)
+ * as this permission.</li>
+ * <li>The specified permission has the same name as this one.</li>
+ * <li>The specified permissoin has the same action list as this one.</li>
+ * <li>The specified permission has the same certificate list as this
+ * one.</li>
+ * </ul>
+ *
+ * @param obj the <code>Object</code> to test for equality
+ * @return true if the specified object is equal to this one
+ */
+ public boolean equals(Object obj)
+ {
+ if (! (obj instanceof UnresolvedPermission))
+ return (false);
+ UnresolvedPermission up = (UnresolvedPermission) obj;
+ return up.name.equals(name) && up.actions.equals(actions)
+ && up.type.equals(type) && Arrays.equals(up.certs, certs);
+ }
+
+ /**
+ * Returns a hash code value for this object. Following the lead of
+ * Permission, this returns the hashcode of the permission name.
+ *
+ * @return A hash value
+ */
+ public int hashCode()
+ {
+ return name.hashCode();
+ }
+
+ /**
+ * This method returns the list of actions associated with this
+ * permission.
+ *
+ * @return the action list
+ */
+ public String getActions()
+ {
+ return actions;
+ }
+
+ /**
+ * This method returns a <code>String</code> representation of this
+ * class. The format is: '(unresolved "ClassName "name" "actions")'
+ *
+ * @return <code>String</code> representation of this object
+ */
+ public String toString()
+ {
+ return "(unresolved " + type + ' ' + name + ' ' + actions + ')';
+ }
+
+ /**
+ * This class returns a <code>PermissionCollection</code> object that can
+ * be used to store instances of <code>UnresolvedPermission</code>.
+ *
+ * @return a new <code>PermissionCollection</code>
+ */
+ public PermissionCollection newPermissionCollection()
+ {
+ return new UnresolvedPermissionCollection();
+ }
+
+ /**
+ * Return the name of the class of the unresolved permission.
+ * @since 1.5
+ */
+ public String getUnresolvedType()
+ {
+ return type;
+ }
+
+ /**
+ * Return the name of the unresolved permission.
+ * @since 1.5
+ */
+ public String getUnresolvedName()
+ {
+ return name;
+ }
+
+ /**
+ * Return the actions of the unresolved permission, or null
+ * if there are no actions.
+ * @since 1.5
+ */
+ public String getUnresolvedActions()
+ {
+ return actions;
+ }
+
+ /**
+ * Return the certificates of the unresolved permission.
+ * If there are no certificates, null is returned. Otherwise,
+ * a new array is returned.
+ * @since 1.5
+ */
+ public Certificate[] getUnresolvedCerts()
+ {
+ if (certs == null)
+ return null;
+ return (Certificate[]) certs.clone();
+ }
+} // class UnresolvedPermission
+
+/**
+ * Implements the permission collection for unresolved permissions, and
+ * obeys serialization of JDK.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ */
+class UnresolvedPermissionCollection extends PermissionCollection
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -7176153071733132400L;
+
+ // Package-private to avoid a trampoline.
+ /**
+ * Hashtable where we store permissions.
+ *
+ * @serial map of typename to a Vector of permissions (you'd think Sun
+ * would document this better!)
+ */
+ final Hashtable permissions = new Hashtable();
+
+ /**
+ * Add a permission.
+ *
+ * @param perm the permission to add
+ * @throws IllegalArgumentException if perm is not an UnresolvedPermission
+ * @throws SecurityException if the collection is read-only
+ */
+ public void add(Permission perm)
+ {
+ if (isReadOnly())
+ throw new SecurityException();
+ if (! (perm instanceof UnresolvedPermission))
+ throw new IllegalArgumentException();
+ UnresolvedPermission up = (UnresolvedPermission) perm;
+ Vector v = (Vector) permissions.get(up.type);
+ if (v == null)
+ {
+ v = new Vector();
+ permissions.put(up.type, v);
+ }
+ v.add(up);
+ }
+
+ /**
+ * Returns true if perm is implied by the collection.
+ *
+ * @param perm the permission to check
+ * @return false; unresolved permissions imply nothing
+ */
+ public boolean implies(Permission perm)
+ {
+ return false;
+ }
+
+ /**
+ * Return the elements.
+ *
+ * @return the elements
+ */
+ public Enumeration elements()
+ {
+ return new Enumeration()
+ {
+ Enumeration main_enum = permissions.elements();
+ Enumeration sub_enum;
+
+ public boolean hasMoreElements()
+ {
+ if (sub_enum == null)
+ {
+ if (main_enum == null)
+ return false;
+ if (! main_enum.hasMoreElements())
+ {
+ main_enum = null;
+ return false;
+ }
+ Vector v = (Vector) main_enum.nextElement();
+ sub_enum = v.elements();
+ }
+ if (! sub_enum.hasMoreElements())
+ {
+ sub_enum = null;
+ return hasMoreElements();
+ }
+ return true;
+ }
+
+ public Object nextElement()
+ {
+ if (! hasMoreElements())
+ throw new NoSuchElementException();
+ return sub_enum.nextElement();
+ }
+ };
+ }
+} // class UnresolvedPermissionCollection
diff --git a/libjava/classpath/java/security/acl/Acl.java b/libjava/classpath/java/security/acl/Acl.java
new file mode 100644
index 000000000..10a59fdf5
--- /dev/null
+++ b/libjava/classpath/java/security/acl/Acl.java
@@ -0,0 +1,153 @@
+/* Acl.java -- An access control list
+ Copyright (C) 1998 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.acl;
+
+import java.security.Principal;
+import java.util.Enumeration;
+
+/**
+ * A Java access control list (ACL) is a group of individual ACL entries.
+ * These entries consist of a <code>Principal</code> and a list of
+ * permissions this <code>Principal</code> is either granted or denied.
+ * A given <code>Principal</code> can have at most one positive ACL entry
+ * (i.e., one that grants permissions) and one negative ACL entry (i.e., one
+ * that denies permissions). If a given permission is both granted and
+ * denied, the ACL treats it as if it were never granted or denied. If
+ * both a <code>Principal</code> and a <code>Group</code> to which the
+ * <code>Principal</code> belongs have an ACL entry, the permissions for
+ * the individual <code>Principal</code> take precedence over the
+ * permissions of the <code>Group</code> if there is a conflict.
+ * <p>
+ * Additionally, the ACL interface extends the <code>Owner</code> interface
+ * and so an ACL has owners. Actions which modify the ACL are restricted
+ * to owners.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface Acl extends Owner
+{
+
+ /**
+ * This method returns the name of this ACL.
+ *
+ * @return The name of this ACL
+ */
+ String getName();
+
+ /**
+ * This method sets the name of the ACL
+ *
+ * @param caller The <code>Principal</code> requesting the action.
+ * @param name The new name for this ACL.
+ *
+ * @exception NotOwnerException If the caller is not an owner of this ACL.
+ */
+ void setName(Principal caller, String name)
+ throws NotOwnerException;
+
+ /**
+ * This method adds the specified entry to the ACL
+ *
+ * @param caller The <code>Principal</code> requesting the addition
+ * @param entry The ACL entry to add
+ *
+ * @return <code>true</code> if the entry was added, <code>false</code>
+ * if there is already an entry of the same type for the
+ * <code>Principal</code>.
+ *
+ * @exception NotOwnerException If the caller is not an owner of this ACL.
+ */
+ boolean addEntry(Principal caller, AclEntry entry)
+ throws NotOwnerException;
+
+ /**
+ * This method delets the specified entry from the ACL
+ *
+ * @param caller The <code>Principal</code> requesting the deletion.
+ * @param entry The ACL entry to delete
+ *
+ * @return <code>true</code> if the entry was deleted, or <code>false</code>
+ * if this entry was not part of the ACL to begin with
+ *
+ * @exception NotOwnerException If the caller is not an owner of this ACL.
+ */
+ boolean removeEntry(Principal caller, AclEntry entry)
+ throws NotOwnerException;
+
+ /**
+ * This method returns a list of all the entries in the ACL as an
+ * <code>Enumeration</code>.
+ *
+ * @return An enumeration of the ACL entries
+ */
+ Enumeration<AclEntry> entries();
+
+ /**
+ * This method tests whether or not the specified <code>Principal</code>
+ * has the specified <code>Permission</code>
+ *
+ * @param user The <code>Principal</code> to test
+ * @param perm The <code>Permission</code> to test for
+ *
+ * @return <code>true</code> if the user has been granted the permission,
+ * <code>false</code> otherwise
+ */
+ boolean checkPermission(Principal user, Permission perm);
+
+ /**
+ * This method returns a list of <code>Permission</code>'s that are granted
+ * to a particular <code>Principal</code>. This includes any permissions
+ * that are granted to <code>Group</code>'s to which the <code>Principal</code>
+ * belongs unless they are overridden by a negative ACL. This permission
+ * list is returned as an <code>Enumeration</code>.
+ *
+ * @param user The <code>Principal</code> to retrieve permissions for.
+ *
+ * @return A list of permissions for the <code>Principal</code>.
+ */
+ Enumeration<Permission> getPermissions(Principal user);
+
+ /**
+ * This method returns the ACL as a <code>String</code>
+ *
+ * @return A <code>String</code> representation of this ACL
+ */
+ String toString();
+}
diff --git a/libjava/classpath/java/security/acl/AclEntry.java b/libjava/classpath/java/security/acl/AclEntry.java
new file mode 100644
index 000000000..47154b285
--- /dev/null
+++ b/libjava/classpath/java/security/acl/AclEntry.java
@@ -0,0 +1,143 @@
+/* AclEntry.java -- An entry in an ACL list.
+ Copyright (C) 1998 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.acl;
+
+import java.security.Principal;
+import java.util.Enumeration;
+
+/**
+ * This interface models an entry in an access control list (ACL). Java
+ * ACL's consist of a list of entries, where each consists of a
+ * <code>Principal</code> and a list of <code>Permission</code>'s which
+ * have been granted to that <code>Principal</code>. An ACL can also
+ * be <em>negative</em>, which indicates that the list of
+ * <code>Permission</code>'s is a list of permissions that are <em>not</em>
+ * granted to the <code>Principal</code>. A <code>Principal</code> can
+ * have at most one regular (or positive) ACL entry and one negative
+ * ACL entry.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface AclEntry extends Cloneable
+{
+ /**
+ * This method returns the <code>Principal</code> associated with this
+ * ACL entry.
+ *
+ * @return The <code>Principal</code> for this ACL entry
+ */
+ Principal getPrincipal();
+
+ /**
+ * This method sets ths <code>Principal</code> associated with this
+ * ACL entry. This operation will only succeed if there is not already
+ * a <code>Principal</code> assigned.
+ *
+ * @param user The <code>Principal</code> for this ACL entry
+ *
+ * @return <code>true</code> if the <code>Principal</code> was successfully set or <code>false</code> if this entry already has a <code>Principal</code>.
+ */
+ boolean setPrincipal(Principal user);
+
+ /**
+ * This method sets this ACL entry to be a <em>negative</em> entry, indicating
+ * that it contains a list of permissions that are <em>not</em> granted
+ * to the entry's <code>Principal</code>. Note that there is no way to
+ * undo this operation.
+ */
+ void setNegativePermissions();
+
+ /**
+ * This method tests whether or not this ACL entry is a negative entry or not.
+ *
+ * @return <code>true</code> if this ACL entry is negative, <code>false</code> otherwise
+ */
+ boolean isNegative();
+
+ /**
+ * This method adds the specified permission to this ACL entry.
+ *
+ * @param permission The <code>Permission</code> to add
+ *
+ * @return <code>true</code> if the permission was added or <code>false</code> if it was already set for this entry
+ */
+ boolean addPermission(Permission permission);
+
+ /**
+ * This method deletes the specified permission to this ACL entry.
+ *
+ * @param perm The <code>Permission</code> to delete from this ACL entry.
+ *
+ * @return <code>true</code> if the permission was successfully deleted or <code>false</code> if the permission was not part of this ACL to begin with
+ */
+ boolean removePermission(Permission perm);
+
+ /**
+ * This method tests whether or not the specified permission is associated
+ * with this ACL entry.
+ *
+ * @param permission The <code>Permission</code> to test
+ *
+ * @return <code>true</code> if this permission is associated with this entry or <code>false</code> otherwise
+ */
+ boolean checkPermission(Permission permission);
+
+ /**
+ * This method returns a list of all <code>Permission</code> objects
+ * associated with this ACL entry as an <code>Enumeration</code>.
+ *
+ * @return A list of permissions for this ACL entry
+ */
+ Enumeration<Permission> permissions();
+
+ /**
+ * This method returns this object as a <code>String</code>.
+ *
+ * @return A <code>String</code> representation of this object
+ */
+ String toString();
+
+ /**
+ * This method returns a clone of this ACL entry
+ *
+ * @return A clone of this ACL entry
+ */
+ Object clone();
+}
diff --git a/libjava/classpath/java/security/acl/AclNotFoundException.java b/libjava/classpath/java/security/acl/AclNotFoundException.java
new file mode 100644
index 000000000..9a16d9c50
--- /dev/null
+++ b/libjava/classpath/java/security/acl/AclNotFoundException.java
@@ -0,0 +1,60 @@
+/* AclNotFoundException.java -- thrown when an ACL is not found
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.acl;
+
+/**
+ * This exception is thrown when a requested access control list (ACL) is
+ * not found.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @status updated to 1.4
+ */
+public class AclNotFoundException extends Exception
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = 5684295034092681791L;
+
+ /**
+ * Initializes a new instance of this class with no descriptive message
+ */
+ public AclNotFoundException()
+ {
+ }
+}
diff --git a/libjava/classpath/java/security/acl/Group.java b/libjava/classpath/java/security/acl/Group.java
new file mode 100644
index 000000000..a0df75526
--- /dev/null
+++ b/libjava/classpath/java/security/acl/Group.java
@@ -0,0 +1,90 @@
+/* Group.java -- Represents a group of Principals
+ Copyright (C) 1998, 2001 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.acl;
+
+import java.security.Principal;
+import java.util.Enumeration;
+
+/**
+ * This interface represents a group of <code>Principals</code>. Note that
+ * since this interface extends <code>Principal</code>, a <code>Group</code>
+ * can be used where ever a <code>Principal</code> is requested. This
+ * includes arguments to the methods in this interface.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface Group extends Principal
+{
+ /**
+ * This method adds a new <code>Principal</code> to this group.
+ *
+ * @param user The new <code>Principal</code> to add
+ *
+ * @return <code>true</code> if the user was successfully added or <code>false</code> if the user is already a member
+ */
+ boolean addMember(Principal user);
+
+ /**
+ * This method deletes a member from the group.
+ *
+ * @param user The <code>Principal</code> to delete
+ *
+ * @return <code>true</code> if the user was successfully deleted or <code>false</code> if the user is not a member of the group
+ */
+ boolean removeMember(Principal user);
+
+ /**
+ * This method tests whether or not a given <code>Principal</code> is a
+ * member of this group.
+ *
+ * @param member The <code>Principal</code> to test for membership
+ *
+ * @return <code>true</code> if the user is member, <code>false</code> otherwise
+ */
+ boolean isMember(Principal member);
+
+ /**
+ * This method returns a list of all members of the group as an
+ * <code>Enumeration</code>.
+ *
+ * @return The list of all members of the group
+ */
+ Enumeration<? extends Principal> members();
+}
diff --git a/libjava/classpath/java/security/acl/LastOwnerException.java b/libjava/classpath/java/security/acl/LastOwnerException.java
new file mode 100644
index 000000000..952724459
--- /dev/null
+++ b/libjava/classpath/java/security/acl/LastOwnerException.java
@@ -0,0 +1,62 @@
+/* LastOwnerException.java -- User attempted to delete last ACL owner
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.acl;
+
+/**
+ * This exception is thrown when an attempt is made to delete the last owner
+ * of an access control list (ACL)
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @see Owner#deleteOwner(java.security.Principal, java.security.Principal)
+ * @status updated to 1.4
+ */
+public class LastOwnerException extends Exception
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -5141997548211140359L;
+
+ /**
+ * Initialize a new instance of <code>LastOwnerException</code> that does
+ * not have a log message.
+ */
+ public LastOwnerException()
+ {
+ }
+}
diff --git a/libjava/classpath/java/security/acl/NotOwnerException.java b/libjava/classpath/java/security/acl/NotOwnerException.java
new file mode 100644
index 000000000..bea94763e
--- /dev/null
+++ b/libjava/classpath/java/security/acl/NotOwnerException.java
@@ -0,0 +1,62 @@
+/* NotOwnerException.java -- Attempt to modify an unowned ACL
+ Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.acl;
+
+/**
+ * This exception is thrown whenever an operation is attempted that requires
+ * the caller to be the owner of the access control list (ACL) when the caller
+ * is in fact not the owner of the ACL.
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @status updated to 1.4
+ */
+public class NotOwnerException extends Exception
+{
+ /**
+ * Compatible with JDK 1.1+.
+ */
+ private static final long serialVersionUID = -5555597911163362399L;
+
+ /**
+ * Initializes a new instance of <code>NotOwnerException</code> that does
+ * not have a descriptive message.
+ */
+ public NotOwnerException()
+ {
+ }
+}
diff --git a/libjava/classpath/java/security/acl/Owner.java b/libjava/classpath/java/security/acl/Owner.java
new file mode 100644
index 000000000..c671cd362
--- /dev/null
+++ b/libjava/classpath/java/security/acl/Owner.java
@@ -0,0 +1,95 @@
+/* Owner.java -- ACL owner
+ Copyright (C) 1998 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.acl;
+
+import java.security.Principal;
+
+/**
+ * This interface provides a mechanism for maintaining a list of owners
+ * of an access control list (ACL). Since a <code>Principal</code> must
+ * be an owner in order to modify the owner list, a mechanism must be
+ * provided to specify the initial owner of the ACL. The proper way to do
+ * this is for the implementing class to specify the initial owner in
+ * the contructor for that class.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface Owner
+{
+ /**
+ * This method adds an owner to the access control list (ACL). Only a
+ * <code>Principal</code> who is already an owner can perform this operation.
+ *
+ * @param caller The <code>Principal</code> who is requesting that an owner be added
+ * @param owner The <code>Principal</code> to add as a new owner
+ *
+ * @param <code>true</code> if the new owner was successfully added or <code>false</code> if the specified new owner is already an owner
+ *
+ * @exception NotOwnerException If the caller is not already an owner of this ACL
+ */
+ boolean addOwner(Principal caller, Principal owner)
+ throws NotOwnerException;
+
+ /**
+ * This method delets an owner from the access control list (ACL). Only a
+ * <code>Principal</code> who is an owner can perform this operation. An
+ * owner can delete itself from the list. If there is only one
+ * owner remaining on this list, any attempt to delete it will throw an
+ * exception.
+ *
+ * @param caller The <code>Principal</code> who is requesting that an owner be deleted
+ * @param owner The <code>Principal</code> to delete as an owner
+ *
+ * @param <code>true</code> if the new owner was successfully deleted or <code>false</code> if the specified owner is not currently an owner
+ *
+ * @exception NotOwnerException If the caller is not already an owner of this ACL
+ * @exception LastOwnerException If completing the operation would delete the last ACL owner
+ */
+ boolean deleteOwner(Principal caller, Principal owner)
+ throws NotOwnerException, LastOwnerException;
+
+ /**
+ * This method tests whether or not a given <code>Principal</code> is an
+ * owner of this access control list (ACL).
+ *
+ * @return <code>true</code> if the <code>Principal</code> is an owner, <code>false</code> otherwise
+ */
+ boolean isOwner(Principal owner);
+}
diff --git a/libjava/classpath/java/security/acl/Permission.java b/libjava/classpath/java/security/acl/Permission.java
new file mode 100644
index 000000000..e5ba29138
--- /dev/null
+++ b/libjava/classpath/java/security/acl/Permission.java
@@ -0,0 +1,67 @@
+/* Permission.java -- Information about an ACL permission
+ Copyright (C) 1998 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.acl;
+
+/**
+ * This interface provides information about a permission that can be
+ * granted. Note that this is <em>not</em> the same as the class
+ * <code>java.security.Permission</code>.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface Permission
+{
+ /**
+ * This method tests whether or not a specified <code>Permission</code>
+ * (passed as an <code>Object</code>) is the same as this permission.
+ *
+ * @param perm The permission to check for equality
+ *
+ * @return <code>true</code> if the specified permission is the same as this one, <code>false</code> otherwise
+ */
+ boolean equals (Object perm);
+
+ /**
+ * This method returns this <code>Permission</code> as a <code>String</code>.
+ *
+ * @return A <code>String</code> representing this permission.
+ */
+ String toString();
+}
diff --git a/libjava/classpath/java/security/acl/package.html b/libjava/classpath/java/security/acl/package.html
new file mode 100644
index 000000000..19facf190
--- /dev/null
+++ b/libjava/classpath/java/security/acl/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in java.security.acl package.
+ Copyright (C) 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - java.security.acl</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/java/security/cert/CRL.java b/libjava/classpath/java/security/cert/CRL.java
new file mode 100644
index 000000000..1eaa70fa9
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CRL.java
@@ -0,0 +1,98 @@
+/* CRL.java --- Certificate Revocation List
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ Certificate Revocation List class for managing CRLs that
+ have different formats but the same general use. They
+ all serve as lists of revoked certificates and can
+ be queried for a given certificate.
+
+ Specialized CRLs extend this class.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class CRL
+{
+
+ private String type;
+
+ /**
+ Creates a new CRL for the specified type. An example
+ is "X.509".
+
+ @param type the standard name for the CRL type.
+ */
+ protected CRL(String type)
+ {
+ this.type = type;
+ }
+
+ /**
+ Returns the CRL type.
+
+ @return a string representing the CRL type
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ Returns a string representing the CRL.
+
+ @return a string representing the CRL.
+ */
+ public abstract String toString();
+
+ /**
+ Determines whether or not the specified Certificate
+ is revoked.
+
+ @param cert A certificate to check if it is revoked
+
+ @return true if the certificate is revoked,
+ false otherwise.
+ */
+ public abstract boolean isRevoked(Certificate cert);
+
+
+}
diff --git a/libjava/classpath/java/security/cert/CRLException.java b/libjava/classpath/java/security/cert/CRLException.java
new file mode 100644
index 000000000..10171c418
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CRLException.java
@@ -0,0 +1,95 @@
+/* CRLException.java -- Certificate Revocation List Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Exception for a Certificate Revocation List.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.5
+*/
+public class CRLException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = -6694728944094197147L;
+
+ /**
+ * Constructs an CRLExceptionwithout a message string.
+ */
+ public CRLException()
+ {
+ }
+
+ /**
+ * Constructs an CRLException with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public CRLException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CRLException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CRLException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CRLSelector.java b/libjava/classpath/java/security/cert/CRLSelector.java
new file mode 100644
index 000000000..6cd657c7f
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CRLSelector.java
@@ -0,0 +1,69 @@
+/* CRLSelector.java -- matches CRLs against criteria.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * A generic interface to classes that match certificate revocation
+ * lists (CRLs) to some given criteria. Implementations of this
+ * interface are useful for finding {@link CRL} objects in a {@link
+ * CertStore}.
+ *
+ * @see CertStore
+ * @see CertSelector
+ * @see X509CRLSelector
+ */
+public interface CRLSelector extends Cloneable
+{
+
+ /**
+ * Returns a clone of this instance.
+ *
+ * @return The clone.
+ */
+ Object clone();
+
+ /**
+ * Match a given certificate revocation list to this selector's
+ * criteria, returning true if it matches, false otherwise.
+ *
+ * @param crl The certificate revocation list to test.
+ * @return The boolean result of this test.
+ */
+ boolean match(CRL crl);
+}
diff --git a/libjava/classpath/java/security/cert/CertPath.java b/libjava/classpath/java/security/cert/CertPath.java
new file mode 100644
index 000000000..7211647a4
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPath.java
@@ -0,0 +1,254 @@
+/* CertPath.java -- a sequence of certificates
+ Copyright (C) 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import java.io.ByteArrayInputStream;
+import java.io.NotSerializableException;
+import java.io.ObjectStreamException;
+import java.io.Serializable;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * This class represents an immutable sequence, or path, of security
+ * certificates. The path type must match the type of each certificate in the
+ * path, or in other words, for all instances of cert in a certpath object,
+ * <code>cert.getType().equals(certpath.getType())</code> will return true.
+ *
+ * <p>Since this class is immutable, it is thread-safe. During serialization,
+ * the path is consolidated into a {@link CertPathRep}, which preserves the
+ * data regardless of the underlying implementation of the path.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @since 1.4
+ * @status updated to 1.4
+ */
+public abstract class CertPath implements Serializable
+{
+ /**
+ * The serialized representation of a path.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ */
+ protected static class CertPathRep implements Serializable
+ {
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = 3015633072427920915L;
+
+ /**
+ * The certificate type.
+ *
+ * @serial the type of the certificate path
+ */
+ private final String type;
+
+ /**
+ * The encoded form of the path.
+ *
+ * @serial the encoded form
+ */
+ private final byte[] data;
+
+ /**
+ * Create the new serial representation.
+ *
+ * @param type the path type
+ * @param data the encoded path data
+ */
+ protected CertPathRep(String type, byte[] data)
+ {
+ this.type = type;
+ this.data = data;
+ }
+
+ /**
+ * Decode the data into an actual {@link CertPath} upon deserialization.
+ *
+ * @return the replacement object
+ * @throws ObjectStreamException if replacement fails
+ */
+ protected Object readResolve() throws ObjectStreamException
+ {
+ try
+ {
+ return CertificateFactory.getInstance(type)
+ .generateCertPath(new ByteArrayInputStream(data));
+ }
+ catch (CertificateException e)
+ {
+ throw (ObjectStreamException)
+ new NotSerializableException("java.security.cert.CertPath: "
+ + type).initCause(e);
+ }
+ }
+ } // class CertPathRep
+
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = 6068470306649138683L;
+
+ /**
+ * The path type.
+ *
+ * @serial the type of all certificates in this path
+ */
+ private final String type;
+
+ /**
+ * Create a certificate path with the given type. Most code should use
+ * {@link CertificateFactory} to create CertPaths.
+ *
+ * @param type the type of the path
+ */
+ protected CertPath(String type)
+ {
+ this.type = type;
+ }
+
+ /**
+ * Get the (non-null) type of all certificates in the path.
+ *
+ * @return the path certificate type
+ */
+ public String getType()
+ {
+ return type;
+ }
+
+ /**
+ * Get an immutable iterator over the path encodings (all String names),
+ * starting with the default encoding. The iterator will throw an
+ * <code>UnsupportedOperationException</code> if an attempt is made to
+ * remove items from the list.
+ *
+ * @return the iterator of supported encodings in the path
+ */
+ public abstract Iterator<String> getEncodings();
+
+ /**
+ * Compares this path to another for semantic equality. To be equal, both
+ * must be instances of CertPath, with the same type, and identical
+ * certificate lists. Overriding classes must not change this behavior.
+ *
+ * @param o the object to compare to
+ * @return true if the two are equal
+ */
+ public boolean equals(Object o)
+ {
+ if (! (o instanceof CertPath))
+ return false;
+ CertPath cp = (CertPath) o;
+ return type.equals(cp.type)
+ && getCertificates().equals(cp.getCertificates());
+ }
+
+ /**
+ * Returns the hashcode of this certificate path. This is defined as:<br>
+ * <code>31 * getType().hashCode() + getCertificates().hashCode()</code>.
+ *
+ * @return the hashcode
+ */
+ public int hashCode()
+ {
+ return 31 * type.hashCode() + getCertificates().hashCode();
+ }
+
+ public String toString()
+ {
+ List l = getCertificates();
+ int size = l.size();
+ int i = 0;
+ CPStringBuilder result = new CPStringBuilder(type);
+ result.append(" Cert Path: length = ").append(size).append(".\n[\n");
+ while (--size >= 0)
+ result.append(l.get(i++)).append('\n');
+ return result.append("\n]").toString();
+ }
+
+ /**
+ * Returns the encoded form of this path, via the default encoding.
+ *
+ * @return the encoded form
+ * @throws CertificateEncodingException if encoding fails
+ */
+ public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+ /**
+ * Returns the encoded form of this path, via the specified encoding.
+ *
+ * @param encoding the encoding to use
+ * @return the encoded form
+ * @throws CertificateEncodingException if encoding fails or does not exist
+ */
+ public abstract byte[] getEncoded(String encoding)
+ throws CertificateEncodingException;
+
+ /**
+ * Returns the immutable, thread-safe list of certificates in this path.
