diff options
author | upstream source tree <ports@midipix.org> | 2015-03-15 20:14:05 -0400 |
---|---|---|
committer | upstream source tree <ports@midipix.org> | 2015-03-15 20:14:05 -0400 |
commit | 554fd8c5195424bdbcabf5de30fdc183aba391bd (patch) | |
tree | 976dc5ab7fddf506dadce60ae936f43f58787092 /libjava/classpath/java/security | |
download | cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.bz2 cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.xz |
obtained gcc-4.6.4.tar.bz2 from upstream website;upstream
verified gcc-4.6.4.tar.bz2.sig;
imported gcc-4.6.4 source tree from verified upstream tarball.
downloading a git-generated archive based on the 'upstream' tag
should provide you with a source tree that is binary identical
to the one extracted from the above tarball.
if you have obtained the source via the command 'git clone',
however, do note that line-endings of files in your working
directory might differ from line-endings of the respective
files in the upstream repository.
Diffstat (limited to 'libjava/classpath/java/security')
149 files changed, 24291 insertions, 0 deletions
diff --git a/libjava/classpath/java/security/AccessControlContext.java b/libjava/classpath/java/security/AccessControlContext.java new file mode 100644 index 000000000..fd964751c --- /dev/null +++ b/libjava/classpath/java/security/AccessControlContext.java @@ -0,0 +1,218 @@ +/* AccessControlContext.java --- Access Control Context Class + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.util.HashSet; + +/** + * AccessControlContext makes system resource access decsion + * based on permission rights. + * + * It is used for a specific context and has only one method + * checkPermission. It is similar to AccessController except + * that it makes decsions based on the current context instead + * of the the current thread. + * + * It is created by call AccessController.getContext method. + * + * @author Mark Benvenuto + * @since 1.2 + */ +public final class AccessControlContext +{ + private final ProtectionDomain[] protectionDomains; + private final DomainCombiner combiner; + + /** + * Construct a new AccessControlContext with the specified + * ProtectionDomains. <code>context</code> must not be + * null and duplicates will be removed. + * + * @param context The ProtectionDomains to use + */ + public AccessControlContext(ProtectionDomain[] context) + { + HashSet domains = new HashSet (context.length); + for (int i = 0; i < context.length; i++) + domains.add (context[i]); + protectionDomains = (ProtectionDomain[]) + domains.toArray (new ProtectionDomain[domains.size()]); + combiner = null; + } + + /** + * Construct a new AccessControlContext with the specified + * {@link ProtectionDomain}s and {@link DomainCombiner}. + * + * <p>Code calling this constructor must have a {@link + * SecurityPermission} of <i>createAccessControlContext</i>.</p> + * + * @throws SecurityException If the caller does not have permission + * to create an access control context. + * @since 1.3 + */ + public AccessControlContext(AccessControlContext acc, + DomainCombiner combiner) + { + AccessControlContext acc2 = null; + SecurityManager sm = System.getSecurityManager (); + if (sm != null) + { + Permission perm = + new SecurityPermission ("createAccessControlContext"); + + // The default SecurityManager.checkPermission(perm) just calls + // AccessController.checkPermission(perm) which in turn just + // calls AccessController.getContext().checkPermission(perm). + // This means AccessController.getContext() is called twice, + // once for the security check and once by us. It's a very + // expensive call (on gcj at least) so if we're using the + // default security manager we avoid this duplication. + if (sm.getClass() == SecurityManager.class) + { + acc2 = AccessController.getContext (); + acc2.checkPermission (perm); + } + else + sm.checkPermission (perm); + } + if (acc2 == null) + acc2 = AccessController.getContext (); + protectionDomains = combiner.combine (acc2.protectionDomains, + acc.protectionDomains); + this.combiner = combiner; + } + + AccessControlContext (ProtectionDomain[] domains, AccessControlContext acc, + DomainCombiner combiner) + { + protectionDomains = combiner.combine (domains, acc.protectionDomains); + this.combiner = combiner; + } + + /** + * Returns the Domain Combiner associated with the AccessControlContext + * + * @return the DomainCombiner + */ + public DomainCombiner getDomainCombiner() + { + return combiner; + } + + /** + * Determines whether or not the specific permission is granted + * depending on the context it is within. + * + * @param perm a permission to check + * + * @throws AccessControlException if the permssion is not permitted + */ + public void checkPermission(Permission perm) throws AccessControlException + { + if (protectionDomains.length == 0) + throw new AccessControlException ("permission " + + perm + + " not granted: no protection domains"); + + for (int i = 0; i < protectionDomains.length; i++) + { + final ProtectionDomain domain = protectionDomains[i]; + if (!domain.implies(perm)) + throw new AccessControlException ("permission " + + perm + + " not granted: " + + domain + + " does not imply it."); + } + } + + /** + * Checks if two AccessControlContexts are equal. + * + * It first checks if obj is an AccessControlContext class, and + * then checks if each ProtectionDomain matches. + * + * @param obj The object to compare this class to + * + * @return true if equal, false otherwise + */ + public boolean equals(Object obj) + { + if (obj instanceof AccessControlContext) + { + AccessControlContext acc = (AccessControlContext) obj; + + if (acc.protectionDomains.length != protectionDomains.length) + return false; + + int i, j; + for (i = 0; i < protectionDomains.length; i++) + { + for (j = 0; j < acc.protectionDomains.length; j++) + { + if (acc.protectionDomains[j].equals (protectionDomains[i])) + break; + } + if (j == acc.protectionDomains.length) + return false; + } + return true; + } + return false; + } + + /** + * Computes a hash code of this class + * + * @return a hash code representing this class + */ + public int hashCode() + { + int h = 0; + for (int i = 0; i < protectionDomains.length; i++) + h ^= protectionDomains[i].hashCode(); + + return h; + } + + ProtectionDomain[] getProtectionDomains () + { + return protectionDomains; + } +} diff --git a/libjava/classpath/java/security/AccessControlException.java b/libjava/classpath/java/security/AccessControlException.java new file mode 100644 index 000000000..27aee7c86 --- /dev/null +++ b/libjava/classpath/java/security/AccessControlException.java @@ -0,0 +1,97 @@ +/* AccessControlException.java -- Permission is denied + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when the <code>AccessController</code> denies + * an attempt to perform an operation. This often keeps track of the + * permission that was not granted. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see AccessController + * @status updated to 1.4 + */ +public class AccessControlException extends SecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5138225684096988535L; + + /** + * The <code>Permission</code> associated with this exception. + * + * @serial the permission + */ + private final Permission perm; + + /** + * Create a new instance with a descriptive error message, and a null + * <code>Permission</code> object. + * + * @param msg the descriptive error message + */ + public AccessControlException(String msg) + { + this(msg, null); + } + + /** + * Create a new instance with a descriptive error message and an associated + * <code>Permission</code> object. + * + * @param msg the descriptive error message + * @param perm the permission that caused this + */ + public AccessControlException(String msg, Permission perm) + { + super(msg); + this.perm = perm; + } + + /** + * This method returns the <code>Permission</code> object that caused + * this exception to be thrown. + * + * @return the denied permission, or null + */ + public Permission getPermission() + { + return perm; + } +} diff --git a/libjava/classpath/java/security/AccessController.java b/libjava/classpath/java/security/AccessController.java new file mode 100644 index 000000000..ec5b14c9e --- /dev/null +++ b/libjava/classpath/java/security/AccessController.java @@ -0,0 +1,229 @@ +/* AccessController.java --- Access control context and permission checker + Copyright (C) 2001, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Access control context and permission checker. + * Can check permissions in the access control context of the current thread + * through the <code>checkPermission()</code> method. + * Manipulates the access control context for code that needs to be executed + * the protection domain of the calling class (by explicitly ignoring the + * context of the calling code) in the <code>doPrivileged()</code> methods. + * And provides a <code>getContext()</code> method which gives the access + * control context of the current thread that can be used for checking + * permissions at a later time and/or in another thread. + * + * @author Mark Wielaard (mark@klomp.org) + * @since 1.2 + */ +public final class AccessController +{ + /** + * This class only has static methods so there is no public contructor. + */ + private AccessController() + { + } + + /** + * Checks wether the access control context of the current thread allows + * the given Permission. Throws an <code>AccessControlException</code> + * when the permission is not allowed in the current context. Otherwise + * returns silently without throwing an exception. + * + * @param perm the permission to be checked. + * @exception AccessControlException thrown if the current context does not + * allow the given permission. + */ + public static void checkPermission(Permission perm) + throws AccessControlException + { + getContext().checkPermission(perm); + } + + /** + * Calls the <code>run()</code> method of the given action with as + * (initial) access control context only the protection domain of the + * calling class. Calls to <code>checkPermission()</code> in the + * <code>run()</code> method ignore all earlier protection domains of + * classes in the call chain. Note that the protection domains of classes + * called by the code in the <code>run()</code> method are not ignored. + * + * @param action the <code>PrivilegedAction</code> whose <code>run()</code> + * should be be called. + * @return the result of the <code>action.run()</code> method. + */ + public static <T> T doPrivileged(PrivilegedAction<T> action) + { + VMAccessController.pushContext(null); + try + { + return action.run(); + } + finally + { + VMAccessController.popContext(); + } + } + + /** + * Calls the <code>run()</code> method of the given action with as + * (initial) access control context the given context combined with the + * protection domain of the calling class. Calls to + * <code>checkPermission()</code> in the <code>run()</code> method ignore + * all earlier protection domains of classes in the call chain, but add + * checks for the protection domains given in the supplied context. + * + * @param action the <code>PrivilegedAction</code> whose <code>run()</code> + * should be be called. + * @param context the <code>AccessControlContext</code> whose protection + * domains should be added to the protection domain of the calling class. + * @return the result of the <code>action.run()</code> method. + */ + public static <T> T doPrivileged(PrivilegedAction<T> action, + AccessControlContext context) + { + VMAccessController.pushContext(context); + try + { + return action.run(); + } + finally + { + VMAccessController.popContext(); + } + } + + /** + * Calls the <code>run()</code> method of the given action with as + * (initial) access control context only the protection domain of the + * calling class. Calls to <code>checkPermission()</code> in the + * <code>run()</code> method ignore all earlier protection domains of + * classes in the call chain. Note that the protection domains of classes + * called by the code in the <code>run()</code> method are not ignored. + * If the <code>run()</code> method throws an exception then this method + * will wrap that exception in an <code>PrivilegedActionException</code>. + * + * @param action the <code>PrivilegedExceptionAction</code> whose + * <code>run()</code> should be be called. + * @return the result of the <code>action.run()</code> method. + * @exception PrivilegedActionException wrapped around any checked exception + * that is thrown in the <code>run()</code> method. + */ + public static <T> T doPrivileged(PrivilegedExceptionAction<T> action) + throws PrivilegedActionException + { + VMAccessController.pushContext(null); + try + { + return action.run(); + } + catch (RuntimeException e) + { + throw e; + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + finally + { + VMAccessController.popContext(); + } + } + + /** + * Calls the <code>run()</code> method of the given action with as + * (initial) access control context the given context combined with the + * protection domain of the calling class. Calls to + * <code>checkPermission()</code> in the <code>run()</code> method ignore + * all earlier protection domains of classes in the call chain, but add + * checks for the protection domains given in the supplied context. + * If the <code>run()</code> method throws an exception then this method + * will wrap that exception in an <code>PrivilegedActionException</code>. + * + * @param action the <code>PrivilegedExceptionAction</code> whose + * <code>run()</code> should be be called. + * @param context the <code>AccessControlContext</code> whose protection + * domains should be added to the protection domain of the calling class. + * @return the result of the <code>action.run()</code> method. + * @exception PrivilegedActionException wrapped around any checked exception + * that is thrown in the <code>run()</code> method. + */ + public static <T> T doPrivileged(PrivilegedExceptionAction<T> action, + AccessControlContext context) + throws PrivilegedActionException + { + VMAccessController.pushContext(context); + try + { + return action.run(); + } + catch (RuntimeException e) + { + throw e; + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + finally + { + VMAccessController.popContext(); + } + } + + /** + * Returns the complete access control context of the current thread. + * The returned object encompasses all {@link ProtectionDomain} objects + * for all classes in the current call stack, or the set of protection + * domains until the last call to {@link + * #doPrivileged(java.security.PrivilegedAction)}. + * + * <p>Additionally, if a call was made to {@link + * #doPrivileged(java.security.PrivilegedAction,java.security.AccessControlContext)} + * that supplied an {@link AccessControlContext}, then that context + * will be intersected with the calculated one. + * + * @return The context. + */ + public static AccessControlContext getContext() + { + return VMAccessController.getContext(); + } +} diff --git a/libjava/classpath/java/security/AlgorithmParameterGenerator.java b/libjava/classpath/java/security/AlgorithmParameterGenerator.java new file mode 100644 index 000000000..a92552b9e --- /dev/null +++ b/libjava/classpath/java/security/AlgorithmParameterGenerator.java @@ -0,0 +1,277 @@ +/* AlgorithmParameterGenerator.java --- Algorithm Parameter Generator + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.spec.AlgorithmParameterSpec; + +/** + * <code>AlgorithmParameterGenerator</code> is used to generate algorithm + * parameters for specified algorithms. + * + * <p>In case the client does not explicitly initialize the + * <code>AlgorithmParameterGenerator</code> (via a call to an + * <code>init()</code> method), each provider must supply (and document) a + * default initialization. For example, the <b>GNU</b> provider uses a default + * modulus prime size of <code>1024</code> bits for the generation of <i>DSA</i> + * parameters. + * + * @author Mark Benvenuto + * @since 1.2 + * @see AlgorithmParameters + * @see AlgorithmParameterSpec + */ +public class AlgorithmParameterGenerator +{ + /** Service name for algorithm parameter generators. */ + private static final String ALGORITHM_PARAMETER_GENERATOR = + "AlgorithmParameterGenerator"; + + private AlgorithmParameterGeneratorSpi paramGenSpi; + private Provider provider; + private String algorithm; + + /** + * Constructs a new instance of <code>AlgorithmParameterGenerator</code>. + * + * @param paramGenSpi + * the generator to use. + * @param provider + * the provider to use. + * @param algorithm + * the algorithm to use. + */ + protected AlgorithmParameterGenerator(AlgorithmParameterGeneratorSpi + paramGenSpi, Provider provider, + String algorithm) + { + this.paramGenSpi = paramGenSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** @return the name of the algorithm. */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns a new <code>AlgorithmParameterGenerator</code> instance which + * generates algorithm parameters for the specified algorithm. + * + * @param algorithm the name of algorithm to use. + * @return the new instance. + * @throws NoSuchAlgorithmException if <code>algorithm</code> is not + * implemented by any provider. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static AlgorithmParameterGenerator getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new <code>AlgorithmParameterGenerator</code> instance which + * generates algorithm parameters for the specified algorithm. + * + * @param algorithm the name of algorithm to use. + * @param provider the name of the {@link Provider} to use. + * @return the new instance. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code> or empty. + */ + public static AlgorithmParameterGenerator getInstance(String algorithm, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new <code>AlgorithmParameterGenerator</code> instance which + * generates algorithm parameters for the specified algorithm. + * + * @param algorithm the name of algorithm to use. + * @param provider the {@link Provider} to use. + * @return the new instance. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by + * {@link Provider}. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + * @since 1.4 + * @see Provider + */ + public static AlgorithmParameterGenerator getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder() + .append("AlgorithmParameterGenerator for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(ALGORITHM_PARAMETER_GENERATOR, + algorithm, + provider); + return new AlgorithmParameterGenerator((AlgorithmParameterGeneratorSpi) spi, + provider, + algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** @return the {@link Provider} of this generator. */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initializes this instance with the specified size. Since no source of + * randomness is supplied, a default one will be used. + * + * @param size + * size (in bits) to use. + */ + public final void init(int size) + { + init(size, new SecureRandom()); + } + + /** + * Initializes this instance with the specified key-size and source of + * randomness. + * + * @param size + * the size (in bits) to use. + * @param random + * the {@link SecureRandom} to use. + */ + public final void init(int size, SecureRandom random) + { + paramGenSpi.engineInit(size, random); + } + + /** + * Initializes this instance with the specified {@link AlgorithmParameterSpec}. + * Since no source of randomness is supplied, a default one will be used. + * + * @param genParamSpec + * the {@link AlgorithmParameterSpec} to use. + * @throws InvalidAlgorithmParameterException + * if <code>genParamSpec</code> is invalid. + */ + public final void init(AlgorithmParameterSpec genParamSpec) + throws InvalidAlgorithmParameterException + { + init(genParamSpec, new SecureRandom()); + } + + /** + * Initializes this instance with the specified {@link AlgorithmParameterSpec} + * and source of randomness. + * + * @param genParamSpec + * the {@link AlgorithmParameterSpec} to use. + * @param random + * the {@link SecureRandom} to use. + * @throws InvalidAlgorithmParameterException + * if <code>genParamSpec</code> is invalid. + */ + public final void init(AlgorithmParameterSpec genParamSpec, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + paramGenSpi.engineInit(genParamSpec, random); + } + + /** @return a new instance of {@link AlgorithmParameters}. */ + public final AlgorithmParameters generateParameters() + { + return paramGenSpi.engineGenerateParameters(); + } +} diff --git a/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java b/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java new file mode 100644 index 000000000..15f39f646 --- /dev/null +++ b/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java @@ -0,0 +1,94 @@ +/* AlgorithmParameterGeneratorSpi.java --- Algorithm Parameter Generator SPI + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; +import java.security.spec.AlgorithmParameterSpec; + +/** + AlgorithmParameterGeneratorSpi is the Service Provider + Interface for the AlgorithmParameterGenerator class. + This class is used to generate the algorithm parameters + for a specific algorithm. + + @since JDK 1.2 + @author Mark Benvenuto + */ +public abstract class AlgorithmParameterGeneratorSpi +{ + + /** + Constructs a new AlgorithmParameterGeneratorSpi + */ + public AlgorithmParameterGeneratorSpi() + { + } + + /** + Initializes the parameter generator with the specified size + and SecureRandom + + @param size the size( in number of bits) + @param random the SecureRandom class to use for randomness + */ + protected abstract void engineInit(int size, SecureRandom random); + + /** + Initializes the parameter generator with the specified + AlgorithmParameterSpec and SecureRandom classes. + + If genParamSpec is an invalid AlgorithmParameterSpec for this + AlgorithmParameterGeneratorSpi then it throws + InvalidAlgorithmParameterException + + @param genParamSpec the AlgorithmParameterSpec class to use + @param random the SecureRandom class to use for randomness + + @throws InvalidAlgorithmParameterException genParamSpec is invalid + */ + protected abstract void engineInit(AlgorithmParameterSpec genParamSpec, + SecureRandom random) throws + InvalidAlgorithmParameterException; + + + /** + Generate a new set of AlgorithmParameters. + + @returns a new set of algorithm parameters + */ + protected abstract AlgorithmParameters engineGenerateParameters(); + +} diff --git a/libjava/classpath/java/security/AlgorithmParameters.java b/libjava/classpath/java/security/AlgorithmParameters.java new file mode 100644 index 000000000..ba805143e --- /dev/null +++ b/libjava/classpath/java/security/AlgorithmParameters.java @@ -0,0 +1,317 @@ +/* AlgorithmParameters.java --- Algorithm Parameters Implementation Class + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +/** + * <code>AlgorithmParameters</code> is an Algorithm Parameters class which + * provides an interface through which the user can manage the parameters of an + * Algorithm. + * + * @author Mark Benvenuto + * @since 1.2 + * @see AlgorithmParameterSpec + * @see java.security.spec.DSAParameterSpec + * @see KeyPairGenerator + */ +public class AlgorithmParameters +{ + /** Service name for algorithm parameters. */ + private static final String ALGORITHM_PARAMETERS = "AlgorithmParameters"; + + private AlgorithmParametersSpi paramSpi; + private Provider provider; + private String algorithm; + + /** + * Constructs a new instance of <code>AlgorithmParameters</code>. + * + * @param paramSpi + * the engine to use. + * @param provider + * the provider to use. + * @param algorithm + * the algorithm to use. + */ + protected AlgorithmParameters(AlgorithmParametersSpi paramSpi, + Provider provider, String algorithm) + { + this.paramSpi = paramSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** @return A string with the name of the algorithm used. */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns a new instance of <code>AlgorithmParameters</code> representing + * the specified algorithm parameters. + * <p> + * The returned <code>AlgorithmParameters</code> must still be initialized + * with an <code>init()</code> method. + * + * @param algorithm the algorithm to use. + * @return the new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static AlgorithmParameters getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new instance of <code>AlgorithmParameters</code> representing + * the specified algorithm parameters from a named provider. + * <p> + * The returned <code>AlgorithmParameters</code> must still be intialized + * with an <code>init()</code> method. + * </p> + * + * @param algorithm the algorithm to use. + * @param provider the name of the {@link Provider} to use. + * @return the new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code> or empty. + */ + public static AlgorithmParameters getInstance(String algorithm, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new instance of <code>AlgorithmParameters</code> representing + * the specified algorithm parameters from the specified {@link Provider}. + * <p> + * The returned <code>AlgorithmParameters</code> must still be intialized + * with an <code>init()</code> method. + * + * @param algorithm the algorithm to use. + * @param provider the {@link Provider} to use. + * @return the new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * {@link Provider}. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + * @since 1.4 + */ + public static AlgorithmParameters getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("AlgorithmParameters for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(ALGORITHM_PARAMETERS, algorithm, provider); + return new AlgorithmParameters((AlgorithmParametersSpi) spi, + provider, + algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** @return the provider of this parameter object. */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initializes the engine with the specified {@link AlgorithmParameterSpec}. + * + * @param paramSpec + * A {@link AlgorithmParameterSpec} to use. + * @throws InvalidParameterSpecException + * if <code>paramSpec</code> is invalid. + */ + public final void init(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + paramSpi.engineInit(paramSpec); + } + + /** + * Initializes the engine with the specified parameters stored in the byte + * array and decodes them according to the ASN.1 specification. If the ASN.1 + * specification exists then it succeeds otherwise an {@link IOException} is + * thrown. + * + * @param params + * the parameters to use. + * @throws IOException + * if a decoding error occurs. + */ + public final void init(byte[]params) throws IOException + { + paramSpi.engineInit(params); + } + + /** + * Initializes the engine with the specified parameters stored in the byte + * array and decodes them according to the specified decoding specification. + * If <code>format</code> is <code>null</code>, then this method decodes the + * byte array using the ASN.1 specification if it exists, otherwise it throws + * an {@link IOException}. + * + * @param params + * the parameters to use. + * @param format + * the name of decoding format to use. + * @throws IOException + * if a decoding error occurs. + */ + public final void init(byte[]params, String format) throws IOException + { + paramSpi.engineInit(params, format); + } + + /** + * Returns a new instance of <code>AlgorithmParameters</code> as a + * designated parameter specification {@link Class}. + * + * @param paramSpec + * the {@link Class} to use. + * @return the parameter specification. + * @throws InvalidParameterSpecException + * if <code>paramSpec</code> is invalid. + */ + public final <T extends AlgorithmParameterSpec> + T getParameterSpec(Class<T> paramSpec) + throws InvalidParameterSpecException + { + return paramSpi.engineGetParameterSpec(paramSpec); + } + + /** + * Returns the parameters in the default encoding format. The primary encoding + * format is ASN.1 if it exists for the specified type. + * + * @return byte array representing the parameters. + */ + public final byte[] getEncoded() throws IOException + { + return paramSpi.engineGetEncoded(); + } + + /** + * Returns the parameters in the specified encoding format. If + * <code>format</code> is <code>null</code> then the ASN.1 encoding + * format is used if it exists for the specified type. + * + * @param format + * the name of the encoding format to use. + * @return the parameters encoded using the specified encoding scheme. + * @throws IOException + * if an encoding exception occurs, or if this parameter object has + * not been initialized. + */ + public final byte[] getEncoded(String format) throws IOException + { + return paramSpi.engineGetEncoded(format); + } + + /** + * Returns a string representation of the encoded form. + * + * @return a string representation of the encoded form. + */ + public final String toString() + { + return paramSpi.engineToString(); + } +} diff --git a/libjava/classpath/java/security/AlgorithmParametersSpi.java b/libjava/classpath/java/security/AlgorithmParametersSpi.java new file mode 100644 index 000000000..15cc1c657 --- /dev/null +++ b/libjava/classpath/java/security/AlgorithmParametersSpi.java @@ -0,0 +1,149 @@ +/* AlgorithmParametersSpi.java --- Algorithm Parameters SPI + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +/** + * AlgorithmParametersSpi is the Service Provider Interface + * for the Algorithm Parameters class. This class is used + * to manage the algorithm parameters. + * + * @since 1.2 + * @author Mark Benvenuto + */ +public abstract class AlgorithmParametersSpi +{ + /** + * Creates a new instance of AlgorithmParametersSpi + */ + public AlgorithmParametersSpi() + { + } + + /** + * Initializes the engine with the specified + * AlgorithmParameterSpec class. + * + * @param paramSpec A AlgorithmParameterSpec to initialize with + * + * @throws InvalidParameterSpecException For an inapporiate + * ParameterSpec class + */ + protected abstract void engineInit(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException; + + /** + * Initializes the engine with the specified + * parameters stored in the byte array and decodes them + * according to the ASN.1 specification. If the ASN.1 + * specification exists then it succeeds or else it throws + * IOException. + * + * @param params Parameters to initialize with + * + * @throws IOException Decoding Error + */ + protected abstract void engineInit(byte[]params) throws IOException; + + /** + * Initializes the engine with the specified + * parameters stored in the byte array and decodes them + * according to the specified decoding specification. + * If format is null, then it is decoded using the ASN.1 + * specification if it exists or else it throws + * IOException. + * + * @param params Parameters to initialize with + * @param format Name of decoding format to use + * + * @throws IOException Decoding Error + */ + protected abstract void engineInit(byte[]params, String format) + throws IOException; + + + /** + * Returns a specification of this AlgorithmParameters object. + * paramSpec identifies the class to return the AlgortihmParameters + * in. + * + * @param paramSpec Class to return AlgorithmParameters in + * + * @return the parameter specification + * + * @throws InvalidParameterSpecException if the paramSpec is an + * invalid parameter class + */ + protected abstract <T extends AlgorithmParameterSpec> + T engineGetParameterSpec(Class<T> paramSpec) + throws InvalidParameterSpecException; + + + /** + * Returns the parameters in the default encoding format. + * The primary encoding format is ASN.1 format if it exists + * for the specified type. + * + * @return byte array representing the parameters + */ + protected abstract byte[] engineGetEncoded() throws IOException; + + + /** + * Returns the parameters in the specified encoding format. + * If <code>format</code> is <code>null</code> then the + * primary encoding format is used, the ASN.1 format, + * if it exists for the specified type. + * + * @return byte array representing the parameters + */ + protected abstract byte[] engineGetEncoded(String format) + throws IOException; + + /** + * Returns a string describing the parameters in the + * AlgorithmParametersSpi class. + * + * @return A string representing the format of the parameters. + */ + protected abstract String engineToString(); +} diff --git a/libjava/classpath/java/security/AllPermission.java b/libjava/classpath/java/security/AllPermission.java new file mode 100644 index 000000000..6adcd8c9c --- /dev/null +++ b/libjava/classpath/java/security/AllPermission.java @@ -0,0 +1,198 @@ +/* AllPermission.java -- Permission to do anything + Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.util.EmptyEnumeration; + +import java.util.Collections; +import java.util.Enumeration; + +/** + * This class is a permission that implies all other permissions. Granting + * this permission effectively grants all others. Extreme caution should + * be exercised in granting this permission. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @see AccessController + * @see Permissions + * @see SecurityManager + * @since 1.1 + * @status updated to 1.4 + */ +public final class AllPermission extends Permission +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -2916474571451318075L; + + /** + * Create a new AllPermission object. + */ + public AllPermission() + { + super("*"); + } + + /** + * Create a new AllPermission object. The parameters are ignored, as all + * permission implies ALL PERMISSION. + * + * @param name ignored + * @param actions ignored + */ + public AllPermission(String name, String actions) + { + super("*"); + } + + /** + * This method always returns <code>true</code> to indicate that this + * permission always implies that any other permission is also granted. + * + * @param perm ignored + * @return true, the permission is implied + */ + public boolean implies(Permission perm) + { + return true; + } + + /** + * Checks an object for equality. All AllPermissions are equal. + * + * @param obj the <code>Object</code> to test for equality + */ + public boolean equals(Object obj) + { + return obj instanceof AllPermission; + } + + /** + * This method returns a hash code for this object. This returns 1. + * + * @return a hash value for this object + */ + public int hashCode() + { + return 1; + } + + /** + * This method returns the list of actions associated with this object. + * This will always be the empty string ("") for this class. + * + * @return the action list + */ + public String getActions() + { + return ""; + } + + /** + * Returns a PermissionCollection which can hold AllPermission. + * + * @return a permission collection + */ + public PermissionCollection newPermissionCollection() + { + return new AllPermissionCollection(); + } + + /** + * Implements AllPermission.newPermissionCollection, and obeys serialization + * of JDK. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ + private static final class AllPermissionCollection extends PermissionCollection + { + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -4023755556366636806L; + + /** + * Whether an AllPermission has been added to the collection. + * + * @serial if all permission is in the collection yet + */ + private boolean all_allowed; + + /** + * Add an AllPermission. + * + * @param perm the permission to add + * @throws IllegalArgumentException if perm is not an AllPermission + * @throws SecurityException if the collection is read-only + */ + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException(); + if (! (perm instanceof AllPermission)) + throw new IllegalArgumentException(); + all_allowed = true; + } + + /** + * Returns true if this collection implies a permission. + * + * @param perm the permission to check + * @return true if this collection contains an AllPermission + */ + public boolean implies(Permission perm) + { + return all_allowed; + } + + /** + * Returns an enumeration of the elements in the collection. + * + * @return the elements in the collection + */ + public Enumeration elements() + { + return all_allowed + ? Collections.enumeration(Collections.singleton(new AllPermission())) + : EmptyEnumeration.getInstance(); + } + } // class AllPermissionCollection +} // class AllPermission diff --git a/libjava/classpath/java/security/BasicPermission.java b/libjava/classpath/java/security/BasicPermission.java new file mode 100644 index 000000000..6296cffea --- /dev/null +++ b/libjava/classpath/java/security/BasicPermission.java @@ -0,0 +1,308 @@ +/* BasicPermission.java -- implements a simple named permission + Copyright (C) 1998, 1999, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.Serializable; +import java.util.Enumeration; +import java.util.Hashtable; + +/** + * This class implements a simple model for named permissions without an + * associated action list. That is, either the named permission is granted + * or it is not. + * + * <p>It also supports trailing wildcards to allow the easy granting of + * permissions in a hierarchical fashion. (For example, the name "org.gnu.*" + * might grant all permissions under the "org.gnu" permissions hierarchy). + * The only valid wildcard character is a '*' which matches anything. It + * must be the rightmost element in the permission name and must follow a + * '.' or else the Permission name must consist of only a '*'. Any other + * occurrence of a '*' is not valid. + * + * <p>This class ignores the action list. Subclasses can choose to implement + * actions on top of this class if desired. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @see Permission + * @see Permissions + * @see PermissionCollection + * @see RuntimePermission + * @see SecurityPermission + * @see PropertyPermission + * @see AWTPermission + * @see NetPermission + * @see SecurityManager + * @since 1.1 + * @status updated to 1.4 + */ +public abstract class BasicPermission extends Permission + implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 6279438298436773498L; + + /** + * Create a new instance with the specified permission name. If the + * name is empty an exception is thrown. + * + * @param name the name of this permission + * @throws NullPointerException if name is null + * @throws IllegalArgumentException if name is invalid + */ + public BasicPermission(String name) + { + super(name); + + // This routine used to check for illegal wildcards, but no such + // requirement exists in the specification and Sun's runtime + // doesn't appear to do it. + + if (name.equals("")) + throw new IllegalArgumentException("Empty name"); + } + + /** + * Create a new instance with the specified permission name. If the name + * is empty, or contains an illegal wildcard character, an exception is + * thrown. The actions parameter is ignored. + * + * @param name the name of this permission + * @param actions ignored + * @throws NullPointerException if name is null + * @throws IllegalArgumentException if name is invalid + */ + public BasicPermission(String name, String actions) + { + this(name); + } + + /** + * This method tests to see if the specified permission is implied by this + * permission. This will be true if the following conditions are met:<ul> + * <li>The specified object is an instance of the same class as this + * object.</li> + * <li>The name of the specified permission is implied by this permission's + * name based on wildcard matching. For example, "a.*" implies "a.b".</li> + * </ul> + * + * @param perm the <code>Permission</code> object to test against + * @return true if the specified permission is implied + */ + public boolean implies(Permission perm) + { + if (! getClass().isInstance(perm)) + return false; + + String otherName = perm.getName(); + String name = getName(); + + if (name.equals(otherName)) + return true; + + int last = name.length() - 1; + return name.charAt(last) == '*' + && otherName.startsWith(name.substring(0, last)); + } + + /** + * This method tests to see if this object is equal to the specified + * <code>Object</code>. This will be true if and only if the specified + * object meets the following conditions:<ul> + * <li>It is an instance of the same class as this.</li> + * <li>It has the same name as this permission.</li> + * </ul> + * + * @param obj the <code>Object</code> to test for equality + * @return true if obj is semantically equal to this + */ + public boolean equals(Object obj) + { + return getClass().isInstance(obj) + && getName().equals(((BasicPermission) obj).getName()); + } + + /** + * This method returns a hash code for this permission object. The hash + * code returned is the value returned by calling the <code>hashCode</code> + * method on the <code>String</code> that is the name of this permission. + * + * @return a hash value for this object + */ + public int hashCode() + { + return getName().hashCode(); + } + + /** + * This method returns a list of the actions associated with this + * permission. This method always returns the empty string ("") since + * this class ignores actions. + * + * @return the action list + */ + public String getActions() + { + return ""; + } + + /** + * This method returns an instance of <code>PermissionCollection</code> + * suitable for storing <code>BasicPermission</code> objects. The + * collection returned can only store objects of the same type as this. + * Subclasses which use actions must override this method; but a class with + * no actions will work fine with this. + * + * @return a new empty <code>PermissionCollection</code> object + */ + public PermissionCollection newPermissionCollection() + { + return new BasicPermissionCollection(getClass()); + } + + /** + * Implements AllPermission.newPermissionCollection, and obeys serialization + * of JDK. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ + private static final class BasicPermissionCollection extends PermissionCollection + { + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 739301742472979399L; + + /** + * The permissions in the collection. + * + * @serial a hash mapping name to permissions, all of type permClass + */ + private final Hashtable permissions = new Hashtable(); + + /** + * If "*" is in the collection. + * + * @serial true if a permission named "*" is in the collection + */ + private boolean all_allowed; + + /** + * The runtime class which all entries in the table must belong to. + * + * @serial the limiting subclass of this collection + */ + private final Class permClass; + + /** + * Construct a collection over the given runtime class. + * + * @param c the class + */ + BasicPermissionCollection(Class c) + { + permClass = c; + } + + /** + * Add a Permission. It must be of the same type as the permission which + * created this collection. + * + * @param perm the permission to add + * @throws IllegalArgumentException if perm is not the correct type + * @throws SecurityException if the collection is read-only + */ + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException("readonly"); + if (! permClass.isInstance(perm)) + throw new IllegalArgumentException("Expecting instance of " + permClass); + BasicPermission bp = (BasicPermission) perm; + String name = bp.getName(); + if (name.equals("*")) + all_allowed = true; + permissions.put(name, bp); + } + + /** + * Returns true if this collection implies the given permission. + * + * @param permission the permission to check + * @return true if it is implied by this + */ + public boolean implies(Permission permission) + { + if (! permClass.isInstance(permission)) + return false; + if (all_allowed) + return true; + BasicPermission toImply = (BasicPermission) permission; + String name = toImply.getName(); + if (name.equals("*")) + return false; + int prefixLength = name.length(); + if (name.endsWith("*")) + prefixLength -= 2; + + while (true) + { + if (permissions.get(name) != null) + return true; + prefixLength = name.lastIndexOf('.', prefixLength); + if (prefixLength < 0) + return false; + name = name.substring(0, prefixLength + 1) + '*'; + } + } + + /** + * Enumerate over the collection. + * + * @return an enumeration of the collection contents + */ + public Enumeration elements() + { + return permissions.elements(); + } + } // class BasicPermissionCollection +} // class BasicPermission diff --git a/libjava/classpath/java/security/Certificate.java b/libjava/classpath/java/security/Certificate.java new file mode 100644 index 000000000..5cdba6e10 --- /dev/null +++ b/libjava/classpath/java/security/Certificate.java @@ -0,0 +1,125 @@ +/* Certificate.java -- deprecated interface for modeling digital certificates + Copyright (C) 1998, 2002, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +/** + * This interface models a digital certificate which verifies the + * authenticity of a party. This class simply allows certificate + * information to be queried, it does not guarantee that the certificate + * is valid. + * + * <p>This class is deprecated in favor of the new java.security.cert package. + * It exists for backward compatibility only. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.1 + * @deprecated use {@link java.security.cert} instead + * @status updated to 1.4 + */ +public interface Certificate +{ + /** + * This method returns the <code>Principal</code> that is guaranteeing + * this certificate. + * + * @return the <code>Principal</code> guaranteeing the certificate + */ + Principal getGuarantor(); + + /** + * This method returns the <code>Principal</code> being guaranteed by + * this certificate. + * + * @return the <code>Principal</code> guaranteed by this certificate + */ + Principal getPrincipal(); + + /** + * This method returns the public key for the <code>Principal</code> that + * is being guaranteed. + * + * @return the <code>PublicKey</code> of the Principal being guaranteed + */ + PublicKey getPublicKey(); + + /** + * This method writes the certificate to an <code>OutputStream</code> in + * a format that can be understood by the <code>decode</code> method. + * + * @param out the <code>OutputStream</code> to write to + * @throws KeyException if there is a problem with the certificate + * @throws IOException if an error occurs writing to the stream + * @see #decode(InputStream) + * @see #getFormat() + */ + void encode(OutputStream out) throws KeyException, IOException; + + /** + * This method reads an encoded certificate from an <code>InputStream</code>. + * + * @param in the <code>InputStream</code> to read from + * @throws KeyException if there is a problem with the certificate data + * @throws IOException if an error occurs reading from the stream + * @see #encode(OutputStream) + * @see #getFormat() + */ + void decode(InputStream in) throws KeyException, IOException; + + /** + * This method returns the encoding format of the certificate (e.g., "PGP", + * "X.509"). This format is used by the <code>encode</code> and + * <code>decode</code> methods. + * + * @return the encoding format being used + */ + String getFormat(); + + /** + * This method returns a <code>String</code> representation of the contents + * of this certificate. + * + * @param detail true to provided more detailed information + * @return the string representation + */ + String toString(boolean detail); +} // interface Certificate diff --git a/libjava/classpath/java/security/CodeSource.java b/libjava/classpath/java/security/CodeSource.java new file mode 100644 index 000000000..dd353eda0 --- /dev/null +++ b/libjava/classpath/java/security/CodeSource.java @@ -0,0 +1,356 @@ +/* CodeSource.java -- Code location and certifcates + Copyright (C) 1998, 2002, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; +import java.net.SocketPermission; +import java.net.URL; +// Note that this overrides Certificate in this package. +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; + +/** + * This class represents a location from which code is loaded (as + * represented by a URL), and the list of certificates that are used to + * check the signatures of signed code loaded from this source. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @since 1.1 + * @status updated to 1.4 + */ +public class CodeSource implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 4977541819976013951L; + + /** + * This is the URL that represents the code base from which code will + * be loaded. + * + * @serial the code location + */ + private final URL location; + + /** The set of certificates for this code base. */ + private transient HashSet certs; + + /** + * This creates a new instance of <code>CodeSource</code> that loads code + * from the specified URL location and which uses the specified certificates + * for verifying signatures. + * + * @param location the location from which code will be loaded + * @param certs the list of certificates + */ + public CodeSource(URL location, Certificate[] certs) + { + this.location = location; + if (certs != null) + this.certs = new HashSet(Arrays.asList(certs)); + } + + /** + * This method returns a hash value for this object. + * + * @return a hash value for this object + */ + public int hashCode() + { + return (location == null ? 0 : location.hashCode()) + ^ (certs == null ? 0 : certs.hashCode()); + } + + /** + * This method tests the specified <code>Object</code> for equality with + * this object. This will be true if and only if the locations are equal + * and the certificate sets are identical (ignoring order). + * + * @param obj the <code>Object</code> to test against + * @return true if the specified object is equal to this one + */ + public boolean equals(Object obj) + { + if (! (obj instanceof CodeSource)) + return false; + CodeSource cs = (CodeSource) obj; + return (certs == null ? cs.certs == null : certs.equals(cs.certs)) + && (location == null ? cs.location == null + : location.equals(cs.location)); + } + + /** + * This method returns the URL specifying the location from which code + * will be loaded under this <code>CodeSource</code>. + * + * @return the code location for this <code>CodeSource</code> + */ + public final URL getLocation() + { + return location; + } + + /** + * This method returns the list of digital certificates that can be used + * to verify the signatures of code loaded under this + * <code>CodeSource</code>. + * + * @return the certifcate list for this <code>CodeSource</code> + */ + public final Certificate[] getCertificates() + { + if (certs == null) + return null; + Certificate[] c = new Certificate[certs.size()]; + certs.toArray(c); + return c; + } + + /** + * This method tests to see if a specified <code>CodeSource</code> is + * implied by this object. Effectively, to meet this test, the specified + * object must have all the certifcates this object has (but may have more), + * and must have a location that is a subset of this object's. In order + * for this object to imply the specified object, the following must be + * true: + * + * <ol> + * <li><em>codesource</em> must not be <code>null</code>.</li> + * <li>If <em>codesource</em> has a certificate list, all of it's + * certificates must be present in the certificate list of this + * code source.</li> + * <li>If this object does not have a <code>null</code> location, then + * the following addtional tests must be passed. + * + * <ol> + * <li><em>codesource</em> must not have a <code>null</code> + * location.</li> + * <li><em>codesource</em>'s location must be equal to this object's + * location, or + * <ul> + * <li><em>codesource</em>'s location protocol, port, and ref (aka, + * anchor) must equal this objects</li> + * <li><em>codesource</em>'s location host must imply this object's + * location host, as determined by contructing + * <code>SocketPermission</code> objects from each with no + * action list and using that classes's <code>implies</code> + * method</li> + * <li>If this object's location file ends with a '/', then the + * specified object's location file must start with this + * object's location file. Otherwise, the specified object's + * location file must start with this object's location file + * with the '/' character appended to it.</li> + * </ul></li> + * </ol></li> + * </ol> + * + * <p>For example, each of these locations imply the location + * "http://java.sun.com/classes/foo.jar":</p> + * + * <pre> + * http: + * http://*.sun.com/classes/* + * http://java.sun.com/classes/- + * http://java.sun.com/classes/foo.jar + * </pre> + * + * <p>Note that the code source with null location and null certificates implies + * all other code sources.</p> + * + * @param cs the <code>CodeSource</code> to test against this object + * @return true if this specified <code>CodeSource</code> is implied + */ + public boolean implies(CodeSource cs) + { + if (cs == null) + return false; + // First check the certificate list. + if (certs != null && (cs.certs == null || ! certs.containsAll(cs.certs))) + return false; + // Next check the location. + if (location == null) + return true; + if (cs.location == null + || ! location.getProtocol().equals(cs.location.getProtocol()) + || (location.getPort() != -1 + && location.getPort() != cs.location.getPort()) + || (location.getRef() != null + && ! location.getRef().equals(cs.location.getRef()))) + return false; + if (location.getHost() != null) + { + String their_host = cs.location.getHost(); + if (their_host == null) + return false; + SocketPermission our_sockperm = + new SocketPermission(location.getHost(), "accept"); + SocketPermission their_sockperm = + new SocketPermission(their_host, "accept"); + if (! our_sockperm.implies(their_sockperm)) + return false; + } + String our_file = location.getFile(); + if (our_file != null) + { + if (! our_file.endsWith("/")) + our_file += "/"; + String their_file = cs.location.getFile(); + if (their_file == null + || ! their_file.startsWith(our_file)) + return false; + } + return true; + } + + /** + * This method returns a <code>String</code> that represents this object. + * The result is in the format <code>"(" + getLocation()</code> followed + * by a space separated list of certificates (or "<no certificates>"), + * followed by <code>")"</code>. + * + * @return a <code>String</code> for this object + */ + public String toString() + { + CPStringBuilder sb = new CPStringBuilder("(").append(location); + if (certs == null || certs.isEmpty()) + sb.append(" <no certificates>"); + else + { + Iterator iter = certs.iterator(); + for (int i = certs.size(); --i >= 0; ) + sb.append(' ').append(iter.next()); + } + return sb.append(")").toString(); + } + + /** + * Reads this object from a serialization stream. + * + * @param s the input stream + * @throws IOException if reading fails + * @throws ClassNotFoundException if deserialization fails + * @serialData this reads the location, then expects an int indicating the + * number of certificates. Each certificate is a String type + * followed by an int encoding length, then a byte[] encoding + */ + private void readObject(ObjectInputStream s) + throws IOException, ClassNotFoundException + { + s.defaultReadObject(); + int count = s.readInt(); + certs = new HashSet(); + while (--count >= 0) + { + String type = (String) s.readObject(); + int bytes = s.readInt(); + byte[] encoded = new byte[bytes]; + for (int i = 0; i < bytes; i++) + encoded[i] = s.readByte(); + ByteArrayInputStream stream = new ByteArrayInputStream(encoded); + try + { + CertificateFactory factory = CertificateFactory.getInstance(type); + certs.add(factory.generateCertificate(stream)); + } + catch (CertificateException e) + { + // XXX Should we ignore this certificate? + } + } + } + + /** + * Writes this object to a serialization stream. + * + * @param s the output stream + * @throws IOException if writing fails + * @serialData this writes the location, then writes an int indicating the + * number of certificates. Each certificate is a String type + * followed by an int encoding length, then a byte[] encoding + */ + private void writeObject(ObjectOutputStream s) throws IOException + { + s.defaultWriteObject(); + if (certs == null) + s.writeInt(0); + else + { + int count = certs.size(); + s.writeInt(count); + Iterator iter = certs.iterator(); + while (--count >= 0) + { + Certificate c = (Certificate) iter.next(); + s.writeObject(c.getType()); + byte[] encoded; + try + { + encoded = c.getEncoded(); + } + catch (CertificateEncodingException e) + { + // XXX Should we ignore this certificate? + encoded = null; + } + if (encoded == null) + s.writeInt(0); + else + { + s.writeInt(encoded.length); + for (int i = 0; i < encoded.length; i++) + s.writeByte(encoded[i]); + } + } + } + } +} // class CodeSource diff --git a/libjava/classpath/java/security/DigestException.java b/libjava/classpath/java/security/DigestException.java new file mode 100644 index 000000000..b4df0c1d5 --- /dev/null +++ b/libjava/classpath/java/security/DigestException.java @@ -0,0 +1,92 @@ +/* DigestException.java -- A generic message digest exception + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception indicates that a generic message digest exception has + * occurred. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class DigestException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5821450303093652515L; + + /** + * Create a new instance with no descriptive message. + */ + public DigestException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive message + */ + public DigestException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public DigestException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public DigestException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/DigestInputStream.java b/libjava/classpath/java/security/DigestInputStream.java new file mode 100644 index 000000000..c0a74f3ab --- /dev/null +++ b/libjava/classpath/java/security/DigestInputStream.java @@ -0,0 +1,167 @@ +/* DigestInputStream.java --- An Input stream tied to a message digest + Copyright (C) 1999, 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; + +/** + * DigestInputStream is a class that ties an InputStream with a + * MessageDigest. The Message Digest is used by the class to + * update it self as bytes are read from the InputStream. + * + * The updating to the digest depends on the on flag which is set + * to true by default to tell the class to update the data + * in the message digest. + * + * @version 0.0 + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public class DigestInputStream extends FilterInputStream +{ + /** + * The message digest for the DigestInputStream + */ + protected MessageDigest digest; + + //Manages the on flag + private boolean state = true; + + /** + * Constructs a new DigestInputStream. + * It associates a MessageDigest with the stream to + * compute the stream as data is written. + * + * @param stream An InputStream to associate this stream with + * @param digest A MessageDigest to hash the stream with + */ + public DigestInputStream(InputStream stream, MessageDigest digest) + { + super(stream); + //this.in = stream; + this.digest = digest; + } + + /** + * Returns the MessageDigest associated with this DigestInputStream + * + * @return The MessageDigest used to hash this stream + */ + public MessageDigest getMessageDigest() + { + return digest; + } + + /** + * Sets the current MessageDigest to current parameter + * + * @param digest A MessageDigest to associate with this stream + */ + public void setMessageDigest(MessageDigest digest) + { + this.digest = digest; + } + + /** + * Reads a byte from the input stream and updates the digest. + * This method reads the underlying input stream and if the + * on flag is true then updates the message digest. + * + * @return Returns a byte from the input stream, -1 is returned to indicate that + * the end of stream was reached before this read call + * + * @throws IOException if an IO error occurs in the underlying input stream, + * this error is thrown + */ + public int read() throws IOException + { + int temp = in.read(); + + if (state == true && temp != -1) + digest.update((byte) temp); + + return temp; + } + + /** + * Reads bytes from the input stream and updates the digest. + * This method reads the underlying input stream and if the + * on flag is true then updates the message digest. + * + * @param b a byte array to store the data from the input stream + * @param off an offset to start at in the array + * @param len length of data to read + * @return Returns count of bytes read, -1 is returned to indicate that + * the end of stream was reached before this read call + * + * @throws IOException if an IO error occurs in the underlying input stream, + * this error is thrown + */ + public int read(byte[]b, int off, int len) throws IOException + { + int temp = in.read(b, off, len); + + if (state == true && temp != -1) + digest.update(b, off, temp); + + return temp; + } + + /** + * Sets the flag specifing if this DigestInputStream updates the + * digest in the write() methods. The default is on; + * + * @param on True means it digests stream, false means it does not + */ + public void on(boolean on) + { + state = on; + } + + /** + * Converts the input stream and underlying message digest to a string. + * + * @return A string representing the input stream and message digest. + */ + public String toString() + { + return "[Digest Input Stream] " + digest.toString(); + } +} diff --git a/libjava/classpath/java/security/DigestOutputStream.java b/libjava/classpath/java/security/DigestOutputStream.java new file mode 100644 index 000000000..748f83d79 --- /dev/null +++ b/libjava/classpath/java/security/DigestOutputStream.java @@ -0,0 +1,158 @@ +/* DigestOutputStream.java --- An output stream tied to a message digest + Copyright (C) 1999, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.OutputStream; + +/** + * DigestOutputStream is a class that ties an OutputStream with a + * MessageDigest. The Message Digest is used by the class to update it + * self as bytes are written to the OutputStream. + * + * The updating to the digest depends on the on flag which is set to + * true by default that tells the class to update the data in the + * message digest. + * + * @version 0.0 + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public class DigestOutputStream extends FilterOutputStream +{ + /** + * The message digest for the DigestOutputStream + */ + protected MessageDigest digest; + + //Manages the on flag + private boolean state = true; + + /** + * Constructs a new DigestOutputStream. It associates a + * MessageDigest with the stream to compute the stream as data is + * written. + * + * @param stream An OutputStream to associate this stream with + * @param digest A MessageDigest to hash the stream with + */ + public DigestOutputStream(OutputStream stream, MessageDigest digest) + { + super(stream); + this.digest = digest; + } + + /** + * Returns the MessageDigest associated with this DigestOutputStream + * + * @return The MessageDigest used to hash this stream + */ + public MessageDigest getMessageDigest() + { + return digest; + } + + /** + * Sets the current MessageDigest to current parameter + * + * @param digest A MessageDigest to associate with this stream + */ + public void setMessageDigest(MessageDigest digest) + { + this.digest = digest; + } + + + /** + * Updates the hash if the on flag is true and then writes a byte to + * the underlying output stream. + * + * @param b A byte to write to the output stream + * + * @exception IOException if the underlying output stream + * cannot write the byte, this is thrown. + */ + public void write(int b) throws IOException + { + if (state) + digest.update((byte) b); + + out.write(b); + } + + /** + * Updates the hash if the on flag is true and then writes the bytes + * to the underlying output stream. + * + * @param b Bytes to write to the output stream + * @param off Offset to start to start at in array + * @param len Length of data to write + * + * @exception IOException if the underlying output stream + * cannot write the bytes, this is thrown. + */ + public void write(byte[]b, int off, int len) throws IOException + { + if (state) + digest.update(b, off, len); + + out.write(b, off, len); + } + + /** + * Sets the flag specifying if this DigestOutputStream updates the + * digest in the write() methods. The default is on; + * + * @param on True means it digests stream, false means it does not + */ + public void on(boolean on) + { + state = on; + } + + /** + * Converts the output stream and underlying message digest to a string. + * + * @return A string representing the output stream and message digest. + */ + public String toString() + { + return "[Digest Output Stream] " + digest.toString(); + } +} diff --git a/libjava/classpath/java/security/DomainCombiner.java b/libjava/classpath/java/security/DomainCombiner.java new file mode 100644 index 000000000..9ec680c63 --- /dev/null +++ b/libjava/classpath/java/security/DomainCombiner.java @@ -0,0 +1,67 @@ +/* DomainCombiner.java -- Combines ProtectionDomains + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * A public interface used to combine two ProtectionDomains in a new + * ProtectionDomain and update the current Protection Domains + * associated with the current AccessControlContext. + * + * It can add, subtract, or update ProtectionDomains or possibly + * remove duplicates or any possible complex action but just not add + * ones that do not already exist in either array. + * + * @author Mark Benvenuto + * @see AccessControlContext + * @see AccessController + * @since 1.3 + * @status updated to 1.4 + */ +public interface DomainCombiner +{ + /** + * Combines the current ProtectionDomains of the Thread with new + * ProtectionDomains. + * + * @param currentDomains - the ProtectionDomains for the current thread. + * @param assignedDomains - ProtectionsDomains to add + * @return a new array of all the ProtectionDomains + */ + ProtectionDomain[] combine(ProtectionDomain[] currentDomains, + ProtectionDomain[] assignedDomains); +} // interface DomainCombiner diff --git a/libjava/classpath/java/security/DummyKeyPairGenerator.java b/libjava/classpath/java/security/DummyKeyPairGenerator.java new file mode 100644 index 000000000..da8c362eb --- /dev/null +++ b/libjava/classpath/java/security/DummyKeyPairGenerator.java @@ -0,0 +1,75 @@ +/* DummyKeyPairGenerator.java - Wrapper for KeyPairGeneratorSpi + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.security.spec.AlgorithmParameterSpec; + +final class DummyKeyPairGenerator extends KeyPairGenerator +{ + private KeyPairGeneratorSpi kpgSpi = null; + + public DummyKeyPairGenerator(KeyPairGeneratorSpi kpgSpi, String algorithm) + { + super(algorithm); + this.kpgSpi = kpgSpi; + } + + public Object clone() throws CloneNotSupportedException + { + KeyPairGenerator result = new DummyKeyPairGenerator + ((KeyPairGeneratorSpi) kpgSpi.clone(), this.getAlgorithm()); + result.provider = this.getProvider(); + return result; + } + + public void initialize(int keysize, SecureRandom random) + { + kpgSpi.initialize(keysize, random); + } + + public void initialize(AlgorithmParameterSpec params, SecureRandom random) + throws InvalidAlgorithmParameterException + { + kpgSpi.initialize(params, random); + } + + public KeyPair generateKeyPair() + { + return kpgSpi.generateKeyPair(); + } +} diff --git a/libjava/classpath/java/security/DummyMessageDigest.java b/libjava/classpath/java/security/DummyMessageDigest.java new file mode 100644 index 000000000..6cecdcf68 --- /dev/null +++ b/libjava/classpath/java/security/DummyMessageDigest.java @@ -0,0 +1,90 @@ +/* DummyMessageDigest.java - Wrapper for MessageDigestSpi + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +final class DummyMessageDigest extends MessageDigest +{ + private MessageDigestSpi mdSpi = null; + + public DummyMessageDigest(MessageDigestSpi mdSpi, String algorithm) + { + super(algorithm); + this.mdSpi = mdSpi; + } + + public Object clone() throws CloneNotSupportedException + { + MessageDigest result = new DummyMessageDigest + ((MessageDigestSpi) mdSpi.clone(), this.getAlgorithm()); + result.provider = this.getProvider(); + return result; + } + + // java.security.MessageDigestSpi abstract methods implementation --------- + + public byte[] engineDigest() + { + return mdSpi.engineDigest(); + } + + public int engineDigest(byte[] buf, int offset, int len) + throws DigestException + { + return mdSpi.engineDigest(buf, offset, len); + } + + public int engineGetDigestLength() + { + return mdSpi.engineGetDigestLength(); + } + + public void engineReset() + { + mdSpi.engineReset(); + } + + public void engineUpdate(byte input) + { + mdSpi.engineUpdate(input); + } + + public void engineUpdate(byte[] input, int offset, int len) + { + mdSpi.engineUpdate(input, offset, len); + } +} diff --git a/libjava/classpath/java/security/DummySignature.java b/libjava/classpath/java/security/DummySignature.java new file mode 100644 index 000000000..b74885c99 --- /dev/null +++ b/libjava/classpath/java/security/DummySignature.java @@ -0,0 +1,102 @@ +/* DummySignature.java - Signature wrapper for SignatureSpi. + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +final class DummySignature extends Signature +{ + private SignatureSpi sigSpi = null; + + public DummySignature(SignatureSpi sigSpi, String algorithm) + { + super(algorithm); + this.sigSpi = sigSpi; + } + + public Object clone() throws CloneNotSupportedException + { + Signature result = new DummySignature + ((SignatureSpi) sigSpi.clone(), this.getAlgorithm()); + result.provider = this.getProvider(); + return result; + } + + protected void engineInitVerify(PublicKey publicKey) + throws InvalidKeyException + { + sigSpi.engineInitVerify(publicKey); + } + + protected void engineInitSign(PrivateKey privateKey) + throws InvalidKeyException + { + sigSpi.engineInitSign(privateKey); + } + + protected void engineUpdate(byte b) throws SignatureException + { + sigSpi.engineUpdate(b); + } + + protected void engineUpdate(byte[]b, int off, int len) + throws SignatureException + { + sigSpi.engineUpdate(b, off, len); + } + + protected byte[] engineSign() throws SignatureException + { + return sigSpi.engineSign(); + } + + protected boolean engineVerify(byte[]sigBytes) throws SignatureException + { + return sigSpi.engineVerify(sigBytes); + } + + protected void engineSetParameter(String param, Object value) + throws InvalidParameterException + { + sigSpi.engineSetParameter(param, value); + } + + protected Object engineGetParameter(String param) + throws InvalidParameterException + { + return sigSpi.engineGetParameter(param); + } +} diff --git a/libjava/classpath/java/security/GeneralSecurityException.java b/libjava/classpath/java/security/GeneralSecurityException.java new file mode 100644 index 000000000..b2594c5fb --- /dev/null +++ b/libjava/classpath/java/security/GeneralSecurityException.java @@ -0,0 +1,97 @@ +/* GeneralSecurityException.java -- Common superclass of security exceptions + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This class is the common superclass of all security exceptions. All + * exceptions in java.security extend this class with the exception (no + * pun intended) of <code>AccessControlException</code> and + * <code>CertificateException</code> (which extend + * <code>SecurityException</code>), <code>ProviderException</code> + * (<code>RuntimeException</code>), and <code>InvalidParamterException</code> + * (<code>IllegalArgumentException</code>). + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class GeneralSecurityException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 894798122053539237L; + + /** + * Create a new instance with no descriptive error message. + */ + public GeneralSecurityException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public GeneralSecurityException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public GeneralSecurityException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public GeneralSecurityException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/Guard.java b/libjava/classpath/java/security/Guard.java new file mode 100644 index 000000000..4f22360a4 --- /dev/null +++ b/libjava/classpath/java/security/Guard.java @@ -0,0 +1,60 @@ +/* Guard.java -- Check access to a guarded object + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This interface specifies a mechanism for querying whether or not + * access is allowed to a guarded object. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see GuardedObject + * @since 1.1 + * @status updated to 1.4 + */ +public interface Guard +{ + /** + * This method tests whether or not access is allowed to the specified + * guarded object. Access is allowed if this method returns silently. If + * access is denied, an exception is generated. + * + * @param obj the <code>Object</code> to test + * @throws SecurityException if access to the object is denied + */ + void checkGuard(Object obj); +} // interface Guard diff --git a/libjava/classpath/java/security/GuardedObject.java b/libjava/classpath/java/security/GuardedObject.java new file mode 100644 index 000000000..5ca08835d --- /dev/null +++ b/libjava/classpath/java/security/GuardedObject.java @@ -0,0 +1,121 @@ +/* GuardedObject.java -- An object protected by a Guard + Copyright (C) 1998, 2002, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.IOException; +import java.io.ObjectOutputStream; +import java.io.Serializable; + +/** + * This class is an object that is guarded by a <code>Guard</code> object. + * The object that is being guarded is retrieved by a call to the only + * method in this class - <code>getObject</code>. That method returns the + * guarded <code>Object</code> after first checking with the + * <code>Guard</code>. If the <code>Guard</code> disallows access, an + * exception will be thrown. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.1 + * @status updated to 1.4 + */ +public class GuardedObject implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -5240450096227834308L; + + /** + * This is the Guard that is protecting the object. + * + * @serial the guard + */ + private final Guard guard; + + /** + * This is the object that is being guarded. + * + * @serial the protected object + */ + private final Object object; + + /** + * This method initializes a new instance of <code>GuardedObject</code> + * that protects the specified <code>Object</code> using the specified + * <code>Guard</code>. A null guard means there are no restrictions on + * accessing the object. + * + * @param object the <code>Object</code> to guard + * @param guard the <code>Guard</code> that is protecting the object + */ + public GuardedObject(Object object, Guard guard) + { + this.object = object; + this.guard = guard; + } + + /** + * This method first call the <code>checkGuard</code> method on the + * <code>Guard</code> object protecting the guarded object. If the + * <code>Guard</code> disallows access, an exception is thrown, otherwise + * the <code>Object</code> is returned. + * + * @return The object being guarded + * @throws SecurityException if access is denied + */ + public Object getObject() + { + if (guard != null) + guard.checkGuard(object); + return object; + } + + /** + * Ensures that serialization is legal, by checking the guard. + * + * @param s the stream to write to + * @throws IOException if the underlying stream fails + */ + private void writeObject(ObjectOutputStream s) throws IOException + { + if (guard != null) + guard.checkGuard(object); + s.defaultWriteObject(); + } +} // class GuardedObject diff --git a/libjava/classpath/java/security/Identity.java b/libjava/classpath/java/security/Identity.java new file mode 100644 index 000000000..83ec4c8e1 --- /dev/null +++ b/libjava/classpath/java/security/Identity.java @@ -0,0 +1,346 @@ +/* Identity.java --- Identity Class + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.io.Serializable; +import java.util.Vector; + +/** + * The <code>Identity</code> class is used to represent people and companies + * that can be authenticated using public key encryption. The identities can + * also be abstract objects such as smart cards. + * + * <p><code>Identity</code> objects store a name and public key for each + * identity. The names cannot be changed and the identities can be scoped. Each + * identity (name and public key) within a scope are unique to that scope.</p> + * + * <p>Each identity has a set of ceritificates which all specify the same + * public key, but not necessarily the same name.</p> + * + * <p>The <code>Identity</code> class can be subclassed to allow additional + * information to be attached to it.</p> + * + * @author Mark Benvenuto + * @see IdentityScope + * @see Signer + * @see Principal + * @deprecated Replaced by <code>java.security.KeyStore</code>, the + * <code>java.security.cert</code> package, and + * <code>java.security.Principal</code>. + */ +public abstract class Identity implements Principal, Serializable +{ + private static final long serialVersionUID = 3609922007826600659L; + + private String name; + private IdentityScope scope; + private PublicKey publicKey; + private String info; + private Vector certificates; + + /** Constructor for serialization only. */ + protected Identity() + { + } + + /** + * Constructs a new instance of <code>Identity</code> with the specified + * name and scope. + * + * @param name + * the name to use. + * @param scope + * the scope to use. + * @throws KeyManagementException + * if the identity is already present. + */ + public Identity(String name, IdentityScope scope) + throws KeyManagementException + { + this.name = name; + this.scope = scope; + } + + /** + * Constructs a new instance of <code>Identity</code> with the specified + * name and no scope. + * + * @param name + * the name to use. + */ + public Identity(String name) + { + this.name = name; + this.scope = null; + } + + /** @return the name of this identity. */ + public final String getName() + { + return name; + } + + /** @return the scope of this identity. */ + public final IdentityScope getScope() + { + return scope; + } + + /** + * @return the public key of this identity. + * @see #setPublicKey(java.security.PublicKey) + */ + public PublicKey getPublicKey() + { + return publicKey; + } + + /** + * Sets the public key for this identity. The old key and all certificates + * are removed. + * + * @param key + * the public key to use. + * @throws KeyManagementException + * if this public key is used by another identity in the current + * scope. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public void setPublicKey(PublicKey key) throws KeyManagementException + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setIdentityPublicKey"); + + this.publicKey = key; + } + + /** + * Sets the general information string. + * + * @param info + * the general information string. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public void setInfo(String info) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setIdentityInfo"); + + this.info = info; + } + + /** + * @return the general information string of this identity. + * @see #setInfo(String) + */ + public String getInfo() + { + return info; + } + + /** + * Adds a certificate to the list of ceritificates for this identity. The + * public key in this certificate must match the existing public key if it + * exists. + * + * @param certificate + * the certificate to add. + * @throws KeyManagementException + * if the certificate is invalid, or the public key conflicts. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public void addCertificate(Certificate certificate) + throws KeyManagementException + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("addIdentityCertificate"); + + // Check public key of this certificate against the first one in the vector + if (certificates.size() > 0) + { + if (((Certificate) certificates.firstElement()).getPublicKey() != publicKey) + throw new KeyManagementException("Public key does not match"); + } + certificates.addElement(certificate); + } + + /** + * Removes a certificate from the list of ceritificates for this identity. + * + * @param certificate + * the certificate to remove. + * @throws KeyManagementException + * if the certificate is invalid. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public void removeCertificate(Certificate certificate) + throws KeyManagementException + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("removeIdentityCertificate"); + + if (certificates.contains(certificate) == false) + throw new KeyManagementException("Certificate not found"); + + certificates.removeElement(certificate); + } + + /** @return an array of {@link Certificate}s for this identity. */ + public Certificate[] certificates() + { + Certificate[] certs = new Certificate[certificates.size()]; + int max = certificates.size(); + for (int i = 0; i < max; i++) + certs[i] = (Certificate) certificates.elementAt(i); + + return certs; + } + + /** + * Checks for equality between this Identity and a specified object. It first + * checks if they are the same object, then if the name and scope match and + * returns <code>true</code> if successful. If these tests fail, the + * {@link #identityEquals(Identity)} method is called. + * + * @return <code>true</code> if they are equal, <code>false</code> + * otherwise. + */ + public final boolean equals(Object identity) + { + if (identity instanceof Identity) + { + if (identity == this) + return true; + + if ((((Identity) identity).getName().equals(this.name)) && + (((Identity) identity).getScope().equals(this.scope))) + return true; + + return identityEquals((Identity) identity); + } + return false; + } + + /** + * Checks for equality between this Identity and a specified object. A + * subclass should override this method. The default behavior is to return + * <code>true</code> if the public key and names match. + * + * @return <code>true</code> if they are equal, <code>false</code> + * otherwise. + */ + protected boolean identityEquals(Identity identity) + { + return ((identity.getName().equals(this.name)) && + (identity.getPublicKey().equals(this.publicKey))); + } + + /** + * Returns a string representation of this Identity. + * + * @return a string representation of this Identity. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public String toString() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("printIdentity"); + + /* TODO: Insert proper format here */ + return (name + ":@" + scope + " Public Key: " + publicKey); + } + + /** + * Returns a detailed string representation of this Identity. + * + * @param detailed + * indicates whether or detailed information is desired. + * @return a string representation of this Identity. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public String toString(boolean detailed) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("printIdentity"); + + if (detailed) + { + /* TODO: Insert proper detailed format here */ + return (name + ":@" + scope + " Public Key: " + publicKey); + } + else + { + /* TODO: Insert proper format here */ + return (name + ":@" + scope + " Public Key: " + publicKey); + } + } + + /** @return a hashcode of this identity. */ + public int hashCode() + { + int ret = name.hashCode(); + if (publicKey != null) + ret |= publicKey.hashCode(); + if (scope != null) + ret |= scope.hashCode(); + if (info != null) + ret |= info.hashCode(); + if (certificates != null) + ret |= certificates.hashCode(); + + return ret; + } +} diff --git a/libjava/classpath/java/security/IdentityScope.java b/libjava/classpath/java/security/IdentityScope.java new file mode 100644 index 000000000..4391fbd49 --- /dev/null +++ b/libjava/classpath/java/security/IdentityScope.java @@ -0,0 +1,216 @@ +/* IdentityScope.java --- IdentityScope Class + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.util.Enumeration; + +/** + * <code>IdentityScope</code> represents a scope of an identity. + * <code>IdentityScope</code> is also an {@link Identity} and can have a name + * and scope along with the other qualitites identities possess. + * + * <p>An <code>IdentityScope</code> contains other {@link Identity} objects. + * All {@link Identity} objects are manipulated in the scope the same way. The + * scope is supposed to apply different scope to different type of + * Identities.</p> + * + * <p>No identity within the same scope can have the same public key.</p> + * + * @author Mark Benvenuto + * @see Identity + * @see Signer + * @see Principal + * @see Key + * @deprecated Use java.security.KeyStore, the java.security.cert package, and + * java.security.Principal. + */ +public abstract class IdentityScope extends Identity +{ + private static final long serialVersionUID = -2337346281189773310L; + private static IdentityScope systemScope; + + /** Constructor for serialization purposes. */ + protected IdentityScope() + { + super(); + } + + /** + * Constructs a new instance of <code>IdentityScope</code> with the + * specified name and no scope. + * + * @param name + * the name to use. + */ + public IdentityScope(String name) + { + super(name); + } + + /** + * Constructs a new instance of <code>IdentityScope</code> with the + * specified name and {@link IdentityScope}. + * + * @param name + * the name to use. + * @param scope + * the scope to use. + * @throws KeyManagementException + * if the identity scope is already present. + */ + public IdentityScope(String name, IdentityScope scope) + throws KeyManagementException + { + super(name, scope); + } + + /** + * Returns the system's Scope. + * + * @return the system's Scope. + */ + public static IdentityScope getSystemScope() + { + if (systemScope == null) + { + //Load it + //systemScope; + } + return systemScope; + } + + /** + * Sets the scope of the system. + * + * @param scope + * the new system scope. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + protected static void setSystemScope(IdentityScope scope) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setSystemScope"); + + systemScope = scope; + } + + /** + * Returns the number of entries within this <code>IdentityScope</code>. + * + * @return the number of entries within this <code>IdentityScope</code>. + */ + public abstract int size(); + + /** + * Returns the specified {@link Identity}, by name, within this scope. + * + * @param name + * name of {@link Identity} to get. + * @return an {@link Identity} representing the name or <code>null</code> if + * it cannot be found. + */ + public abstract Identity getIdentity(String name); + + /** + * Returns the specified {@link Identity}, by {@link Principal}, within this + * scope. + * + * @param principal + * the {@link Principal} to use. + * @return an identity representing the {@link Principal} or <code>null</code> + * if it cannot be found. + */ + public Identity getIdentity(Principal principal) + { + return getIdentity(principal.getName()); + } + + /** + * Returns the specified {@link Identity}, by public key, within this scope. + * + * @param key + * the {@link PublicKey} to use. + * @return an identity representing the public key or <code>null</code> if + * it cannot be found. + */ + public abstract Identity getIdentity(PublicKey key); + + /** + * Adds an identity to his scope. + * + * @param identity + * the {@link Identity} to add. + * @throws KeyManagementException + * if it is an invalid identity, an identity with the same key + * exists, or if another error occurs. + */ + public abstract void addIdentity(Identity identity) + throws KeyManagementException; + + /** + * Removes an identity in this scope. + * + * @param identity + * the {@link Identity} to remove. + * @throws KeyManagementException + * if it is a missing identity, or if another error occurs. + */ + public abstract void removeIdentity(Identity identity) + throws KeyManagementException; + + /** + * Returns an {@link Enumeration} of identities in this scope. + * + * @return an {@link Enumeration} of the identities in this scope. + */ + public abstract Enumeration<Identity> identities(); + + /** + * Returns a string representing this instance. It includes the name, the + * scope name, and number of identities. + * + * @return a string representation of this instance. + */ + public String toString() + { + return (super.getName() + " " + super.getScope().getName() + " " + size()); + } +} diff --git a/libjava/classpath/java/security/IntersectingDomainCombiner.java b/libjava/classpath/java/security/IntersectingDomainCombiner.java new file mode 100644 index 000000000..2bfcfb442 --- /dev/null +++ b/libjava/classpath/java/security/IntersectingDomainCombiner.java @@ -0,0 +1,82 @@ +/* IntersectingDomainCombiner.java -- + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.util.HashSet; + +/** + * A trivial implementation of {@link DomainCombiner} that produces the + * intersection of the supplied {@link ProtectionDomain} objects. + */ +final class IntersectingDomainCombiner implements DomainCombiner +{ + + // Contstant. + // ------------------------------------------------------------------------- + + static final IntersectingDomainCombiner SINGLETON = new IntersectingDomainCombiner(); + + // Constructor. + // ------------------------------------------------------------------------- + + private IntersectingDomainCombiner() + { + } + + // Methods. + // ------------------------------------------------------------------------- + + public ProtectionDomain[] combine (ProtectionDomain[] currentDomains, + ProtectionDomain[] assignedDomains) + { + HashSet newDomains = new HashSet (); + for (int i = 0; i < currentDomains.length; i++) + { + if (currentDomains[i] == null) + continue; + for (int j = 0; j < assignedDomains.length; j++) + { + if (currentDomains[i].equals (assignedDomains[j])) + newDomains.add (currentDomains[i]); + } + } + return (ProtectionDomain[]) + newDomains.toArray(new ProtectionDomain[newDomains.size()]); + } +} diff --git a/libjava/classpath/java/security/InvalidAlgorithmParameterException.java b/libjava/classpath/java/security/InvalidAlgorithmParameterException.java new file mode 100644 index 000000000..aa77937fb --- /dev/null +++ b/libjava/classpath/java/security/InvalidAlgorithmParameterException.java @@ -0,0 +1,95 @@ +/* InvalidAlgorithmParameterException.java -- an invalid parameter to a + security algorithm + Copyright (C) 2000, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Thrown for an invalid security algorithm parameter. + * + * @author Warren Levy (warrenl@cygnus.com) + * @since 1.2 + * @status updated to 1.4 + */ +public class InvalidAlgorithmParameterException + extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 2864672297499471472L; + + /** + * Construct an exception with no message. + */ + public InvalidAlgorithmParameterException() + { + super(); + } + + /** + * Construct an exception with a message. + * + * @param msg the message + */ + public InvalidAlgorithmParameterException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public InvalidAlgorithmParameterException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public InvalidAlgorithmParameterException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/InvalidKeyException.java b/libjava/classpath/java/security/InvalidKeyException.java new file mode 100644 index 000000000..39aa3df43 --- /dev/null +++ b/libjava/classpath/java/security/InvalidKeyException.java @@ -0,0 +1,91 @@ +/* InvalidKeyException -- thrown for an invalid key + Copyright (C) 2000, 2002, 2006 Free Software Foundation + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Thrown for an invalid key. + * + * @author Warren Levy (warrenl@cygnus.com) + * @status updated to 1.4 + */ +public class InvalidKeyException extends KeyException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5698479920593359816L; + + /** + * Construct an exception with no message. + */ + public InvalidKeyException() + { + } + + /** + * Construct an exception with a message. + * + * @param msg the message + */ + public InvalidKeyException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public InvalidKeyException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public InvalidKeyException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/InvalidParameterException.java b/libjava/classpath/java/security/InvalidParameterException.java new file mode 100644 index 000000000..c5218a049 --- /dev/null +++ b/libjava/classpath/java/security/InvalidParameterException.java @@ -0,0 +1,70 @@ +/* InvalidParameterException.java -- an invalid parameter in the JCA/JCE engine + Copyright (C) 2000, 2002 Free Software Foundation + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Thrown when an invalid parameter is passed to a method of the JCA/JCE + * engine classes. + * + * @author Warren Levy (warrenl@cygnus.com) + * @status updated to 1.4 + */ +public class InvalidParameterException extends IllegalArgumentException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -857968536935667808L; + + /** + * Construct an exception with no message. + */ + public InvalidParameterException() + { + } + + /** + * Construct an exception with a message. + * + * @param msg the message + */ + public InvalidParameterException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/Key.java b/libjava/classpath/java/security/Key.java new file mode 100644 index 000000000..23652b6e7 --- /dev/null +++ b/libjava/classpath/java/security/Key.java @@ -0,0 +1,94 @@ +/* Key.java -- A abstract representation of a digital key + Copyright (C) 1998, 2000, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.io.Serializable; + +/** + * This interfaces models the base characteristics that all keys must + * have. These are: a key algorithm, an encoded form, and a format used + * to encode the key. Specific key types inherit from this interface. + * Note that since this interface extends <code>Serializable</code>, all + * keys may be serialized. Keys are generally obtained through key generators, + * including {@link KeyFactory}. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see PublicKey + * @see PrivateKey + * @see KeyPair + * @see KeyPairGenerator + * @see KeyFactory + * @see KeySpec + * @see Identity + * @see Signer + * @since 1.1 + * @status updated to 1.4 + */ +public interface Key extends Serializable +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 6603384152749567654L; + + /** + * This method returns the name of the algorithm for this key. This is a + * <code>String</code> such as "RSA". + * + * @return the name of the algorithm in use + */ + String getAlgorithm(); + + /** + * This method returns the name of the encoding format for this key. This + * is the name of the ASN.1 data format used for this key, such as + * "X.509" or "PKCS#8". This method returns <code>null</code> if this key + * does not have an encoding format. + * + * @return the name of the encoding format for this key, or null + */ + String getFormat(); + + /** + * This method returns the encoded form of the key. If this key does not + * support encoding, this method returns <code>null</code>. + * + * @return the encoded form of the key, or null + */ + byte[] getEncoded(); +} // interface Key diff --git a/libjava/classpath/java/security/KeyException.java b/libjava/classpath/java/security/KeyException.java new file mode 100644 index 000000000..66f1feb64 --- /dev/null +++ b/libjava/classpath/java/security/KeyException.java @@ -0,0 +1,94 @@ +/* KeyException.java -- Thrown when there is a problem with a key + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when there is a problem with a key. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Key + * @status updated to 1.4 + */ +public class KeyException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -7483676942812432108L; + + /** + * This method initializes a new instance of <code>KeyException</code> + * with no descriptive message. + */ + public KeyException() + { + } + + /** + * This method initializes a new instance of <code>KeyException</code> + * with a descriptive message. + * + * @param msg the descriptive message + */ + public KeyException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public KeyException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public KeyException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/KeyFactory.java b/libjava/classpath/java/security/KeyFactory.java new file mode 100644 index 000000000..6f47de044 --- /dev/null +++ b/libjava/classpath/java/security/KeyFactory.java @@ -0,0 +1,280 @@ +/* KeyFactory.java --- Key Factory Class + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +/** + * Key factories are used to convert keys (opaque cryptographic keys of type + * {@link Key}) into key specifications (transparent representations of the + * underlying key material). + * + * <p>Key factories are bi-directional. They allow a key class to be converted + * into a key specification (key material) and back again. For example DSA + * public keys can be specified as <code>DSAPublicKeySpec</code> or + * <code>X509EncodedKeySpec</code>. A key factory translates these key + * specifications.</p> + * + * @since 1.2 + * @see Key + * @see KeySpec + * @see java.security.spec.DSAPublicKeySpec + * @see java.security.spec.X509EncodedKeySpec + @author Mark Benvenuto + */ +public class KeyFactory +{ + /** The service name for key factories. */ + private static final String KEY_FACTORY = "KeyFactory"; + + private KeyFactorySpi keyFacSpi; + private Provider provider; + private String algorithm; + + /** + * Constructs a new instance of <code>KeyFactory</code> with the specified + * parameters. + * + * @param keyFacSpi + * the key factory to use. + * @param provider + * the provider to use. + * @param algorithm + * the name of the key algorithm to use. + */ + protected KeyFactory(KeyFactorySpi keyFacSpi, Provider provider, + String algorithm) + { + this.keyFacSpi = keyFacSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** + * Returns a new instance of <code>KeyFactory</code> representing the + * specified key factory. + * + * @param algorithm the name of algorithm to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static KeyFactory getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new instance of <code>KeyFactory</code> representing the + * specified key factory from the specified provider. + * + * @param algorithm the name of algorithm to use. + * @param provider the name of the provider to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code> or empty. + */ + public static KeyFactory getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new instance of <code>KeyFactory</code> representing the + * specified key factory from the designated {@link Provider}. + * + * @param algorithm the name of algorithm to use. + * @param provider the {@link Provider} to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by + * {@link Provider}. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + * @since 1.4 + * @see Provider + */ + public static KeyFactory getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("KeyFactory for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(KEY_FACTORY, algorithm, provider); + return new KeyFactory((KeyFactorySpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Returns the {@link Provider} of this instance. + * + * @return the {@link Provider} of this instance. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the name of the algorithm used. + * + * @return the name of the algorithm used. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Generates a public key from the provided key specification. + * + * @param keySpec + * the key specification. + * @return the public key. + * @throws InvalidKeySpecException + * if the key specification is invalid. + */ + public final PublicKey generatePublic(KeySpec keySpec) + throws InvalidKeySpecException + { + return keyFacSpi.engineGeneratePublic(keySpec); + } + + /** + * Generates a private key from the provided key specification. + * + * @param keySpec + * the key specification. + * @return the private key. + * @throws InvalidKeySpecException + * if the key specification is invalid. + */ + public final PrivateKey generatePrivate(KeySpec keySpec) + throws InvalidKeySpecException + { + return keyFacSpi.engineGeneratePrivate(keySpec); + } + + /** + * Returns a key specification for the given key. <code>keySpec</code> + * identifies the specification class to return the key material in. + * + * @param key + * the key to use. + * @param keySpec + * the specification class to use. + * @return the key specification in an instance of the requested specification + * class. + * @throws InvalidKeySpecException + * the requested key specification is inappropriate for this key or + * the key is unrecognized. + */ + public final <T extends KeySpec> T getKeySpec(Key key, Class<T> keySpec) + throws InvalidKeySpecException + { + return keyFacSpi.engineGetKeySpec(key, keySpec); + } + + /** + * Translates the key from an unknown or untrusted provider into a key from + * this key factory. + * + * @param key + * the key to translate from. + * @return the translated key. + * @throws InvalidKeyException + * if the key cannot be processed by this key factory. + */ + public final Key translateKey(Key key) throws InvalidKeyException + { + return keyFacSpi.engineTranslateKey(key); + } +} diff --git a/libjava/classpath/java/security/KeyFactorySpi.java b/libjava/classpath/java/security/KeyFactorySpi.java new file mode 100644 index 000000000..b8424638f --- /dev/null +++ b/libjava/classpath/java/security/KeyFactorySpi.java @@ -0,0 +1,134 @@ +/* KeyFactorySpi.java --- Key Factory Service Provider Interface + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +/** + * KeyFactorySpi is the Service Provider Interface (SPI) for the + * KeyFactory class. This is the interface for providers to + * supply to implement a key factory for an algorithm. + * + * Key factories are used to convert keys (opaque cryptographic + * keys of type Key) into key specifications (transparent + * representations of the underlying key material). + * + * Key factories are bi-directional. They allow a key class + * to be converted into a key specification (key material) and + * back again. + * + * For example DSA public keys can be specified as + * DSAPublicKeySpec or X509EncodedKeySpec. The key factory + * translate these key specifications. + * + * @since JDK 1.2 + * @author Mark Benvenuto + */ +public abstract class KeyFactorySpi +{ + /** + * Constucts a new KeyFactorySpi. + */ + public KeyFactorySpi() + { + } + + /** + * Generates a public key from the provided key specification. + * + * @param keySpec key specification + * + * @return the public key + * + * @throws InvalidKeySpecException invalid key specification for + * this key factory to produce a public key + */ + protected abstract PublicKey engineGeneratePublic(KeySpec keySpec) + throws InvalidKeySpecException; + + + /** + * Generates a private key from the provided key specification. + * + * @param keySpec key specification + * + * @return the private key + * + * @throws InvalidKeySpecException invalid key specification for + * this key factory to produce a private key + */ + protected abstract PrivateKey engineGeneratePrivate(KeySpec keySpec) + throws InvalidKeySpecException; + + /** + * Returns a key specification for the given key. keySpec + * identifies the specification class to return the key + * material in. + * + * @param key the key + * @param keySpec the specification class to return the + * key material in. + * + * @return the key specification in an instance of the requested + * specification class + * + * @throws InvalidKeySpecException the requested key specification + * is inappropriate for this key or the key is + * unrecognized. + */ + protected abstract <T extends KeySpec> T engineGetKeySpec(Key key, + Class<T> keySpec) + throws InvalidKeySpecException; + + + /** + * Translates the key from an unknown or untrusted provider + * into a key for this key factory. + * + * @param key key from an unknown or untrusted provider + * + * @return the translated key + * + * @throws InvalidKeyException if the key cannot be + * processed by this key factory + */ + protected abstract Key engineTranslateKey(Key key) + throws InvalidKeyException; +} diff --git a/libjava/classpath/java/security/KeyManagementException.java b/libjava/classpath/java/security/KeyManagementException.java new file mode 100644 index 000000000..f39fe312e --- /dev/null +++ b/libjava/classpath/java/security/KeyManagementException.java @@ -0,0 +1,93 @@ +/* KeyManagementException.java -- an exception in key management + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown whenever a problem related to the management of + * security keys is encountered. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Key + * @status updated to 1.4 + */ +public class KeyManagementException extends KeyException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 947674216157062695L; + + /** + * Create a new instance with no descriptive error message. + */ + public KeyManagementException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public KeyManagementException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public KeyManagementException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public KeyManagementException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/KeyPair.java b/libjava/classpath/java/security/KeyPair.java new file mode 100644 index 000000000..bf1a40a23 --- /dev/null +++ b/libjava/classpath/java/security/KeyPair.java @@ -0,0 +1,87 @@ +/* KeyPair.java --- Key Pair Class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; +import java.io.Serializable; + +/** + KeyPair serves as a simple container for public and private keys. + If properly initialized, this class should be treated like the + private key since it contains it and take approriate security + measures. + + @author Mark Benvenuto + */ +public final class KeyPair implements Serializable +{ + private static final long serialVersionUID = -7565189502268009837L; + + private PublicKey publicKey; + private PrivateKey privateKey; + + /** + Initializes the KeyPair with a pubilc and private key. + + @param publicKey Public Key to store + @param privateKey Private Key to store + */ + public KeyPair(PublicKey publicKey, PrivateKey privateKey) + { + this.publicKey = publicKey; + this.privateKey = privateKey; + } + + /** + Returns the public key stored in the KeyPair + + @return The public key + */ + public PublicKey getPublic() + { + return publicKey; + } + + /** + Returns the private key stored in the KeyPair + + @return The private key + */ + public PrivateKey getPrivate() + { + return privateKey; + } +} diff --git a/libjava/classpath/java/security/KeyPairGenerator.java b/libjava/classpath/java/security/KeyPairGenerator.java new file mode 100644 index 000000000..5e6bb1a3c --- /dev/null +++ b/libjava/classpath/java/security/KeyPairGenerator.java @@ -0,0 +1,313 @@ +/* KeyPairGenerator.java --- Key Pair Generator Class + Copyright (C) 1999, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.spec.AlgorithmParameterSpec; + +/** + * <code>KeyPairGenerator</code> is a class used to generate key-pairs for a + * security algorithm. + * + * <p>The <code>KeyPairGenerator</code> is created with the + * <code>getInstance()</code> Factory methods. It is used to generate a pair of + * public and private keys for a specific algorithm and associate this key-pair + * with the algorithm parameters it was initialized with.</p> + * + * @see KeyPair + * @see AlgorithmParameterSpec + * @author Mark Benvenuto + * @author Casey Marshall + */ +public abstract class KeyPairGenerator extends KeyPairGeneratorSpi +{ + /** The service name for key pair generators. */ + private static final String KEY_PAIR_GENERATOR = "KeyPairGenerator"; + + Provider provider; + private String algorithm; + + /** + * Constructs a new instance of <code>KeyPairGenerator</code>. + * + * @param algorithm + * the algorithm to use. + */ + protected KeyPairGenerator(String algorithm) + { + this.algorithm = algorithm; + this.provider = null; + } + + /** + * Returns the name of the algorithm used. + * + * @return the name of the algorithm used. + */ + public String getAlgorithm() + { + return algorithm; + } + + /** + * Returns a new instance of <code>KeyPairGenerator</code> which generates + * key-pairs for the specified algorithm. + * + * @param algorithm the name of the algorithm to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static KeyPairGenerator getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new instance of <code>KeyPairGenerator</code> which generates + * key-pairs for the specified algorithm from a named provider. + * + * @param algorithm the name of the algorithm to use. + * @param provider the name of a {@link Provider} to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code> or empty. + */ + public static KeyPairGenerator getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new instance of <code>KeyPairGenerator</code> which generates + * key-pairs for the specified algorithm from a designated {@link Provider}. + * + * @param algorithm + * the name of the algorithm to use. + * @param provider + * the {@link Provider} to use. + * @return a new insatnce repesenting the desired algorithm. + * @throws NoSuchAlgorithmException + * if the algorithm is not implemented by the {@link Provider}. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + * @since 1.4 + * @see Provider + */ + public static KeyPairGenerator getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("KeyPairGenerator for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] "); + Object o; + try + { + o = Engine.getInstance(KEY_PAIR_GENERATOR, algorithm, provider); + } + catch (InvocationTargetException x) + { + Throwable cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + sb.append("could not be created"); + NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString()); + y.initCause(cause); + throw y; + } + KeyPairGenerator result; + if (o instanceof KeyPairGenerator) + { + result = (KeyPairGenerator) o; + result.algorithm = algorithm; + } + else if (o instanceof KeyPairGeneratorSpi) + result = new DummyKeyPairGenerator((KeyPairGeneratorSpi) o, algorithm); + else + { + sb.append("is of an unexpected Type: ").append(o.getClass().getName()); + throw new NoSuchAlgorithmException(sb.toString()); + } + result.provider = provider; + return result; + } + + /** + * Returns the {@link Provider} of this instance. + * + * @return the {@link Provider} of this instance. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initializes this instance for the specified key size. Since no source of + * randomness is specified, a default one will be used. + * + * @param keysize + * the size of keys to use. + */ + public void initialize(int keysize) + { + initialize(keysize, new SecureRandom()); + } + + /** + * Initializes this instance for the specified key size and + * {@link SecureRandom}. + * + * @param keysize + * the size of keys to use. + * @param random + * the {@link SecureRandom} to use. + * @since 1.2 + */ + public void initialize(int keysize, SecureRandom random) + { + } + + /** + * Initializes this instance with the specified + * {@link AlgorithmParameterSpec}. Since no source of randomness is specified, + * a default one will be used. + * + * @param params + * the {@link AlgorithmParameterSpec} to use. + * @throws InvalidAlgorithmParameterException + * if the designated specifications are invalid. + * @since 1.2 + */ + public void initialize(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException + { + initialize(params, new SecureRandom()); + } + + /** + * Initializes this instance with the specified {@link AlgorithmParameterSpec} + * and {@link SecureRandom}. + * + * @param params + * the {@link AlgorithmParameterSpec} to use. + * @param random + * the {@link SecureRandom} to use. + * @throws InvalidAlgorithmParameterException + * if the designated specifications are invalid. + * @since 1.2 + */ + public void initialize(AlgorithmParameterSpec params, SecureRandom random) + throws InvalidAlgorithmParameterException + { + super.initialize(params, random); + } + + /** + * Generates a new "DSA" {@link KeyPair} from the "GNU" security provider. + * + * <p>This method generates a unique key-pair each time it is called.</p> + * + * @return a new unique {@link KeyPair}. + * @see #generateKeyPair() + * @since 1.2 + */ + public final KeyPair genKeyPair() + { + try + { + return getInstance("DSA", "GNU").generateKeyPair(); + } + catch (Exception e) + { + System.err.println("genKeyPair failed: " + e); + e.printStackTrace(); + return null; + } + } + + /** + * Generates a new "DSA" {@link KeyPair} from the "GNU" security provider. + * + * <p>This method generates a unique key pair each time it is called.</p> + * + * @return a new unique {@link KeyPair}. + * @see #genKeyPair() + */ + public KeyPair generateKeyPair() + { + return genKeyPair(); + } +} diff --git a/libjava/classpath/java/security/KeyPairGeneratorSpi.java b/libjava/classpath/java/security/KeyPairGeneratorSpi.java new file mode 100644 index 000000000..1eaad9832 --- /dev/null +++ b/libjava/classpath/java/security/KeyPairGeneratorSpi.java @@ -0,0 +1,102 @@ +/* KeyPairGeneratorSpi.java --- Key Pair Generator SPI Class + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; +import java.security.spec.AlgorithmParameterSpec; + +/** + KeyPairGeneratorSpi is the interface used to generate key pairs + for security algorithms. + + @author Mark Benvenuto + */ +public abstract class KeyPairGeneratorSpi +{ + /** + Constructs a new KeyPairGeneratorSpi + */ + public KeyPairGeneratorSpi() + { + } + + /** + Initialize the KeyPairGeneratorSpi with the specified + key size and source of randomness + + @param keysize size of the key to generate + @param random A SecureRandom source of randomness + */ + public abstract void initialize(int keysize, SecureRandom random); + + /** + Initialize the KeyPairGeneratorSpi with the specified + AlgorithmParameterSpec and source of randomness + + This is a concrete method. It may be overridden by the provider + and if the AlgorithmParameterSpec class is invalid + throw InvalidAlgorithmParameterException. By default this + method just throws UnsupportedOperationException. + + @param params A AlgorithmParameterSpec to intialize with + @param random A SecureRandom source of randomness + + @throws InvalidAlgorithmParameterException + */ + public void initialize(AlgorithmParameterSpec params, SecureRandom random) + throws InvalidAlgorithmParameterException + { + throw new java.lang.UnsupportedOperationException(); + } + + /** + Generates a KeyPair according the rules for the algorithm. + Unless intialized, algorithm defaults will be used. It + creates a unique key pair each time. + + @return a key pair + */ + public abstract KeyPair generateKeyPair(); + + /** + * We override clone here to make it accessible for use by + * DummyKeyPairGenerator. + */ + protected Object clone() throws CloneNotSupportedException + { + return super.clone(); + } +} diff --git a/libjava/classpath/java/security/KeyStore.java b/libjava/classpath/java/security/KeyStore.java new file mode 100644 index 000000000..b7a0e2ab1 --- /dev/null +++ b/libjava/classpath/java/security/KeyStore.java @@ -0,0 +1,503 @@ +/* KeyStore.java --- Key Store Class + Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.security.Engine; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.lang.reflect.InvocationTargetException; +import java.security.cert.CertificateException; +import java.util.Date; +import java.util.Enumeration; + +/** + * Keystore represents an in-memory collection of keys and + * certificates. There are two types of entries: + * + * <dl> + * <dt>Key Entry</dt> + * + * <dd><p>This type of keystore entry store sensitive crytographic key + * information in a protected format.Typically this is a secret + * key or a private key with a certificate chain.</p></dd> + * + * <dt>Trusted Ceritificate Entry</dt> + * + * <dd><p>This type of keystore entry contains a single public key + * certificate belonging to annother entity. It is called trusted + * because the keystore owner trusts that the certificates + * belongs to the subject (owner) of the certificate.</p></dd> + * </dl> + * + * <p>Entries in a key store are referred to by their "alias": a simple + * unique string. + * + * <p>The structure and persistentence of the key store is not + * specified. Any method could be used to protect sensitive + * (private or secret) keys. Smart cards or integrated + * cryptographic engines could be used or the keystore could + * be simply stored in a file.