+ *
+ * @return the list of certificates, non-null but possibly empty
+ */
+ public abstract List<? extends Certificate> getCertificates();
+
+ /**
+ * Serializes the path in its encoded form, to ensure reserialization with
+ * the appropriate factory object without worrying about list implementation.
+ * The result will always be an instance of {@link CertPathRep}.
+ *
+ * @return the replacement object
+ * @throws ObjectStreamException if the replacement creation fails
+ */
+ protected Object writeReplace() throws ObjectStreamException
+ {
+ try
+ {
+ return new CertPathRep(type, getEncoded());
+ }
+ catch (CertificateEncodingException e)
+ {
+ throw (ObjectStreamException)
+ new NotSerializableException("java.security.cert.CertPath: "
+ + type).initCause(e);
+ }
+ }
+} // class CertPath
diff --git a/libjava/classpath/java/security/cert/CertPathBuilder.java b/libjava/classpath/java/security/cert/CertPathBuilder.java
new file mode 100644
index 000000000..47bae6db8
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathBuilder.java
@@ -0,0 +1,251 @@
+/* CertPathBuilder.java -- bulids CertPath objects from Certificates.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * This class builds certificate paths (also called certificate chains),
+ * which can be used to establish trust for a particular certificate by
+ * building a path from a trusted certificate (a trust anchor) to the
+ * untrusted certificate.
+ *
+ * @see CertPath
+ */
+public class CertPathBuilder
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Service name for CertPathBuilder. */
+ private static final String CERT_PATH_BUILDER = "CertPathBuilder";
+
+ /** The underlying implementation. */
+ private CertPathBuilderSpi cpbSpi;
+
+ /** The provider of this implementation. */
+ private Provider provider;
+
+ /** The name of this implementation. */
+ private String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CertPathBuilder.
+ *
+ * @param cpbSpi The underlying implementation.
+ * @param provider The provider of the implementation.
+ * @param algorithm This implementation's name.
+ */
+ protected CertPathBuilder(CertPathBuilderSpi cpbSpi, Provider provider,
+ String algorithm)
+ {
+ this.cpbSpi = cpbSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the default cert path builder type.
+ *
+ * <p>This value can be set at run-time by the security property
+ * <code>"certpathbuilder.type"</code>. If this property is not set,
+ * then the value returned is <code>"PKIX"</code>.
+ *
+ * @return The default CertPathBuilder algorithm.
+ */
+ public static final String getDefaultType()
+ {
+ String type = Security.getProperty("certpathbuilder.type");
+ if (type == null)
+ type = "PKIX";
+ return type;
+ }
+
+ /**
+ * Returns an instance of a named <code>CertPathBuilder</code> from the
+ * first provider that implements it.
+ *
+ * @param algorithm The name of the <code>CertPathBuilder</code> to create.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * named algorithm.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static CertPathBuilder getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of a named <code>CertPathBuilder</code> from a named
+ * provider.
+ *
+ * @param algorithm The name of the <code>CertPathBuilder</code> to create.
+ * @param provider The name of the provider to use.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * named algorithm.
+ * @throws NoSuchProviderException If the named provider does not exist.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static CertPathBuilder getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of a named <code>CertPathBuilder</code> from the
+ * specified provider.
+ *
+ * @param algorithm The name of the <code>CertPathBuilder</code> to create.
+ * @param provider The provider to use.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * named algorithm.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static CertPathBuilder getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("CertPathBuilder for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(CERT_PATH_BUILDER, algorithm, provider);
+ return new CertPathBuilder((CertPathBuilderSpi) spi, provider, algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Return the name of this CertPathBuilder algorithm.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the provider of this instance's implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Builds a certificate path. The {@link CertPathParameters} parameter
+ * passed to this method is implementation-specific, but in general
+ * should contain some number of certificates and some number of
+ * trusted certificates (or "trust anchors").
+ *
+ * @param params The parameters.
+ * @retrun The certificate path result.
+ * @throws CertPathBuilderException If the certificate path cannot be
+ * built.
+ * @throws InvalidAlgorithmParameterException If the implementation
+ * rejects the specified parameters.
+ */
+ public final CertPathBuilderResult build(CertPathParameters params)
+ throws CertPathBuilderException, InvalidAlgorithmParameterException
+ {
+ return cpbSpi.engineBuild(params);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertPathBuilderException.java b/libjava/classpath/java/security/cert/CertPathBuilderException.java
new file mode 100644
index 000000000..985151010
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathBuilderException.java
@@ -0,0 +1,159 @@
+/* CertPathBuilderException.java -- wraps an exception during certificate
+ path building
+ Copyright (C) 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+
+/**
+ * Indicates a problem while using a <code>CertPathBuilder</code>, wrapping
+ * the lower exception. This class is not thread-safe.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see CertPathBuilder
+ * @since 1.4
+ * @status updated to 1.4
+*/
+public class CertPathBuilderException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = 5316471420178794402L;
+
+ /**
+ * Create an exception without a message. The cause may be initialized.
+ */
+ public CertPathBuilderException()
+ {
+ }
+
+ /**
+ * Create an exception with a message. The cause may be initialized.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertPathBuilderException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create an exception with a cause. The message will be
+ * <code>cause == null ? null : cause.toString()</code>.
+ *
+ * @param cause the cause
+ */
+ public CertPathBuilderException(Throwable cause)
+ {
+ this(cause == null ? null : cause.toString(), cause);
+ }
+
+ /**
+ * Create an exception with a cause and a message.
+ *
+ * @param msg the message
+ * @param cause the cause
+ */
+ public CertPathBuilderException(String msg, Throwable cause)
+ {
+ super(msg);
+ initCause(cause);
+ }
+
+ /**
+ * Get the detail message.
+ *
+ * @return the detail message
+ */
+ public String getMessage()
+ {
+ return super.getMessage();
+ }
+
+ /**
+ * Get the cause, null if unknown.
+ *
+ * @return the cause
+ */
+ public Throwable getCause()
+ {
+ return super.getCause();
+ }
+
+ /**
+ * Convert this to a string, including its cause.
+ *
+ * @return the string conversion
+ */
+ public String toString()
+ {
+ return super.toString();
+ }
+
+ /**
+ * Print the stack trace to <code>System.err</code>.
+ */
+ public void printStackTrace()
+ {
+ super.printStackTrace();
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintStream stream)
+ {
+ super.printStackTrace(stream);
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintWriter stream)
+ {
+ super.printStackTrace(stream);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertPathBuilderResult.java b/libjava/classpath/java/security/cert/CertPathBuilderResult.java
new file mode 100644
index 000000000..edae88f64
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathBuilderResult.java
@@ -0,0 +1,63 @@
+/* CertPathBuilderResult -- results from building cert paths.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * A standard interface for the result of building a certificate path.
+ * All implementations of this class must provide a way to get the
+ * certificate path, but may also define additional methods for
+ * returning other result data generated by the certificate path
+ * builder.
+ */
+public interface CertPathBuilderResult extends Cloneable {
+
+ /**
+ * Creates a copy of this builder result.
+ *
+ * @return The copy.
+ */
+ Object clone();
+
+ /**
+ * Get the certificate path that was built.
+ *
+ * @retrn The certificate path.
+ */
+ CertPath getCertPath();
+}
diff --git a/libjava/classpath/java/security/cert/CertPathBuilderSpi.java b/libjava/classpath/java/security/cert/CertPathBuilderSpi.java
new file mode 100644
index 000000000..afc7fc073
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathBuilderSpi.java
@@ -0,0 +1,74 @@
+/* CertPathBuilderSpi -- CertPathBuilder service provider interface.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.cert;
+
+/**
+ * The {@link CertPathBuilder} <i>Service Provider Interface</i>
+ * (<b>SPI</b>).
+ *
+ * @see CertPathBuilder
+ */
+public abstract class CertPathBuilderSpi {
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CertPathBuilderSpi.
+ */
+ public CertPathBuilderSpi() {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a certificate path from the specified parameters.
+ *
+ * @param params The parameters to use.
+ * @return The certificate path result.
+ * @throws CertPathBuilderException If the certificate path cannot be
+ * built.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * implementation rejects the specified parameters.
+ */
+ public abstract CertPathBuilderResult engineBuild(CertPathParameters params)
+ throws CertPathBuilderException,
+ java.security.InvalidAlgorithmParameterException;
+}
diff --git a/libjava/classpath/java/security/cert/CertPathParameters.java b/libjava/classpath/java/security/cert/CertPathParameters.java
new file mode 100644
index 000000000..62a5cb6a6
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathParameters.java
@@ -0,0 +1,58 @@
+/* CertPathParameters.java -- parameters for CertPathBuilder.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.cert;
+
+/**
+ * Parameters for generating and validating certificate paths. This
+ * class does not define any methods (except a required cloneable
+ * interface) and is provided only to provide type safety for
+ * implementations. Concrete implementations implement this interface
+ * in accord with thier own needs.
+ *
+ * @see CertPathBuilder
+ * @see CertPathValidator
+ */
+public interface CertPathParameters extends Cloneable {
+
+ /**
+ * Makes a copy of this CertPathParameters instance.
+ *
+ * @return The copy.
+ */
+ Object clone();
+}
diff --git a/libjava/classpath/java/security/cert/CertPathValidator.java b/libjava/classpath/java/security/cert/CertPathValidator.java
new file mode 100644
index 000000000..8bd7b58e8
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathValidator.java
@@ -0,0 +1,264 @@
+/* CertPathValidator -- validates certificate paths.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * Generic interface to classes that validate certificate paths.
+ *
+ * <p>Using this class is similar to all the provider-based security
+ * classes; the method of interest, {@link
+ * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
+ * which takes provider-specific implementations of {@link
+ * CertPathParameters}, and return provider-specific implementations of
+ * {@link CertPathValidatorResult}.
+ *
+ * @since JDK 1.4
+ * @see CertPath
+ */
+public class CertPathValidator {
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Service name for CertPathValidator. */
+ private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
+
+ /** The underlying implementation. */
+ private final CertPathValidatorSpi validatorSpi;
+
+ /** The provider of this implementation. */
+ private final Provider provider;
+
+ /** The algorithm's name. */
+ private final String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CertPathValidator.
+ *
+ * @param validatorSpi The underlying implementation.
+ * @param provider The provider of the implementation.
+ * @param algorithm The algorithm name.
+ */
+ protected CertPathValidator(CertPathValidatorSpi validatorSpi,
+ Provider provider, String algorithm)
+ {
+ this.validatorSpi = validatorSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the default validator type.
+ *
+ * <p>This value may be set at run-time via the security property
+ * "certpathvalidator.type", or the value "PKIX" if this property is
+ * not set.
+ *
+ * @return The default validator type.
+ */
+ public static synchronized String getDefaultType() {
+ String type = (String) AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty("certpathvalidator.type");
+ }
+ }
+ );
+ if (type == null)
+ type = "PKIX";
+ return type;
+ }
+
+ /**
+ * Returns an instance of the given validator from the first provider that
+ * implements it.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * requested algorithm.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static CertPathValidator getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of the given validator from the named provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The name of the provider from which to get the
+ * implementation.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If the named provider does not implement
+ * the algorithm.
+ * @throws NoSuchProviderException If no provider named <i>provider</i> is
+ * installed.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static CertPathValidator getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of the given validator from the given provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The provider from which to get the implementation.
+ * @return The new instance.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * algorithm.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static CertPathValidator getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("CertPathValidator for algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider);
+ return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Return the name of this validator.
+ *
+ * @return This validator's name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the provider of this implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Attempt to validate a certificate path.
+ *
+ * @param certPath The path to validate.
+ * @param params The algorithm-specific parameters.
+ * @return The result of this validation attempt.
+ * @throws CertPathValidatorException If the certificate path cannot
+ * be validated.
+ * @throws InvalidAlgorithmParameterException If this implementation
+ * rejects the specified parameters.
+ */
+ public final CertPathValidatorResult validate(CertPath certPath,
+ CertPathParameters params)
+ throws CertPathValidatorException, InvalidAlgorithmParameterException
+ {
+ return validatorSpi.engineValidate(certPath, params);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertPathValidatorException.java b/libjava/classpath/java/security/cert/CertPathValidatorException.java
new file mode 100644
index 000000000..f3195be29
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathValidatorException.java
@@ -0,0 +1,226 @@
+/* CertPathValidatorException.java -- wraps an exception during validation
+ of a CertPath
+ Copyright (C) 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+
+/**
+ * Indicates a problem while validating a certification path. In addition,
+ * it can store the path an index in that path that caused the problem. This
+ * class is not thread-safe.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see CertPathValidator
+ * @since 1.4
+ * @status updated to 1.4
+*/
+public class CertPathValidatorException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = -3083180014971893139L;
+
+ /**
+ * The index of the certificate path that failed, or -1.
+ *
+ * @serial the failed index
+ */
+ private final int index;
+
+ /**
+ * The <code>CertPath</code> that failed.
+ *
+ * @serial the object being validated at time of failure
+ */
+ private final CertPath certPath;
+
+ /**
+ * Create an exception without a message. The cause may be initialized. The
+ * index is set to -1 and the failed CertPath object to null.
+ */
+ public CertPathValidatorException()
+ {
+ this((String) null);
+ }
+
+ /**
+ * Create an exception with a message. The cause may be initialized. The
+ * index is set to -1 and the failed CertPath object to null.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertPathValidatorException(String msg)
+ {
+ super(msg);
+ index = -1;
+ certPath = null;
+ }
+
+ /**
+ * Create an exception with a cause. The message will be
+ * <code>cause == null ? null : cause.toString()</code>. The index is set
+ * to -1 and the failed CertPath object to null.
+ *
+ * @param cause the cause
+ */
+ public CertPathValidatorException(Throwable cause)
+ {
+ this(cause == null ? null : cause.toString(), cause, null, -1);
+ }
+
+ /**
+ * Create an exception with a cause and a message. The index is set to -1
+ * and the failed CertPath object to null.
+ *
+ * @param msg the message
+ * @param cause the cause
+ */
+ public CertPathValidatorException(String msg, Throwable cause)
+ {
+ this(msg, cause, null, -1);
+ }
+
+ /**
+ * Create an exception with a cause, message, failed object, and index of
+ * failure in that CertPath.
+ *
+ * @param msg the message
+ * @param cause the cause
+ * @param certPath the path that was being validated, or null
+ * @param index the index of the path, or -1
+ * @throws IndexOutOfBoundsException if index is &lt; -1 or
+ * &gt; certPath.getCertificates().size()
+ * @throws IllegalArgumentException if certPath is null but index != -1
+ */
+ public CertPathValidatorException(String msg, Throwable cause,
+ CertPath certPath, int index)
+ {
+ super(msg);
+ initCause(cause);
+ if (index < -1 || (certPath != null
+ && index >= certPath.getCertificates().size()))
+ throw new IndexOutOfBoundsException();
+ if ((certPath == null) != (index == -1))
+ throw new IllegalArgumentException();
+ this.certPath = certPath;
+ this.index = index;
+ }
+
+ /**
+ * Get the detail message.
+ *
+ * @return the detail message
+ */
+ public String getMessage()
+ {
+ return super.getMessage();
+ }
+
+ /**
+ * Get the certificate path that had the failure, or null.
+ *
+ * @return the culprit path
+ */
+ public CertPath getCertPath()
+ {
+ return certPath;
+ }
+
+ /**
+ * Get the index that failed, or -1.
+ *
+ * @return the colprit index
+ */
+ public int getIndex()
+ {
+ return index;
+ }
+
+ /**
+ * Get the cause, null if unknown.
+ *
+ * @return the cause
+ */
+ public Throwable getCause()
+ {
+ return super.getCause();
+ }
+
+ /**
+ * Convert this to a string, including its cause.
+ *
+ * @return the string conversion
+ */
+ public String toString()
+ {
+ return super.toString();
+ }
+
+ /**
+ * Print the stack trace to <code>System.err</code>.
+ */
+ public void printStackTrace()
+ {
+ super.printStackTrace();
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintStream stream)
+ {
+ super.printStackTrace(stream);
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintWriter stream)
+ {
+ super.printStackTrace(stream);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertPathValidatorResult.java b/libjava/classpath/java/security/cert/CertPathValidatorResult.java
new file mode 100644
index 000000000..0ccd1be78
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathValidatorResult.java
@@ -0,0 +1,63 @@
+/* CertPathValidatorResult -- result of validating certificate paths
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Interface to the result of calling {@link
+ * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}.
+ *
+ * <p>This interface defines no methods other than the required
+ * {@link java.lang.Cloneable} interface, and is intended to group and
+ * provide type safety for validator results. Providers that implement
+ * a certificate path validator must also provide an implementation of
+ * this interface, possibly defining additional methods.
+ *
+ * @since JDK 1.4
+ * @see CertPathValidator
+ */
+public interface CertPathValidatorResult extends Cloneable
+{
+
+ /**
+ * Returns a copy of this validator result.
+ *
+ * @return The copy.
+ */
+ Object clone();
+}
diff --git a/libjava/classpath/java/security/cert/CertPathValidatorSpi.java b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java
new file mode 100644
index 000000000..d4531e716
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java
@@ -0,0 +1,81 @@
+/* CertPathValidatorSpi -- cert path validator service provider interface
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.InvalidAlgorithmParameterException;
+
+/**
+ * The <i>service provider interface</i> (<b>SPI</b>) for the {@link
+ * CertPathValidator} class. Providers implementing certificate path
+ * validators must subclass this class and implement its abstract
+ * methods.
+ */
+public abstract class CertPathValidatorSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Default constructor.
+ */
+ public CertPathValidatorSpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Attempt to validate a certificate path.
+ *
+ * @param certPath The path to validate.
+ * @param params The algorithm-specific parameters.
+ * @return The result of this validation attempt.
+ * @throws CertPathValidatorException If the certificate path cannot
+ * be validated.
+ * @throws InvalidAlgorithmParameterException If this implementation
+ * rejects the specified parameters.
+ */
+ public abstract CertPathValidatorResult
+ engineValidate(CertPath certPath, CertPathParameters params)
+ throws CertPathValidatorException,
+ InvalidAlgorithmParameterException;
+}
diff --git a/libjava/classpath/java/security/cert/CertSelector.java b/libjava/classpath/java/security/cert/CertSelector.java
new file mode 100644
index 000000000..4a2e7d921
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertSelector.java
@@ -0,0 +1,58 @@
+/* CertSelector.java -- certificate selector interface.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+public interface CertSelector extends Cloneable
+{
+
+ /**
+ * Returns a copy of this CertSelector.
+ *
+ * @return The copy.
+ */
+ Object clone();
+
+ /**
+ * Match a certificate according to this selector's criteria.
+ *
+ * @param cert The certificate to match.
+ * @return true if the certificate matches thin criteria.
+ */
+ boolean match(Certificate cert);
+}
diff --git a/libjava/classpath/java/security/cert/CertStore.java b/libjava/classpath/java/security/cert/CertStore.java
new file mode 100644
index 000000000..630e96762
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertStore.java
@@ -0,0 +1,305 @@
+/* CertStore -- stores and retrieves certificates.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Collection;
+
+/**
+ * A CertStore is a read-only repository for certificates and
+ * certificate revocation lists.
+ *
+ * @since 1.4
+ */
+public class CertStore
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Service name for CertStore. */
+ private static final String CERT_STORE = "CertStore";
+
+ /** The underlying implementation. */
+ private CertStoreSpi storeSpi;
+
+ /** This implementation's provider. */
+ private Provider provider;
+
+ /** The name of this key store type. */
+ private String type;
+
+ /** The parameters used to initialize this instance, if any. */
+ private CertStoreParameters params;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new CertStore.
+ *
+ * @param storeSpi The underlying implementation.
+ * @param provider The provider of this implementation.
+ * @param type The type of CertStore this class represents.
+ * @param params The parameters used to initialize this instance, if any.
+ */
+ protected CertStore(CertStoreSpi storeSpi, Provider provider, String type,
+ CertStoreParameters params)
+ {
+ this.storeSpi = storeSpi;
+ this.provider = provider;
+ this.type = type;
+ this.params = params;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the default certificate store type.
+ *
+ * <p>This value can be set at run-time via the security property
+ * "certstore.type"; if not specified than the default type will be
+ * "LDAP".
+ *
+ * @return The default CertStore type.
+ */
+ public static final synchronized String getDefaultType()
+ {
+ String type = null;
+ type = (String) java.security.AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return Security.getProperty("certstore.type");
+ }
+ }
+ );
+ if (type == null)
+ type = "LDAP";
+ return type;
+ }
+
+ /**
+ * Returns an instance of the given certificate store type from the first
+ * installed provider.
+ *
+ * @param type The type of <code>CertStore</code> to create.
+ * @param params The parameters to initialize this cert store with.
+ * @return The new instance.
+ * @throws InvalidAlgorithmParameterException If the instance rejects the
+ * specified parameters.
+ * @throws NoSuchAlgorithmException If no installed provider implements the
+ * specified CertStore.
+ * @throws IllegalArgumentException if <code>type</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static CertStore getInstance(String type, CertStoreParameters params)
+ throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(type, params, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(type);
+ }
+
+ /**
+ * Returns an instance of the given certificate store type from a named
+ * provider.
+ *
+ * @param type The type of <code>CertStore</code> to create.
+ * @param params The parameters to initialize this cert store with.
+ * @param provider The name of the provider to use.
+ * @return The new instance.
+ * @throws InvalidAlgorithmParameterException If the instance rejects the
+ * specified parameters.
+ * @throws NoSuchAlgorithmException If the specified provider does not
+ * implement the specified CertStore.
+ * @throws NoSuchProviderException If no provider named <i>provider</i> is
+ * installed.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ */
+ public static CertStore getInstance(String type, CertStoreParameters params,
+ String provider)
+ throws InvalidAlgorithmParameterException, NoSuchAlgorithmException,
+ NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(type, params, p);
+ }
+
+ /**
+ * Returns an instance of the given certificate store type from a given
+ * provider.
+ *
+ * @param type The type of <code>CertStore</code> to create.
+ * @param params The parameters to initialize this cert store with.
+ * @param provider The provider to use.
+ * @return The new instance.
+ * @throws InvalidAlgorithmParameterException If the instance rejects
+ * the specified parameters.
+ * @throws NoSuchAlgorithmException If the specified provider does not
+ * implement the specified CertStore.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ */
+ public static CertStore getInstance(String type, CertStoreParameters params,
+ Provider provider)
+ throws InvalidAlgorithmParameterException, NoSuchAlgorithmException
+ {
+ CPStringBuilder sb = new CPStringBuilder("CertStore of type [")
+ .append(type).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object[] args = new Object[] { params };
+ Object spi = Engine.getInstance(CERT_STORE, type, provider, args);
+ return new CertStore((CertStoreSpi) spi, provider, type, params);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Return the type of certificate store this instance represents.
+ *
+ * @return The CertStore type.
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ * Return the provider of this implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Get the parameters this instance was created with, if any. The
+ * parameters will be cloned before they are returned.
+ *
+ * @return The parameters, or null.
+ */
+ public final CertStoreParameters getCertStoreParameters()
+ {
+ return params != null ? (CertStoreParameters) params.clone() : null;
+ }
+
+ /**
+ * Get a collection of certificates from this CertStore, optionally
+ * filtered by the specified CertSelector. The Collection returned may
+ * be empty, but will never be null.
+ *
+ * <p>Implementations may not allow a null argument, even if no
+ * filtering is desired.
+ *
+ * @param selector The certificate selector.
+ * @return The collection of certificates.
+ * @throws CertStoreException If the certificates cannot be retrieved.
+ */
+ public final Collection<? extends Certificate> getCertificates(CertSelector selector)
+ throws CertStoreException
+ {
+ return storeSpi.engineGetCertificates(selector);
+ }
+
+ /**
+ * Get a collection of certificate revocation lists from this CertStore,
+ * optionally filtered by the specified CRLSelector. The Collection
+ * returned may be empty, but will never be null.
+ *
+ * <p>Implementations may not allow a null argument, even if no
+ * filtering is desired.
+ *
+ * @param selector The certificate selector.
+ * @return The collection of certificate revocation lists.
+ * @throws CertStoreException If the CRLs cannot be retrieved.
+ */
+ public final Collection<? extends CRL> getCRLs(CRLSelector selector)
+ throws CertStoreException
+ {
+ return storeSpi.engineGetCRLs(selector);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertStoreException.java b/libjava/classpath/java/security/cert/CertStoreException.java
new file mode 100644
index 000000000..a4d8b7a46
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertStoreException.java
@@ -0,0 +1,159 @@
+/* CertStoreException.java -- wraps an exception during certificate storage
+ Copyright (C) 2002, 2005 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.security.GeneralSecurityException;
+
+/**
+ * Indicates a problem while retrieving certificates and CRLs from
+ * <code>CertStore</code>, wrapping the lower exception. This class is not
+ * thread-safe.
+ *
+ * @author Eric Blake (ebb9@email.byu.edu)
+ * @see CertStore
+ * @since 1.4
+ * @status updated to 1.4
+*/
+public class CertStoreException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.4+.
+ */
+ private static final long serialVersionUID = 2395296107471573245L;
+
+ /**
+ * Create an exception without a message. The cause may be initialized.
+ */
+ public CertStoreException()
+ {
+ }
+
+ /**
+ * Create an exception with a message. The cause may be initialized.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertStoreException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create an exception with a cause. The message will be
+ * <code>cause == null ? null : cause.toString()</code>.
+ *
+ * @param cause the cause
+ */
+ public CertStoreException(Throwable cause)
+ {
+ this(cause == null ? null : cause.toString(), cause);
+ }
+
+ /**
+ * Create an exception with a cause and a message.
+ *
+ * @param msg the message
+ * @param cause the cause
+ */
+ public CertStoreException(String msg, Throwable cause)
+ {
+ super(msg);
+ initCause(cause);
+ }
+
+ /**
+ * Get the detail message.
+ *
+ * @return the detail message
+ */
+ public String getMessage()
+ {
+ return super.getMessage();
+ }
+
+ /**
+ * Get the cause, null if unknown.
+ *
+ * @return the cause
+ */
+ public Throwable getCause()
+ {
+ return super.getCause();
+ }
+
+ /**
+ * Convert this to a string, including its cause.
+ *
+ * @return the string conversion
+ */
+ public String toString()
+ {
+ return super.toString();
+ }
+
+ /**
+ * Print the stack trace to <code>System.err</code>.
+ */
+ public void printStackTrace()
+ {
+ super.printStackTrace();
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintStream stream)
+ {
+ super.printStackTrace(stream);
+ }
+
+ /**
+ * Print the stack trace to a stream.
+ *
+ * @param stream the stream
+ */
+ public void printStackTrace(PrintWriter stream)
+ {
+ super.printStackTrace(stream);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertStoreParameters.java b/libjava/classpath/java/security/cert/CertStoreParameters.java
new file mode 100644
index 000000000..71bcd6109
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertStoreParameters.java
@@ -0,0 +1,60 @@
+/* CertStoreParameters -- interface to CertStore parameters.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Parameters used when creating instances of {@link CertStore}. This
+ * class does not define any methods (except a required cloneable
+ * interface) and is provided only to provide type safety for
+ * implementations. Concrete implementations implement this interface
+ * in accord with thier own needs.
+ *
+ * @see LDAPCertStoreParameters
+ * @see CollectionCertStoreParameters
+ */
+public interface CertStoreParameters extends Cloneable
+{
+
+ /**
+ * Create a copy of these parameters.
+ *
+ * @return The copy.
+ */
+ Object clone();
+}
diff --git a/libjava/classpath/java/security/cert/CertStoreSpi.java b/libjava/classpath/java/security/cert/CertStoreSpi.java
new file mode 100644
index 000000000..a47978a22
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertStoreSpi.java
@@ -0,0 +1,103 @@
+/* CertStoreSpi -- certificate store service provider interface.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.util.Collection;
+
+/**
+ * The <i>service provider interface</i> (<b>SPI</b>) for the {@link
+ * CertStore} class.
+ *
+ * <p>Providers wishing to implement a CertStore must subclass this
+ * class, implementing all the abstract methods. Providers may also
+ * implement the {@link CertStoreParameters} interface, if they require
+ * parameters.
+ *
+ * @since 1.4
+ * @see CertStore
+ * @see CollectionCertStoreParameters
+ * @see LDAPCertStoreParameters
+ */
+public abstract class CertStoreSpi
+{
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CertStoreSpi.
+ *
+ * @param params The parameters to initialize this instance with, or
+ * null if no parameters are required.
+ * @throws InvalidAlgorithmParameterException If the specified
+ * parameters are inappropriate for this class.
+ */
+ public CertStoreSpi(CertStoreParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the certificates from this store, filtering them through the
+ * specified CertSelector.
+ *
+ * @param selector The CertSelector to filter certificates.
+ * @return A (non-null) collection of certificates.
+ * @throws CertStoreException If the certificates cannot be retrieved.
+ */
+ public abstract Collection<? extends Certificate> engineGetCertificates(CertSelector selector)
+ throws CertStoreException;
+
+ /**
+ * Get the certificate revocation list from this store, filtering them
+ * through the specified CRLSelector.
+ *
+ * @param selector The CRLSelector to filter certificate revocation
+ * lists.
+ * @return A (non-null) collection of certificate revocation list.
+ * @throws CertStoreException If the CRLs cannot be retrieved.
+ */
+ public abstract Collection<? extends CRL> engineGetCRLs(CRLSelector selector)
+ throws CertStoreException;
+}
diff --git a/libjava/classpath/java/security/cert/Certificate.java b/libjava/classpath/java/security/cert/Certificate.java
new file mode 100644
index 000000000..be1713cbf
--- /dev/null
+++ b/libjava/classpath/java/security/cert/Certificate.java
@@ -0,0 +1,306 @@
+/* Certificate.java --- Certificate class
+ Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.ByteArrayInputStream;
+import java.io.InvalidObjectException;
+import java.io.ObjectStreamException;
+import java.io.Serializable;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.SignatureException;
+
+/**
+ * The Certificate class is an abstract class used to manage
+ * identity certificates. An identity certificate is a
+ * combination of a principal and a public key which is
+ * certified by another principal. This is the puprose of
+ * Certificate Authorities (CA).
+ *
+ * <p>This class is used to manage different types of certificates
+ * but have important common puposes. Different types of
+ * certificates like X.509 and OpenPGP share general certificate
+ * functions (like encoding and verifying) and information like
+ * public keys.
+ *
+ * <p>X.509, OpenPGP, and SDSI can be implemented by subclassing this
+ * class even though they differ in storage methods and information
+ * stored.
+ *
+ * @see CertificateFactory
+ * @see X509Certificate
+ * @since JDK 1.2
+ * @author Mark Benvenuto
+ * @author Casey Marshall
+ */
+public abstract class Certificate implements Serializable
+{
+ private static final long serialVersionUID = -3585440601605666277L;
+
+ private String type;
+
+ /**
+ Constructs a new certificate of the specified type. An example
+ is "X.509".
+
+ @param type a valid standard name for a certificate.
+ */
+ protected Certificate(String type)
+ {
+ this.type = type;
+ }
+
+ /**
+ Returns the Certificate type.
+
+ @return a string representing the Certificate type
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ Compares this Certificate to other. It checks if the
+ object if instanceOf Certificate and then checks if
+ the encoded form matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+ */
+ public boolean equals(Object other)
+ {
+ if( other instanceof Certificate ) {
+ try {
+ Certificate x = (Certificate) other;
+ if( getEncoded().length != x.getEncoded().length )
+ return false;
+
+ byte[] b1 = getEncoded();
+ byte[] b2 = x.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CertificateEncodingException cee ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ Returns a hash code for this Certificate in its encoded
+ form.
+
+ @return A hash code of this class
+ */
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ /**
+ Gets the DER ASN.1 encoded format for this Certificate.
+ It assumes each certificate has only one encoding format.
+ Ex: X.509 is encoded as ASN.1 DER
+
+ @return byte array containg encoded form
+
+ @throws CertificateEncodingException if an error occurs
+ */
+ public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+ /**
+ Verifies that this Certificate was properly signed with the
+ PublicKey that corresponds to its private key.
+
+ @param key PublicKey to verify with
+
+ @throws CertificateException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException no provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key)
+ throws CertificateException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Verifies that this Certificate was properly signed with the
+ PublicKey that corresponds to its private key and uses
+ the signature engine provided by the provider.
+
+ @param key PublicKey to verify with
+ @param sigProvider Provider to use for signature algorithm
+
+ @throws CertificateException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException incorrect provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key,
+ String sigProvider)
+ throws CertificateException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Returns a string representing the Certificate.
+
+ @return a string representing the Certificate.
+ */
+ public abstract String toString();
+
+
+ /**
+ Returns the public key stored in the Certificate.
+
+ @return The public key
+ */
+ public abstract PublicKey getPublicKey();
+
+ // Protected methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns a replacement for this certificate to be serialized. This
+ * method returns the equivalent to the following for this class:
+ *
+ * <blockquote>
+ * <pre>new CertificateRep(getType(), getEncoded());</pre>
+ * </blockquote>
+ *
+ * <p>This thusly replaces the certificate with its name and its
+ * encoded form, which can be deserialized later with the {@link
+ * CertificateFactory} implementation for this certificate's type.
+ *
+ * @return The replacement object to be serialized.
+ * @throws ObjectStreamException If the replacement could not be
+ * created.
+ */
+ protected Object writeReplace() throws ObjectStreamException
+ {
+ try
+ {
+ return new CertificateRep(getType(), getEncoded());
+ }
+ catch (CertificateEncodingException cee)
+ {
+ throw new InvalidObjectException(cee.toString());
+ }
+ }
+
+ // Inner class.
+ // ------------------------------------------------------------------------
+
+ /**
+ Certificate.CertificateRep is an inner class used to provide an alternate
+ storage mechanism for serialized Certificates.
+ */
+ protected static class CertificateRep implements java.io.Serializable
+ {
+
+ /** From JDK1.4. */
+ private static final long serialVersionUID = -8563758940495660020L;
+
+ /** The certificate type, e.g. "X.509". */
+ private String type;
+
+ /** The encoded certificate data. */
+ private byte[] data;
+
+ /**
+ * Create an alternative representation of this certificate. The
+ * <code>(type, data)</code> pair is typically the certificate's
+ * type as returned by {@link Certificate#getType()} (i.e. the
+ * canonical name of the certificate type) and the encoded form as
+ * returned by {@link Certificate#getEncoded()}.
+ *
+ * <p>For example, X.509 certificates would create an instance of
+ * this class with the parameters "X.509" and the ASN.1
+ * representation of the certificate, encoded as DER bytes.
+ *
+ * @param type The certificate type.
+ * @param data The encoded certificate data.
+ */
+ protected CertificateRep(String type, byte[] data)
+ {
+ this.type = type;
+ this.data = data;
+ }
+
+ /**
+ * Deserialize this certificate replacement into the appropriate
+ * certificate object. That is, this method attempts to create a
+ * {@link CertificateFactory} for this certificate's type, then
+ * attempts to parse the encoded data with that factory, returning
+ * the resulting certificate.
+ *
+ * @return The deserialized certificate.
+ * @throws ObjectStreamException If there is no appropriate
+ * certificate factory for the given type, or if the encoded form
+ * cannot be parsed.
+ */
+ protected Object readResolve() throws ObjectStreamException
+ {
+ try
+ {
+ CertificateFactory fact = CertificateFactory.getInstance(type);
+ return fact.generateCertificate(new ByteArrayInputStream(data));
+ }
+ catch (Exception e)
+ {
+ throw new InvalidObjectException(e.toString());
+ }
+ }
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateEncodingException.java b/libjava/classpath/java/security/cert/CertificateEncodingException.java
new file mode 100644
index 000000000..3f871691d
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateEncodingException.java
@@ -0,0 +1,93 @@
+/* CertificateEncodingException.java -- Certificate Encoding Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Exception for a Certificate Encoding.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.5
+ */
+public class CertificateEncodingException extends CertificateException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 6219492851589449162L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateEncodingException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg A message to display with exception
+ */
+ public CertificateEncodingException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateEncodingException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateEncodingException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateException.java b/libjava/classpath/java/security/cert/CertificateException.java
new file mode 100644
index 000000000..8a6f383bb
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateException.java
@@ -0,0 +1,96 @@
+/* CertificateException.java -- Certificate Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Exception for a Certificate.
+ *
+ * @author Mark Benvenuto
+ * @see Certificate
+ * @since 1.2
+ * @status updated to 1.5
+ */
+public class CertificateException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 3192535253797119798L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertificateException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateExpiredException.java b/libjava/classpath/java/security/cert/CertificateExpiredException.java
new file mode 100644
index 000000000..5b37142b5
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateExpiredException.java
@@ -0,0 +1,71 @@
+/* CertificateExpiredException.java --- Certificate Expired Exception
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Exception for a Certificate Expiring.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.4
+ */
+public class CertificateExpiredException extends CertificateException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 9071001339691533771L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateExpiredException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertificateExpiredException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateFactory.java b/libjava/classpath/java/security/cert/CertificateFactory.java
new file mode 100644
index 000000000..4fd5b3965
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateFactory.java
@@ -0,0 +1,355 @@
+/* CertificateFactory.java -- Certificate Factory Class
+ Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.security.Engine;
+
+import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * This class implements the CertificateFactory class interface used to
+ * generate certificates, certificate revocation lists (CRLs), and certificate
+ * paths objects from their encoded forms.
+ *
+ * @author Mark Benvenuto
+ * @author Casey Marshall
+ * @since 1.2
+ * @status Fully compatible with JDK 1.4.
+ */
+public class CertificateFactory
+{
+
+ /** The service name for certificate factories. */
+ private static final String CERTIFICATE_FACTORY = "CertificateFactory";
+
+ private CertificateFactorySpi certFacSpi;
+ private Provider provider;
+ private String type;
+
+ /**
+ * Creates an instance of CertificateFactory.
+ *
+ * @param certFacSpi The underlying CertificateFactory engine.
+ * @param provider The provider of this implementation.
+ * @param type The type of Certificate this factory creates.
+ */
+ protected CertificateFactory(CertificateFactorySpi certFacSpi,
+ Provider provider, String type)
+ {
+ this.certFacSpi = certFacSpi;
+ this.provider = provider;
+ this.type = type;
+ }
+
+ /**
+ * Returns an instance of a <code>CertificateFactory</code> representing the
+ * specified certificate factory type.
+ *
+ * @param type The type of certificate factory to create.
+ * @return A <code>CertificateFactory</code> of the desired type.
+ * @throws CertificateException If the type of certificate factory is not
+ * implemented by any installed provider.
+ * @throws IllegalArgumentException if <code>type</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static final CertificateFactory getInstance(String type)
+ throws CertificateException
+ {
+ Provider[] p = Security.getProviders();
+ CertificateException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(type, p[i]);
+ }
+ catch (CertificateException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new CertificateException(type);
+ }
+
+ /**
+ * Returns an instance of a <code>CertificateFactory</code> representing the
+ * specified certificate factory type from the named provider.
+ *
+ * @param type The type of certificate factory to create.
+ * @param provider The name of the provider to use.
+ * @return A <code>CertificateFactory</code> for the desired type.
+ * @throws CertificateException If the type of certificate is not implemented
+ * by the named provider.
+ * @throws NoSuchProviderException If the named provider is not installed.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ */
+ public static final CertificateFactory getInstance(String type,
+ String provider)
+ throws CertificateException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(type, p);
+ }
+
+ /**
+ * Returns an instance of a <code>CertificateFactory</code> representing the
+ * specified certificate factory type from the designated provider.
+ *
+ * @param type The type of certificate factory to create.
+ * @param provider The provider from which to get the implementation.
+ * @return A <code>CertificateFactory</code> for the desired type.
+ * @throws CertificateException If the type of certificate is not implemented
+ * by the provider.
+ * @throws IllegalArgumentException if either <code>type</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>type</code> is an empty string.
+ */
+ public static final CertificateFactory getInstance(String type,
+ Provider provider)
+ throws CertificateException
+ {
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(CERTIFICATE_FACTORY, type, provider);
+ return new CertificateFactory((CertificateFactorySpi) spi, provider, type);
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause() != null ? x.getCause() : x;
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ cause = x;
+ }
+ CertificateException x = new CertificateException(type);
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Gets the provider of this implementation.
+ *
+ * @return The provider of this implementation.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the type of the certificate this factory creates.
+ *
+ * @return A string with the type of certificate
+ */
+ public final String getType()
+ {
+ return type;
+ }
+
+ /**
+ * Generates a Certificate from the encoded data read
+ * from an InputStream.
+ *
+ * <p>The input stream must contain only one certificate.
+ *
+ * <p>If there exists a specialized certificate class for the
+ * certificate format handled by the certificate factory
+ * then the return Ceritificate should be a typecast of it.
+ * Ex: A X.509 CertificateFactory should return X509Certificate.
+ *
+ * <p>For X.509 certificates, the certificate in inStream must be
+ * DER encoded and supplied in binary or printable (Base64)
+ * encoding. If the certificate is in Base64 encoding, it must be
+ * bounded by -----BEGINCERTIFICATE-----, and
+ * -----END CERTIFICATE-----.
+ *
+ * @param inStream An input stream containing the certificate data.
+ * @return A certificate initialized from the decoded InputStream data.
+ * @throws CertificateException If an error occurs decoding the
+ * certificate.
+ */
+ public final Certificate generateCertificate(InputStream inStream)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertificate(inStream);
+ }
+
+ /**
+ * Returns a collection of certificates that were read from the
+ * input stream. It may be empty, have only one, or have
+ * multiple certificates.
+ *
+ * For a X.509 certificate factory, the stream may contain a
+ * single DER encoded certificate or a PKCS#7 certificate
+ * chain. This is a PKCS#7 <I>SignedData</I> object with the
+ * most significant field being <I>certificates</I>. If no
+ * CRLs are present, then an empty collection is returned.
+ *
+ * @param inStream An input stream containing the certificate data.
+ * @return A collection of certificates initialized from the decoded
+ * InputStream data.
+ * @throws CertificateException If an error occurs decoding the
+ * certificates.
+ */
+ public final Collection<? extends Certificate> generateCertificates(InputStream inStream)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertificates(inStream);
+ }
+
+ /**
+ * Generates a CRL based on the encoded data read
+ * from the InputStream.
+ *
+ * <p>The input stream must contain only one CRL.
+ *
+ * <p>If there exists a specialized CRL class for the
+ * CRL format handled by the certificate factory
+ * then the return CRL should be a typecast of it.
+ * Ex: A X.509 CertificateFactory should return X509CRL.
+ *
+ * @param inStream An input stream containing the CRL data.
+ * @return A CRL initialized from the decoded InputStream data.
+ * @throws CRLException If an error occurs decoding the CRL.
+ */
+ public final CRL generateCRL(InputStream inStream)
+ throws CRLException
+ {
+ return certFacSpi.engineGenerateCRL(inStream);
+ }
+
+ /**
+ * <p>Generates CRLs based on the encoded data read
+ * from the InputStream.
+ *
+ * <p>For a X.509 certificate factory, the stream may contain a
+ * single DER encoded CRL or a PKCS#7 CRL set. This is a
+ * PKCS#7 <I>SignedData</I> object with the most significant
+ * field being <I>crls</I>. If no CRLs are present, then an
+ * empty collection is returned.
+ *
+ * @param inStream an input stream containing the CRLs.
+ * @return a collection of CRLs initialized from the decoded
+ * InputStream data.
+ * @throws CRLException If an error occurs decoding the CRLs.
+ */
+ public final Collection<? extends CRL> generateCRLs(InputStream inStream)
+ throws CRLException
+ {
+ return certFacSpi.engineGenerateCRLs( inStream );
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with data parsed from
+ * the input stream. The default encoding of this factory is used.
+ *
+ * @param inStream The InputStream containing the CertPath data.
+ * @return A CertPath initialized from the input stream data.
+ * @throws CertificateException If an error occurs decoding the
+ * CertPath.
+ */
+ public final CertPath generateCertPath(InputStream inStream)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertPath(inStream);
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with data parsed from
+ * the input stream, using the specified encoding.
+ *
+ * @param inStream The InputStream containing the CertPath data.
+ * @param encoding The encoding of the InputStream data.
+ * @return A CertPath initialized from the input stream data.
+ * @throws CertificateException If an error occurs decoding the
+ * CertPath.
+ */
+ public final CertPath generateCertPath(InputStream inStream, String encoding)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertPath(inStream, encoding);
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with the certificates
+ * in the {@link java.util.List} argument.
+ *
+ * @param certificates The list of certificates with which to create
+ * the CertPath.
+ * @return A CertPath initialized from the certificates.
+ * @throws CertificateException If an error occurs generating the
+ * CertPath.
+ */
+ public final CertPath generateCertPath(List<? extends Certificate> certificates)
+ throws CertificateException
+ {
+ return certFacSpi.engineGenerateCertPath(certificates);
+ }
+
+ /**
+ * Returns an Iterator of CertPath encodings supported by this
+ * factory, with the default encoding first. The returned Iterator
+ * cannot be modified.
+ *
+ * @return The Iterator of supported encodings.
+ */
+ public final Iterator<String> getCertPathEncodings()
+ {
+ return certFacSpi.engineGetCertPathEncodings();
+ }
+} // class CertificateFactory
diff --git a/libjava/classpath/java/security/cert/CertificateFactorySpi.java b/libjava/classpath/java/security/cert/CertificateFactorySpi.java
new file mode 100644
index 000000000..2c9ca5d38
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateFactorySpi.java
@@ -0,0 +1,224 @@
+/* CertificateFactorySpi.java --- Certificate Factory Class
+ Copyright (C) 1999,2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.io.InputStream;
+
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ CertificateFactorySpi is the abstract class Service Provider
+ Interface (SPI) for the CertificateFactory class. A provider
+ must implement all the abstract methods if they wish to
+ supply a certificate factory for a particular certificate
+ type. Ex: X.509
+
+ Certificate factories are used to generate certificates and
+ certificate revocation lists (CRL) from their encoding.
+
+ @since 1.2
+
+ @author Mark Benvenuto
+ */
+public abstract class CertificateFactorySpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Constructs a new CertificateFactorySpi
+ */
+ public CertificateFactorySpi()
+ {}
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ Generates a Certificate based on the encoded data read
+ from the InputStream.
+
+ The input stream must contain only one certificate.
+
+ If there exists a specialized certificate class for the
+ certificate format handled by the certificate factory
+ then the return Ceritificate should be a typecast of it.
+ Ex: A X.509 CertificateFactory should return X509Certificate.
+
+ For X.509 certificates, the certificate in inStream must be
+ DER encoded and supplied in binary or printable (Base64)
+ encoding. If the certificate is in Base64 encoding, it must be
+ bounded by -----BEGIN CERTIFICATE-----, and
+ -----END CERTIFICATE-----.
+
+ @param inStream an input stream containing the certificate data
+
+ @return a certificate initialized with InputStream data.
+
+ @throws CertificateException Certificate parsing error
+ */
+ public abstract Certificate engineGenerateCertificate(InputStream inStream)
+ throws CertificateException;
+
+ /**
+ Returns a collection of certificates that were read from the
+ input stream. It may be empty, have only one, or have
+ multiple certificates.
+
+ For a X.509 certificate factory, the stream may contain a
+ single DER encoded certificate or a PKCS#7 certificate
+ chain. This is a PKCS#7 <I>SignedData</I> object with the
+ most significant field being <I>certificates</I>. If no
+ CRLs are present, then an empty collection is returned.
+
+ @param inStream an input stream containing the certificates
+
+ @return a collection of certificates initialized with
+ the InputStream data.
+
+ @throws CertificateException Certificate parsing error
+ */
+ public abstract Collection<? extends Certificate> engineGenerateCertificates(InputStream inStream)
+ throws CertificateException;
+
+ /**
+ Generates a CRL based on the encoded data read
+ from the InputStream.
+
+ The input stream must contain only one CRL.
+
+ If there exists a specialized CRL class for the
+ CRL format handled by the certificate factory
+ then the return CRL should be a typecast of it.
+ Ex: A X.509 CertificateFactory should return X509CRL.
+
+ @param inStream an input stream containing the CRL data
+
+ @return a CRL initialized with InputStream data.
+
+ @throws CRLException CRL parsing error
+ */
+ public abstract CRL engineGenerateCRL(InputStream inStream)
+ throws CRLException;
+
+ /**
+ Generates CRLs based on the encoded data read
+ from the InputStream.
+
+ For a X.509 certificate factory, the stream may contain a
+ single DER encoded CRL or a PKCS#7 CRL set. This is a
+ PKCS#7 <I>SignedData</I> object with the most significant
+ field being <I>crls</I>. If no CRLs are present, then an
+ empty collection is returned.
+
+ @param inStream an input stream containing the CRLs
+
+ @return a collection of CRLs initialized with
+ the InputStream data.
+
+ @throws CRLException CRL parsing error
+ */
+ public abstract Collection<? extends CRL> engineGenerateCRLs(InputStream inStream)
+ throws CRLException;
+
+ // 1.4 instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Generate a {@link CertPath} and initialize it with data parsed from
+ * the input stream. The default encoding of this factory is used.
+ *
+ * @param inStream The InputStream containing the CertPath data.
+ * @return A CertPath initialized from the input stream data.
+ * @throws CertificateException If an error occurs decoding the
+ * CertPath.
+ */
+ public CertPath engineGenerateCertPath(InputStream inStream)
+ throws CertificateException
+ {
+ throw new UnsupportedOperationException("not implemented");
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with data parsed from
+ * the input stream, using the specified encoding.
+ *
+ * @param inStream The InputStream containing the CertPath data.
+ * @param encoding The encoding of the InputStream data.
+ * @return A CertPath initialized from the input stream data.
+ * @throws CertificateException If an error occurs decoding the
+ * CertPath.
+ */
+ public CertPath engineGenerateCertPath(InputStream inStream, String encoding)
+ throws CertificateException
+ {
+ throw new UnsupportedOperationException("not implemented");
+ }
+
+ /**
+ * Generate a {@link CertPath} and initialize it with the certificates
+ * in the {@link java.util.List} argument.
+ *
+ * @param certificates The list of certificates with which to create
+ * the CertPath.
+ * @return A CertPath initialized from the certificates.
+ * @throws CertificateException If an error occurs generating the
+ * CertPath.
+ */
+ public CertPath engineGenerateCertPath(List<? extends Certificate> certificates)
+ throws CertificateException
+ {
+ throw new UnsupportedOperationException("not implemented");
+ }
+
+ /**
+ * Returns an Iterator of CertPath encodings supported by this
+ * factory, with the default encoding first. The returned Iterator
+ * cannot be modified.
+ *
+ * @return The Iterator of supported encodings.
+ */
+ public Iterator<String> engineGetCertPathEncodings()
+ {
+ throw new UnsupportedOperationException("not implemented");
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateNotYetValidException.java b/libjava/classpath/java/security/cert/CertificateNotYetValidException.java
new file mode 100644
index 000000000..dfb4b4837
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateNotYetValidException.java
@@ -0,0 +1,71 @@
+/* CertificateNotYetValidException.java -- Certificate Not Yet Valid Exception
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Exception for a Certificate that is not yet valid.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.4
+*/
+public class CertificateNotYetValidException extends CertificateException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 4355919900041064702L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateNotYetValidException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg A message to display with exception
+ */
+ public CertificateNotYetValidException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CertificateParsingException.java b/libjava/classpath/java/security/cert/CertificateParsingException.java
new file mode 100644
index 000000000..5a930f41b
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CertificateParsingException.java
@@ -0,0 +1,93 @@
+/* CertificateParsingException.java -- Certificate Parsing Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Exception for parsing a DER-encoded Certificate.
+ *
+ * @author Mark Benvenuto
+ * @since 1.2
+ * @status updated to 1.5
+*/
+public class CertificateParsingException extends CertificateException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = -7989222416793322029L;
+
+ /**
+ * Constructs an exception without a message string.
+ */
+ public CertificateParsingException()
+ {
+ }
+
+ /**
+ * Constructs an exception with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public CertificateParsingException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateParsingException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public CertificateParsingException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java
new file mode 100644
index 000000000..389874854
--- /dev/null
+++ b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java
@@ -0,0 +1,122 @@
+/* CollectionCertStoreParameters -- collection-based cert store parameters
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+/**
+ * An implementation of {@link CertStoreParameters} with a simple,
+ * in-memory {@link Collection} of certificates and certificate
+ * revocation list.
+ *
+ * <p>Note that this class is not thread-safe, and its underlying
+ * collection may be changed at any time.
+ *
+ * @see CertStore
+ * @since 1.4
+ */
+public class CollectionCertStoreParameters implements CertStoreParameters
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** The underlying collection. */
+ private final Collection collection;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new CollectionCertStoreParameters with an empty,
+ * immutable collection.
+ */
+ public CollectionCertStoreParameters()
+ {
+ this(Collections.EMPTY_LIST);
+ }
+
+ /**
+ * Create a new CollectionCertStoreParameters with the specified
+ * collection. The argument is not copied, and subsequent changes to
+ * the collection will change this class's collection.
+ *
+ * @param collection The collection.
+ * @throws NullPointerException If <i>collection</i> is null.
+ */
+ public CollectionCertStoreParameters(Collection<?> collection)
+ {
+ if (collection == null)
+ throw new NullPointerException();
+ this.collection = collection;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ public Object clone()
+ {
+ return new CollectionCertStoreParameters(new ArrayList(collection));
+ }
+
+ /**
+ * Return the underlying collection. The collection is not copied
+ * before being returned, so callers may update the collection that is
+ * returned.
+ *
+ * @return The collection.
+ */
+ public Collection<?> getCollection()
+ {
+ return collection;
+ }
+
+ /**
+ * Return a string representation of these parameters.
+ *
+ * @return The string representation of these parameters.
+ */
+ public String toString()
+ {
+ return "CollectionCertStoreParameters: [ collection: "
+ + collection + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java
new file mode 100644
index 000000000..f2dff764a
--- /dev/null
+++ b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java
@@ -0,0 +1,140 @@
+/* LDAPCertStoreParameters.java -- LDAP CertStore parameters.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+/**
+ * Parameters for CertStores that are retrieved via the <i>lightweight
+ * directory access protocol</i> (<b>LDAP</b>).
+ *
+ * @see CertStore
+ */
+public class LDAPCertStoreParameters implements CertStoreParameters
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** The default LDAP port. */
+ private static final int LDAP_PORT = 389;
+
+ /** The server name. */
+ private final String serverName;
+
+ /** The LDAP port. */
+ private final int port;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new LDAPCertStoreParameters object, with a servername of
+ * "localhost" and a port of 389.
+ */
+ public LDAPCertStoreParameters()
+ {
+ this("localhost", LDAP_PORT);
+ }
+
+ /**
+ * Create a new LDAPCertStoreParameters object, with a specified
+ * server name and a port of 389.
+ *
+ * @param serverName The LDAP server name.
+ * @throws NullPointerException If <i>serverName</i> is null.
+ */
+ public LDAPCertStoreParameters(String serverName)
+ {
+ this(serverName, LDAP_PORT);
+ }
+
+ /**
+ * Create a new LDAPCertStoreParameters object, with a specified
+ * server name and port.
+ *
+ * @param serverName The LDAP server name.
+ * @param port The LDAP port.
+ * @throws NullPointerException If <i>serverName</i> is null.
+ */
+ public LDAPCertStoreParameters(String serverName, int port)
+ {
+ if (serverName == null)
+ throw new NullPointerException();
+ this.serverName = serverName;
+ this.port = port;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ public Object clone()
+ {
+ return new LDAPCertStoreParameters(serverName, port);
+ }
+
+ /**
+ * Return the server name.
+ *
+ * @return The server name.
+ */
+ public String getServerName()
+ {
+ return serverName;
+ }
+
+ /**
+ * Return the port.
+ *
+ * @return the port.
+ */
+ public int getPort()
+ {
+ return port;
+ }
+
+ /**
+ * Return a string representation of these parameters.
+ *
+ * @return The string representation of these parameters.
+ */
+ public String toString()
+ {
+ return "LDAPCertStoreParameters: [ serverName: " + serverName
+ + "; port: " + port + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PKIXBuilderParameters.java b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java
new file mode 100644
index 000000000..3a29b5218
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java
@@ -0,0 +1,149 @@
+/* PKIXBuilderParameters.java -- parameters for PKIX cert path builders
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+import java.util.Set;
+
+/**
+ * Parameters for building certificate paths using the PKIX algorithm.