</p> + * + * @see java.security.cert.Certificate + * @see Key + */ +public class KeyStore +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for key stores. */ + private static final String KEY_STORE = "KeyStore"; + + private KeyStoreSpi keyStoreSpi; + private Provider provider; + private String type; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + Creates an instance of KeyStore + + @param keyStoreSpi A KeyStore engine to use + @param provider A provider to use + @param type The type of KeyStore + */ + protected KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type) + { + this.keyStoreSpi = keyStoreSpi; + this.provider = provider; + this.type = type; + } + + /** + * Returns an instance of a <code>KeyStore</code> representing the specified + * type, from the first provider that implements it. + * + * @param type the type of keystore to create. + * @return a <code>KeyStore</code> repesenting the desired type. + * @throws KeyStoreException if the designated type of is not implemented by + * any provider, or the implementation could not be instantiated. + * @throws IllegalArgumentException if <code>type</code> is + * <code>null</code> or is an empty string. + */ + public static KeyStore getInstance(String type) throws KeyStoreException + { + Provider[] p = Security.getProviders(); + KeyStoreException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(type, p[i]); + } + catch (KeyStoreException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new KeyStoreException(type); + } + + /** + * Returns an instance of a <code>KeyStore</code> representing the specified + * type, from the named provider. + * + * @param type the type of keystore to create. + * @param provider the name of the provider to use. + * @return a <code>KeyStore</code> repesenting the desired type. + * @throws KeyStoreException if the designated type is not implemented by the + * given provider. + * @throws NoSuchProviderException if the provider is not found. + * @throws IllegalArgumentException if either <code>type</code> or + * <code>provider</code> is <code>null</code> or empty. + */ + public static KeyStore getInstance(String type, String provider) + throws KeyStoreException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(type, p); + } + + /** + * Returns an instance of a <code>KeyStore</code> representing the specified + * type, from the specified provider. + * + * @param type the type of keystore to create. + * @param provider the provider to use. + * @return a <code>KeyStore</code> repesenting the desired type. + * @throws KeyStoreException if the designated type is not implemented by the + * given provider. + * @throws IllegalArgumentException if either <code>type</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>type</code> is an empty string. + * @since 1.4 + */ + public static KeyStore getInstance(String type, Provider provider) + throws KeyStoreException + { + Throwable cause; + try + { + Object spi = Engine.getInstance(KEY_STORE, type, provider); + return new KeyStore((KeyStoreSpi) spi, provider, type); + } + catch (NoSuchAlgorithmException x) + { + cause = x; + } + catch (InvocationTargetException x) + { + cause = x.getCause() != null ? x.getCause() : x; + } + catch (ClassCastException x) + { + cause = x; + } + KeyStoreException x = new KeyStoreException(type); + x.initCause(cause); + throw x; + } + + /** + * Returns the default KeyStore type. This method looks up the + * type in <JAVA_HOME>/lib/security/java.security with the + * property "keystore.type" or if that fails then "gkr" . + */ + public static final String getDefaultType() + { + // Security reads every property in java.security so it + // will return this property if it exists. + String tmp = Security.getProperty("keystore.type"); + + if (tmp == null) + tmp = "gkr"; + + return tmp; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + Gets the provider that the class is from. + + @return the provider of this class + */ + public final Provider getProvider() + { + return provider; + } + + /** + Returns the type of the KeyStore supported + + @return A string with the type of KeyStore + */ + public final String getType() + { + return type; + } + + /** + Returns the key associated with given alias using the + supplied password. + + @param alias an alias for the key to get + @param password password to access key with + + @return the requested key, or null otherwise + + @throws NoSuchAlgorithmException if there is no algorithm + for recovering the key + @throws UnrecoverableKeyException key cannot be reocovered + (wrong password). + */ + public final Key getKey(String alias, char[]password) + throws KeyStoreException, NoSuchAlgorithmException, + UnrecoverableKeyException + { + return keyStoreSpi.engineGetKey(alias, password); + } + + /** + Gets a Certificate chain for the specified alias. + + @param alias the alias name + + @return a chain of Certificates ( ordered from the user's + certificate to the Certificate Authority's ) or + null if the alias does not exist or there is no + certificate chain for the alias ( the alias refers + to a trusted certificate entry or there is no entry). + */ + public final java.security.cert. + Certificate[] getCertificateChain(String alias) throws KeyStoreException + { + return keyStoreSpi.engineGetCertificateChain(alias); + } + + /** + Gets a Certificate for the specified alias. + + If there is a trusted certificate entry then that is returned. + it there is a key entry with a certificate chain then the + first certificate is return or else null. + + @param alias the alias name + + @return a Certificate or null if the alias does not exist + or there is no certificate for the alias + */ + public final java.security.cert.Certificate getCertificate(String alias) + throws KeyStoreException + { + return keyStoreSpi.engineGetCertificate(alias); + } + + /** + Gets entry creation date for the specified alias. + + @param alias the alias name + + @returns the entry creation date or null + */ + public final Date getCreationDate(String alias) throws KeyStoreException + { + return keyStoreSpi.engineGetCreationDate(alias); + } + + /** + Assign the key to the alias in the keystore, protecting it + with the given password. It will overwrite an existing + entry and if the key is a PrivateKey, also add the + certificate chain representing the corresponding public key. + + @param alias the alias name + @param key the key to add + @password the password to protect with + @param chain the certificate chain for the corresponding + public key + + @throws KeyStoreException if it fails + */ + public final void setKeyEntry(String alias, Key key, char[]password, + java.security.cert. + Certificate[]chain) throws KeyStoreException + { + keyStoreSpi.engineSetKeyEntry(alias, key, password, chain); + } + + /** + Assign the key to the alias in the keystore. It will overwrite + an existing entry and if the key is a PrivateKey, also + add the certificate chain representing the corresponding + public key. + + @param alias the alias name + @param key the key to add + @param chain the certificate chain for the corresponding + public key + + @throws KeyStoreException if it fails + */ + public final void setKeyEntry(String alias, byte[]key, + java.security.cert. + Certificate[]chain) throws KeyStoreException + { + keyStoreSpi.engineSetKeyEntry(alias, key, chain); + } + + /** + Assign the certificate to the alias in the keystore. It + will overwrite an existing entry. + + @param alias the alias name + @param cert the certificate to add + + @throws KeyStoreException if it fails + */ + public final void setCertificateEntry(String alias, + java.security.cert. + Certificate cert) throws + KeyStoreException + { + keyStoreSpi.engineSetCertificateEntry(alias, cert); + } + + /** + Deletes the entry for the specified entry. + + @param alias the alias name + + @throws KeyStoreException if it fails + */ + public final void deleteEntry(String alias) throws KeyStoreException + { + keyStoreSpi.engineDeleteEntry(alias); + } + + /** + Generates a list of all the aliases in the keystore. + + @return an Enumeration of the aliases + */ + public final Enumeration<String> aliases() throws KeyStoreException + { + return keyStoreSpi.engineAliases(); + } + + /** + Determines if the keystore contains the specified alias. + + @param alias the alias name + + @return true if it contains the alias, false otherwise + */ + public final boolean containsAlias(String alias) throws KeyStoreException + { + return keyStoreSpi.engineContainsAlias(alias); + } + + /** + Returns the number of entries in the keystore. + + @returns the number of keystore entries. + */ + public final int size() throws KeyStoreException + { + return keyStoreSpi.engineSize(); + } + + /** + Determines if the keystore contains a key entry for + the specified alias. + + @param alias the alias name + + @return true if it is a key entry, false otherwise + */ + public final boolean isKeyEntry(String alias) throws KeyStoreException + { + return keyStoreSpi.engineIsKeyEntry(alias); + } + + + /** + Determines if the keystore contains a certificate entry for + the specified alias. + + @param alias the alias name + + @return true if it is a certificate entry, false otherwise + */ + public final boolean isCertificateEntry(String alias) + throws KeyStoreException + { + return keyStoreSpi.engineIsCertificateEntry(alias); + } + + /** + Determines if the keystore contains the specified certificate + entry and returns the alias. + + It checks every entry and for a key entry checks only the + first certificate in the chain. + + @param cert Certificate to look for + + @return alias of first matching certificate, null if it + does not exist. + */ + public final String getCertificateAlias(java.security.cert.Certificate cert) + throws KeyStoreException + { + return keyStoreSpi.engineGetCertificateAlias(cert); + } + + /** + Stores the keystore in the specified output stream and it + uses the specified key it keep it secure. + + @param stream the output stream to save the keystore to + @param password the password to protect the keystore integrity with + + @throws IOException if an I/O error occurs. + @throws NoSuchAlgorithmException the data integrity algorithm + used cannot be found. + @throws CertificateException if any certificates could not be + stored in the output stream. + */ + public final void store(OutputStream stream, char[]password) + throws KeyStoreException, IOException, NoSuchAlgorithmException, + CertificateException + { + keyStoreSpi.engineStore(stream, password); + } + + /** + Loads the keystore from the specified input stream and it + uses the specified password to check for integrity if supplied. + + @param stream the input stream to load the keystore from + @param password the password to check the keystore integrity with + + @throws IOException if an I/O error occurs. + @throws NoSuchAlgorithmException the data integrity algorithm + used cannot be found. + @throws CertificateException if any certificates could not be + stored in the output stream. + */ + public final void load(InputStream stream, char[]password) + throws IOException, NoSuchAlgorithmException, CertificateException + { + keyStoreSpi.engineLoad(stream, password); + } + +} diff --git a/libjava/classpath/java/security/KeyStoreException.java b/libjava/classpath/java/security/KeyStoreException.java new file mode 100644 index 000000000..62f906e6e --- /dev/null +++ b/libjava/classpath/java/security/KeyStoreException.java @@ -0,0 +1,92 @@ +/* KeyStoreException.java -- Indicates a problem with the key store + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Indicates a problem with the key store. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.2 + * @status updated to 1.4 + */ +public class KeyStoreException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = -1119353179322377262L; + + /** + * Create a new instance detailed error message. + */ + public KeyStoreException() + { + } + + /** + * Create a new instance with a detailed error message. + * + * @param msg the descriptive error message + */ + public KeyStoreException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public KeyStoreException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public KeyStoreException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/KeyStoreSpi.java b/libjava/classpath/java/security/KeyStoreSpi.java new file mode 100644 index 000000000..b44bd84a8 --- /dev/null +++ b/libjava/classpath/java/security/KeyStoreSpi.java @@ -0,0 +1,275 @@ +/* KeyStoreSpi.java --- Key Store Service Provider Interface + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.cert.CertificateException; +import java.util.Date; +import java.util.Enumeration; + +/** + * KeyStoreSpi is the Service Provider Interface (SPI) for the + * KeyStore class. This is the interface for providers to + * supply to implement a keystore for a particular keystore + * type. + * + * @since 1.2 + * @author Mark Benvenuto + */ +public abstract class KeyStoreSpi +{ + /** + * Constructs a new KeyStoreSpi + */ + public KeyStoreSpi() + { + } + + /** + * Returns the key associated with given alias using the + * supplied password. + * + * @param alias an alias for the key to get + * @param password password to access key with + * + * @return the requested key, or null otherwise + * + * @throws NoSuchAlgorithmException if there is no algorithm + * for recovering the key + * @throws UnrecoverableKeyException key cannot be reocovered + * (wrong password). + */ + public abstract Key engineGetKey(String alias, char[]password) + throws NoSuchAlgorithmException, UnrecoverableKeyException; + + /** + * Gets a Certificate chain for the specified alias. + * + * @param alias the alias name + * + * @return a chain of Certificates ( ordered from the user's + * certificate to the Certificate Authority's ) or + * null if the alias does not exist or there is no + * certificate chain for the alias ( the alias refers + * to a trusted certificate entry or there is no entry). + */ + public abstract java.security.cert. + Certificate[] engineGetCertificateChain(String alias); + + + /** + * Gets a Certificate for the specified alias. + * + * If there is a trusted certificate entry then that is returned. + * it there is a key entry with a certificate chain then the + * first certificate is return or else null. + * + * @param alias the alias name + * + * @return a Certificate or null if the alias does not exist + * or there is no certificate for the alias + */ + public abstract java.security.cert. + Certificate engineGetCertificate(String alias); + + /** + * Gets entry creation date for the specified alias. + * + * @param alias the alias name + * + * @returns the entry creation date or null + */ + public abstract Date engineGetCreationDate(String alias); + + /** + * Assign the key to the alias in the keystore, protecting it + * with the given password. It will overwrite an existing + * entry and if the key is a PrivateKey, also add the + * certificate chain representing the corresponding public key. + * + * @param alias the alias name + * @param key the key to add + * @password the password to protect with + * @param chain the certificate chain for the corresponding + * public key + * + * @throws KeyStoreException if it fails + */ + public abstract void engineSetKeyEntry(String alias, Key key, + char[]password, + java.security.cert. + Certificate[]chain) throws + KeyStoreException; + + /** + * Assign the key to the alias in the keystore. It will overwrite + * an existing entry and if the key is a PrivateKey, also + * add the certificate chain representing the corresponding + * public key. + * + * @param alias the alias name + * @param key the key to add + * @param chain the certificate chain for the corresponding + * public key + * + * @throws KeyStoreException if it fails + */ + public abstract void engineSetKeyEntry(String alias, byte[]key, + java.security.cert. + Certificate[]chain) throws + KeyStoreException; + + + /** + * Assign the certificate to the alias in the keystore. It + * will overwrite an existing entry. + * + * @param alias the alias name + * @param cert the certificate to add + * + * @throws KeyStoreException if it fails + */ + public abstract void engineSetCertificateEntry(String alias, + java.security.cert. + Certificate cert) throws + KeyStoreException; + + /** + * Deletes the entry for the specified entry. + * + * @param alias the alias name + * + * @throws KeyStoreException if it fails + */ + public abstract void engineDeleteEntry(String alias) + throws KeyStoreException; + + /** + * Generates a list of all the aliases in the keystore. + * + * @return an Enumeration of the aliases + */ + public abstract Enumeration<String> engineAliases(); + + /** + * Determines if the keystore contains the specified alias. + * + * @param alias the alias name + * + * @return true if it contains the alias, false otherwise + */ + public abstract boolean engineContainsAlias(String alias); + + /** + * Returns the number of entries in the keystore. + * + * @returns the number of keystore entries. + */ + public abstract int engineSize(); + + /** + * Determines if the keystore contains a key entry for + * the specified alias. + * + * @param alias the alias name + * + * @return true if it is a key entry, false otherwise + */ + public abstract boolean engineIsKeyEntry(String alias); + + /** + * Determines if the keystore contains a certificate entry for + * the specified alias. + * + * @param alias the alias name + * + * @return true if it is a certificate entry, false otherwise + */ + public abstract boolean engineIsCertificateEntry(String alias); + + /** + * Determines if the keystore contains the specified certificate + * entry and returns the alias. + * + * It checks every entry and for a key entry checks only the + * first certificate in the chain. + * + * @param cert Certificate to look for + * + * @return alias of first matching certificate, null if it + * does not exist. + */ + public abstract String engineGetCertificateAlias(java.security.cert. + Certificate cert); + + /** + * Stores the keystore in the specified output stream and it + * uses the specified key it keep it secure. + * + * @param stream the output stream to save the keystore to + * @param password the password to protect the keystore integrity with + * + * @throws IOException if an I/O error occurs. + * @throws NoSuchAlgorithmException the data integrity algorithm + * used cannot be found. + * @throws CertificateException if any certificates could not be + * stored in the output stream. + */ + public abstract void engineStore(OutputStream stream, char[]password) + throws IOException, NoSuchAlgorithmException, CertificateException; + + + /** + * Loads the keystore from the specified input stream and it + * uses the specified password to check for integrity if supplied. + * + * @param stream the input stream to load the keystore from + * @param password the password to check the keystore integrity with + * + * @throws IOException if an I/O error occurs. + * @throws NoSuchAlgorithmException the data integrity algorithm + * used cannot be found. + * @throws CertificateException if any certificates could not be + * stored in the output stream. + */ + public abstract void engineLoad(InputStream stream, char[]password) + throws IOException, NoSuchAlgorithmException, CertificateException; +} diff --git a/libjava/classpath/java/security/MessageDigest.java b/libjava/classpath/java/security/MessageDigest.java new file mode 100644 index 000000000..a4eeab447 --- /dev/null +++ b/libjava/classpath/java/security/MessageDigest.java @@ -0,0 +1,382 @@ +/* MessageDigest.java --- The message digest interface. + Copyright (C) 1999, 2002, 2003, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; +import java.nio.ByteBuffer; + +import java.lang.reflect.InvocationTargetException; + +/** + * Message digests are secure one-way hash functions that take arbitrary-sized + * data and output a fixed-length hash value. + * + * @see MessageDigestSpi + * @since JDK 1.1 + */ +public abstract class MessageDigest extends MessageDigestSpi +{ + /** The service name for message digests. */ + private static final String MESSAGE_DIGEST = "MessageDigest"; + + private String algorithm; + Provider provider; + private byte[] lastDigest; + + /** + * Constructs a new instance of <code>MessageDigest</code> representing the + * specified algorithm. + * + * @param algorithm + * the name of the digest algorithm to use. + */ + protected MessageDigest(String algorithm) + { + this.algorithm = algorithm; + provider = null; + } + + /** + * Returns a new instance of <code>MessageDigest</code> representing the + * specified algorithm. + * + * @param algorithm the name of the digest algorithm to use. + * @return a new instance representing the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static MessageDigest getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new instance of <code>MessageDigest</code> representing the + * specified algorithm from a named provider. + * + * @param algorithm the name of the digest algorithm to use. + * @param provider the name of the provider to use. + * @return a new instance representing the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code> or empty. + */ + public static MessageDigest getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new instance of <code>MessageDigest</code> representing the + * specified algorithm from a designated {@link Provider}. + * + * @param algorithm the name of the digest algorithm to use. + * @param provider the {@link Provider} to use. + * @return a new instance representing the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by + * {@link Provider}. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + * @since 1.4 + * @see Provider + */ + public static MessageDigest getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("MessageDigest for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] "); + Object o; + try + { + o = Engine.getInstance(MESSAGE_DIGEST, algorithm, provider); + } + catch (InvocationTargetException x) + { + Throwable cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + sb.append("could not be created"); + NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString()); + y.initCause(cause); + throw y; + } + MessageDigest result; + if (o instanceof MessageDigestSpi) + result = new DummyMessageDigest((MessageDigestSpi) o, algorithm); + else if (o instanceof MessageDigest) + { + result = (MessageDigest) o; + result.algorithm = algorithm; + } + else + { + sb.append("is of an unexpected Type: ").append(o.getClass().getName()); + throw new NoSuchAlgorithmException(sb.toString()); + } + result.provider = provider; + return result; + } + + /** + * Returns the {@link Provider} of this instance. + * + * @return the {@link Provider} of this instance. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Updates the digest with the byte. + * + * @param input byte to update the digest with. + */ + public void update(byte input) + { + engineUpdate(input); + } + + /** + * Updates the digest with the bytes from the array starting from the + * specified offset and using the specified length of bytes. + * + * @param input + * bytes to update the digest with. + * @param offset + * the offset to start at. + * @param len + * length of the data to update with. + */ + public void update(byte[] input, int offset, int len) + { + engineUpdate(input, offset, len); + } + + /** + * Updates the digest with the bytes of an array. + * + * @param input bytes to update the digest with. + */ + public void update(byte[] input) + { + engineUpdate(input, 0, input.length); + } + + /** + * Updates the digest with the remaining bytes of a buffer. + * + * @param input The input byte buffer. + * @since 1.5 + */ + public final void update (ByteBuffer input) + { + engineUpdate (input); + } + + /** + * Computes the final digest of the stored data. + * + * @return a byte array representing the message digest. + */ + public byte[] digest() + { + return lastDigest = engineDigest(); + } + + /** + * Computes the final digest of the stored bytes and returns the result. + * + * @param buf + * an array of bytes to store the result in. + * @param offset + * an offset to start storing the result at. + * @param len + * the length of the buffer. + * @return Returns the length of the buffer. + */ + public int digest(byte[] buf, int offset, int len) throws DigestException + { + return engineDigest(buf, offset, len); + } + + /** + * Computes a final update using the input array of bytes, then computes a + * final digest and returns it. It calls {@link #update(byte[])} and then + * {@link #digest(byte[])}. + * + * @param input + * an array of bytes to perform final update with. + * @return a byte array representing the message digest. + */ + public byte[] digest(byte[] input) + { + update(input); + return digest(); + } + + /** + * Returns a string representation of this instance. + * + * @return a string representation of this instance. + */ + public String toString() + { + return (getClass()).getName() + " Message Digest <" + digestToString() + ">"; + } + + /** + * Does a simple byte comparison of the two digests. + * + * @param digesta + * first digest to compare. + * @param digestb + * second digest to compare. + * @return <code>true</code> if both are equal, <code>false</code> + * otherwise. + */ + public static boolean isEqual(byte[] digesta, byte[] digestb) + { + if (digesta.length != digestb.length) + return false; + + for (int i = digesta.length - 1; i >= 0; --i) + if (digesta[i] != digestb[i]) + return false; + + return true; + } + + /** Resets this instance. */ + public void reset() + { + engineReset(); + } + + /** + * Returns the name of message digest algorithm. + * + * @return the name of message digest algorithm. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns the length of the message digest. The default is zero which means + * that the concrete implementation does not implement this method. + * + * @return length of the message digest. + * @since 1.2 + */ + public final int getDigestLength() + { + return engineGetDigestLength(); + } + + /** + * Returns a clone of this instance if cloning is supported. If it does not + * then a {@link CloneNotSupportedException} is thrown. Cloning depends on + * whether the subclass {@link MessageDigestSpi} implements {@link Cloneable} + * which contains the actual implementation of the appropriate algorithm. + * + * @return a clone of this instance. + * @throws CloneNotSupportedException + * the implementation does not support cloning. + */ + public Object clone() throws CloneNotSupportedException + { + return super.clone(); + } + + private String digestToString() + { + byte[] digest = lastDigest; + + if (digest == null) + return "incomplete"; + + CPStringBuilder buf = new CPStringBuilder(); + int len = digest.length; + for (int i = 0; i < len; ++i) + { + byte b = digest[i]; + byte high = (byte) ((b & 0xff) >>> 4); + byte low = (byte) (b & 0xf); + + buf.append(high > 9 ? ('a' - 10) + high : '0' + high); + buf.append(low > 9 ? ('a' - 10) + low : '0' + low); + } + + return buf.toString(); + } +} diff --git a/libjava/classpath/java/security/MessageDigestSpi.java b/libjava/classpath/java/security/MessageDigestSpi.java new file mode 100644 index 000000000..63cc96047 --- /dev/null +++ b/libjava/classpath/java/security/MessageDigestSpi.java @@ -0,0 +1,174 @@ +/* MessageDigestSpi.java --- The message digest service provider interface. + Copyright (C) 1999, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.nio.ByteBuffer; + +/** + This is the Service Provider Interface (SPI) for MessageDigest + class in java.security. It provides the back end functionality + for the MessageDigest class so that it can compute message + hashes. The default hashes are SHA-1 and MD5. A message hash + takes data of arbitrary length and produces a unique number + representing it. + + Cryptography service providers who want to implement their + own message digest hashes need only to subclass this class. + + The implementation of a Cloneable interface is left to up to + the programmer of a subclass. + + @version 0.0 + + @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public abstract class MessageDigestSpi +{ + /** + Default constructor of the MessageDigestSpi class + */ + public MessageDigestSpi() + { + } + + /** + Returns the length of the digest. It may be overridden by the + provider to return the length of the digest. Default is to + return 0. It is concrete for backwards compatibility with JDK1.1 + message digest classes. + + @return Length of Digest in Bytes + + @since 1.2 + */ + protected int engineGetDigestLength() + { + return 0; + } + + /** + Updates the digest with the specified byte. + + @param input the byte to update digest with + */ + protected abstract void engineUpdate(byte input); + + + /** + Updates the digest with the specified bytes starting with the + offset and proceeding for the specified length. + + @param input the byte array to update digest with + @param offset the offset of the byte to start with + @param len the number of the bytes to update with + */ + protected abstract void engineUpdate(byte[]input, int offset, int len); + + /** + * Updates this digest with the remaining bytes of a byte buffer. + * + * @param input The input buffer. + * @since 1.5 + */ + protected void engineUpdate (ByteBuffer input) + { + byte[] buf = new byte[1024]; + while (input.hasRemaining()) + { + int n = Math.min(input.remaining(), buf.length); + input.get (buf, 0, n); + engineUpdate (buf, 0, n); + } + } + + /** + Computes the final digest of the stored bytes and returns + them. It performs any necessary padding. The message digest + should reset sensitive data after performing the digest. + + @return An array of bytes containing the digest + */ + protected abstract byte[] engineDigest(); + + /** + Computes the final digest of the stored bytes and returns + them. It performs any necessary padding. The message digest + should reset sensitive data after performing the digest. This + method is left concrete for backwards compatibility with JDK1.1 + message digest classes. + + @param buf An array of bytes to store the digest + @param offset An offset to start storing the digest at + @param len The length of the buffer + @return Returns the length of the buffer + + @since 1.2 + */ + protected int engineDigest(byte[]buf, int offset, int len) + throws DigestException + { + if (engineGetDigestLength() > len) + throw new DigestException("Buffer is too small."); + + byte[] tmp = engineDigest(); + if (tmp.length > len) + throw new DigestException("Buffer is too small"); + + System.arraycopy(tmp, 0, buf, offset, tmp.length); + return tmp.length; + } + + /** + Resets the digest engine. Reinitializes internal variables + and clears sensitive data. + */ + protected abstract void engineReset(); + + /** + Returns a clone of this class. + + If cloning is not supported, then by default the class throws a + CloneNotSupportedException. The MessageDigestSpi provider + implementation has to overload this class in order to be + cloneable. + */ + public Object clone() throws CloneNotSupportedException + { + return super.clone(); + } +} diff --git a/libjava/classpath/java/security/NoSuchAlgorithmException.java b/libjava/classpath/java/security/NoSuchAlgorithmException.java new file mode 100644 index 000000000..518f2f726 --- /dev/null +++ b/libjava/classpath/java/security/NoSuchAlgorithmException.java @@ -0,0 +1,92 @@ +/* NoSuchAlgorithmException.java -- an algorithm was not available + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when the requested security algorithm is + * not available + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class NoSuchAlgorithmException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -7443947487218346562L; + + /** + * Create a new instance with no descriptive error message. + */ + public NoSuchAlgorithmException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public NoSuchAlgorithmException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public NoSuchAlgorithmException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public NoSuchAlgorithmException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/NoSuchProviderException.java b/libjava/classpath/java/security/NoSuchProviderException.java new file mode 100644 index 000000000..bd26df5ef --- /dev/null +++ b/libjava/classpath/java/security/NoSuchProviderException.java @@ -0,0 +1,70 @@ +/* NoSuchProviderException.java -- thrown when a provider is not found + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when the requested security provider is + * not available. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class NoSuchProviderException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 8488111756688534474L; + + /** + * Create a new instance with no descriptive error message. + */ + public NoSuchProviderException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public NoSuchProviderException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/Permission.java b/libjava/classpath/java/security/Permission.java new file mode 100644 index 000000000..cf6399b16 --- /dev/null +++ b/libjava/classpath/java/security/Permission.java @@ -0,0 +1,202 @@ +/* Permission.java -- The superclass for all permission objects + Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import java.io.Serializable; + +/** + * This class is the abstract superclass of all classes that implement + * the concept of a permission. A permission consists of a permission name + * and optionally a list of actions that relate to the permission. The + * actual meaning of the name of the permission is defined only in the + * context of a subclass. It may name a resource to which access permissions + * are granted (for example, the name of a file) or it might represent + * something else entirely. Similarly, the action list only has meaning + * within the context of a subclass. Some permission names may have no + * actions associated with them. That is, you either have the permission + * or you don't. + * + * <p>The most important method in this class is <code>implies</code>. This + * checks whether if one has this permission, then the specified + * permission is also implied. As a conceptual example, consider the + * permissions "Read All Files" and "Read File foo". The permission + * "Read All Files" implies that the caller has permission to read the + * file foo. + * + * <p><code>Permission</code>'s must be immutable - do not change their + * state after creation. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Permissions + * @see PermissionCollection + * @since 1.1 + * @status updated to 1.4 + */ +public abstract class Permission implements Guard, Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -5636570222231596674L; + + /** + * This is the name assigned to this permission object. + * + * @serial the name of the permission + */ + private String name; + + /** + * Create an instance with the specified name. + * + * @param name the permission name + */ + public Permission(String name) + { + this.name = name; + } + + /** + * This method implements the <code>Guard</code> interface for this class. + * It calls the <code>checkPermission</code> method in + * <code>SecurityManager</code> with this <code>Permission</code> as its + * argument. This method returns silently if the security check succeeds + * or throws an exception if it fails. + * + * @param obj the <code>Object</code> being guarded - ignored by this class + * @throws SecurityException if the security check fails + * @see GuardedObject + * @see SecurityManager#checkPermission(Permission) + */ + public void checkGuard(Object obj) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(this); + } + + /** + * This method tests whether this <code>Permission</code> implies that the + * specified <code>Permission</code> is also granted. + * + * @param perm the <code>Permission</code> to test against + * @return true if perm is implied by this + */ + public abstract boolean implies(Permission perm); + + /** + * Check to see if this object equals obj. Use <code>implies</code>, rather + * than <code>equals</code>, when making access control decisions. + * + * @param obj the object to compare to + */ + public abstract boolean equals(Object obj); + + /** + * This method returns a hash code for this <code>Permission</code>. It + * must satisfy the contract of <code>Object.hashCode</code>: it must be + * the same for all objects that equals considers to be the same. + * + * @return a hash value + */ + public abstract int hashCode(); + + /** + * Get the name of this <code>Permission</code>. + * + * @return the name + */ + public final String getName() + { + return name; + } + + /** + * This method returns the list of actions for this <code>Permission</code> + * as a <code>String</code>. The string should be in canonical order, for + * example, both <code>new FilePermission(f, "write,read")</code> and + * <code>new FilePermission(f, "read,write")</code> have the action list + * "read,write". + * + * @return the action list for this <code>Permission</code> + */ + public abstract String getActions(); + + /** + * This method returns an empty <code>PermissionCollection</code> object + * that can store permissions of this type, or <code>null</code> if no + * such collection is defined. Subclasses must override this to provide + * an appropriate collection when one is needed to accurately calculate + * <code>implies</code>. + * + * @return a new <code>PermissionCollection</code> + */ + public PermissionCollection newPermissionCollection() + { + return null; + } + + /** + * This method returns a <code>String</code> representation of this + * <code>Permission</code> object. This is in the format: + * <code>'(' + getClass().getName() + ' ' + getName() + ' ' + getActions + * + ')'</code>. + * + * @return this object as a <code>String</code> + */ + public String toString() + { + CPStringBuilder string = new CPStringBuilder(); + + string = string.append('('); + string = string.append(getClass().getName()); + string = string.append(' '); + string = string.append(getName()); + + if (!(getActions().equals(""))) + { + string = string.append(' '); + string = string.append(getActions()); + } + + string = string.append(')'); + return string.toString(); + } +} // class Permission diff --git a/libjava/classpath/java/security/PermissionCollection.java b/libjava/classpath/java/security/PermissionCollection.java new file mode 100644 index 000000000..ef87cc7e1 --- /dev/null +++ b/libjava/classpath/java/security/PermissionCollection.java @@ -0,0 +1,169 @@ +/* PermissionCollection.java -- A collection of permission objects + Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import java.io.Serializable; +import java.util.Enumeration; + +/** + * This class models a group of Java permissions. It has convenient + * methods for determining whether or not a given permission is implied + * by any of the permissions in this collection. + * + * <p>Some care must be taken in storing permissions. First, a collection of + * the appropriate type must be created. This is done by calling the + * <code>newPermissionCollection</code> method on an object of the + * permission class you wish to add to the collection. If this method + * returns <code>null</code>, any type of <code>PermissionCollection</code> + * can be used to store permissions of that type. However, if a + * <code>PermissionCollection</code> collection object is returned, that + * type must be used. + * + * <p>A <code>PermissionCollection</code> returned by the + * <code>newPermissionCollection</code> method in a subclass of + * <code>Permission</code> is a homogeneous collection. It only will + * hold permissions of one specified type - instances of the class that + * created it. Not all <code>PermissionCollection</code> subclasses + * have to hold permissions of only one type however. For example, + * the <code>Permissions</code> class holds permissions of many types. + * + * <p>Since the <code>newPermissionCollection</code> in <code>Permission</code> + * itself returns <code>null</code>, by default a permission can be stored + * in any type of collection unless it overrides that method to create its + * own collection type. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @see Permission + * @see Permissions + * @since 1.1 + * @status updated to 1.4 + */ +public abstract class PermissionCollection implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -6727011328946861783L; + + /** + * Indicates whether or not this collection is read only. + * + * @serial if the collection is read-only + */ + private boolean readOnly; + + /** + * Create a new collection. + */ + public PermissionCollection() + { + } + + /** + * This method adds a new <code>Permission</code> object to the collection. + * + * @param perm the <code>Permission</code> to add + * + * @throws SecurityException if the collection is marked read only + * @throws IllegalArgumentException if perm is of the wrong type + */ + public abstract void add(Permission perm); + + /** + * This method tests whether the specified <code>Permission</code> object is + * implied by this collection of <code>Permission</code> objects. + * + * @param perm the <code>Permission</code> object to test + * @return true if the collection implies perm + */ + public abstract boolean implies(Permission perm); + + /** + * This method returns an <code>Enumeration</code> of all the objects in + * this collection. + * + * @return an <code>Enumeration</code> of this collection's objects + */ + public abstract Enumeration<Permission> elements(); + + /** + * This method sets this <code>PermissionCollection</code> object to be + * read only. No further permissions can be added to it after calling this + * method. + */ + public void setReadOnly() + { + readOnly = true; + } + + /** + * This method tests whether or not this <code>PermissionCollection</code> + * object is read only. + * + * @return true if this collection is read only + */ + public boolean isReadOnly() + { + return readOnly; + } + + /** + * This method returns a <code>String</code> representation of this + * collection. It is formed by: + * <pre> + * super.toString()" (\n" + * // enumerate all permissions, one per line + * ")\n" + * </pre> + * + * @return a <code>String</code> representing this object + */ + public String toString() + { + CPStringBuilder sb = new CPStringBuilder(super.toString()); + + sb.append(" (\n"); + Enumeration<Permission> e = elements(); + while (e.hasMoreElements()) + sb.append(' ').append(e.nextElement()).append('\n'); + return sb.append(")\n").toString(); + } +} // class PermissionCollection diff --git a/libjava/classpath/java/security/Permissions.java b/libjava/classpath/java/security/Permissions.java new file mode 100644 index 000000000..d814064e0 --- /dev/null +++ b/libjava/classpath/java/security/Permissions.java @@ -0,0 +1,254 @@ +/* Permissions.java -- a collection of permission collections + Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.Serializable; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.NoSuchElementException; + +/** + * This class is a heterogeneous collection of permissions. It is + * organized as a collection of <code>PermissionCollection</code>'s stored + * in a hashtable. Each individual <code>PermissionCollection</code> + * contains permissions of a single type. If a specific type of + * <code>Permission</code> does not provide a collection type to use + * via its <code>newPermissionCollection</code> method, then a default + * collection type which stores its permissions in a hash table will be + * used. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @since 1.1 + */ +public final class Permissions extends PermissionCollection + implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 4858622370623524688L; + + /** + * Holds instances of <code>AllPermission</code>. + * + * @serial the permission collection for AllPermission + */ + private PermissionCollection allPermission; + + // Package-private to avoid a trampoline. + /** + * This is the <code>Hashtable</code> that contains our collections. + * + * @serial maps Class to PermissionCollection + */ + final Hashtable perms = new Hashtable(); + + /** + * This method initializes a new instance of <code>Permissions</code>. + */ + public Permissions() + { + } + + /** + * This method adds a new <code>Permission</code> to this collection. It + * will be stored in a <code>PermissionCollection</code> of the appropriate + * type, as determined by calling <code>newPermissionCollection</code> on + * the specified permission (if an appropriate collection does not already + * exist). If this object does not specify a particular type of collection, + * a default collection, which stores in permissions in a hash table, will + * be used. + * + * @param perm the <code>Permission</code> to add + * @throws SecurityException if this collection is marked as read only + */ + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException("PermissionCollection is read only"); + if (perm instanceof AllPermission) + { + if (allPermission == null) + { + allPermission = perm.newPermissionCollection(); + allPermission.add(perm); + perms.put(perm.getClass(), allPermission); + } + } + else + { + PermissionCollection pc + = (PermissionCollection) perms.get(perm.getClass()); + if (pc == null) + { + pc = perm.newPermissionCollection(); + if (pc == null) + pc = new PermissionsHash(); + perms.put(perm.getClass(), pc); + } + pc.add(perm); + } + } + + /** + * This method tests whether or not the specified <code>Permission</code> + * is implied by this <code>PermissionCollection</code>. + * + * @param perm the <code>Permission</code> to test + * @return true if the specified permission is implied by this + */ + public boolean implies(Permission perm) + { + if (allPermission != null) + return true; + PermissionCollection pc + = (PermissionCollection) perms.get(perm.getClass()); + return pc == null ? false : pc.implies(perm); + } + + /** + * This method returns an <code>Enumeration</code> which contains a + * list of all <code>Permission</code> objects contained in this + * collection. + * + * @return an <code>Enumeration</code> of this collection's elements + */ + public Enumeration<Permission> elements() + { + return new Enumeration() + { + Enumeration main_enum = perms.elements(); + Enumeration sub_enum; + + public boolean hasMoreElements() + { + if (sub_enum == null) + { + if (main_enum == null) + return false; + if (! main_enum.hasMoreElements()) + { + main_enum = null; + return false; + } + PermissionCollection pc = + (PermissionCollection) main_enum.nextElement(); + sub_enum = pc.elements(); + } + if (! sub_enum.hasMoreElements()) + { + sub_enum = null; + return hasMoreElements(); + } + return true; + } + + public Object nextElement() + { + if (! hasMoreElements()) + throw new NoSuchElementException(); + return sub_enum.nextElement(); + } + }; + } + + /** + * Implements the permission collection for all permissions without one of + * their own, and obeys serialization of JDK. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ + private static final class PermissionsHash extends PermissionCollection + { + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -8491988220802933440L; + + /** + * Hashtable where we store permissions. + * + * @serial the stored permissions, both as key and value + */ + private final Hashtable perms = new Hashtable(); + + /** + * Add a permission. We don't need to check for read-only, as this + * collection is never exposed outside of Permissions, which has already + * done that check. + * + * @param perm the permission to add + */ + public void add(Permission perm) + { + perms.put(perm, perm); + } + + /** + * Returns true if perm is in the collection. + * + * @param perm the permission to check + * @return true if it is implied + */ + // FIXME: Should this method be synchronized? + public boolean implies(Permission perm) + { + Enumeration elements = elements(); + + while (elements.hasMoreElements()) + { + Permission p = (Permission)elements.nextElement(); + if (p.implies(perm)) + return true; + } + return false; + } + + /** + * Return the elements. + * + * @return the elements + */ + public Enumeration elements() + { + return perms.elements(); + } + } // class PermissionsHash +} // class Permissions diff --git a/libjava/classpath/java/security/Policy.java b/libjava/classpath/java/security/Policy.java new file mode 100644 index 000000000..118626ea1 --- /dev/null +++ b/libjava/classpath/java/security/Policy.java @@ -0,0 +1,297 @@ +/* Policy.java --- Policy Manager Class + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.util.Collections; +import java.util.Enumeration; +import java.util.LinkedHashMap; +import java.util.Map; + +/** + * <code>Policy</code> is an abstract class for managing the system security + * policy for the Java application environment. It specifies which permissions + * are available for code from various sources. The security policy is + * represented through a subclass of <code>Policy</code>. + * + * <p>Only one <code>Policy</code> is in effect at any time. A + * {@link ProtectionDomain} initializes itself with information from this class + * on the set of permssions to grant.</p> + * + * <p>The location for the actual <code>Policy</code> could be anywhere in any + * form because it depends on the Policy implementation. The default system is + * in a flat ASCII file or it could be in a database.</p> + * + * <p>The current installed <code>Policy</code> can be accessed with + * {@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code + * has the correct permissions.</p> + * + * <p>The {@link #refresh()} method causes the <code>Policy</code> instance to + * refresh/reload its configuration. The method used to refresh depends on the + * <code>Policy</code> implementation.</p> + * + * <p>When a protection domain initializes its permissions, it uses code like + * the following:</p> + * + * <code> + * policy = Policy.getPolicy(); + * PermissionCollection perms = policy.getPermissions(myCodeSource); + * </code> + * + * <p>The protection domain passes the <code>Policy</code> handler a + * {@link CodeSource} instance which contains the codebase URL and a public key. + * The <code>Policy</code> implementation then returns the proper set of + * permissions for that {@link CodeSource}.