+ *
+ * @see CertPathBuilder
+ * @since 1.4
+ */
+public class PKIXBuilderParameters extends PKIXParameters
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The maximum path length. */
+ private int maxPathLength;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new PKIXBuilderParameters object, populating the trusted
+ * certificates set with all X.509 certificates found in the given key
+ * store. All certificates found in the key store are assumed to be
+ * trusted by this constructor.
+ *
+ * @param keystore The key store.
+ * @param targetConstraints The target certificate constraints.
+ * @throws KeyStoreException If the certificates cannot be retrieved
+ * from the key store.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the key store.
+ * @throws NullPointerException If <i>keystore</i> is null.
+ */
+ public PKIXBuilderParameters(KeyStore keystore,
+ CertSelector targetConstraints)
+ throws KeyStoreException, InvalidAlgorithmParameterException
+ {
+ super(keystore);
+ setTargetCertConstraints(targetConstraints);
+ maxPathLength = 5;
+ }
+
+ /**
+ * Create a new PKIXBuilderParameters object, populating the trusted
+ * certificates set with the elements of the given set, each of which
+ * must be a {@link TrustAnchor}.
+ *
+ * @param trustAnchors The set of trust anchors.
+ * @param targetConstraints The target certificate constraints.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the set.
+ * @throws NullPointerException If <i>trustAnchors</i> is null.
+ * @throws ClassCastException If every element in <i>trustAnchors</i>
+ * is not a {@link TrustAnchor}.
+ */
+ public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors,
+ CertSelector targetConstraints)
+ throws InvalidAlgorithmParameterException
+ {
+ super(trustAnchors);
+ setTargetCertConstraints(targetConstraints);
+ maxPathLength = 5;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the maximum length of certificate paths to build.
+ *
+ * <p>If this value is 0 it is taken to mean that the certificate path
+ * should contain only one certificate. A value of -1 means that the
+ * certificate path length is unconstrained. The default value is 5.
+ *
+ * @return The maximum path length.
+ */
+ public int getMaxPathLength()
+ {
+ return maxPathLength;
+ }
+
+ /**
+ * Sets the maximum length of certificate paths to build.
+ *
+ * @param maxPathLength The new path length.
+ * @throws IllegalArgumentException If <i>maxPathLength</i> is less
+ * than -1.
+ */
+ public void setMaxPathLength(int maxPathLength)
+ {
+ if (maxPathLength < -1)
+ throw new IllegalArgumentException();
+ this.maxPathLength = maxPathLength;
+ }
+
+ public String toString()
+ {
+ CPStringBuilder buf = new CPStringBuilder(super.toString());
+ buf.insert(buf.length() - 2, "; Max Path Length=" + maxPathLength);
+ return buf.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java
new file mode 100644
index 000000000..52984b543
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java
@@ -0,0 +1,104 @@
+/* PKIXCertPathBuilderResult.java -- PKIX cert path bulider result
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.lang.CPStringBuilder;
+
+/**
+ * The result of calling the {@link
+ * CertPathBuilder#build(java.security.cert.CertPathParameters)} method
+ * of PKIX {@link CertPathBuilder}s.
+ *
+ * @see CertPathBuilder
+ * @see CertPathBuilderResult
+ */
+public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult
+ implements CertPathBuilderResult
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The certificate path. */
+ private CertPath certPath;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new PKIXCertPathBuilderResult.
+ *
+ * @param certPath The certificate path.
+ * @param trustAnchor The trust anchor.
+ * @param policyTree The root node of the policy tree.
+ * @param subjectPublicKey The public key.
+ * @throws NullPointerException If <i>certPath</i>, <i>trustAnchor</i> or
+ * <i>subjectPublicKey</i> is null.
+ */
+ public PKIXCertPathBuilderResult(CertPath certPath,
+ TrustAnchor trustAnchor,
+ PolicyNode policyTree,
+ java.security.PublicKey subjectPublicKey)
+ {
+ super(trustAnchor, policyTree, subjectPublicKey);
+ if (certPath == null)
+ throw new NullPointerException();
+ this.certPath = certPath;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the certificate path that was built.
+ *
+ * @return The certificate path that was built.
+ */
+ public CertPath getCertPath()
+ {
+ return certPath;
+ }
+
+ public String toString()
+ {
+ CPStringBuilder buf = new CPStringBuilder(super.toString());
+ buf.insert(buf.length() - 2, "; CertPath=" + certPath);
+ return buf.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PKIXCertPathChecker.java b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java
new file mode 100644
index 000000000..0bedf401a
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java
@@ -0,0 +1,134 @@
+/* PKIXCertPathChecker.java -- checks X.509 certificate paths.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.util.Collection;
+import java.util.Set;
+
+/**
+ * A validator for X.509 certificates when approving certificate chains.
+ *
+ * <p>Concrete subclasses can be passed to the {@link
+ * PKIXParameters#setCertPathCheckers(java.util.List)} and {@link
+ * PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker)}
+ * methods, which are then used to set up PKIX certificate chain
+ * builders or validators. These classes then call the {@link
+ * #check(java.security.cert.Certificate,java.util.Collection)} method
+ * of this class, performing whatever checks on the certificate,
+ * throwing an exception if any check fails.
+ *
+ * <p>Subclasses of this must be able to perform their checks in the
+ * backward direction -- from the most-trusted certificate to the target
+ * -- and may optionally support forward checking -- from the target to
+ * the most-trusted certificate.
+ *
+ * @see PKIXParameters
+ * @since 1.4
+ */
+public abstract class PKIXCertPathChecker implements Cloneable
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /** Default constructor. */
+ protected PKIXCertPathChecker()
+ {
+ super();
+ }
+
+ // Cloneable interface.
+ // ------------------------------------------------------------------------
+
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException cnse)
+ {
+ throw new InternalError(cnse.getMessage());
+ }
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Initialize this PKIXCertPathChecker. If subclasses support forward
+ * checking, a value of true can be passed to this method, and
+ * certificates can be validated from the target certificate to the
+ * most-trusted certifcate.
+ *
+ * @param forward The direction of this PKIXCertPathChecker.
+ * @throws CertPathValidatorException If <i>forward</i> is true and
+ * this class does not support forward checking.
+ */
+ public abstract void init(boolean forward) throws CertPathValidatorException;
+
+ /**
+ * Returns whether or not this class supports forward checking.
+ *
+ * @return Whether or not this class supports forward checking.
+ */
+ public abstract boolean isForwardCheckingSupported();
+
+ /**
+ * Returns an immutable set of X.509 extension object identifiers (OIDs)
+ * supported by this PKIXCertPathChecker.
+ *
+ * @return An immutable set of Strings of the supported X.509 OIDs, or
+ * null if no extensions are supported.
+ */
+ public abstract Set<String> getSupportedExtensions();
+
+ /**
+ * Checks a certificate, removing any critical extensions that are
+ * resolved in this check.
+ *
+ * @param cert The certificate to check.
+ * @param unresolvedCritExts The (mutable) collection of as-of-yet
+ * unresolved critical extensions, as OID strings.
+ * @throws CertPathValidatorException If this certificate fails this
+ * check.
+ */
+ public abstract void check(Certificate cert, Collection<String> unresolvedCritExts)
+ throws CertPathValidatorException;
+}
diff --git a/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java
new file mode 100644
index 000000000..17b5c86f8
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java
@@ -0,0 +1,142 @@
+/* PKIXCertPathValidatorResult.java -- PKIX cert path builder result
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.PublicKey;
+
+/**
+ * Results returned by the {@link
+ * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}
+ * method for PKIX {@link CertPathValidator}s.
+ *
+ * @see CertPathValidator
+ */
+public class PKIXCertPathValidatorResult implements CertPathValidatorResult
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The trust anchor. */
+ private final TrustAnchor trustAnchor;
+
+ /** The root node of the policy tree. */
+ private final PolicyNode policyTree;
+
+ /** The subject's public key. */
+ private final PublicKey subjectPublicKey;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new PKIXCertPathValidatorResult.
+ *
+ * @param trustAnchor The trust anchor.
+ * @param policyTree The root node of the policy tree.
+ * @param subjectPublicKey The public key.
+ * @throws NullPointerException If either <i>trustAnchor</i> or
+ * <i>subjectPublicKey</i> is null.
+ */
+ public PKIXCertPathValidatorResult(TrustAnchor trustAnchor,
+ PolicyNode policyTree,
+ PublicKey subjectPublicKey)
+ {
+ if (trustAnchor == null || subjectPublicKey == null)
+ throw new NullPointerException();
+ this.trustAnchor = trustAnchor;
+ this.policyTree = policyTree;
+ this.subjectPublicKey = subjectPublicKey;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the trust anchor.
+ *
+ * @return The trust anchor.
+ */
+ public TrustAnchor getTrustAnchor()
+ {
+ return trustAnchor;
+ }
+
+ /**
+ * Returns the root node of the policy tree.
+ *
+ * @return The root node of the policy tree.
+ */
+ public PolicyNode getPolicyTree()
+ {
+ return policyTree;
+ }
+
+ /**
+ * Returns the subject public key.
+ *
+ * @return The subject public key.
+ */
+ public PublicKey getPublicKey()
+ {
+ return subjectPublicKey;
+ }
+
+ /**
+ * Returns a copy of this object.
+ *
+ * @return The copy.
+ */
+ public Object clone()
+ {
+ return new PKIXCertPathValidatorResult(trustAnchor, policyTree,
+ subjectPublicKey);
+ }
+
+ /**
+ * Returns a printable string representation of this result.
+ *
+ * @return A printable string representation of this result.
+ */
+ public String toString()
+ {
+ return "[ Trust Anchor=" + trustAnchor + "; Policy Tree="
+ + policyTree + "; Subject Public Key=" + subjectPublicKey + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PKIXParameters.java b/libjava/classpath/java/security/cert/PKIXParameters.java
new file mode 100644
index 000000000..bbb75571f
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PKIXParameters.java
@@ -0,0 +1,547 @@
+/* PKIXParameters.java -- parameters for the PKIX cert path algorithm
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Parameters for verifying certificate paths using the PKIX
+ * (Public-Key Infrastructure (X.509)) algorithm.
+ *
+ * @see CertPathBuilder
+ * @since 1.4
+ */
+public class PKIXParameters implements CertPathParameters
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The trusted certificates. */
+ private final Set trustAnchors;
+
+ /** The set of initial policy identifiers. */
+ private final Set initPolicies;
+
+ /** The list of certificate stores. */
+ private final List certStores;
+
+ /** The list of path checkers. */
+ private final List pathCheckers;
+
+ /** The revocation enabled flag. */
+ private boolean revocationEnabled;
+
+ /** The explicit policy required flag. */
+ private boolean exPolicyRequired;
+
+ /** The policy mapping inhibited flag. */
+ private boolean policyMappingInhibited;
+
+ /** The any policy inhibited flag. */
+ private boolean anyPolicyInhibited;
+
+ /** The policy qualifiers rejected flag. */
+ private boolean policyQualRejected;
+
+ /** The target validation date. */
+ private Date date;
+
+ /** The signature algorithm provider. */
+ private String sigProvider;
+
+ /** The target constraints. */
+ private CertSelector targetConstraints;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new PKIXParameters object, populating the trusted
+ * certificates set with all certificates found in the given key
+ * store. All certificates found in the key store are assumed to be
+ * trusted by this constructor.
+ *
+ * @param keystore The key store.
+ * @throws KeyStoreException If the certificates cannot be retrieved
+ * from the key store.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the key store.
+ * @throws NullPointerException If <i>keystore</i> is null.
+ */
+ public PKIXParameters(KeyStore keystore)
+ throws KeyStoreException, InvalidAlgorithmParameterException
+ {
+ this();
+ for (Enumeration e = keystore.aliases(); e.hasMoreElements(); )
+ {
+ String alias = (String) e.nextElement();
+ if (!keystore.isCertificateEntry(alias))
+ continue;
+ Certificate cert = keystore.getCertificate(alias);
+ if (cert instanceof X509Certificate)
+ trustAnchors.add(new TrustAnchor((X509Certificate) cert, null));
+ }
+ if (trustAnchors.isEmpty())
+ throw new InvalidAlgorithmParameterException("no certs in the key store");
+ }
+
+ /**
+ * Create a new PKIXParameters object, populating the trusted
+ * certificates set with the elements of the given set, each of which
+ * must be a {@link TrustAnchor}.
+ *
+ * @param trustAnchors The set of trust anchors.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the set.
+ * @throws NullPointerException If <i>trustAnchors</i> is null.
+ * @throws ClassCastException If every element in <i>trustAnchors</i>
+ * is not a {@link TrustAnchor}.
+ */
+ public PKIXParameters(Set<TrustAnchor> trustAnchors)
+ throws InvalidAlgorithmParameterException
+ {
+ this();
+ setTrustAnchors(trustAnchors);
+ }
+
+ /**
+ * Default constructor.
+ */
+ private PKIXParameters()
+ {
+ trustAnchors = new HashSet();
+ initPolicies = new HashSet();
+ certStores = new LinkedList();
+ pathCheckers = new LinkedList();
+ revocationEnabled = true;
+ exPolicyRequired = false;
+ policyMappingInhibited = false;
+ anyPolicyInhibited = false;
+ policyQualRejected = true;
+ }
+
+ /**
+ * Copying constructor for cloning.
+ *
+ * @param that The instance being cloned.
+ */
+ private PKIXParameters(PKIXParameters that)
+ {
+ this();
+ this.trustAnchors.addAll(that.trustAnchors);
+ this.initPolicies.addAll(that.initPolicies);
+ this.certStores.addAll(that.certStores);
+ this.pathCheckers.addAll(that.pathCheckers);
+ this.revocationEnabled = that.revocationEnabled;
+ this.exPolicyRequired = that.exPolicyRequired;
+ this.policyMappingInhibited = that.policyMappingInhibited;
+ this.anyPolicyInhibited = that.anyPolicyInhibited;
+ this.policyQualRejected = that.policyQualRejected;
+ this.date = that.date;
+ this.sigProvider = that.sigProvider;
+ this.targetConstraints = that.targetConstraints != null
+ ? (CertSelector) that.targetConstraints.clone() : null;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns an immutable set of trust anchors. The set returned will
+ * never be null and will never be empty.
+ *
+ * @return A (never null, never empty) immutable set of trust anchors.
+ */
+ public Set<TrustAnchor> getTrustAnchors()
+ {
+ return Collections.unmodifiableSet(trustAnchors);
+ }
+
+ /**
+ * Sets the trust anchors of this class, replacing the current trust
+ * anchors with those in the given set. The supplied set is copied to
+ * prevent modification.
+ *
+ * @param trustAnchors The new set of trust anchors.
+ * @throws InvalidAlgorithmParameterException If there are no
+ * certificates in the set.
+ * @throws NullPointerException If <i>trustAnchors</i> is null.
+ * @throws ClassCastException If every element in <i>trustAnchors</i>
+ * is not a {@link TrustAnchor}.
+ */
+ public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
+ throws InvalidAlgorithmParameterException
+ {
+ if (trustAnchors.isEmpty())
+ throw new InvalidAlgorithmParameterException("no trust anchors");
+ this.trustAnchors.clear();
+ for (Iterator i = trustAnchors.iterator(); i.hasNext(); )
+ {
+ this.trustAnchors.add((TrustAnchor) i.next());
+ }
+ }
+
+ /**
+ * Returns the set of initial policy identifiers (as OID strings). If
+ * any policy is accepted, this method returns the empty set.
+ *
+ * @return An immutable set of initial policy OID strings, or the
+ * empty set if any policy is acceptable.
+ */
+ public Set<String> getInitialPolicies()
+ {
+ return Collections.unmodifiableSet(initPolicies);
+ }
+
+ /**
+ * Sets the initial policy identifiers (as OID strings). If the
+ * argument is null or the empty set, then any policy identifier will
+ * be accepted.
+ *
+ * @param initPolicies The new set of policy strings, or null.
+ * @throws ClassCastException If any element in <i>initPolicies</i> is
+ * not a string.
+ */
+ public void setInitialPolicies(Set<String> initPolicies)
+ {
+ this.initPolicies.clear();
+ if (initPolicies == null)
+ return;
+ for (Iterator i = initPolicies.iterator(); i.hasNext(); )
+ {
+ this.initPolicies.add((String) i.next());
+ }
+ }
+
+ /**
+ * Add a {@link CertStore} to the list of cert stores.
+ *
+ * @param store The CertStore to add.
+ */
+ public void addCertStore(CertStore store)
+ {
+ if (store != null)
+ certStores.add(store);
+ }
+
+ /**
+ * Returns an immutable list of cert stores. This method never returns
+ * null.
+ *
+ * @return The list of cert stores.
+ */
+ public List<CertStore> getCertStores()
+ {
+ return Collections.unmodifiableList(certStores);
+ }
+
+ /**
+ * Set the cert stores. If the argument is null the list of cert
+ * stores will be empty.
+ *
+ * @param certStores The cert stores.
+ */
+ public void setCertStores(List<CertStore> certStores)
+ {
+ this.certStores.clear();
+ if (certStores == null)
+ return;
+ for (Iterator i = certStores.iterator(); i.hasNext(); )
+ {
+ this.certStores.add((CertStore) i.next());
+ }
+ }
+
+ /**
+ * Returns the value of the <i>revocation enabled</i> flag. The default
+ * value for this flag is <code>true</code>.
+ *
+ * @return The <i>revocation enabled</i> flag.
+ */
+ public boolean isRevocationEnabled()
+ {
+ return revocationEnabled;
+ }
+
+ /**
+ * Sets the value of the <i>revocation enabled</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setRevocationEnabled(boolean value)
+ {
+ revocationEnabled = value;
+ }
+
+ /**
+ * Returns the value of the <i>explicit policy required</i> flag. The
+ * default value of this flag is <code>false</code>.
+ *
+ * @return The <i>explicit policy required</i> flag.
+ */
+ public boolean isExplicitPolicyRequired()
+ {
+ return exPolicyRequired;
+ }
+
+ /**
+ * Sets the value of the <i>explicit policy required</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setExplicitPolicyRequired(boolean value)
+ {
+ exPolicyRequired = value;
+ }
+
+ /**
+ * Returns the value of the <i>policy mapping inhibited</i> flag. The
+ * default value of this flag is <code>false</code>.
+ *
+ * @return The <i>policy mapping inhibited</i> flag.
+ */
+ public boolean isPolicyMappingInhibited()
+ {
+ return policyMappingInhibited;
+ }
+
+ /**
+ * Sets the value of the <i>policy mapping inhibited</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setPolicyMappingInhibited(boolean value)
+ {
+ policyMappingInhibited = value;
+ }
+
+ /**
+ * Returns the value of the <i>any policy inhibited</i> flag. The
+ * default value of this flag is <code>false</code>.
+ *
+ * @return The <i>any policy inhibited</i> flag.
+ */
+ public boolean isAnyPolicyInhibited()
+ {
+ return anyPolicyInhibited;
+ }
+
+ /**
+ * Sets the value of the <i>any policy inhibited</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setAnyPolicyInhibited(boolean value)
+ {
+ anyPolicyInhibited = value;
+ }
+
+ /**
+ * Returns the value of the <i>policy qualifiers enabled</i> flag. The
+ * default value of this flag is <code>true</code>.
+ *
+ * @return The <i>policy qualifiers enabled</i> flag.
+ */
+ public boolean getPolicyQualifiersRejected()
+ {
+ return policyQualRejected;
+ }
+
+ /**
+ * Sets the value of the <i>policy qualifiers enabled</i> flag.
+ *
+ * @param value The new value.
+ */
+ public void setPolicyQualifiersRejected(boolean value)
+ {
+ policyQualRejected = value;
+ }
+
+ /**
+ * Returns the date for which the certificate path should be
+ * validated, or null if the current time should be used. The date
+ * object is copied to prevent subsequent modification.
+ *
+ * @return The date, or null if not set.
+ */
+ public Date getDate()
+ {
+ return date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Sets the date for which the certificate path should be validated,
+ * or null if the current time should be used.
+ *
+ * @param date The new date, or null.
+ */
+ public void setDate(Date date)
+ {
+ if (date != null)
+ this.date = (Date) date.clone();
+ else
+ this.date = null;
+ }
+
+ /**
+ * Add a certificate path checker.
+ *
+ * @param checker The certificate path checker to add.
+ */
+ public void addCertPathChecker(PKIXCertPathChecker checker)
+ {
+ if (checker != null)
+ pathCheckers.add(checker);
+ }
+
+ /**
+ * Returns an immutable list of all certificate path checkers.
+ *
+ * @return An immutable list of all certificate path checkers.
+ */
+ public List<PKIXCertPathChecker> getCertPathCheckers()
+ {
+ return Collections.unmodifiableList(pathCheckers);
+ }
+
+ /**
+ * Sets the certificate path checkers. If the argument is null, the
+ * list of checkers will merely be cleared.
+ *
+ * @param pathCheckers The new list of certificate path checkers.
+ * @throws ClassCastException If any element of <i>pathCheckers</i> is
+ * not a {@link PKIXCertPathChecker}.
+ */
+ public void setCertPathCheckers(List<PKIXCertPathChecker> pathCheckers)
+ {
+ this.pathCheckers.clear();
+ if (pathCheckers == null)
+ return;
+ for (Iterator i = pathCheckers.iterator(); i.hasNext(); )
+ {
+ this.pathCheckers.add((PKIXCertPathChecker) i.next());
+ }
+ }
+
+ /**
+ * Returns the signature algorithm provider, or null if not set.
+ *
+ * @return The signature algorithm provider, or null if not set.
+ */
+ public String getSigProvider()
+ {
+ return sigProvider;
+ }
+
+ /**
+ * Sets the signature algorithm provider, or null if there is no
+ * preferred provider.
+ *
+ * @param sigProvider The signature provider name.
+ */
+ public void setSigProvider(String sigProvider)
+ {
+ this.sigProvider = sigProvider;
+ }
+
+ /**
+ * Returns the constraints placed on the target certificate, or null
+ * if there are none. The target constraints are copied to prevent
+ * subsequent modification.
+ *
+ * @return The target constraints, or null.
+ */
+ public CertSelector getTargetCertConstraints()
+ {
+ return targetConstraints != null
+ ? (CertSelector) targetConstraints.clone() : null;
+ }
+
+ /**
+ * Sets the constraints placed on the target certificate.
+ *
+ * @param targetConstraints The target constraints.
+ */
+ public void setTargetCertConstraints(CertSelector targetConstraints)
+ {
+ this.targetConstraints = targetConstraints != null
+ ? (CertSelector) targetConstraints.clone() : null;
+ }
+
+ /**
+ * Returns a copy of these parameters.
+ *
+ * @return The copy.
+ */
+ public Object clone()
+ {
+ return new PKIXParameters(this);
+ }
+
+ /**
+ * Returns a printable representation of these parameters.
+ *
+ * @return A printable representation of these parameters.
+ */
+ public String toString() {
+ return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs="
+ + (initPolicies != null ? initPolicies.toString() : "any")
+ + "; Validity Date=" + date + "; Signature Provider="
+ + sigProvider + "; Default Revocation Enabled=" + revocationEnabled
+ + "; Explicit Policy Required=" + exPolicyRequired
+ + "; Policy Mapping Inhibited=" + policyMappingInhibited
+ + "; Any Policy Inhibited=" + anyPolicyInhibited
+ + "; Policy Qualifiers Rejected=" + policyQualRejected
+ + "; Target Cert Contstraints=" + targetConstraints
+ + "; Certification Path Checkers=" + pathCheckers
+ + "; CertStores=" + certStores + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/PolicyNode.java b/libjava/classpath/java/security/cert/PolicyNode.java
new file mode 100644
index 000000000..5da78c188
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PolicyNode.java
@@ -0,0 +1,108 @@
+/* PolicyNode.java -- a single node in a policy tree
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * @since 1.4
+ */
+public interface PolicyNode
+{
+
+ /**
+ * Get the iterator of the child nodes of this node. The returned
+ * iterator is (naturally) unmodifiable.
+ *
+ * @return An iterator over the child nodes.
+ */
+ Iterator<? extends PolicyNode> getChildren();
+
+ /**
+ * Get the depth of this node within the tree, starting at 0 for the
+ * root node.
+ *
+ * @return The depth of this node.
+ */
+ int getDepth();
+
+ /**
+ * Returns a set of policies (string OIDs) that will satisfy this
+ * node's policy. The root node should always return the singleton set
+ * with the element "any-policy".
+ *
+ * @return The set of expected policies.
+ */
+ Set<String> getExpectedPolicies();
+
+ /**
+ * Returns the parent node of this node, or null if this is the root
+ * node.
+ *
+ * @return The parent node, or null.
+ */
+ PolicyNode getParent();
+
+ /**
+ * Returns a set of {@link PolicyQualifierInfo} objects that qualify
+ * the valid policy of this node. The root node should always return
+ * the empty set.
+ *
+ * @return The set of {@link PolicyQualifierInfo} objects.
+ */
+ Set<? extends PolicyQualifierInfo> getPolicyQualifiers();
+
+ /**
+ * Get the policy OID this node represents. The root node should return
+ * the special value "any-policy".
+ *
+ * @return The policy of this node.
+ */
+ String getValidPolicy();
+
+ /**
+ * Return the criticality flag of this policy node. Nodes who return
+ * true for this method should be considered critical. The root node
+ * is never critical.
+ *
+ * @return The criticality flag.
+ */
+ boolean isCritical();
+}
diff --git a/libjava/classpath/java/security/cert/PolicyQualifierInfo.java b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java
new file mode 100644
index 000000000..b53faa935
--- /dev/null
+++ b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java
@@ -0,0 +1,169 @@
+/* PolicyQualifierInfo.java -- policy qualifier info object.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.io.ASN1ParsingException;
+import gnu.java.security.OID;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+/**
+ * The PolicyQualifierInfo X.509 certificate extension.
+ * PolicyQualifierInfo objects are represented by the ASN.1 structure:
+ *
+ * <pre>
+ * PolicyQualifierInfo ::= SEQUENCE {
+ * policyQualifierId PolicyQualifierId,
+ * qualifier ANY DEFINED BY policyQualifierId
+ * }
+ *
+ * PolicyQualifierId ::= OBJECT IDENTIFIER
+ * </pre>
+ *
+ * @since 1.4
+ * @specnote this class was final in 1.4, but beginning with 1.5 is not
+ */
+public class PolicyQualifierInfo
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The <code>policyQualifierId</code> field. */
+ private OID oid;
+
+ /** The DER encoded form of this object. */
+ private byte[] encoded;
+
+ /** The DER encoded form of the <code>qualifier</code> field. */
+ private DERValue qualifier;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new PolicyQualifierInfo object from the DER encoded form
+ * passed in the byte array. The argument is copied.
+ *
+ * <p>The ASN.1 form of PolicyQualifierInfo is:
+<pre>
+PolicyQualifierInfo ::= SEQUENCE {
+ policyQualifierId PolicyQualifierId,
+ qualifier ANY DEFINED BY policyQualifierId
+}
+
+PolicyQualifierId ::= OBJECT IDENTIFIER
+</pre>
+ *
+ * @param encoded The DER encoded form.
+ * @throws IOException If the structure cannot be parsed from the
+ * encoded bytes.
+ */
+ public PolicyQualifierInfo(byte[] encoded) throws IOException
+ {
+ if (encoded == null)
+ throw new IOException("null bytes");
+ this.encoded = (byte[]) encoded.clone();
+ DERReader in = new DERReader(new ByteArrayInputStream(this.encoded));
+ DERValue qualInfo = in.read();
+ if (!qualInfo.isConstructed())
+ throw new ASN1ParsingException("malformed PolicyQualifierInfo");
+ DERValue val = in.read();
+ if (!(val.getValue() instanceof OID))
+ throw new ASN1ParsingException("value read not an OBJECT IDENTIFIER");
+ oid = (OID) val.getValue();
+ if (val.getEncodedLength() < val.getLength())
+ qualifier = in.read();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the <code>policyQualifierId</code> field of this structure,
+ * as a dotted-decimal representation of the object identifier.
+ *
+ * @return This structure's OID field.
+ */
+ public final String getPolicyQualifierId()
+ {
+ return oid.toString();
+ }
+
+ /**
+ * Returns the DER encoded form of this object; the contents of the
+ * returned byte array are equivalent to those that were passed to the
+ * constructor. The byte array is cloned every time this method is
+ * called.
+ *
+ * @return The encoded form.
+ */
+ public final byte[] getEncoded()
+ {
+ return (byte[]) encoded.clone();
+ }
+
+ /**
+ * Get the <code>qualifier</code> field of this object, as a DER
+ * encoded byte array. The byte array returned is cloned every time
+ * this method is called.
+ *
+ * @return The encoded qualifier.
+ */
+ public final byte[] getPolicyQualifier()
+ {
+ if (qualifier == null)
+ return new byte[0];
+ return qualifier.getEncoded();
+ }
+
+ /**
+ * Returns a printable string representation of this object.
+ *
+ * @return The string representation.
+ */
+ public String toString()
+ {
+ return "PolicyQualifierInfo { policyQualifierId ::= " + oid
+ + ", qualifier ::= " + qualifier + " }";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/TrustAnchor.java b/libjava/classpath/java/security/cert/TrustAnchor.java
new file mode 100644
index 000000000..2110ed518
--- /dev/null
+++ b/libjava/classpath/java/security/cert/TrustAnchor.java
@@ -0,0 +1,185 @@
+/* TrustAnchor.java -- an ultimately-trusted certificate.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.java.security.x509.X500DistinguishedName;
+
+import java.security.PublicKey;
+
+/**
+ * An ultimately-trusted certificate to serve as the root of a
+ * certificate chain.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class TrustAnchor
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The certificate authority's distinguished name. */
+ private final X500DistinguishedName caName;
+
+ /** The certficate authority's public key. */
+ private final PublicKey caKey;
+
+ /** The certficate authority's certificate. */
+ private final X509Certificate trustedCert;
+
+ /** The encoded name constraints bytes. */
+ private final byte[] nameConstraints;
+
+ // Constnuctors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new trust anchor from a certificate and (optional) name
+ * constraints.
+ *
+ * <p>If the <i>nameConstraints</i> argument in non-null, it will be
+ * copied to prevent modification.
+ *
+ * @param trustedCert The trusted certificate.
+ * @param nameConstraints The encoded nameConstraints.
+ */
+ public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints)
+ {
+ if (trustedCert == null)
+ throw new NullPointerException();
+ this.trustedCert = trustedCert;
+ caName = null;
+ caKey = null;
+ if (nameConstraints != null)
+ this.nameConstraints = (byte[]) nameConstraints.clone();
+ else
+ this.nameConstraints = null;
+ }
+
+ /**
+ * Create a new trust anchor from a certificate authority's
+ * distinguished name, public key, and (optional) name constraints.
+ *
+ * <p>If the <i>nameConstraints</i> argument in non-null, it will be
+ * copied to prevent modification.
+ *
+ * @params caName The CA's distinguished name.
+ * @params caKey The CA's public key.
+ * @params nameConstraints The encoded nameConstraints.
+ */
+ public TrustAnchor(String caName, PublicKey caKey, byte[] nameConstraints)
+ {
+ if (caName == null || caKey == null)
+ throw new NullPointerException();
+ if (caName.length() == 0)
+ throw new IllegalArgumentException();
+ trustedCert = null;
+ this.caName = new X500DistinguishedName(caName);
+ this.caKey = caKey;
+ if (nameConstraints != null)
+ this.nameConstraints = (byte[]) nameConstraints.clone();
+ else
+ this.nameConstraints = null;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the trusted certificate, or null if none was specified.
+ *
+ * @return The trusted certificate.
+ */
+ public final X509Certificate getTrustedCert()
+ {
+ return trustedCert;
+ }
+
+ /**
+ * Return the certificate authority's distinguished name, or null if
+ * none was specified.
+ *
+ * @return The CA's distinguished name.
+ */
+ public final String getCAName()
+ {
+ if (caName != null)
+ return caName.toString();
+ return null;
+ }
+
+ /**
+ * Return the certificate authority's public key, or null if none was
+ * specified.
+ *
+ * @return The CA's public key.
+ */
+ public final PublicKey getCAPublicKey()
+ {
+ return caKey;
+ }
+
+ /**
+ * Return the encoded name constraints, or null if none was specified.
+ *
+ * <p>The name constraints byte array is copied when this method is
+ * called to prevent modification.
+ *
+ * @return The encoded name constraints.
+ */
+ public final byte[] getNameConstraints()
+ {
+ if (nameConstraints == null)
+ return null;
+ return (byte[]) nameConstraints.clone();
+ }
+
+ /**
+ * Return a printable representation of this trust anchor.
+ *
+ * @return The printable representation.
+ */
+ public String toString()
+ {
+ if (trustedCert == null)
+ return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name="
+ + caName.toString() + " ]";
+ return "[ Trusted CA Certificate=" + trustedCert + " ]";
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509CRL.java b/libjava/classpath/java/security/cert/X509CRL.java
new file mode 100644
index 000000000..895ba33e7
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CRL.java
@@ -0,0 +1,397 @@
+/* X509CRL.java --- X.509 Certificate Revocation List
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.util.Date;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ The X509CRL class is the abstract class used to manage
+ X.509 Certificate Revocation Lists. The CRL is a list of
+ time stamped entries which indicate which lists have been
+ revoked. The list is signed by a Certificate Authority (CA)
+ and made publically available in a repository.
+
+ Each revoked certificate in the CRL is identified by its
+ certificate serial number. When a piece of code uses a
+ certificate, the certificates validity is checked by
+ validating its signature and determing that it is not
+ only a recently acquired CRL. The recently aquired CRL
+ is depends on the local policy in affect. The CA issues
+ a new CRL periodically and entries are removed as the
+ certificate expiration date is reached
+
+
+ A description of the X.509 v2 CRL follows below from rfc2459.
+
+ "The X.509 v2 CRL syntax is as follows. For signature calculation,
+ the data that is to be signed is ASN.1 DER encoded. ASN.1 DER
+ encoding is a tag, length, value encoding system for each element.
+
+ CertificateList ::= SEQUENCE {
+ tbsCertList TBSCertList,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING }
+
+ TBSCertList ::= SEQUENCE {
+ version Version OPTIONAL,
+ -- if present, shall be v2
+ signature AlgorithmIdentifier,
+ issuer Name,
+ thisUpdate Time,
+ nextUpdate Time OPTIONAL,
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, shall be v2
+ } OPTIONAL,
+ crlExtensions [0] EXPLICIT Extensions OPTIONAL
+ -- if present, shall be v2
+ }"
+
+ @author Mark Benvenuto
+
+ @since 1.2
+*/
+public abstract class X509CRL extends CRL implements X509Extension
+{
+
+ /**
+ Constructs a new X509CRL.
+ */
+ protected X509CRL()
+ {
+ super("X.509");
+ }
+
+ /**
+ Compares this X509CRL to other. It checks if the
+ object if instanceOf X509CRL and then checks if
+ the encoded form matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+ */
+ public boolean equals(Object other)
+ {
+ if( other instanceof X509CRL ) {
+ try {
+ X509CRL x = (X509CRL) other;
+ if( getEncoded().length != x.getEncoded().length )
+ return false;
+
+ byte[] b1 = getEncoded();
+ byte[] b2 = x.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CRLException crle ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ Returns a hash code for this X509CRL in its encoded
+ form.
+
+ @return A hash code of this class
+ */
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ /**
+ Gets the DER ASN.1 encoded format for this X.509 CRL.
+
+ @return byte array containg encoded form
+
+ @throws CRLException if an error occurs
+ */
+ public abstract byte[] getEncoded() throws CRLException;
+
+ /**
+ Verifies that this CRL was properly signed with the
+ PublicKey that corresponds to its private key.
+
+ @param key PublicKey to verify with
+
+ @throws CRLException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException no provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key)
+ throws CRLException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Verifies that this CRL was properly signed with the
+ PublicKey that corresponds to its private key and uses
+ the signature engine provided by the provider.
+
+ @param key PublicKey to verify with
+ @param sigProvider Provider to use for signature algorithm
+
+ @throws CRLException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException incorrect provider
+ @throws SignatureException signature error
+ */
+ public abstract void verify(PublicKey key,
+ String sigProvider)
+ throws CRLException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+ /**
+ Gets the version of this CRL.
+
+ The ASN.1 encoding is:
+
+ version Version OPTIONAL,
+ -- if present, shall be v2
+
+ Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+ Consult rfc2459 for more information.
+
+ @return the version number, Ex: 1 or 2
+ */
+ public abstract int getVersion();
+
+ /**
+ Returns the issuer (issuer distinguished name) of the CRL.
+ The issuer is the entity who signed and issued the
+ Certificate Revocation List.
+
+ The ASN.1 DER encoding is:
+
+ issuer Name,
+
+ Name ::= CHOICE {
+ RDNSequence }
+
+ RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+ RelativeDistinguishedName ::=
+ SET OF AttributeTypeAndValue
+
+ AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+ AttributeType ::= OBJECT IDENTIFIER
+
+ AttributeValue ::= ANY DEFINED BY AttributeType
+
+ DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1.. MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+ */
+ public abstract Principal getIssuerDN();
+
+ /**
+ Returns the thisUpdate date of the CRL.
+
+ The ASN.1 DER encoding is:
+
+ thisUpdate Time,
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the thisUpdate date
+ */
+ public abstract Date getThisUpdate();
+
+ /*
+ Gets the nextUpdate field
+
+ The ASN.1 DER encoding is:
+
+ nextUpdate Time OPTIONAL,
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the nextUpdate date
+ */
+ public abstract Date getNextUpdate();
+
+ /**
+ Gets the requeste dX509Entry for the specified
+ certificate serial number.
+
+ @return a X509CRLEntry representing the X.509 CRL entry
+ */
+ public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
+
+ /**
+ Returns a Set of revoked certificates.
+
+ @return a set of revoked certificates.
+ */
+ public abstract Set<? extends X509CRLEntry> getRevokedCertificates();
+
+ /**
+ Returns the DER ASN.1 encoded tbsCertList which is
+ the basic information of the list and associated certificates
+ in the encoded state. See top for more information.
+
+ The ASN.1 DER encoding is:
+
+ tbsCertList TBSCertList,
+
+ Consult rfc2459 for more information.
+
+ @return byte array representing tbsCertList
+ */
+ public abstract byte[] getTBSCertList() throws CRLException;
+
+
+ /**
+ Returns the signature for the CRL.
+
+ The ASN.1 DER encoding is:
+
+ signatureValue BIT STRING
+
+ Consult rfc2459 for more information.
+ */
+ public abstract byte[] getSignature();
+
+ /**
+ Returns the signature algorithm used to sign the CRL.
+ An examples is "SHA-1/DSA".
+
+ The ASN.1 DER encoding is:
+
+ signatureAlgorithm AlgorithmIdentifier,
+
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ The algorithm name is determined from the OID.
+
+ @return a string with the signature algorithm name
+ */
+ public abstract String getSigAlgName();
+
+ /**
+ Returns the OID for the signature algorithm used.
+ Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+ The ASN.1 DER encoding for the example is:
+
+ id-dsa-with-sha1 ID ::= {
+ iso(1) member-body(2) us(840) x9-57 (10040)
+ x9cm(4) 3 }
+
+ Consult rfc2459 for more information.
+
+ @return a string containing the OID.
+ */
+ public abstract String getSigAlgOID();
+
+ /**
+ Returns the AlgorithmParameters in the encoded form
+ for the signature algorithm used.
+
+ If access to the parameters is need, create an
+ instance of AlgorithmParameters.
+
+ @return byte array containing algorithm parameters, null
+ if no parameters are present in CRL
+ */
+ public abstract byte[] getSigAlgParams();
+
+ // 1.4 instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the X.500 distinguished name of this CRL's issuer.
+ *
+ * @return The issuer's X.500 distinguished name.
+ * @since JDK 1.4
+ */
+ public X500Principal getIssuerX500Principal()
+ {
+ throw new UnsupportedOperationException();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509CRLEntry.java b/libjava/classpath/java/security/cert/X509CRLEntry.java
new file mode 100644
index 000000000..ac5ef4714
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CRLEntry.java
@@ -0,0 +1,169 @@
+/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.math.BigInteger;
+import java.util.Date;
+
+/**
+ Abstract class for entries in the CRL (Certificate Revocation
+ List). The ASN.1 definition for <I>revokedCertificates</I> is
+
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, shall be v2
+ } OPTIONAL,
+
+ CertificateSerialNumber ::= INTEGER
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+ Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING }
+
+ For more information consult rfc2459.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class X509CRLEntry implements X509Extension
+{
+
+ /**
+ Creates a new X509CRLEntry
+ */
+ public X509CRLEntry()
+ {}
+
+ /**
+ Compares this X509CRLEntry to other. It checks if the
+ object if instanceOf X509CRLEntry and then checks if
+ the encoded form( the inner SEQUENCE) matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+ */
+ public boolean equals(Object other)
+ {
+ if( other instanceof X509CRLEntry ) {
+ try {
+ X509CRLEntry xe = (X509CRLEntry) other;
+ if( getEncoded().length != xe.getEncoded().length )
+ return false;
+
+ byte[] b1 = getEncoded();
+ byte[] b2 = xe.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CRLException crle ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ Returns a hash code for this X509CRLEntry in its encoded
+ form.
+
+ @return A hash code of this class
+ */
+ public int hashCode()
+ {
+ return super.hashCode();
+ }
+
+ /**
+ Gets the DER ASN.1 encoded format for this CRL Entry,
+ the inner SEQUENCE.
+
+ @return byte array containg encoded form
+
+ @throws CRLException if an error occurs
+ */
+ public abstract byte[] getEncoded() throws CRLException;
+
+ /**
+ Gets the serial number for <I>userCertificate</I> in
+ this X509CRLEntry.
+
+ @return the serial number for this X509CRLEntry.
+ */
+ public abstract BigInteger getSerialNumber();
+
+
+ /**
+ Gets the revocation date in <I>revocationDate</I> for
+ this X509CRLEntry.
+
+ @return the revocation date for this X509CRLEntry.
+ */
+ public abstract Date getRevocationDate();
+
+
+ /**
+ Checks if this X509CRLEntry has extensions.
+
+ @return true if it has extensions, false otherwise
+ */
+ public abstract boolean hasExtensions();
+
+
+ /**
+ Returns a string that represents this X509CRLEntry.
+
+ @return a string representing this X509CRLEntry.
+ */
+ public abstract String toString();
+
+}
diff --git a/libjava/classpath/java/security/cert/X509CRLSelector.java b/libjava/classpath/java/security/cert/X509CRLSelector.java
new file mode 100644
index 000000000..d412a1ae3
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CRLSelector.java
@@ -0,0 +1,442 @@
+/* X509CRLSelector.java -- selects X.509 CRLs by criteria.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.classpath.SystemProperties;
+import gnu.java.lang.CPStringBuilder;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * A class for matching X.509 certificate revocation lists by criteria.
+ *
+ * <p>Use of this class requires extensive knowledge of the Internet
+ * Engineering Task Force's Public Key Infrastructure (X.509). The primary
+ * document describing this standard is <a
+ * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * Public Key Infrastructure Certificate and Certificate Revocation List
+ * (CRL) Profile</a>.
+ *
+ * <p>Note that this class is not thread-safe. If multiple threads will
+ * use or modify this class then they need to synchronize on the object.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class X509CRLSelector implements CRLSelector, Cloneable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static final String CRL_NUMBER_ID = "2.5.29.20";
+
+ private List issuerNames;
+ private BigInteger maxCrlNumber;
+ private BigInteger minCrlNumber;
+ private Date date;
+ private X509Certificate cert;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new CRL selector with no criteria enabled; i.e., every CRL
+ * will be matched.
+ */
+ public X509CRLSelector()
+ {
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Add an issuer name to the set of issuer names criteria, as the DER
+ * encoded form.
+ *
+ * @param name The name to add, as DER bytes.
+ * @throws IOException If the argument is not a valid DER-encoding.
+ */
+ public void addIssuerName(byte[] name) throws IOException
+ {
+ X500Principal p = null;
+ try
+ {
+ p = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ if (issuerNames == null)
+ issuerNames = new LinkedList();
+ issuerNames.add(p);
+ }
+
+ /**
+ * Add an issuer name to the set of issuer names criteria, as a
+ * String representation.
+ *
+ * @param name The name to add.
+ * @throws IOException If the argument is not a valid name.
+ */
+ public void addIssuerName(String name) throws IOException
+ {
+ X500Principal p = null;
+ try
+ {
+ p = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name: " + name);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ if (issuerNames == null)
+ issuerNames = new LinkedList();
+ issuerNames.add(p);
+ }
+
+ /**
+ * Sets the issuer names criterion. Pass <code>null</code> to clear this
+ * value. CRLs matched by this selector must have an issuer name in this
+ * set.
+ *
+ * @param names The issuer names.
+ * @throws IOException If any of the elements in the collection is not
+ * a valid name.
+ */
+ public void setIssuerNames(Collection<?> names) throws IOException
+ {
+ if (names == null)
+ {
+ issuerNames = null;
+ return;
+ }
+ List l = new ArrayList(names.size());
+ for (Iterator it = names.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o instanceof X500Principal)
+ l.add(o);
+ else if (o instanceof String)
+ {
+ try
+ {
+ l.add(new X500Principal((String) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name: " + o);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else if (o instanceof byte[])
+ {
+ try
+ {
+ l.add(new X500Principal((byte[]) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else if (o instanceof InputStream)
+ {
+ try
+ {
+ l.add(new X500Principal((InputStream) o));
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed name");
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else
+ throw new IOException("not a valid name: " +
+ (o != null ? o.getClass().getName() : "null"));
+
+ }
+ issuerNames = l;
+ }
+
+ /**
+ * Returns the set of issuer names that are matched by this selector,
+ * or <code>null</code> if this criteria is not set. The returned
+ * collection is not modifiable.
+ *
+ * @return The set of issuer names.
+ */
+ public Collection<Object> getIssuerNames()
+ {
+ if (issuerNames != null)
+ return Collections.unmodifiableList(issuerNames);
+ else
+ return null;
+ }
+
+ /**
+ * Returns the maximum value of the CRLNumber extension present in
+ * CRLs matched by this selector, or <code>null</code> if this
+ * criteria is not set.
+ *
+ * @return The maximum CRL number.
+ */
+ public BigInteger getMaxCRL()
+ {
+ return maxCrlNumber;
+ }
+
+ /**
+ * Returns the minimum value of the CRLNumber extension present in
+ * CRLs matched by this selector, or <code>null</code> if this
+ * criteria is not set.
+ *
+ * @return The minimum CRL number.
+ */
+ public BigInteger getMinCRL()
+ {
+ return minCrlNumber;
+ }
+
+ /**
+ * Sets the maximum value of the CRLNumber extension present in CRLs
+ * matched by this selector. Specify <code>null</code> to clear this
+ * criterion.
+ *
+ * @param maxCrlNumber The maximum CRL number.
+ */
+ public void setMaxCRLNumber(BigInteger maxCrlNumber)
+ {
+ this.maxCrlNumber = maxCrlNumber;
+ }
+
+ /**
+ * Sets the minimum value of the CRLNumber extension present in CRLs
+ * matched by this selector. Specify <code>null</code> to clear this
+ * criterion.
+ *
+ * @param minCrlNumber The minimum CRL number.
+ */
+ public void setMinCRLNumber(BigInteger minCrlNumber)
+ {
+ this.minCrlNumber = minCrlNumber;
+ }
+
+ /**
+ * Returns the date when this CRL must be valid; that is, the date
+ * must be after the thisUpdate date, but before the nextUpdate date.
+ * Returns <code>null</code> if this criterion is not set.
+ *
+ * @return The date.
+ */
+ public Date getDateAndTime()
+ {
+ return date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Sets the date at which this CRL must be valid. Specify
+ * <code>null</code> to clear this criterion.
+ *
+ * @param date The date.
+ */
+ public void setDateAndTime(Date date)
+ {
+ this.date = date != null ? (Date) date.clone() : null;
+ }
+
+ /**
+ * Returns the certificate being checked, or <code>null</code> if this
+ * value is not set.
+ *
+ * @return The certificate.
+ */
+ public X509Certificate getCertificateChecking()
+ {
+ return cert;
+ }
+
+ /**
+ * Sets the certificate being checked. This is not a criterion, but
+ * info used by certificate store implementations to aid in searching.
+ *
+ * @param cert The certificate.
+ */
+ public void setCertificateChecking(X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ /**
+ * Returns a string representation of this selector. The string will
+ * only describe the enabled criteria, so if none are enabled this will
+ * return a string that contains little else besides the class name.
+ *
+ * @return The string.
+ */
+ public String toString()
+ {
+ CPStringBuilder str = new CPStringBuilder(X509CRLSelector.class.getName());
+ String nl = SystemProperties.getProperty("line.separator");
+ String eol = ";" + nl;
+
+ str.append(" {").append(nl);
+ if (issuerNames != null)
+ str.append(" issuer names = ").append(issuerNames).append(eol);
+ if (maxCrlNumber != null)
+ str.append(" max CRL = ").append(maxCrlNumber).append(eol);
+ if (minCrlNumber != null)
+ str.append(" min CRL = ").append(minCrlNumber).append(eol);
+ if (date != null)
+ str.append(" date = ").append(date).append(eol);
+ if (cert != null)
+ str.append(" certificate = ").append(cert).append(eol);
+ str.append("}").append(nl);
+ return str.toString();
+ }
+
+ /**
+ * Checks a CRL against the criteria of this selector, returning
+ * <code>true</code> if the given CRL matches all the criteria.
+ *
+ * @param _crl The CRL being checked.
+ * @return True if the CRL matches, false otherwise.
+ */
+ public boolean match(CRL _crl)
+ {
+ if (!(_crl instanceof X509CRL))
+ return false;
+ X509CRL crl = (X509CRL) _crl;
+ if (issuerNames != null)
+ {
+ if (!issuerNames.contains(crl.getIssuerX500Principal()))
+ return false;
+ }
+ BigInteger crlNumber = null;
+ if (maxCrlNumber != null)
+ {
+ byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+ if (b == null)
+ return false;
+ try
+ {
+ DERValue val = DERReader.read(b);
+ if (!(val.getValue() instanceof BigInteger))
+ return false;
+ crlNumber = (BigInteger) val.getValue();
+ }
+ catch (IOException ioe)
+ {
+ return false;
+ }
+ if (maxCrlNumber.compareTo(crlNumber) < 0)
+ return false;
+ }
+ if (minCrlNumber != null)
+ {
+ if (crlNumber == null)
+ {
+ byte[] b = crl.getExtensionValue(CRL_NUMBER_ID);
+ if (b == null)
+ return false;
+ try
+ {
+ DERValue val = DERReader.read(b);
+ if (!(val.getValue() instanceof BigInteger))
+ return false;
+ crlNumber = (BigInteger) val.getValue();
+ }
+ catch (IOException ioe)
+ {
+ return false;
+ }
+ }
+ if (minCrlNumber.compareTo(crlNumber) > 0)
+ return false;
+ }
+ if (date != null)
+ {
+ if (date.compareTo(crl.getThisUpdate()) < 0 ||
+ date.compareTo(crl.getNextUpdate()) > 0)
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a copy of this object.
+ *
+ * @return The copy.
+ */
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException shouldNotHappen)
+ {
+ throw new Error(shouldNotHappen);
+ }
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509CertSelector.java b/libjava/classpath/java/security/cert/X509CertSelector.java
new file mode 100644
index 000000000..8c1230afb
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CertSelector.java
@@ -0,0 +1,1319 @@
+/* X509CertSelector.java -- selects X.509 certificates by criteria.
+ Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import gnu.classpath.SystemProperties;
+import gnu.java.lang.CPStringBuilder;
+import gnu.java.security.OID;
+import gnu.java.security.x509.GnuPKIExtension;
+import gnu.java.security.x509.ext.CertificatePolicies;
+import gnu.java.security.x509.ext.Extension;
+import gnu.java.security.x509.ext.GeneralName;
+import gnu.java.security.x509.ext.GeneralSubtree;
+import gnu.java.security.x509.ext.NameConstraints;
+import gnu.java.security.x509.ext.GeneralName.Kind;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.InetAddress;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * A concrete implementation of {@link CertSelector} for X.509 certificates,
+ * which allows a number of criteria to be set when accepting certificates,
+ * from validity dates, to issuer and subject distinguished names, to some
+ * of the various X.509 extensions.
+ *
+ * <p>Use of this class requires extensive knowledge of the Internet
+ * Engineering Task Force's Public Key Infrastructure (X.509). The primary
+ * document describing this standard is <a
+ * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * Public Key Infrastructure Certificate and Certificate Revocation List
+ * (CRL) Profile</a>.
+ *
+ * <p>Note that this class is not thread-safe. If multiple threads will
+ * use or modify this class then they need to synchronize on the object.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class X509CertSelector implements CertSelector, Cloneable
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ private static final String AUTH_KEY_ID = "2.5.29.35";
+ private static final String SUBJECT_KEY_ID = "2.5.29.14";
+ private static final String NAME_CONSTRAINTS_ID = "2.5.29.30";
+
+ private static boolean checkOid(int[] oid)
+ {
+ return (oid != null && oid.length > 2 &&
+ (oid[0] >= 0 && oid[0] <= 2) && (oid[1] >= 0 && oid[1] <= 39));
+ }
+
+ private static GeneralName makeName(int id, String name) throws IOException
+ {
+ byte[] nameBytes = null;
+ GeneralName.Kind kind = GeneralName.Kind.forTag(id);
+ switch (Kind.forTag(id))
+ {
+ case dNSName:
+ case rfc822Name:
+ case uniformResourceIdentifier:
+ nameBytes = name.getBytes("ASCII");
+ break;
+
+ case iPAddress:
+ InetAddress addr = InetAddress.getByName(name);
+ nameBytes = addr.getAddress();
+ break;
+
+ case registeredId:
+ OID oid = new OID(name);
+ nameBytes = oid.getDER();
+ break;
+
+ case directoryName:
+ X500Principal xname = new X500Principal(name);
+ nameBytes = xname.getEncoded();
+ break;
+
+ case ediPartyName:
+ case x400Address:
+ case otherName:
+ throw new IOException("cannot decode string representation of "
+ + kind);
+ }
+ return new GeneralName(kind, nameBytes);
+ }
+
+ private int basicConstraints;
+ private X509Certificate cert;
+ private BigInteger serialNo;
+ private X500Principal issuer;
+ private X500Principal subject;
+ private byte[] subjectKeyId;
+ private byte[] authKeyId;
+ private boolean[] keyUsage;
+ private Date certValid;
+ private OID sigId;
+ private PublicKey subjectKey;
+ private X509EncodedKeySpec subjectKeySpec;
+ private Set<String> keyPurposeSet;
+ private List<GeneralName> altNames;
+ private boolean matchAllNames;
+ private byte[] nameConstraints;
+ private Set<OID> policy;
+ private List<GeneralName> pathToNames;
+
+ /**
+ * Creates a new X.509 certificate selector. The new selector will be
+ * empty, and will accept any certificate (provided that it is an
+ * {@link X509Certificate}).
+ */
+ public X509CertSelector()
+ {
+ basicConstraints = -1;
+ }
+
+ /**
+ * Add a name to match in the NameConstraints extension. The argument is
+ * the DER-encoded bytes of a GeneralName structure.
+ *
+ * See the method {@link #addSubjectAlternativeName(int, byte[])} for the
+ * format of the GeneralName structure.
+ *
+ * @param id The name identifier. Must be between 0 and 8.
+ * @param name The DER-encoded bytes of the name to match.
+ * @throws IOException If the name DER is malformed.
+ */
+ public void addPathToName(int id, byte[] name) throws IOException
+ {
+ GeneralName generalName = new GeneralName(GeneralName.Kind.forTag(id), name);
+ if (pathToNames == null)
+ pathToNames = new LinkedList<GeneralName>();
+ pathToNames.add(generalName);
+ }
+
+ /**
+ * Add a name to match in the NameConstraints extension. This method will
+ * only recognize certain types of name that have convenient string
+ * encodings. For robustness, you should use the {@link
+ * #addPathToName(int, byte[])} method whenever possible.
+ *
+ * @param id The name identifier. Must be between 0 and 8.
+ * @param name The name.
+ * @throws IOException If the name cannot be decoded.
+ */
+ public void addPathToName(int id, String name) throws IOException
+ {
+ GeneralName generalName = makeName(id, name);
+ if (pathToNames == null)
+ pathToNames = new LinkedList<GeneralName>();
+ pathToNames.add(generalName);
+ }
+
+ /**
+ * Add a name, as DER-encoded bytes, to the subject alternative names
+ * criterion.
+ *
+ * The name is a GeneralName structure, which has the ASN.1 format:
+ *
+ * <pre>
+ GeneralName ::= CHOICE {
+ otherName [0] OtherName,
+ rfc822Name [1] IA5String,
+ dNSName [2] IA5String,
+ x400Address [3] ORAddress,
+ directoryName [4] Name,
+ ediPartyName [5] EDIPartyName,
+ uniformResourceIdentifier [6] IA5String,
+ iPAddress [7] OCTET STRING,
+ registeredID [8] OBJECT IDENTIFIER }
+</pre>
+ *
+ * @param id The type of name this is.
+ * @param name The DER-encoded name.
+ * @throws IOException If the name is not a valid DER sequence.
+ */
+ public void addSubjectAlternativeName(int id, byte[] name)
+ throws IOException
+ {
+ GeneralName generalName = new GeneralName(GeneralName.Kind.forTag(id), name);
+ if (altNames == null)
+ altNames = new LinkedList<GeneralName>();
+ altNames.add(generalName);
+ }
+
+ /**
+ * Add a name to the subject alternative names criterion. This method will
+ * only recognize certain types of name that have convenient string
+ * encodings. For robustness, you should use the {@link
+ * #addSubjectAlternativeName(int, byte[])} method whenever possible.
+ *
+ * This method can only decode certain name kinds of names as strings.
+ *
+ * @param id The type of name this is. Must be in the range [0,8].
+ * @param name The name.
+ * @throws IOException If the id is out of range, or if the name
+ * is null.
+ */
+ public void addSubjectAlternativeName(int id, String name)
+ throws IOException
+ {
+ GeneralName generalName = makeName(id, name);
+ if (altNames == null)
+ altNames = new LinkedList<GeneralName>();
+ altNames.add(generalName);
+ }
+
+ public Object clone()
+ {
+ try
+ {
+ return super.clone();
+ }
+ catch (CloneNotSupportedException shouldNotHappen)
+ {
+ throw new Error(shouldNotHappen);
+ }
+ }
+
+ /**
+ * Returns the authority key identifier criterion, or <code>null</code> if
+ * this value was not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The authority key identifier.
+ */
+ public byte[] getAuthorityKeyIdentifier()
+ {
+ if (authKeyId != null)
+ return (byte[]) authKeyId.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the basic constraints criterion, or -1 if this value is not set.
+ *
+ * @return The basic constraints.
+ */
+ public int getBasicConstraints()
+ {
+ return basicConstraints;
+ }
+
+ /**
+ * Returns the certificate criterion, or <code>null</code> if this value
+ * was not set.
+ *
+ * @return The certificate.
+ */
+ public X509Certificate getCertificate()
+ {
+ return cert;
+ }
+
+ /**
+ * Returns the date at which certificates must be valid, or <code>null</code>
+ * if this criterion was not set.
+ *
+ * @return The target certificate valitity date.
+ */
+ public Date getCertificateValid()
+ {
+ if (certValid != null)
+ return (Date) certValid.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the set of extended key purpose IDs, as an unmodifiable set
+ * of OID strings. Returns <code>null</code> if this criterion is not
+ * set.
+ *
+ * @return The set of key purpose OIDs (strings).
+ */
+ public Set<String> getExtendedKeyUsage()
+ {
+ if (keyPurposeSet != null)
+ return Collections.unmodifiableSet(keyPurposeSet);
+ else
+ return null;
+ }
+
+ /**
+ * Returns the issuer criterion as a sequence of DER bytes, or
+ * <code>null</code> if this value was not set.
+ *
+ * @return The issuer.
+ */
+ public byte[] getIssuerAsBytes() throws IOException
+ {
+ if (issuer != null)
+ return issuer.getEncoded();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the issuer criterion as a string, or <code>null</code> if this
+ * value was not set.
+ *
+ * @return The issuer.
+ */
+ public String getIssuerAsString()
+ {
+ if (issuer != null)
+ return issuer.getName();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the public key usage criterion, or <code>null</code> if this
+ * value is not set. Note that the array is cloned to prevent modification.
+ *
+ * @return The public key usage.
+ */
+ public boolean[] getKeyUsage()
+ {
+ if (keyUsage != null)
+ return (boolean[]) keyUsage.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Returns whether or not all specified alternative names must match.
+ * If false, a certificate is considered a match if <em>one</em> of the
+ * specified alternative names matches.
+ *
+ * @return true if all names must match.
+ */
+ public boolean getMatchAllSubjectAltNames()
+ {
+ return matchAllNames;
+ }
+
+ /**
+ * Returns the name constraints criterion, or <code>null</code> if this
+ * value is not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The name constraints.
+ */
+ public byte[] getNameConstraints()
+ {
+ if (nameConstraints != null)
+ return (byte[]) nameConstraints.clone();
+ else
+ return null;
+ }
+
+ public Collection<List<?>> getPathToNames()
+ {
+ if (pathToNames != null)
+ {
+ List<List<?>> names = new ArrayList<List<?>>(pathToNames.size());
+ for (GeneralName name : pathToNames)
+ {
+ List<Object> n = new ArrayList<Object>(2);
+ n.add(name.kind().tag());
+ n.add(name.name());
+ names.add(n);
+ }
+
+ return names;
+ }
+ return null;
+ }
+
+ /**
+ * Returns the certificate policy extension that will be matched by this
+ * selector, or null if the certificate policy will not be matched.
+ *
+ * @return The policy to be matched, or null.
+ */
+ public Set<String> getPolicy()
+ {
+ Set<OID> p = this.policy;
+ if (p != null)
+ {
+ Set<String> strings = new HashSet<String>(p.size());
+ for (OID o : p)
+ {
+ strings.add(o.toString());
+ }
+ return strings;
+ }
+ return null;
+ }
+
+ /**
+ * This method, and its related X.509 certificate extension &mdash; the
+ * private key usage period &mdash; is not supported under the Internet
+ * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this
+ * method is not supported either.
+ *
+ * <p>Do not use this method. It is not deprecated, as it is not deprecated
+ * in the Java standard, but it is basically a no-operation and simply
+ * returns <code>null</code>.
+ *
+ * @return Null.
+ */
+ public Date getPrivateKeyValid()
+ {
+ return null;
+ }
+
+ /**
+ * Returns the serial number criterion, or <code>null</code> if this
+ * value was not set.
+ *
+ * @return The serial number.
+ */
+ public BigInteger getSerialNumber()
+ {
+ return serialNo;
+ }
+
+ /**
+ * Get the subject alternative names criterion. The collection returned
+ * is a collection of pairs: the first element is an {@link Integer}
+ * containing the name type, and the second is a byte array containing
+ * the DER-encoded name bytes.
+ *
+ * @return The subject alternative names criterion. Returns null if this
+ * criterion is not set.
+ */
+ public Collection<List<?>> getSubjectAlternativeNames()
+ {
+ if (altNames != null)
+ {
+ List<List<?>> names = new ArrayList<List<?>>(altNames.size());
+ for (GeneralName name : altNames)
+ {
+ List<Object> n = new ArrayList<Object>(2);
+ n.add(name.kind().tag());
+ n.add(name.name());
+ names.add(n);
+ }
+ return names;
+ }
+ return null;
+ }
+
+ /**
+ * Returns the subject criterion as a sequence of DER bytes, or
+ * <code>null</code> if this value is not set.
+ *
+ * @return The subject.
+ */
+ public byte[] getSubjectAsBytes() throws IOException
+ {
+ if (subject != null)
+ return subject.getEncoded();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the subject criterion as a string, of <code>null</code> if
+ * this value was not set.
+ *
+ * @return The subject.
+ */
+ public String getSubjectAsString()
+ {
+ if (subject != null)
+ return subject.getName();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the subject key identifier criterion, or <code>null</code> if
+ * this value was not set. Note that the byte array is cloned to prevent
+ * modification.
+ *
+ * @return The subject key identifier.
+ */
+ public byte[] getSubjectKeyIdentifier()
+ {
+ if (subjectKeyId != null)
+ return (byte[]) subjectKeyId.clone();
+ else
+ return null;
+ }
+
+ /**
+ * Returns the subject public key criterion, or <code>null</code> if this
+ * value is not set.
+ *
+ * @return The subject public key.
+ */
+ public PublicKey getSubjectPublicKey()
+ {
+ return subjectKey;
+ }
+
+ /**
+ * Returns the public key algorithm ID that matching certificates must have,
+ * or <code>null</code> if this criterion was not set.
+ *
+ * @return The public key algorithm ID.
+ */
+ public String getSubjectPublicKeyAlgID()
+ {
+ return String.valueOf(sigId);
+ }
+
+ /**
+ * Match a certificate. This method will check the given certificate
+ * against all the enabled criteria of this selector, and will return
+ * <code>true</code> if the given certificate matches.
+ *
+ * @param certificate The certificate to check.
+ * @return true if the certificate matches all criteria.
+ */
+ public boolean match(Certificate certificate)
+ {
+ if (!(certificate instanceof X509Certificate))
+ return false;
+ X509Certificate cert = (X509Certificate) certificate;
+ if (this.cert != null)
+ {
+ try
+ {
+ byte[] e1 = this.cert.getEncoded();
+ byte[] e2 = cert.getEncoded();
+ if (!Arrays.equals(e1, e2))
+ return false;
+ }
+ catch (CertificateEncodingException cee)
+ {
+ return false;
+ }
+ }
+ if (serialNo != null)
+ {
+ if (!serialNo.equals(cert.getSerialNumber()))
+ return false;
+ }
+ if (certValid != null)
+ {
+ try
+ {
+ cert.checkValidity(certValid);
+ }
+ catch (CertificateException ce)
+ {
+ return false;
+ }
+ }
+ if (issuer != null)
+ {
+ if (!issuer.equals(cert.getIssuerX500Principal()))
+ return false;
+ }
+ if (subject != null)
+ {
+ if (!subject.equals(cert.getSubjectX500Principal()))
+ return false;
+ }
+ if (sigId != null)
+ {
+ if (!sigId.toString().equals(cert.getSigAlgOID()))
+ return false;
+ }
+ if (subjectKeyId != null)
+ {
+ byte[] b = cert.getExtensionValue(SUBJECT_KEY_ID);
+ if (!Arrays.equals(b, subjectKeyId))
+ return false;
+ }
+ if (authKeyId != null)
+ {
+ byte[] b = cert.getExtensionValue(AUTH_KEY_ID);
+ if (!Arrays.equals(b, authKeyId))
+ return false;
+ }
+ if (keyUsage != null)
+ {
+ boolean[] b = cert.getKeyUsage();
+ if (!Arrays.equals(b, keyUsage))
+ return false;
+ }
+ if (basicConstraints >= 0)
+ {
+ if (cert.getBasicConstraints() != basicConstraints)
+ return false;
+ }
+ if (keyPurposeSet != null)
+ {
+ List kp = null;
+ try
+ {
+ kp = cert.getExtendedKeyUsage();
+ }
+ catch (CertificateParsingException cpe)
+ {
+ return false;
+ }
+ if (kp == null)
+ return false;
+ for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); )
+ {
+ if (!kp.contains(it.next()))
+ return false;
+ }
+ }
+ if (altNames != null)
+ {
+ Collection<List<?>> an = null;
+ try
+ {
+ an = cert.getSubjectAlternativeNames();
+ }
+ catch (CertificateParsingException cpe)
+ {
+ return false;
+ }
+ if (an == null)
+ return false;
+ int match = 0;
+ for (GeneralName name : altNames)
+ {
+ for (List<?> list : an)
+ {
+ try
+ {
+ Integer id = (Integer) list.get(0);
+ Object val = list.get(1);
+ GeneralName n = null;
+ if (val instanceof String)
+ n = makeName(id, (String) val);
+ else if (val instanceof byte[])
+ {
+ n = new GeneralName(GeneralName.Kind.forTag(id),
+ (byte[]) val);
+ }
+ else
+ continue;
+ if (name.equals(n))
+ match++;
+ }
+ catch (Exception e)
+ {
+ continue;
+ }
+ }
+ if (match == 0 || (matchAllNames && match < altNames.size()))
+ return false;
+ }
+ }
+ if (nameConstraints != null)
+ {
+ byte[] nc = cert.getExtensionValue(NAME_CONSTRAINTS_ID);
+ if (!Arrays.equals(nameConstraints, nc))
+ return false;
+ }
+
+ if (policy != null)
+ {
+ CertificatePolicies policies = null;
+ if (cert instanceof GnuPKIExtension)
+ {
+ policies = (CertificatePolicies)
+ ((GnuPKIExtension) cert).getExtension(CertificatePolicies.ID).getValue();
+ }
+ else
+ {
+ byte[] policiesDer =
+ cert.getExtensionValue(CertificatePolicies.ID.toString());
+ try
+ {
+ policies = new CertificatePolicies(policiesDer);
+ }
+ catch (IOException ioe)
+ {
+ // ignored
+ }
+ }
+
+ if (policies == null)
+ return false;
+ if (!policies.getPolicies().containsAll(policy))
+ return false;
+ }
+
+ if (pathToNames != null)
+ {
+ NameConstraints nc = null;
+ if (cert instanceof GnuPKIExtension)
+ {
+ Extension e =
+ ((GnuPKIExtension) cert).getExtension(NameConstraints.ID);
+ if (e != null)
+ nc = (NameConstraints) e.getValue();
+ }
+ else
+ {
+ byte[] b = cert.getExtensionValue(NameConstraints.ID.toString());
+ if (b != null)
+ {
+ try
+ {
+ nc = new NameConstraints(b);
+ }
+ catch (IOException ioe)
+ {
+ }
+ }
+ }
+
+ if (nc == null)
+ return false;
+
+ int match = 0;
+ for (GeneralName name : pathToNames)
+ {
+ for (GeneralSubtree subtree : nc.permittedSubtrees())
+ {
+ if (name.equals(subtree.base()))
+ match++;
+ }
+ }
+ if (match == 0 || (matchAllNames && match < pathToNames.size()))
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Sets the authority key identifier criterion, or <code>null</code> to clear
+ * this criterion. Note that the byte array is cloned to prevent modification.
+ *
+ * @param authKeyId The authority key identifier.
+ */
+ public void setAuthorityKeyIdentifier(byte[] authKeyId)
+ {
+ this.authKeyId = authKeyId != null ? (byte[]) authKeyId.clone() : null;
+ }
+
+ /**
+ * Sets the basic constraints criterion. Specify -1 to clear this parameter.
+ *
+ * @param basicConstraints The new basic constraints value.
+ */
+ public void setBasicConstraints(int basicConstraints)
+ {
+ if (basicConstraints < -1)
+ basicConstraints = -1;
+ this.basicConstraints = basicConstraints;
+ }
+
+ /**
+ * Sets the certificate criterion. If set, only certificates that are
+ * equal to the certificate passed here will be accepted.
+ *
+ * @param cert The certificate.
+ */
+ public void setCertificate(X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ /**
+ * Sets the date at which certificates must be valid. Specify
+ * <code>null</code> to clear this criterion.
+ *
+ * @param certValid The certificate validity date.
+ */
+ public void setCertificateValid(Date certValid)
+ {
+ this.certValid = certValid != null ? (Date) certValid.clone() : null;
+ }
+
+ /**
+ * Sets the extended key usage criterion, as a set of OID strings. Specify
+ * <code>null</code> to clear this value.
+ *
+ * @param keyPurposeSet The set of key purpose OIDs.
+ * @throws IOException If any element of the set is not a valid OID string.
+ */
+ public void setExtendedKeyUsage(Set<String> keyPurposeSet) throws IOException
+ {
+ if (keyPurposeSet == null)
+ {
+ this.keyPurposeSet = null;
+ return;
+ }
+ Set<String> s = new HashSet<String>();
+ for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (!(o instanceof String))
+ throw new IOException("not a string: " + o);
+ try
+ {
+ OID oid = new OID((String) o);
+ int[] comp = oid.getIDs();
+ if (!checkOid(comp))
+ throw new IOException("malformed OID: " + o);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed OID: " + o);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ this.keyPurposeSet = s;
+ }
+
+ /**
+ * Sets the issuer, specified as the DER encoding of the issuer's
+ * distinguished name. Only certificates issued by this issuer will
+ * be accepted.
+ *
+ * @param name The DER encoding of the issuer's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setIssuer(byte[] name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ issuer = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ issuer = null;
+ }
+
+ /**
+ * Sets the issuer, specified as a string representation of the issuer's
+ * distinguished name. Only certificates issued by this issuer will
+ * be accepted.
+ *
+ * @param name The string representation of the issuer's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setIssuer(String name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ issuer = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ issuer = null;
+ }
+
+ /**
+ * Sets the public key usage criterion. Specify <code>null</code> to clear
+ * this value.
+ *
+ * @param keyUsage The public key usage.
+ */
+ public void setKeyUsage(boolean[] keyUsage)
+ {
+ this.keyUsage = keyUsage != null ? (boolean[]) keyUsage.clone() : null;
+ }
+
+ /**
+ * Sets whether or not all subject alternative names must be matched.
+ * If false, then a certificate will be considered a match if one
+ * alternative name matches.
+ *
+ * @param matchAllNames Whether or not all alternative names must be
+ * matched.
+ */
+ public void setMatchAllSubjectAltNames(boolean matchAllNames)
+ {
+ this.matchAllNames = matchAllNames;
+ }
+
+ /**
+ * Sets the name constraints criterion; specify <code>null</code> to
+ * clear this criterion. Note that if non-null, the argument will be
+ * cloned to prevent modification.
+ *
+ * @param nameConstraints The new name constraints.
+ * @throws IOException If the argument is not a valid DER-encoded
+ * name constraints.
+ */
+ public void setNameConstraints(byte[] nameConstraints)
+ throws IOException
+ {
+ // Check if the input is well-formed...
+ new NameConstraints(nameConstraints);
+
+ // But we just compare raw byte arrays.
+ this.nameConstraints = nameConstraints != null
+ ? (byte[]) nameConstraints.clone() : null;
+ }
+
+ /**
+ * Sets the pathToNames criterion. The argument is a collection of
+ * pairs, the first element of which is an {@link Integer} giving
+ * the ID of the name, and the second element is either a {@link String}
+ * or a byte array.
+ *
+ * See {@link #addPathToName(int, byte[])} and {@link #addPathToName(int, String)}
+ * for how these arguments are handled.
+ *
+ * @param names The names.
+ * @throws IOException If any argument is malformed.
+ */
+ public void setPathToNames(Collection<List<?>> names) throws IOException
+ {
+ if (names == null || names.size() == 0)
+ {
+ pathToNames = null;
+ }
+ else
+ {
+ pathToNames = new ArrayList<GeneralName>(names.size());
+ for (List<?> name : names)
+ {
+ Integer id = (Integer) name.get(0);
+ Object name2 = name.get(1);
+ if (name2 instanceof String)
+ addPathToName(id, (String) name2);
+ else if (name2 instanceof byte[])
+ addPathToName(id, (byte[]) name2);
+ else
+ throw new IOException("invalid name type: "
+ + name2.getClass().getName());
+ }
+ }
+ }
+
+ /**
+ * Sets the certificate policy to match, or null if this criterion should
+ * not be checked. Each element if the set must be a dotted-decimal form
+ * of certificate policy object identifier.
+ *
+ * @param policy The policy to match.
+ * @throws IOException If some element of the policy is not a valid
+ * policy extenison OID.
+ */
+ public void setPolicy(Set<String> policy) throws IOException
+ {
+ if (policy != null)
+ {
+ HashSet<OID> p = new HashSet<OID>(policy.size());
+ for (String s : policy)
+ {
+ try
+ {
+ OID oid = new OID(s);
+ int[] i = oid.getIDs();
+ if (!checkOid(i))
+ throw new IOException("invalid OID");
+ p.add(oid);
+ }
+ catch (IOException ioe)
+ {
+ throw ioe;
+ }
+ catch (Exception x)
+ {
+ IOException ioe = new IOException("invalid OID");
+ ioe.initCause(x);
+ throw ioe;
+ }
+ }
+ this.policy = p;
+ }
+ else
+ this.policy = null;
+ }
+
+ /**
+ * This method, and its related X.509 certificate extension &mdash; the
+ * private key usage period &mdash; is not supported under the Internet
+ * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this
+ * method is not supported either.
+ *
+ * <p>Do not use this method. It is not deprecated, as it is not deprecated
+ * in the Java standard, but it is basically a no-operation.
+ *
+ * @param UNUSED Is silently ignored.
+ */
+ public void setPrivateKeyValid(Date UNUSED)
+ {
+ }
+
+ /**
+ * Sets the serial number of the desired certificate. Only certificates that
+ * contain this serial number are accepted.
+ *
+ * @param serialNo The serial number.
+ */
+ public void setSerialNumber(BigInteger serialNo)
+ {
+ this.serialNo = serialNo;
+ }
+
+ /**
+ * Sets the subject, specified as the DER encoding of the subject's
+ * distinguished name. Only certificates with the given subject will
+ * be accepted.
+ *
+ * @param name The DER encoding of the subject's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setSubject(byte[] name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ subject = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ subject = null;
+ }
+
+ /**
+ * Sets the subject, specified as a string representation of the
+ * subject's distinguished name. Only certificates with the given
+ * subject will be accepted.
+ *
+ * @param name The string representation of the subject's distinguished name.
+ * @throws IOException If the given name is incorrectly formatted.
+ */
+ public void setSubject(String name) throws IOException
+ {
+ if (name != null)
+ {
+ try
+ {
+ subject = new X500Principal(name);
+ }
+ catch (IllegalArgumentException iae)
+ {
+ throw new IOException(iae.getMessage());
+ }
+ }
+ else
+ subject = null;
+ }
+
+ /**
+ * Sets the subject alternative names critertion. Each element of the
+ * argument must be a {@link java.util.List} that contains exactly two
+ * elements: the first an {@link Integer}, representing the type of
+ * name, and the second either a {@link String} or a byte array,
+ * representing the name itself.
+ *
+ * @param altNames The alternative names.
+ * @throws IOException If any element of the argument is invalid.
+ */
+ public void setSubjectAlternativeNames(Collection<List<?>> altNames)
+ throws IOException
+ {
+ if (altNames == null || altNames.isEmpty())
+ {
+ this.altNames = null;
+ return;
+ }
+ List<GeneralName> l = new ArrayList<GeneralName>(altNames.size());
+ for (List<?> list : altNames)
+ {
+ Integer id = (Integer) list.get(0);
+ Object value = list.get(1);
+ GeneralName name = null;
+ if (value instanceof String)
+ name = makeName(id, (String) value);
+ else if (value instanceof byte[])
+ name = new GeneralName(GeneralName.Kind.forTag(id), (byte[]) value);
+ else
+ throw new IOException("invalid name type: " + value.getClass().getName());
+ l.add(name);
+ }
+ this.altNames = l;
+ }
+
+ /**
+ * Sets the subject key identifier criterion, or <code>null</code> to clear
+ * this criterion. Note that the byte array is cloned to prevent modification.
+ *
+ * @param subjectKeyId The subject key identifier.
+ */
+ public void setSubjectKeyIdentifier(byte[] subjectKeyId)
+ {
+ this.subjectKeyId = subjectKeyId != null ? (byte[]) subjectKeyId.clone() :
+ null;
+ }
+
+ /**
+ * Sets the subject public key criterion as a DER-encoded key. Specify
+ * <code>null</code> to clear this value.
+ *
+ * @param key The DER-encoded key bytes.
+ * @throws IOException If the argument is not a valid DER-encoded key.
+ */
+ public void setSubjectPublicKey(byte[] key) throws IOException
+ {
+ if (key == null)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ return;
+ }
+ try
+ {
+ subjectKeySpec = new X509EncodedKeySpec(key);
+ KeyFactory enc = KeyFactory.getInstance("X.509");
+ subjectKey = enc.generatePublic(subjectKeySpec);
+ }
+ catch (Exception x)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ IOException ioe = new IOException(x.getMessage());
+ ioe.initCause(x);
+ throw ioe;
+ }
+ }
+
+ /**
+ * Sets the subject public key criterion as an opaque representation.
+ * Specify <code>null</code> to clear this criterion.
+ *
+ * @param key The public key.
+ */
+ public void setSubjectPublicKey(PublicKey key)
+ {
+ this.subjectKey = key;
+ if (key == null)
+ {
+ subjectKeySpec = null;
+ return;
+ }
+ try
+ {
+ KeyFactory enc = KeyFactory.getInstance("X.509");
+ subjectKeySpec = (X509EncodedKeySpec)
+ enc.getKeySpec(key, X509EncodedKeySpec.class);
+ }
+ catch (Exception x)
+ {
+ subjectKey = null;
+ subjectKeySpec = null;
+ }
+ }
+
+ /**
+ * Sets the public key algorithm ID that matching certificates must have.
+ * Specify <code>null</code> to clear this criterion.
+ *
+ * @param sigId The public key ID.
+ * @throws IOException If the specified ID is not a valid object identifier.
+ */
+ public void setSubjectPublicKeyAlgID(String sigId) throws IOException
+ {
+ if (sigId != null)
+ {
+ try
+ {
+ OID oid = new OID(sigId);
+ int[] comp = oid.getIDs();
+ if (!checkOid(comp))
+ throw new IOException("malformed OID: " + sigId);
+ this.sigId = oid;
+ }
+ catch (IllegalArgumentException iae)
+ {
+ IOException ioe = new IOException("malformed OID: " + sigId);
+ ioe.initCause(iae);
+ throw ioe;
+ }
+ }
+ else
+ this.sigId = null;
+ }
+
+ public String toString()
+ {
+ CPStringBuilder str = new CPStringBuilder(X509CertSelector.class.getName());
+ String nl = SystemProperties.getProperty("line.separator");
+ String eol = ";" + nl;
+ str.append(" {").append(nl);
+ if (cert != null)
+ str.append(" certificate = ").append(cert).append(eol);
+ if (basicConstraints >= 0)
+ str.append(" basic constraints = ").append(basicConstraints).append(eol);
+ if (serialNo != null)
+ str.append(" serial number = ").append(serialNo).append(eol);
+ if (certValid != null)
+ str.append(" valid date = ").append(certValid).append(eol);
+ if (issuer != null)
+ str.append(" issuer = ").append(issuer).append(eol);
+ if (subject != null)
+ str.append(" subject = ").append(subject).append(eol);
+ if (sigId != null)
+ str.append(" signature OID = ").append(sigId).append(eol);
+ if (subjectKey != null)
+ str.append(" subject public key = ").append(subjectKey).append(eol);
+ if (subjectKeyId != null)
+ {
+ str.append(" subject key ID = ");
+ for (int i = 0; i < subjectKeyId.length; i++)
+ {
+ str.append(Character.forDigit((subjectKeyId[i] & 0xF0) >>> 8, 16));
+ str.append(Character.forDigit((subjectKeyId[i] & 0x0F), 16));
+ if (i < subjectKeyId.length - 1)
+ str.append(':');
+ }
+ str.append(eol);
+ }
+ if (authKeyId != null)
+ {
+ str.append(" authority key ID = ");
+ for (int i = 0; i < authKeyId.length; i++)
+ {
+ str.append(Character.forDigit((authKeyId[i] & 0xF0) >>> 8, 16));
+ str.append(Character.forDigit((authKeyId[i] & 0x0F), 16));
+ if (i < authKeyId.length - 1)
+ str.append(':');
+ }
+ str.append(eol);
+ }
+ if (keyUsage != null)
+ {
+ str.append(" key usage = ");
+ for (int i = 0; i < keyUsage.length; i++)
+ str.append(keyUsage[i] ? '1' : '0');
+ str.append(eol);
+ }
+ if (keyPurposeSet != null)
+ str.append(" key purpose = ").append(keyPurposeSet).append(eol);
+ if (altNames != null)
+ str.append(" alternative names = ").append(altNames).append(eol);
+ if (nameConstraints != null)
+ str.append(" name constraints = <blob of data>").append(eol);
+ if (policy != null)
+ str.append(" policy = ").append(policy).append(eol);
+ if (pathToNames != null)
+ str.append(" pathToNames = ").append(pathToNames).append(eol);
+ str.append("}").append(nl);
+ return str.toString();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509Certificate.java b/libjava/classpath/java/security/cert/X509Certificate.java
new file mode 100644
index 000000000..ab9e1be37
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509Certificate.java
@@ -0,0 +1,589 @@
+/* X509Certificate.java --- X.509 Certificate class
+ Copyright (C) 1999,2003, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * X509Certificate is the abstract class for X.509 certificates.
+ * This provides a stanard class interface for accessing all
+ * the attributes of X.509 certificates.
+ *
+ * <p>In June 1996, the basic X.509 v3 format was finished by
+ * ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
+ *
+ * <blockquote><pre>
+ * Certificate ::= SEQUENCE {
+ * tbsCertificate TBSCertificate,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signatureValue BIT STRING }
+ * </pre></blockquote>
+ *
+ * <p>These certificates are widely used in various Internet
+ * protocols to support authentication. It is used in
+ * Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
+ * Secure Sockets Layer (SSL), code signing for trusted software
+ * distribution, and Secure Electronic Transactions (SET).
+ *
+ * <p>The certificates are managed and vouched for by
+ * <I>Certificate Authorities</I> (CAs). CAs are companies or
+ * groups that create certificates by placing the data in the
+ * X.509 certificate format and signing it with their private
+ * key. CAs serve as trusted third parties by certifying that
+ * the person or group specified in the certificate is who
+ * they say they are.
+ *
+ * <p>The ASN.1 defintion for <I>tbsCertificate</I> is
+ *
+ * <blockquote><pre>
+ * TBSCertificate ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * serialNumber CertificateSerialNumber,
+ * signature AlgorithmIdentifier,
+ * issuer Name,
+ * validity Validity,
+ * subject Name,
+ * subjectPublicKeyInfo SubjectPublicKeyInfo,
+ * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- If present, version shall be v2 or v3
+ * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ * -- If present, version shall be v2 or v3
+ * extensions [3] EXPLICIT Extensions OPTIONAL
+ * -- If present, version shall be v3
+ * }
+ *
+ * Version ::= INTEGER { v1(0), v2(1), v3(2) }
+ *
+ * CertificateSerialNumber ::= INTEGER
+ *
+ * Validity ::= SEQUENCE {
+ * notBefore Time,
+ * notAfter Time }
+ *
+ * Time ::= CHOICE {
+ * utcTime UTCTime,
+ * generalTime GeneralizedTime }
+ *
+ * UniqueIdentifier ::= BIT STRING
+ *
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ *
+ * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+ *
+ * Extension ::= SEQUENCE {
+ * extnID OBJECT IDENTIFIER,
+ * critical BOOLEAN DEFAULT FALSE,
+ * extnValue OCTET STRING }
+ * </pre></blockquote>
+ *
+ * Certificates are created with the CertificateFactory.
+ *
+ * <p>References:
+ *
+ * <ol>
+ * <li>Olivier Dubuisson, Philippe Fouquart (Translator) <i>ASN.1 -
+ * Communication between heterogeneous systems</i>, (C) September 2000,
+ * Morgan Kaufmann Publishers, ISBN 0-12-6333361-0. Available on-line at
+ * <a
+ * href="http://www.oss.com/asn1/dubuisson.html">http://www.oss.com/asn1/dubuisson.html</a></li>
+ * <li>R. Housley et al, <i><a href="http://www.ietf.org/rfc/rfc3280.txt">RFC
+ * 3280: Internet X.509 Public Key Infrastructure Certificate and CRL
+ * Profile</a></i>.</li>
+ * </ol>
+ *
+ * @since 1.2
+ * @author Mark Benvenuto
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class X509Certificate
+ extends Certificate
+ implements X509Extension
+{
+ private static final long serialVersionUID = -2491127588187038216L;
+
+ /**
+ * Constructs a new certificate of the specified type.
+ */
+ protected X509Certificate()
+ {
+ super( "X.509" );
+ }
+
+ /**
+ Checks the validity of the X.509 certificate. It is valid
+ if the current date and time are within the period specified
+ by the certificate.
+
+ The ASN.1 DER encoding is:
+
+ validity Validity,
+
+ Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @throws CertificateExpiredException if the certificate expired
+ @throws CertificateNotYetValidException if the certificate is
+ not yet valid
+ */
+ public abstract void checkValidity()
+ throws CertificateExpiredException,
+ CertificateNotYetValidException;
+
+ /**
+ Checks the validity of the X.509 certificate for the
+ specified time and date. It is valid if the specified
+ date and time are within the period specified by
+ the certificate.
+
+ @throws CertificateExpiredException if the certificate expired
+ based on the date
+ @throws CertificateNotYetValidException if the certificate is
+ not yet valid based on the date
+ */
+ public abstract void checkValidity(Date date)
+ throws CertificateExpiredException,
+ CertificateNotYetValidException;
+
+ /**
+ Returns the version of this certificate.
+
+ The ASN.1 DER encoding is:
+
+ version [0] EXPLICIT Version DEFAULT v1,
+
+ Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+ Consult rfc2459 for more information.
+
+ @return version number of certificate
+ */
+ public abstract int getVersion();
+
+ /**
+ Gets the serial number for serial Number in
+ this Certifcate. It must be a unique number
+ unique other serial numbers from the granting CA.
+
+ The ASN.1 DER encoding is:
+
+ serialNumber CertificateSerialNumber,
+
+ CertificateSerialNumber ::= INTEGER
+
+ Consult rfc2459 for more information.
+
+ @return the serial number for this X509CRLEntry.
+ */
+ public abstract BigInteger getSerialNumber();
+
+ /**
+ Returns the issuer (issuer distinguished name) of the
+ Certificate. The issuer is the entity who signed
+ and issued the Certificate.
+
+ The ASN.1 DER encoding is:
+
+ issuer Name,
+
+ Name ::= CHOICE {
+ RDNSequence }
+
+ RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+ RelativeDistinguishedName ::=
+ SET OF AttributeTypeAndValue
+
+ AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+ AttributeType ::= OBJECT IDENTIFIER
+
+ AttributeValue ::= ANY DEFINED BY AttributeType
+
+ DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1.. MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+ */
+ public abstract Principal getIssuerDN();
+
+ /**
+ Returns the subject (subject distinguished name) of the
+ Certificate. The subject is the entity who the Certificate
+ identifies.
+
+ The ASN.1 DER encoding is:
+
+ subject Name,
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+ */
+ public abstract Principal getSubjectDN();
+
+ /**
+ Returns the date that this certificate is not to be used
+ before, <I>notBefore</I>.
+
+ The ASN.1 DER encoding is:
+
+ validity Validity,
+
+ Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the date <I>notBefore</I>
+ */
+ public abstract Date getNotBefore();
+
+ /**
+ Returns the date that this certificate is not to be used
+ after, <I>notAfter</I>.
+
+ @return the date <I>notAfter</I>
+ */
+ public abstract Date getNotAfter();
+
+
+ /**
+ Returns the <I>tbsCertificate</I> from the certificate.
+
+ @return the DER encoded tbsCertificate
+
+ @throws CertificateEncodingException if encoding error occurred
+ */
+ public abstract byte[] getTBSCertificate() throws CertificateEncodingException;
+
+ /**
+ Returns the signature in its raw DER encoded format.
+
+ The ASN.1 DER encoding is:
+
+ signatureValue BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return byte array representing signature
+ */
+ public abstract byte[] getSignature();
+
+ /**
+ Returns the signature algorithm used to sign the CRL.
+ An examples is "SHA-1/DSA".
+
+ The ASN.1 DER encoding is:
+
+ signatureAlgorithm AlgorithmIdentifier,
+
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ The algorithm name is determined from the OID.
+
+ @return a string with the signature algorithm name
+ */
+ public abstract String getSigAlgName();
+
+
+ /**
+ Returns the OID for the signature algorithm used.
+ Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+ The ASN.1 DER encoding for the example is:
+
+ id-dsa-with-sha1 ID ::= {
+ iso(1) member-body(2) us(840) x9-57 (10040)
+ x9cm(4) 3 }
+
+ Consult rfc2459 for more information.
+
+ @return a string containing the OID.
+ */
+ public abstract String getSigAlgOID();
+
+
+ /**
+ Returns the AlgorithmParameters in the encoded form
+ for the signature algorithm used.
+
+ If access to the parameters is need, create an
+ instance of AlgorithmParameters.
+
+ @return byte array containing algorithm parameters, null
+ if no parameters are present in certificate
+ */
+ public abstract byte[] getSigAlgParams();
+
+
+ /**
+ Returns the issuer unique ID for this certificate.
+
+ The ASN.1 DER encoding is:
+
+ issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+
+ UniqueIdentifier ::= BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>issuerUniqueID</I>
+ */
+ public abstract boolean[] getIssuerUniqueID();
+
+ /**
+ Returns the subject unique ID for this certificate.
+
+ The ASN.1 DER encoding is:
+
+ subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+
+ UniqueIdentifier ::= BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>subjectUniqueID</I>
+ */
+ public abstract boolean[] getSubjectUniqueID();
+
+ /**
+ Returns a boolean array representing the <I>KeyUsage</I>
+ extension for the certificate. The KeyUsage (OID = 2.5.29.15)
+ defines the purpose of the key in the certificate.
+
+ The ASN.1 DER encoding is:
+
+ id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
+
+ KeyUsage ::= BIT STRING {
+ digitalSignature (0),
+ nonRepudiation (1),
+ keyEncipherment (2),
+ dataEncipherment (3),
+ keyAgreement (4),
+ keyCertSign (5),
+ cRLSign (6),
+ encipherOnly (7),
+ decipherOnly (8) }
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>KeyUsage</I>
+ */
+ public abstract boolean[] getKeyUsage();
+
+ /**
+ Returns the certificate constraints path length from the
+ critical BasicConstraints extension, (OID = 2.5.29.19).
+
+ The basic constraints extensions is used to determine if
+ the subject of the certificate is a Certificate Authority (CA)
+ and how deep the certification path may exist. The
+ <I>pathLenConstraint</I> only takes affect if <I>cA</I>
+ is set to true. "A value of zero indicates that only an
+ end-entity certificate may follow in the path." (rfc2459)
+
+ The ASN.1 DER encoding is:
+
+ id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
+
+ BasicConstraints ::= SEQUENCE {
+ cA BOOLEAN DEFAULT FALSE,
+ pathLenConstraint INTEGER (0..MAX) OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ @return the length of the path constraint if BasicConstraints
+ is present and cA is TRUE. Otherwise returns -1.
+ */
+ public abstract int getBasicConstraints();
+
+ // 1.4 instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the <code>ExtendedKeyUsage</code> extension of this
+ * certificate, or null if there is no extension present. The returned
+ * value is a {@link java.util.List} strings representing the object
+ * identifiers of the extended key usages. This extension has the OID
+ * 2.5.29.37.
+ *
+ * <p>The ASN.1 definition for this extension is:
+ *
+ * <blockquote><pre>
+ * ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ * KeyPurposeId ::= OBJECT IDENTIFIER
+ * </pre></blockquote>
+ *
+ * @return The list of extension OIDs, or null if there are none
+ * present in this certificate.
+ * @throws CertificateParsingException If this extension cannot be
+ * parsed from its encoded form.
+ */
+ public java.util.List<String> getExtendedKeyUsage()
+ throws CertificateParsingException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the alternative names for this certificate's subject (the
+ * owner), or null if there are none.
+ *
+ * <p>This is an X.509 extension with OID 2.5.29.17 and is defined by
+ * the ASN.1 construction:
+ *
+ * <blockquote><pre>
+ * SubjectAltNames ::= GeneralNames
+ *
+ * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+ *
+ * GeneralName ::= CHOICE {
+ * otherName [0] OtherName,
+ * rfc822Name [1] IA5String,
+ * dNSName [2] IA5String,
+ * x400Address [3] ORAddress,
+ * directoryName [4] Name,
+ * ediPartyName [5] EDIPartyName,
+ * uniformResourceIdentifier [6] IA5String,
+ * iPAddress [7] OCTET STRING,
+ * registeredID [8] OBJECT IDENTIFIER
+ * }
+ * </pre></blockquote>
+ *
+ * <p>The returned collection contains one or more two-element Lists,
+ * with the first object being an Integer representing the choice
+ * above (with value 0 through 8) and the second being an (a) String
+ * if the <code>GeneralName</code> is a rfc822Name, dNSName,
+ * uniformResourceIdentifier, iPAddress, or registeredID, or (b) a
+ * byte array of the DER encoded form for any others.
+ *
+ * @return The collection of alternative names, or null if there are
+ * none.
+ * @throws CertificateParsingException If the encoded extension cannot
+ * be parsed.
+ * @since JDK 1.4
+ */
+ public java.util.Collection<List<?>> getSubjectAlternativeNames()
+ throws CertificateParsingException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the alternative names for this certificate's issuer, or
+ * null if there are none.
+ *
+ * <p>This is an X.509 extension with OID 2.5.29.18, and is defined by
+ * the ASN.1 construction:
+ *
+ * <blockquote><pre>
+ * IssuerAltNames ::= GeneralNames
+ * </pre></blockquote>
+ *
+ * <p>The <code>GeneralNames</code> construct and the form of the
+ * returned collection are the same as with {@link
+ * #getSubjectAlternativeNames()}.
+ *
+ * @return The collection of alternative names, or null if there are
+ * none.
+ * @throws CertificateParsingException If the encoded extension cannot
+ * be parsed.
+ * @since JDK 1.4
+ */
+ public java.util.Collection<List<?>> getIssuerAlternativeNames()
+ throws CertificateParsingException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the X.500 distinguished name of this certificate's subject.
+ *
+ * @return The subject's X.500 distinguished name.
+ * @since JDK 1.4
+ */
+ public javax.security.auth.x500.X500Principal getSubjectX500Principal()
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Returns the X.500 distinguished name of this certificate's issuer.
+ *
+ * @return The issuer's X.500 distinguished name.
+ * @since JDK 1.4
+ */
+ public javax.security.auth.x500.X500Principal getIssuerX500Principal()
+ {
+ throw new UnsupportedOperationException();
+ }
+}
diff --git a/libjava/classpath/java/security/cert/X509Extension.java b/libjava/classpath/java/security/cert/X509Extension.java
new file mode 100644
index 000000000..a0c24f429
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509Extension.java
@@ -0,0 +1,113 @@
+/* X509Extension.java --- X.509 Extension
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+import java.util.Set;
+
+/**
+ Public interface for the X.509 Extension.
+
+ This is used for X.509 v3 Certificates and CRL v2 (Certificate
+ Revocation Lists) for managing attributes assoicated with
+ Certificates, for managing the hierarchy of certificates,
+ and for managing the distribution of CRL. This extension
+ format is used to define private extensions.
+
+ Each extensions for a certificate or CRL must be marked
+ either critical or non-critical. If the certificate/CRL
+ system encounters a critical extension not recognized then
+ it must reject the certificate. A non-critical extension
+ may be just ignored if not recognized.
+
+
+ The ASN.1 definition for this class is:
+
+ Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+ Extension ::= SEQUENCE {
+ extnId OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING
+ -- contains a DER encoding of a value
+ -- of the type registered for use with
+ -- the extnId object identifier value
+ }
+
+ @author Mark Benvenuto
+
+ @since 1.2
+*/
+public interface X509Extension
+{
+
+ /**
+ Returns true if the certificate contains a critical extension
+ that is not supported.
+
+ @return true if has unsupported extension, false otherwise
+ */
+ boolean hasUnsupportedCriticalExtension();
+
+ /**
+ Returns a set of the CRITICAL extension OIDs from the
+ certificate/CRL that the object implementing this interface
+ manages.
+
+ @return A Set containing the OIDs. If there are no CRITICAL
+ extensions or extensions at all this returns null.
+ */
+ Set<String> getCriticalExtensionOIDs();
+
+ /**
+ Returns a set of the NON-CRITICAL extension OIDs from the
+ certificate/CRL that the object implementing this interface
+ manages.
+
+ @return A Set containing the OIDs. If there are no NON-CRITICAL
+ extensions or extensions at all this returns null.
+ */
+ Set<String> getNonCriticalExtensionOIDs();
+
+ /**
+ Returns the DER encoded OCTET string for the specified
+ extension value identified by a OID. The OID is a string
+ of number separated by periods. Ex: 12.23.45.67
+ */
+ byte[] getExtensionValue(String oid);
+
+}
diff --git a/libjava/classpath/java/security/cert/package.html b/libjava/classpath/java/security/cert/package.html
new file mode 100644
index 000000000..14b12d16c
--- /dev/null
+++ b/libjava/classpath/java/security/cert/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in java.security.cert package.
+ Copyright (C) 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - java.security.cert</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/java/security/interfaces/DSAKey.java b/libjava/classpath/java/security/interfaces/DSAKey.java
new file mode 100644
index 000000000..c6e819eb0
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/DSAKey.java
@@ -0,0 +1,56 @@
+/* DSAKey.java -- Interface for Digital Signature Algorithm key
+ Copyright (C) 1998 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+/**
+ * This interface is implemented by a class to return the parameters
+ * of a Digital Signature Algorithm (DSA) public or private key.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface DSAKey
+{
+ /**
+ * This method returns non-secret parameters of the DSA key
+ *
+ * @return The DSA parameters
+ */
+ DSAParams getParams();
+}
diff --git a/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java b/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java
new file mode 100644
index 000000000..e657c54b4
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java
@@ -0,0 +1,85 @@
+/* DSAKeyPairGenerator.java -- Initialize a DSA key generator
+ Copyright (C) 1998, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.security.InvalidParameterException;
+import java.security.SecureRandom;
+
+/**
+ * This interface contains methods for intializing a Digital Signature
+ * Algorithm key generation engine. The initialize methods may be called
+ * any number of times. If no explicity initialization call is made, then
+ * the engine defaults to generating 1024-bit keys using pre-calculated
+ * base, prime, and subprime values.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface DSAKeyPairGenerator
+{
+ /**
+ * Initializes the key generator with the specified DSA parameters and
+ * random bit source
+ *
+ * @param params The DSA parameters to use
+ * @param random The random bit source to use
+ *
+ * @exception InvalidParameterException If the parameters passed are not valid
+ */
+ void initialize (DSAParams params, SecureRandom random)
+ throws InvalidParameterException;
+
+ /**
+ * Initializes the key generator to a give modulus. If the <code>genParams</code>
+ * value is <code>true</code> then new base, prime, and subprime values
+ * will be generated for the given modulus. If not, the pre-calculated
+ * values will be used. If no pre-calculated values exist for the specified
+ * modulus, an exception will be thrown. It is guaranteed that there will
+ * always be pre-calculated values for all modulus values between 512 and
+ * 1024 bits inclusives.
+ *
+ * @param modlen The modulus length
+ * @param genParams <code>true</code> to generate new DSA parameters, <code>false</code> otherwise
+ * @param random The random bit source to use
+ *
+ * @exception InvalidParameterException If a parameter is invalid
+ */
+ void initialize (int modlen, boolean genParams, SecureRandom random)
+ throws InvalidParameterException;
+}
diff --git a/libjava/classpath/java/security/interfaces/DSAParams.java b/libjava/classpath/java/security/interfaces/DSAParams.java
new file mode 100644
index 000000000..42baeeb95
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/DSAParams.java
@@ -0,0 +1,72 @@
+/* DSAParams.java -- Digital Signature Algorithm parameter access
+ Copyright (C) 1998 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.math.BigInteger;
+
+/**
+ * This interface allows the Digital Signature Algorithm (DSA) parameters
+ * to be queried.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface DSAParams
+{
+ /**
+ * Returns the base, or 'g' value
+ *
+ * @return The DSA base value
+ */
+ BigInteger getG();
+
+ /**
+ * Returns the prime, or 'p' value
+ *
+ * @return The DSA prime value
+ */
+ BigInteger getP();
+
+ /**
+ * Returns the subprime, or 'q' value
+ *
+ * @return The DSA subprime value
+ */
+ BigInteger getQ();
+}
diff --git a/libjava/classpath/java/security/interfaces/DSAPrivateKey.java b/libjava/classpath/java/security/interfaces/DSAPrivateKey.java
new file mode 100644
index 000000000..d79b34b90
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/DSAPrivateKey.java
@@ -0,0 +1,61 @@
+/* DSAPublicKey.java -- A Digital Signature Algorithm private key
+ Copyright (C) 1998, 2000, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+
+/**
+ * This interface models a Digital Signature Algorithm (DSA) private key
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface DSAPrivateKey extends DSAKey, PrivateKey
+{
+ /**
+ * The version identifier used for serialization.
+ */
+ long serialVersionUID = 7776497482533790279L;
+
+ /**
+ * This method returns the value of the DSA private key
+ */
+ BigInteger getX();
+}
diff --git a/libjava/classpath/java/security/interfaces/DSAPublicKey.java b/libjava/classpath/java/security/interfaces/DSAPublicKey.java
new file mode 100644
index 000000000..d73e189f6
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/DSAPublicKey.java
@@ -0,0 +1,61 @@
+/* DSAPublicKey.java -- A Digital Signature Algorithm public key
+ Copyright (C) 1998, 2000, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+
+/**
+ * This interface models a Digital Signature Algorithm (DSA) public key
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface DSAPublicKey extends DSAKey, PublicKey
+{
+ /**
+ * The version identifier used for serialization.
+ */
+ long serialVersionUID = 1234526332779022332L;
+
+ /**
+ * This method returns the value of the DSA public key
+ */
+ BigInteger getY();
+}
diff --git a/libjava/classpath/java/security/interfaces/RSAKey.java b/libjava/classpath/java/security/interfaces/RSAKey.java
new file mode 100644
index 000000000..485fa81e0
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/RSAKey.java
@@ -0,0 +1,57 @@
+/* RSAKey.java --- A generic RSA Key interface
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.math.BigInteger;
+
+/**
+ A generic RSA Key interface for public and private keys
+
+ @since JDK 1.3
+
+ @author Mark Benvenuto
+ */
+public interface RSAKey
+{
+ /**
+ Generates a modulus.
+
+ @returns a modulus
+ */
+ BigInteger getModulus();
+}
diff --git a/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java b/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java
new file mode 100644
index 000000000..da7d7479d
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java
@@ -0,0 +1,112 @@
+/* RSAMultiPrimePrivateCrtKey.java --
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.math.BigInteger;
+import java.security.spec.RSAOtherPrimeInfo;
+
+/**
+ * The interface to an RSA multi-prime private key, as defined in the PKCS#1
+ * v2.1, using the <i>Chinese Remainder Theorem</i> (CRT) information values.
+ *
+ * @since 1.4
+ * @see java.security.spec.RSAPrivateKeySpec
+ * @see java.security.spec.RSAMultiPrimePrivateCrtKeySpec
+ * @see RSAPrivateKey
+ * @see RSAPrivateCrtKey
+ */
+public interface RSAMultiPrimePrivateCrtKey extends RSAPrivateKey
+{
+ // Constants
+ // --------------------------------------------------------------------------
+
+ long serialVersionUID = 618058533534628008L;
+
+ // Methods
+ // --------------------------------------------------------------------------
+
+ /**
+ * Returns the public exponent.
+ *
+ * @return the public exponent.
+ */
+ BigInteger getPublicExponent();
+
+ /**
+ * Returns the prime p.
+ *
+ * @return the prime p.
+ */
+ BigInteger getPrimeP();
+
+ /**
+ * Returns the prime q.
+ *
+ * @return the prime q.
+ */
+ BigInteger getPrimeQ();
+
+ /**
+ * Returns the prime's exponent p.
+ *
+ * @return the prime's exponent p.
+ */
+ BigInteger getPrimeExponentP();
+
+ /**
+ * Returns the prime's exponent q.
+ *
+ * @return the prime's exponent q.
+ */
+ BigInteger getPrimeExponentQ();
+
+ /**
+ * Returns the CRT Coefficient.
+ *
+ * @return the CRT Coefficient.
+ */
+ BigInteger getCrtCoefficient();
+
+ /**
+ * Returns the <i>OtherPrimeInfo</i> triplet MPIs or <code>null</code> if
+ * there are only two known prime factors (p and q).
+ *
+ * @return the <i>OtherPrimeInfo</i> INTEGERs.
+ */
+ RSAOtherPrimeInfo[] getOtherPrimeInfo();
+}
diff --git a/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java b/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java
new file mode 100644
index 000000000..96a1496cf
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java
@@ -0,0 +1,95 @@
+/* RSAPrivateCrtKey.java -- An RSA private key in CRT format
+ Copyright (C) 1998 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.math.BigInteger;
+
+/**
+ * This interface provides access to information about an RSA private
+ * key in Chinese Remainder Theorem (CRT) format.
+ *
+ * @version 0.0
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface RSAPrivateCrtKey extends RSAPrivateKey
+{
+ long serialVersionUID = -5682214253527700368L;
+
+ /**
+ * Returns the public exponent for this key
+ *
+ * @return The public exponent for this key
+ */
+ BigInteger getPublicExponent();
+
+ /**
+ * Returns the primeP value
+ *
+ * @return The primeP value
+ */
+ BigInteger getPrimeP();
+
+ /**
+ * Returns the primeQ value
+ *
+ * @return The primeQ value
+ */
+ BigInteger getPrimeQ();
+
+ /**
+ * Returns the primeExponentP
+ *
+ * @return The primeExponentP
+ */
+ BigInteger getPrimeExponentP();
+
+ /**
+ * Returns the primeExponentQ
+ *
+ * @return The primeExponentQ
+ */
+ BigInteger getPrimeExponentQ();
+
+ /**
+ * Returns the CRT coefficient
+ *
+ * @return The CRT coefficient
+ */
+ BigInteger getCrtCoefficient();
+}
diff --git a/libjava/classpath/java/security/interfaces/RSAPrivateKey.java b/libjava/classpath/java/security/interfaces/RSAPrivateKey.java
new file mode 100644
index 000000000..514987625
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/RSAPrivateKey.java
@@ -0,0 +1,60 @@
+/* RSAPrivateKey.java -- An RSA private key
+ Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+
+/**
+ * This interface provides access to information about an RSA private key.
+ *
+ * @version 0.1
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface RSAPrivateKey extends PrivateKey, RSAKey
+{
+ long serialVersionUID = 5187144804936595022L;
+
+ /**
+ * Returns the private exponent value for this key
+ *
+ * @return The private exponent value for this key
+ */
+ BigInteger getPrivateExponent();
+}
diff --git a/libjava/classpath/java/security/interfaces/RSAPublicKey.java b/libjava/classpath/java/security/interfaces/RSAPublicKey.java
new file mode 100644
index 000000000..5fb569d1d
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/RSAPublicKey.java
@@ -0,0 +1,60 @@
+/* RSAPublicKey.java -- An RSA public key
+ Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.interfaces;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+
+/**
+ * This interface provides access to information about an RSA public key.
+ *
+ * @version 0.1
+ *
+ * @author Aaron M. Renn (arenn@urbanophile.com)
+ */
+public interface RSAPublicKey extends PublicKey, RSAKey
+{
+ long serialVersionUID = -8727434096241101194L;
+
+ /**
+ * Returns the public exponent value for this key
+ *
+ * @return The public exponent value for this key
+ */
+ BigInteger getPublicExponent();
+}
diff --git a/libjava/classpath/java/security/interfaces/package.html b/libjava/classpath/java/security/interfaces/package.html
new file mode 100644
index 000000000..aab0d6375
--- /dev/null
+++ b/libjava/classpath/java/security/interfaces/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in java.security.interfaces package.
+ Copyright (C) 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - java.security.interfaces</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/java/security/package.html b/libjava/classpath/java/security/package.html
new file mode 100644
index 000000000..328b7044b
--- /dev/null
+++ b/libjava/classpath/java/security/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in java.security package.
+ Copyright (C) 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - java.security</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java b/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java
new file mode 100644
index 000000000..bc877e312
--- /dev/null
+++ b/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java
@@ -0,0 +1,52 @@
+/* AlgorithmParameterSpec.java --- Algorithm Parameter Spec Interface
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+
+/**
+ A transparent interface for Algorithm Parameter Specifications.
+ It contains no member functions. It is used to group
+ algorithm parameter classes.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public interface AlgorithmParameterSpec
+{
+}
diff --git a/libjava/classpath/java/security/spec/DSAParameterSpec.java b/libjava/classpath/java/security/spec/DSAParameterSpec.java
new file mode 100644
index 000000000..f7f673110
--- /dev/null
+++ b/libjava/classpath/java/security/spec/DSAParameterSpec.java
@@ -0,0 +1,101 @@
+/* DSAParameterSpec.java --- DSA Parameter Specificaton class
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+
+import java.math.BigInteger;
+import java.security.interfaces.DSAParams;
+
+/**
+ * DSA Parameter class Specification. Used to maintain the DSA
+ * Parameters.
+ *
+ * @since 1.2
+ *
+ * @author Mark Benvenuto
+*/
+public class DSAParameterSpec implements AlgorithmParameterSpec, DSAParams
+{
+ private BigInteger p = null;
+ private BigInteger q = null;
+ private BigInteger g = null;
+
+ /**
+ * Constructs a new DSAParameterSpec with the specified p, q, and g.
+ *
+ * @param p the prime
+ * @param q the sub-prime
+ * @param g the base
+ */
+ public DSAParameterSpec(BigInteger p, BigInteger q, BigInteger g)
+ {
+ this.p = p;
+ this.q = q;
+ this.g = g;
+ }
+
+ /**
+ * Returns p for the DSA algorithm.
+ *
+ * @return Returns the requested BigInteger
+ */
+ public BigInteger getP()
+ {
+ return this.p;
+ }
+
+ /**
+ * Returns p for the DSA algorithm.
+ *
+ * @return Returns the requested BigInteger
+ */
+ public BigInteger getQ()
+ {
+ return this.q;
+ }
+
+ /**
+ * Returns g for the DSA algorithm.
+ *
+ * @return Returns the requested BigInteger
+ */
+ public BigInteger getG()
+ {
+ return this.g;
+ }
+}
diff --git a/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java b/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java
new file mode 100644
index 000000000..19af107e6
--- /dev/null
+++ b/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java
@@ -0,0 +1,113 @@
+/* DSAPrivateKeySpec.java --- DSA Private Key Specificaton class
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ DSA Private Key class Specification. Used to maintain the DSA
+ Private Keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class DSAPrivateKeySpec implements KeySpec
+{
+ private BigInteger x = null;
+ private BigInteger p = null;
+ private BigInteger q = null;
+ private BigInteger g = null;
+
+ /**
+ Constructs a new DSAPrivateKeySpec with the specified x, p, q, and g.
+
+ @param x the private key
+ @param p the prime
+ @param q the sub-prime
+ @param g the base
+ */
+ public DSAPrivateKeySpec(BigInteger x, BigInteger p, BigInteger q, BigInteger g)
+ {
+ this.x = x;
+ this.p = p;
+ this.q = q;
+ this.g = g;
+ }
+
+ /**
+ Returns private key x for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+ */
+ public BigInteger getX()
+ {
+ return this.x;
+ }
+
+ /**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+ */
+ public BigInteger getP()
+ {
+ return this.p;
+ }
+
+ /**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+ */
+ public BigInteger getQ()
+ {
+ return this.q;
+ }
+
+ /**
+ Returns g for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+ */
+ public BigInteger getG()
+ {
+ return this.g;
+ }
+
+}
diff --git a/libjava/classpath/java/security/spec/DSAPublicKeySpec.java b/libjava/classpath/java/security/spec/DSAPublicKeySpec.java
new file mode 100644
index 000000000..751844bcc
--- /dev/null
+++ b/libjava/classpath/java/security/spec/DSAPublicKeySpec.java
@@ -0,0 +1,113 @@
+/* DSAPublicKeySpec.java --- DSA Public Key Specificaton class
+ Copyright (C) 1999, 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ DSA Public Key class Specification. Used to maintain the DSA
+ Public Keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class DSAPublicKeySpec implements KeySpec
+{
+ private BigInteger y = null;
+ private BigInteger p = null;
+ private BigInteger q = null;
+ private BigInteger g = null;
+
+ /**
+ Constructs a new DSAPublicKeySpec with the specified y, p, q, and g.
+
+ @param y the public key
+ @param p the prime
+ @param q the sub-prime
+ @param g the base
+ */
+ public DSAPublicKeySpec(BigInteger y, BigInteger p, BigInteger q, BigInteger g)
+ {
+ this.y = y;
+ this.p = p;
+ this.q = q;
+ this.g = g;
+ }
+
+ /**
+ Returns public key y for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+ */
+ public BigInteger getY()
+ {
+ return this.y;
+ }
+
+ /**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+ */
+ public BigInteger getP()
+ {
+ return this.p;
+ }
+
+ /**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+ */
+ public BigInteger getQ()
+ {
+ return this.q;
+ }
+
+ /**
+ Returns g for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+ */
+ public BigInteger getG()
+ {
+ return this.g;
+ }
+
+}
diff --git a/libjava/classpath/java/security/spec/EncodedKeySpec.java b/libjava/classpath/java/security/spec/EncodedKeySpec.java
new file mode 100644
index 000000000..93e158385
--- /dev/null
+++ b/libjava/classpath/java/security/spec/EncodedKeySpec.java
@@ -0,0 +1,85 @@
+/* EncodedKeySpec.java --- Encoded Key Specificaton class
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+
+/**
+ Encoded Key Specification class which is used to store
+ byte encoded keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class EncodedKeySpec implements KeySpec
+{
+
+ private byte[] encodedKey;
+
+ /**
+ Constructs a new EncodedKeySpec with the specified encoded key.
+
+ @param encodedKey A key to store
+ */
+ public EncodedKeySpec(byte[] encodedKey)
+ {
+ this.encodedKey = encodedKey;
+ }
+
+ /**
+ Gets the encoded key in byte format.
+
+ @returns the encoded key
+ */
+ public byte[] getEncoded()
+ {
+ return this.encodedKey;
+ }
+
+ /**
+ Returns the name of the key format used.
+
+ This name is the format such as "PKCS#8" or "X.509" which
+ if it matches a Key class name of the same type can be
+ transformed using the apporiate KeyFactory.
+
+ @return a string representing the name
+ */
+ public abstract String getFormat();
+
+}
diff --git a/libjava/classpath/java/security/spec/InvalidKeySpecException.java b/libjava/classpath/java/security/spec/InvalidKeySpecException.java
new file mode 100644
index 000000000..bbbbcc6d7
--- /dev/null
+++ b/libjava/classpath/java/security/spec/InvalidKeySpecException.java
@@ -0,0 +1,96 @@
+/* InvalidKeySpecException.java -- invalid KeySpec Exception
+ Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Exception for an invalid key specification.
+ *
+ * @author Mark Benvenuto
+ * @see KeySpec
+ * @since 1.2
+ * @status updated to 1.5
+ */
+public class InvalidKeySpecException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = 3546139293998810778L;
+
+ /**
+ * Constructs an InvalidKeySpecException without a message string.
+ */
+ public InvalidKeySpecException()
+ {
+ }
+
+ /**
+ * Constructs an InvalidKeySpecException with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public InvalidKeySpecException(String msg)
+ {
+ super(msg);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param s the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public InvalidKeySpecException(String s, Throwable cause)
+ {
+ super(s, cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public InvalidKeySpecException(Throwable cause)
+ {
+ super(cause);
+ }
+}
diff --git a/libjava/classpath/java/security/spec/InvalidParameterSpecException.java b/libjava/classpath/java/security/spec/InvalidParameterSpecException.java
new file mode 100644
index 000000000..ff34565f1
--- /dev/null
+++ b/libjava/classpath/java/security/spec/InvalidParameterSpecException.java
@@ -0,0 +1,76 @@
+/* InvalidParameterSpecException.java --- invalid ParameterSpec Exception
+ Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Exception for an invalid algorithm specification.
+ *
+ * @author Mark Benvenuto
+ * @see AlogorithmParameters
+ * @see AlogorithmParameterSpec
+ * @see DSAParameterSpec
+ * @since 1.2
+ * @status updated to 1.4
+*/
+public class InvalidParameterSpecException extends GeneralSecurityException
+{
+ /**
+ * Compatible with JDK 1.2+.
+ */
+ private static final long serialVersionUID = -970468769593399342L;
+
+ /**
+ * Constructs an InvalidParameterSpecException without a message string.
+ */
+ public InvalidParameterSpecException()
+ {
+ }
+
+ /**
+ * Constructs an InvalidParameterSpecException with a message string.
+ *
+ * @param msg a message to display with exception
+ */
+ public InvalidParameterSpecException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/classpath/java/security/spec/KeySpec.java b/libjava/classpath/java/security/spec/KeySpec.java
new file mode 100644
index 000000000..13c7dad42
--- /dev/null
+++ b/libjava/classpath/java/security/spec/KeySpec.java
@@ -0,0 +1,52 @@
+/* KeySpec.java --- Key Specification interface
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+
+/**
+ A transparent interface for Key Specifications.
+ It contains no member functions. It is used to group
+ key classes.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public interface KeySpec
+{
+}
diff --git a/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java b/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java
new file mode 100644
index 000000000..53b68de47
--- /dev/null
+++ b/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java
@@ -0,0 +1,81 @@
+/* PKCS8EncodedKeySpec.java --- PKCS8 Encoded Key Specificaton class
+ Copyright (C) 1999, 2001 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+
+/**
+ PKCS8 Encoded Key Specification class which is used to store
+ "PKCS#8" byte encoded keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class PKCS8EncodedKeySpec extends EncodedKeySpec
+{
+ /**
+ Constructs a new PKCS8EncodedKeySpec with the specified encoded key.
+
+ @param encodedKey A key to store, assumed to be "PKCS#8"
+ */
+ public PKCS8EncodedKeySpec(byte[] encodedKey)
+ {
+ super( encodedKey );
+ }
+
+ /**
+ Gets the encoded key in byte format.
+
+ @returns the encoded key
+*/
+ public byte[] getEncoded()
+ {
+ return super.getEncoded();
+ }
+
+ /**
+ Returns the name of the key format used which is "PKCS#8"
+
+ @return a string representing the name
+*/
+ public final String getFormat()
+ {
+ return "PKCS#8";
+ }
+
+}
diff --git a/libjava/classpath/java/security/spec/PSSParameterSpec.java b/libjava/classpath/java/security/spec/PSSParameterSpec.java
new file mode 100644
index 000000000..92a6c9edd
--- /dev/null
+++ b/libjava/classpath/java/security/spec/PSSParameterSpec.java
@@ -0,0 +1,87 @@
+/* PSSParameterSpec.java --
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.spec;
+
+/**
+ * An implementation of {@link AlgorithmParameterSpec} for the RSA PSS encoding
+ * scheme.
+ *
+ * @since 1.4
+ * @see AlgorithmParameterSpec
+ * @see java.security.Signature
+ */
+public class PSSParameterSpec implements AlgorithmParameterSpec
+{
+ // Constants and fields
+ // --------------------------------------------------------------------------
+
+ private int saltLen;
+
+ // Constructor(s)
+ // --------------------------------------------------------------------------
+
+ /**
+ * Construct a new instance of <code>PSSParameterSpec</code> given a salt
+ * length.
+ *
+ * @param saltLen
+ * the length in bits of the salt.
+ * @throws IllegalArgumentException
+ * if <code>saltLen</code> is less than <code>0</code>.
+ */
+ public PSSParameterSpec(int saltLen)
+ {
+ super();
+
+ if (saltLen < 0)
+ throw new IllegalArgumentException();
+ this.saltLen = saltLen;
+ }
+
+ // Class methods
+ // --------------------------------------------------------------------------
+
+ // Instance methods
+ // --------------------------------------------------------------------------
+
+ /** @return the length (in bits) of the salt. */
+ public int getSaltLength()
+ {
+ return this.saltLen;
+ }
+}
diff --git a/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java b/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java
new file mode 100644
index 000000000..5a1dafe2a
--- /dev/null
+++ b/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java
@@ -0,0 +1,97 @@
+/* RSAKeyGenParameterSpec.java --- RSA Key Generator Parameter Spec Class
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ This class generates a set of RSA Key parameters used in the generation
+ of RSA keys.
+
+ @since JDK 1.3
+
+ @author Mark Benvenuto
+*/
+public class RSAKeyGenParameterSpec implements AlgorithmParameterSpec
+{
+ private int keysize;
+ private BigInteger publicExponent;
+
+ /**
+ Public Exponent F0 = 3
+ */
+ public static final BigInteger F0 = BigInteger.valueOf(3);
+
+ /**
+ Public Exponent F4 = 3
+ */
+ public static final BigInteger F4 = BigInteger.valueOf(65537L);
+
+ /**
+ Create a new RSAKeyGenParameterSpec to store the RSA key's keysize
+ and public exponent
+
+ @param keysize Modulus size of key in bits
+ @param publicExponent - the exponent
+ */
+ public RSAKeyGenParameterSpec(int keysize, BigInteger publicExponent)
+ {
+ this.keysize = keysize;
+ this.publicExponent = publicExponent;
+ }
+
+ /**
+ Return the size of the key.
+
+ @return the size of the key.
+ */
+ public int getKeysize()
+ {
+ return keysize;
+ }
+
+ /**
+ Return the public exponent.
+
+ @return the public exponent.
+ */
+ public BigInteger getPublicExponent()
+ {
+ return publicExponent;
+ }
+}
diff --git a/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java b/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java
new file mode 100644
index 000000000..09b8438df
--- /dev/null
+++ b/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java
@@ -0,0 +1,223 @@
+/* PSSParameterSpec.java --
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.spec;
+
+import java.math.BigInteger;
+
+/**
+ * This class represents an RSA multi-prime private key, as defined in the
+ * PKCS#1 v2.1, using the <i>Chinese Remainder Theorem</i> (CRT) information
+ * values.
+ *
+ * @since 1.4
+ * @see java.security.Key
+ * @see java.security.KeyFactory
+ * @see KeySpec
+ * @see PKCS8EncodedKeySpec
+ * @see RSAPrivateKeySpec
+ * @see RSAPublicKeySpec
+ * @see RSAOtherPrimeInfo
+ */
+public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec
+{
+ // Constants and fields
+ // --------------------------------------------------------------------------
+
+ private BigInteger publicExponent;
+ private BigInteger primeP;
+ private BigInteger primeQ;
+ private BigInteger primeExponentP;
+ private BigInteger primeExponentQ;
+ private BigInteger crtCoefficient;
+ private RSAOtherPrimeInfo[] otherPrimeInfo;
+
+ // Constructor(s)
+ // --------------------------------------------------------------------------
+
+ /**
+ * Constructs a new instance of <code>RSAMultiPrimePrivateCrtKeySpec</code>
+ * given the various PKCS#1 v2.1 parameters.
+ *
+ * <p>Note that <code>otherPrimeInfo</code> is cloned when constructing this
+ * object.</p>
+ *
+ * @param modulus
+ * the modulus n.
+ * @param publicExponent
+ * the public exponent e.
+ * @param privateExponent
+ * the private exponent d.
+ * @param primeP
+ * the prime factor p of n.
+ * @param primeQ
+ * the prime factor q of n.
+ * @param primeExponentP
+ * this is d mod (p-1).
+ * @param primeExponentQ
+ * this is d mod (q-1).
+ * @param crtCoefficient
+ * the Chinese Remainder Theorem coefficient q-1 mod p.
+ * @param otherPrimeInfo
+ * triplets of the rest of primes, <code>null</code> can be
+ * specified if there are only two prime factors (p and q).
+ * @throws NullPointerException
+ * if any of the parameters is <code>null</code>.
+ * @throws IllegalArgumentException
+ * if an empty <code>otherPrimeInfo</code> is specified.
+ */
+ public RSAMultiPrimePrivateCrtKeySpec(BigInteger modulus,
+ BigInteger publicExponent,
+ BigInteger privateExponent,
+ BigInteger primeP,
+ BigInteger primeQ,
+ BigInteger primeExponentP,
+ BigInteger primeExponentQ,
+ BigInteger crtCoefficient,
+ RSAOtherPrimeInfo[] otherPrimeInfo)
+ {
+ super(modulus, privateExponent);
+
+ if (modulus == null)
+ throw new NullPointerException("modulus");
+ if (publicExponent == null)
+ throw new NullPointerException("publicExponent");
+ if (privateExponent == null)
+ throw new NullPointerException("privateExponent");
+ if (primeP == null)
+ throw new NullPointerException("primeP");
+ if (primeQ == null)
+ throw new NullPointerException("primeQ");
+ if (primeExponentP == null)
+ throw new NullPointerException("primeExponentP");
+ if (primeExponentQ == null)
+ throw new NullPointerException("primeExponentQ");
+ if (crtCoefficient == null)
+ throw new NullPointerException("crtCoefficient");
+ if (otherPrimeInfo != null)
+ if (otherPrimeInfo.length == 0)
+ throw new IllegalArgumentException();
+ else
+ this.otherPrimeInfo = (RSAOtherPrimeInfo[]) otherPrimeInfo.clone();
+
+ this.publicExponent = publicExponent;
+ this.primeP = primeP;
+ this.primeQ = primeQ;
+ this.primeExponentP = primeExponentP;
+ this.primeExponentQ = primeExponentQ;
+ this.crtCoefficient = crtCoefficient;
+ }
+
+ // Class methods
+ // --------------------------------------------------------------------------
+
+ // Instance methods
+ // --------------------------------------------------------------------------
+
+ /**
+ * Returns the public exponent.
+ *
+ * @return the public exponent.
+ */
+ public BigInteger getPublicExponent()
+ {
+ return this.publicExponent;
+ }
+
+ /**
+ * Returns the prime p.
+ *
+ * @return the prime p.
+ */
+ public BigInteger getPrimeP()
+ {
+ return this.primeP;
+ }
+
+ /**
+ * Returns the prime q.
+ *
+ * @return the prime q.
+ */
+ public BigInteger getPrimeQ()
+ {
+ return this.primeQ;
+ }
+
+ /**
+ * Returns d mod (p-1).
+ *
+ * @return d mod (p-1).
+ */
+ public BigInteger getPrimeExponentP()
+ {
+ return this.primeExponentP;
+ }
+
+ /**
+ * Returns d mod (q-1).
+ *
+ * @return d mod (q-1).
+ */
+ public BigInteger getPrimeExponentQ()
+ {
+ return this.primeExponentQ;
+ }
+
+ /**
+ * Returns the CRT Coefficient q-1 mod p.
+ *
+ * @return the CRT Coefficient q-1 mod p.
+ */
+ public BigInteger getCrtCoefficient()
+ {
+ return this.crtCoefficient;
+ }
+
+ /**
+ * Returns a clone of <code>otherPrimeInfo</code> or <code>null</code> if
+ * it was <code>null</code> at construction time.
+ *
+ * @return a cloned copy of <code>otherPrimeInfo</code>.
+ */
+ public RSAOtherPrimeInfo[] getOtherPrimeInfo()
+ {
+ return this.otherPrimeInfo == null
+ ? null
+ : (RSAOtherPrimeInfo[]) this.otherPrimeInfo.clone();
+ }
+}
diff --git a/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java b/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java
new file mode 100644
index 000000000..45dd53fab
--- /dev/null
+++ b/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java
@@ -0,0 +1,126 @@
+/* RSAOtherPrimeInfo.java --
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+package java.security.spec;
+
+import java.math.BigInteger;
+
+/**
+ * An in-memory representation of the RSA triplet (prime, exponent, and
+ * coefficient) inside a PKCS#1 v2.1 <i>OtherPrimeInfo</i> structure.
+ *
+ * @since 1.4
+ * @see RSAPrivateCrtKeySpec
+ * @see java.security.interfaces.RSAMultiPrimePrivateCrtKey
+ */
+public class RSAOtherPrimeInfo
+{
+ // Constants and fields
+ // --------------------------------------------------------------------------
+
+ private BigInteger prime;
+ private BigInteger primeExponent;
+ private BigInteger crtCoefficient;
+
+ // Constructor(s)
+ // --------------------------------------------------------------------------
+
+ /**
+ * Constructs a new <code>RSAOtherPrimeInfo</code> given the PKCS#1 MPIs.
+ *
+ * @param prime
+ * the prime factor of n.
+ * @param primeExponent
+ * the exponent.
+ * @param crtCoefficient
+ * the Chinese Remainder Theorem coefficient.
+ * @throws NullPointerException
+ * if any of the parameters is <code>null</code>.
+ */
+ public RSAOtherPrimeInfo(BigInteger prime, BigInteger primeExponent,
+ BigInteger crtCoefficient)
+ {
+ super();
+
+ if (prime == null)
+ throw new NullPointerException("prime");
+ if (primeExponent == null)
+ throw new NullPointerException("primeExponent");
+ if (crtCoefficient == null)
+ throw new NullPointerException("crtCoefficient");
+
+ this.prime = prime;
+ this.primeExponent = primeExponent;
+ this.crtCoefficient = crtCoefficient;
+ }
+
+ // Class methods
+ // --------------------------------------------------------------------------
+
+ // Instance methods
+ // --------------------------------------------------------------------------
+
+ /**
+ * Returns the prime.
+ *
+ * @return the prime.
+ */
+ public final BigInteger getPrime()
+ {
+ return this.prime;
+ }
+
+ /**
+ * Returns the prime's exponent.
+ *
+ * @return the primeExponent.
+ */
+ public final BigInteger getExponent()
+ {
+ return this.primeExponent;
+ }
+
+ /**
+ * Returns the CRT Coefficient.
+ *
+ * @return the CRT Coefficient.
+ */
+ public final BigInteger getCrtCoefficient()
+ {
+ return this.crtCoefficient;
+ }
+}
diff --git a/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java b/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java
new file mode 100644
index 000000000..6d327e62b
--- /dev/null
+++ b/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java
@@ -0,0 +1,151 @@
+/* RSAPrivateCrtKeySpec.java --- RSA Private Certificate Key Specificaton class
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ RSA Private Certificate Key class Specification. Used to
+ maintain the RSA Private Certificate Keys with the
+ <I>Chinese Remainder Theorem</I>(CRT) as specified by PKCS#1.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class RSAPrivateCrtKeySpec extends RSAPrivateKeySpec
+{
+ private BigInteger publicExponent;
+ private BigInteger primeP;
+ private BigInteger primeQ;
+ private BigInteger primeExponentP;
+ private BigInteger primeExponentQ;
+ private BigInteger crtCoefficient;
+
+ /**
+ Constructs a new RSAPrivateKeySpec with the specified
+ variables.
+
+ @param modulus the RSA modulus
+ @param publicExponent the public key exponent
+ @param privateExponent the private key exponent
+ @param primeP the prime P
+ @param primeQ the prime Q
+ @param primeExponentP the prime exponent P
+ @param primeExponentQ the prime exponent P
+ @param crtCoefficient the CRT coefficient
+ */
+ public RSAPrivateCrtKeySpec(BigInteger modulus,
+ BigInteger publicExponent,
+ BigInteger privateExponent,
+ BigInteger primeP,
+ BigInteger primeQ,
+ BigInteger primeExponentP,
+ BigInteger primeExponentQ,
+ BigInteger crtCoefficient)
+ {
+ super( modulus, privateExponent);
+ this.publicExponent = publicExponent;
+ this.primeP = primeP;
+ this.primeQ = primeQ;
+ this.primeExponentP = primeExponentP;
+ this.primeExponentQ = primeExponentQ;
+ this.crtCoefficient = crtCoefficient;
+ }
+
+ /**
+ Gets the RSA public exponent.
+
+ @return the RSA public exponent
+ */
+ public BigInteger getPublicExponent()
+ {
+ return this.publicExponent;
+ }
+
+ /**
+ Gets the RSA prime P.
+
+ @return the RSA prime P
+ */
+ public BigInteger getPrimeP()
+ {
+ return this.primeP;
+ }
+
+ /**
+ Gets the RSA prime Q.
+
+ @return the RSA prime Q
+ */
+ public BigInteger getPrimeQ()
+ {
+ return this.primeQ;
+ }
+
+ /**
+ Gets the RSA prime exponent P.
+
+ @return the RSA prime exponent P
+ */
+ public BigInteger getPrimeExponentP()
+ {
+ return this.primeExponentP;
+ }
+
+ /**
+ Gets the RSA prime exponent P.
+
+ @return the RSA prime exponent Q
+ */
+ public BigInteger getPrimeExponentQ()
+ {
+ return this.primeExponentQ;
+ }
+
+ /**
+ Gets the RSA CRT coefficient.
+
+ @return the RSA CRT coefficient
+ */
+ public BigInteger getCrtCoefficient()
+ {
+ return this.crtCoefficient;
+ }
+
+}
diff --git a/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java b/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java
new file mode 100644
index 000000000..f812766ba
--- /dev/null
+++ b/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java
@@ -0,0 +1,88 @@
+/* RSAPrivateKeySpec.java --- RSA Private Key Specificaton class
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ RSA Private Key class Specification. Used to maintain the RSA
+ Private Keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class RSAPrivateKeySpec implements KeySpec
+{
+ private BigInteger modulus;
+ private BigInteger privateExponent;
+
+ /**
+ Constructs a new RSAPrivateKeySpec with the specified
+ modulus and privateExponent.
+
+ @param modulus the RSA modulus
+ @param privateExponent the private key exponent
+ */
+ public RSAPrivateKeySpec(BigInteger modulus, BigInteger privateExponent)
+ {
+ this.modulus = modulus;
+ this.privateExponent = privateExponent;
+ }
+
+ /**
+ Gets the RSA modulus.
+
+ @return the RSA modulus
+ */
+ public BigInteger getModulus()
+ {
+ return this.modulus;
+ }
+
+ /**
+ Gets the RSA private exponent.
+
+ @return the RSA private exponent
+ */
+ public BigInteger getPrivateExponent()
+ {
+ return this.privateExponent;
+ }
+
+}
diff --git a/libjava/classpath/java/security/spec/RSAPublicKeySpec.java b/libjava/classpath/java/security/spec/RSAPublicKeySpec.java
new file mode 100644
index 000000000..acee6bcdf
--- /dev/null
+++ b/libjava/classpath/java/security/spec/RSAPublicKeySpec.java
@@ -0,0 +1,88 @@
+/* RSAPublicKeySpec.java --- RSA Public Key Specificaton class
+ Copyright (C) 1999 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ RSA Public Key class Specification. Used to maintain the RSA
+ Public Keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class RSAPublicKeySpec implements KeySpec
+{
+ private BigInteger modulus;
+ private BigInteger publicExponent;
+
+ /**
+ Constructs a new RSAPublicKeySpec with the specified
+ modulus and publicExponent.
+
+ @param modulus the RSA modulus
+ @param publicExponent the public key exponent
+ */
+ public RSAPublicKeySpec(BigInteger modulus, BigInteger publicExponent)
+ {
+ this.modulus = modulus;
+ this.publicExponent = publicExponent;
+ }
+
+ /**
+ Gets the RSA modulus.
+
+ @return the RSA modulus
+ */
+ public BigInteger getModulus()
+ {
+ return this.modulus;
+ }
+
+ /**
+ Gets the RSA public exponent.
+
+ @return the RSA public exponent
+ */
+ public BigInteger getPublicExponent()
+ {
+ return this.publicExponent;
+ }
+
+}
diff --git a/libjava/classpath/java/security/spec/X509EncodedKeySpec.java b/libjava/classpath/java/security/spec/X509EncodedKeySpec.java
new file mode 100644
index 000000000..8b50aaae1
--- /dev/null
+++ b/libjava/classpath/java/security/spec/X509EncodedKeySpec.java
@@ -0,0 +1,82 @@
+/* X509EncodedKeySpec.java --- X.509 Encoded Key Specificaton class
+ Copyright (C) 1999, 2001 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.spec;
+
+/**
+ X.509 Encoded Key Specification class which is used to store
+ "X.509" byte encoded keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class X509EncodedKeySpec extends EncodedKeySpec
+{
+
+ /**
+ Constructs a new X509EncodedKeySpec with the specified encoded key.
+
+ @param encodedKey A key to store, assumed to be "X.509"
+ */
+ public X509EncodedKeySpec(byte[] encodedKey)
+ {
+ super( encodedKey );
+ }
+
+ /**
+ Gets the encoded key in byte format.
+
+ @returns the encoded key
+ */
+ public byte[] getEncoded()
+ {
+ return super.getEncoded();
+ }
+
+ /**
+ Returns the name of the key format used which is "X.509"
+
+ @return a string representing the name
+ */
+ public final String getFormat()
+ {
+ return "X.509";
+ }
+
+}
diff --git a/libjava/classpath/java/security/spec/package.html b/libjava/classpath/java/security/spec/package.html
new file mode 100644
index 000000000..8e818896a
--- /dev/null
+++ b/libjava/classpath/java/security/spec/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in java.security.spec package.
+ Copyright (C) 2002 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - java.security.spec</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>