</p> + * + * <p>The default <code>Policy</code> implementation can be changed by setting + * the "policy.provider" security provider in the "java.security" file to the + * correct <code>Policy</code> implementation class.</p> + * + * @author Mark Benvenuto + * @see CodeSource + * @see PermissionCollection + * @see SecureClassLoader + * @since 1.2 + */ +public abstract class Policy +{ + private static Policy currentPolicy; + + /** Map of ProtectionDomains to PermissionCollections for this instance. */ + private Map pd2pc = null; + + /** Constructs a new <code>Policy</code> object. */ + public Policy() + { + } + + /** + * Returns the currently installed <code>Policy</code> handler. The value + * should not be cached as it can be changed any time by + * {@link #setPolicy(Policy)}. + * + * @return the current <code>Policy</code>. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public static Policy getPolicy() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(new SecurityPermission("getPolicy")); + + return getCurrentPolicy(); + } + + /** + * Sets the <code>Policy</code> handler to a new value. + * + * @param policy + * the new <code>Policy</code> to use. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public static void setPolicy(Policy policy) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(new SecurityPermission("setPolicy")); + + setup(policy); + currentPolicy = policy; + } + + private static void setup(final Policy policy) + { + if (policy.pd2pc == null) + policy.pd2pc = Collections.synchronizedMap(new LinkedHashMap()); + + ProtectionDomain pd = policy.getClass().getProtectionDomain(); + if (pd.getCodeSource() != null) + { + PermissionCollection pc = null; + if (currentPolicy != null) + pc = currentPolicy.getPermissions(pd); + + if (pc == null) // assume it has all + { + pc = new Permissions(); + pc.add(new AllPermission()); + } + + policy.pd2pc.put(pd, pc); // add the mapping pd -> pc + } + } + + /** + * Ensures/forces loading of the configured policy provider, while bypassing + * the {@link SecurityManager} checks for <code>"getPolicy"</code> security + * permission. Needed by {@link ProtectionDomain}. + */ + static Policy getCurrentPolicy() + { + // FIXME: The class name of the Policy provider should really be sourced + // from the "java.security" configuration file. For now, just hard-code + // a stub implementation. + if (currentPolicy == null) + { + String pp = System.getProperty ("policy.provider"); + if (pp != null) + try + { + currentPolicy = (Policy) Class.forName(pp).newInstance(); + } + catch (Exception e) + { + // Ignored. + } + + if (currentPolicy == null) + currentPolicy = new gnu.java.security.provider.DefaultPolicy(); + } + return currentPolicy; + } + + /** + * Tests if <code>currentPolicy</code> is not <code>null</code>, + * thus allowing clients to not force loading of any policy + * provider; needed by {@link ProtectionDomain}. + */ + static boolean isLoaded() + { + return currentPolicy != null; + } + + /** + * Returns the set of Permissions allowed for a given {@link CodeSource}. + * + * @param codesource + * the {@link CodeSource} for which, the caller needs to find the + * set of granted permissions. + * @return a set of permissions for {@link CodeSource} specified by the + * current <code>Policy</code>. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public abstract PermissionCollection getPermissions(CodeSource codesource); + + /** + * Returns the set of Permissions allowed for a given {@link ProtectionDomain}. + * + * @param domain + * the {@link ProtectionDomain} for which, the caller needs to find + * the set of granted permissions. + * @return a set of permissions for {@link ProtectionDomain} specified by the + * current <code>Policy.</code>. + * @since 1.4 + * @see ProtectionDomain + * @see SecureClassLoader + */ + public PermissionCollection getPermissions(ProtectionDomain domain) + { + if (domain == null) + return new Permissions(); + + if (pd2pc == null) + setup(this); + + PermissionCollection result = (PermissionCollection) pd2pc.get(domain); + if (result != null) + { + Permissions realResult = new Permissions(); + for (Enumeration e = result.elements(); e.hasMoreElements(); ) + realResult.add((Permission) e.nextElement()); + + return realResult; + } + + result = getPermissions(domain.getCodeSource()); + if (result == null) + result = new Permissions(); + + PermissionCollection pc = domain.getPermissions(); + if (pc != null) + for (Enumeration e = pc.elements(); e.hasMoreElements(); ) + result.add((Permission) e.nextElement()); + + return result; + } + + /** + * Checks if the designated {@link Permission} is granted to a designated + * {@link ProtectionDomain}. + * + * @param domain + * the {@link ProtectionDomain} to test. + * @param permission + * the {@link Permission} to check. + * @return <code>true</code> if <code>permission</code> is implied by a + * permission granted to this {@link ProtectionDomain}. Returns + * <code>false</code> otherwise. + * @since 1.4 + * @see ProtectionDomain + */ + public boolean implies(ProtectionDomain domain, Permission permission) + { + if (pd2pc == null) + setup(this); + + PermissionCollection pc = (PermissionCollection) pd2pc.get(domain); + if (pc != null) + return pc.implies(permission); + + boolean result = false; + pc = getPermissions(domain); + if (pc != null) + { + result = pc.implies(permission); + pd2pc.put(domain, pc); + } + + return result; + } + + /** + * Causes this <code>Policy</code> instance to refresh / reload its + * configuration. The method used to refresh depends on the concrete + * implementation. + */ + public abstract void refresh(); +} diff --git a/libjava/classpath/java/security/Principal.java b/libjava/classpath/java/security/Principal.java new file mode 100644 index 000000000..6d9de6ccd --- /dev/null +++ b/libjava/classpath/java/security/Principal.java @@ -0,0 +1,85 @@ +/* Principal.java -- A security entity + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +/** + * This interface models an entity (such as a user or a certificate authority) + * for the purposes of applying the Java security model. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see X509Certificate + * @since 1.1 + * @status updated to 1.4 + */ +public interface Principal +{ + /** + * This method tests another <code>Principal</code> object for equality + * with this one. + * + * @param obj the Object to test for equality + * @return true if the specified <code>Principal</code> is equal + */ + boolean equals(Object obj); + + /** + * This method returns a <code>String</code> representation of this + * <code>Principal</code>. + * + * @return this <code>Principal</code> represented as a <code>String</code> + */ + String toString(); + + /** + * This method returns a hash code value for this <code>Principal</code>. + * Remember the contract of hashCode - two objects which compare as + * equals() must have the same hashCode(). + * + * @return a hash value + */ + int hashCode(); + + /** + * This method returns a <code>String</code> that names this + * <code>Principal</code>. + * + * @return the name of this <code>Principal</code> + */ + String getName(); +} // interface Principal diff --git a/libjava/classpath/java/security/PrivateKey.java b/libjava/classpath/java/security/PrivateKey.java new file mode 100644 index 000000000..70607c134 --- /dev/null +++ b/libjava/classpath/java/security/PrivateKey.java @@ -0,0 +1,62 @@ +/* PrivateKey.java -- tagging interface for all private keys + Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +/** + * This interface specified no methods. In simply provides a common + * super-interface for all algorithm specific private key values. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Key + * @see PublicKey + * @see Certificate + * @see Signature#initVerify(PublicKey) + * @see DSAPrivateKey + * @see RSAPrivateKey + * @see RSAPrivateCrtKey + * @since 1.1 + * @status updated to 1.4 + */ +public interface PrivateKey extends Key +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 6034044314589513430L; +} // interface PrivateKey diff --git a/libjava/classpath/java/security/PrivilegedAction.java b/libjava/classpath/java/security/PrivilegedAction.java new file mode 100644 index 000000000..1a51eaade --- /dev/null +++ b/libjava/classpath/java/security/PrivilegedAction.java @@ -0,0 +1,64 @@ +/* PrivilegedAction.java -- Perform a privileged action + Copyright (C) 1998, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This interface specifes a single <code>run</code> method that + * executes a privileged operation. This method is called by + * <code>AccessController.doPrivileged()</code> after that method + * activiates the required privileges. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see AccessController + * @see PrivilegedExceptionAction + * @since 1.1 + * @status updated to 1.5 + */ +public interface PrivilegedAction<T> +{ + /** + * This method performs an operation that requires higher privileges to + * perform. It is called when a section of code invokes + * <code>AccessController.doPrivileged()</code>. + * + * @return obj An implementation dependent return value + * @see AccessController#doPrivileged(PrivilegedAction) + * @see AccessController#doPrivileged(PrivilegedAction, AccessControlContext) + */ + T run(); +} // interface PrivilegedAction diff --git a/libjava/classpath/java/security/PrivilegedActionException.java b/libjava/classpath/java/security/PrivilegedActionException.java new file mode 100644 index 000000000..3f08c8130 --- /dev/null +++ b/libjava/classpath/java/security/PrivilegedActionException.java @@ -0,0 +1,109 @@ +/* PrivilegedActionException.java -- wrap an exception in a privileged action + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when an exception is thrown during a + * privileged action being performed with the + * <code>AccessController.doPrivileged()</code> method. It wraps the + * actual exception thrown in the privileged code. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @see PrivilegedExceptionAction + * @see AccessController#doPrivileged(PrivilegedExceptionAction) + * @see AccessController#doPrivileged(PrivilegedExceptionAction, AccessControlContext) + * @status updated to 1.4 + */ +public class PrivilegedActionException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 4724086851538908602L; + + /** + * This is the actual exception that occurred. + * + * @serial the wrapped exception + */ + private Exception exception; + + /** + * Create a new instance that wraps the specified <code>Exception</code>. + * + * @param e the <code>Exception</code> to wrap + */ + public PrivilegedActionException(Exception e) + { + super(e); + exception = e; + } + + /** + * Get the underlying <code>Exception</code> that caused this one. This + * is a legacy method, the preferred way is {@link #getCause()}. + * + * @return the cause + */ + public Exception getException() + { + return exception; + } + + /** + * Gets the cause of this exception. + * + * @return the cause + * @since 1.4 + */ + public Throwable getCause() + { + return exception; + } + + /** + * Convert this to a String. + * + * @return the string representation + */ + public String toString() + { + return super.toString(); + } +} diff --git a/libjava/classpath/java/security/PrivilegedExceptionAction.java b/libjava/classpath/java/security/PrivilegedExceptionAction.java new file mode 100644 index 000000000..351438e0b --- /dev/null +++ b/libjava/classpath/java/security/PrivilegedExceptionAction.java @@ -0,0 +1,65 @@ +/* PrivilegedExceptionAction.java -- Perform a privileged operation + Copyright (C) 1998, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This interface defines a method that is called by + * <code>AccessController.doPrivileged()</code> in order to perform a + * privileged operation with higher privileges enabled. This interface + * differs from <code>PrivilegedAction</code> in that the <code>run</code> + * method in this interface may throw a checked exception. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.1 + * @status updated to 1.5 + */ +public interface PrivilegedExceptionAction<T> +{ + /** + * This method performs an operation that requires higher privileges to + * successfully complete. It is called when a section of code invokes + * <code>AccessController.doPrivileged()</code>. + * + * @return obj An implementation defined return value + * @throws Exception An implementation specific exception + * @see AccessController#doPrivileged(PrivilegedExceptionAction) + * @see AccessController#doPrivileged(PrivilegedExceptionAction, + * AccessControlContext) + */ + T run() throws Exception; +} // interface PrivilegedExceptionAction diff --git a/libjava/classpath/java/security/ProtectionDomain.java b/libjava/classpath/java/security/ProtectionDomain.java new file mode 100644 index 000000000..d5d657d61 --- /dev/null +++ b/libjava/classpath/java/security/ProtectionDomain.java @@ -0,0 +1,252 @@ +/* ProtectionDomain.java -- A security domain + Copyright (C) 1998, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.classpath.SystemProperties; + +import gnu.java.lang.CPStringBuilder; + +/** + * This class represents a group of classes, along with their granted + * permissions. The classes are identified by a {@link CodeSource}. Thus, any + * class loaded from the specified {@link CodeSource} is treated as part of + * this domain. The set of permissions is represented by an instance of + * {@link PermissionCollection}. + * + * <p>Every class in the system will belong to one and only one + * <code>ProtectionDomain</code>.</p> + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @version 0.0 + */ +public class ProtectionDomain +{ + /** This is the <code>CodeSource</code> for this protection domain. */ + private CodeSource code_source; + + /** This is the set of permissions granted to this domain. */ + private PermissionCollection perms; + + /** The {@link ClassLoader} associated with this domain. */ + private ClassLoader classloader; + + /** The array of Principals associated with this domain.. */ + private Principal[] principals; + + /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */ + private boolean staticBinding; + + /** + * Initializes a new instance of <code>ProtectionDomain</code> representing + * the specified {@link CodeSource} and set of permissions. No permissions + * can be added later to the {@link PermissionCollection} and this contructor + * will call the <code>setReadOnly</code> method on the specified set of + * permissions. + * + * @param codesource + * The {@link CodeSource} for this domain. + * @param permissions + * The set of permissions for this domain. + * @see PermissionCollection#setReadOnly() + */ + public ProtectionDomain(CodeSource codesource, PermissionCollection permissions) + { + this(codesource, permissions, null, null, true); + } + + /** + * This method initializes a new instance of <code>ProtectionDomain</code> + * given its {@link CodeSource}, granted permissions, associated + * {@link ClassLoader} and {@link Principal}s. + * + * <p>Similar to the previous constructor, if the designated set of + * permissions is not <code>null</code>, the <code>setReadOnly</code> method + * is called on that set.</p> + * + * @param codesource + * The {@link CodeSource} for this domain. + * @param permissions + * The permission set for this domain. + * @param classloader + * the ClassLoader associated with this domain. + * @param principals + * the array of {@link Principal}s associated with this domain. + * @since 1.4 + * @see PermissionCollection#setReadOnly() + */ + public ProtectionDomain(CodeSource codesource, + PermissionCollection permissions, + ClassLoader classloader, Principal[] principals) + { + this(codesource, permissions, classloader, principals, false); + } + + private ProtectionDomain(CodeSource codesource, + PermissionCollection permissions, + ClassLoader classloader, Principal[] principals, + boolean staticBinding) + { + super(); + + code_source = codesource; + if (permissions != null) + { + perms = permissions; + perms.setReadOnly(); + } + + this.classloader = classloader; + this.principals = + (principals != null ? (Principal[]) principals.clone() : new Principal[0]); + this.staticBinding = staticBinding; + } + + /** + * Returns the {@link CodeSource} of this domain. + * + * @return the {@link CodeSource} of this domain. + * @since 1.2 + */ + public final CodeSource getCodeSource() + { + return code_source; + } + + /** + * Returns the {@link ClassLoader} of this domain. + * + * @return the {@link ClassLoader} of this domain. + * @since 1.4 + */ + public final ClassLoader getClassLoader() + { + return this.classloader; + } + + /** + * Returns a clone of the {@link Principal}s of this domain. + * + * @return a clone of the {@link Principal}s of this domain. + * @since 1.4 + */ + public final Principal[] getPrincipals() + { + return (Principal[]) principals.clone(); + } + + /** + * Returns the {@link PermissionCollection} of this domain. + * + * @return The {@link PermissionCollection} of this domain. + */ + public final PermissionCollection getPermissions() + { + return perms; + } + + /** + * Tests whether or not the specified {@link Permission} is implied by the + * set of permissions granted to this domain. + * + * @param permission + * the {@link Permission} to test. + * @return <code>true</code> if the specified {@link Permission} is implied + * for this domain, <code>false</code> otherwise. + */ + public boolean implies(Permission permission) + { + if (staticBinding) + return (perms == null ? false : perms.implies(permission)); + // Else dynamically bound. Do we have it? + // NOTE: this will force loading of Policy.currentPolicy + return Policy.getCurrentPolicy().implies(this, permission); + } + + /** + * Returns a string representation of this object. It will include the + * {@link CodeSource} and set of permissions associated with this domain. + * + * @return A string representation of this object. + */ + public String toString() + { + String linesep = SystemProperties.getProperty("line.separator"); + CPStringBuilder sb = new CPStringBuilder("ProtectionDomain (").append(linesep); + + if (code_source == null) + sb.append("CodeSource:null"); + else + sb.append(code_source); + + sb.append(linesep); + if (classloader == null) + sb.append("ClassLoader:null"); + else + sb.append(classloader); + + sb.append(linesep); + sb.append("Principals:"); + if (principals != null && principals.length > 0) + { + sb.append("["); + Principal pal; + for (int i = 0; i < principals.length; i++) + { + pal = principals[i]; + sb.append("'").append(pal.getName()) + .append("' of type ").append(pal.getClass().getName()); + if (i < principals.length-1) + sb.append(", "); + } + sb.append("]"); + } + else + sb.append("none"); + + sb.append(linesep); + if (!staticBinding) // include all but dont force loading Policy.currentPolicy + if (Policy.isLoaded()) + sb.append(Policy.getCurrentPolicy().getPermissions(this)); + else // fallback on this one's permissions + sb.append(perms); + else + sb.append(perms); + + return sb.append(linesep).append(")").append(linesep).toString(); + } +} diff --git a/libjava/classpath/java/security/Provider.java b/libjava/classpath/java/security/Provider.java new file mode 100644 index 000000000..b1d6d9ce2 --- /dev/null +++ b/libjava/classpath/java/security/Provider.java @@ -0,0 +1,218 @@ +/* Provider.java -- Security provider information + Copyright (C) 1998, 1999, 2000, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.io.Serializable; +import java.util.Properties; + +/** + * This class represents a Java security architecture service provider. The + * services provided by a such a provider can range from security algorithms to + * key generation. + * <p> + * Providers are installed by name and version number. See the static + * initializer of the {@link java.security.Security} class for the default + * security providers installed by this class library. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public abstract class Provider + extends Properties + implements Serializable +{ + private static final long serialVersionUID = -4298000515446427739L; + + /** + * This is a textual description of the provider + */ + private String info; + + /** + * This is the name of the provider + */ + private String name; + + /** + * This is the version number of the provider + */ + private double version; + + /** + * This method initializes a new instance of <code>Provider</code> to have + * the specified name, version, and description information. + * + * @param name The name to assign to this <code>Provider</code>. + * @param version The version number for this <code>Provider</code>. + * @param info A textual description of this provider. + */ + protected Provider(String name, double version, String info) + { + this.name = name; + this.version = version; + this.info = info; + } + + /** + * This method returns the name assigned to this <code>Provider</code>. + * + * @return The <code>Provider</code>'s name. + */ + public String getName() + { + return (name); + } + + /** + * This method retunrs the version number of this <code>Provider</code>. + * + * @return The <code>Provider</code>'s version number. + */ + public double getVersion() + { + return (version); + } + + /** + * This method returns a textual description of the <code>Provider</code>. + * + * @return A description of the <code>Provider</code>. + */ + public String getInfo() + { + return (info); + } + + /** + * Maps a key property to a designated value. + * <p> + * If there is an installed {@link SecurityManager} object in the underlying + * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is + * called with the string <code>"putProviderProperty." + name</code>, where + * <code>name</code> is this provider's name. For the default implementation + * this translates into a {@link SecurityManager#checkPermission(Permission)} + * for a <code>SecurityPermission("putProviderProperty." + name)</code>. + * + * @param key The property key. + * @param value The property value. + * @return The previous value of the specified property (<code>key</code>), + * or <code>null</code> if it did not have one. + * @throws SecurityException If a security manager is installed and its + * {@link SecurityManager#checkSecurityAccess(String)} method + * disallows adding properties at run-time. + * @since Classpath 0.4+cvs, JDK 1.2 + * @see java.lang.Object#equals(Object) + * @see java.util.Hashtable#get(Object) + */ + public Object put(Object key, Object value) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("putProviderProperty." + this.name); + return super.put(toCanonicalKey(key), value); + } + + // overrides same in java.util.Hashtable + public Object get(Object key) + { + return super.get(toCanonicalKey(key)); + } + + /** + * This method removes the specified key entry (and its associated value) + * from the property mapping collection. + * <p> + * If there is an installed {@link SecurityManager} object in the underlying + * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is + * called with the string <code>"removeProviderProperty." + name</code>, where + * <code>name</code> is this provider's name. For the default implementation + * this translates into a {@link SecurityManager#checkPermission(Permission)} + * for a <code>SecurityPermission("removeProviderProperty." + name)</code>. + * + * @param key The key to remove + * @return The previous value for this key, or <code>null</code> if no + * previous value. + */ + public Object remove(Object key) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("removeProviderProperty." + this.name); + return super.remove(toCanonicalKey(key)); + } + + /** + * This method clears the entire property collection such that it no longer + * contains the properties used to look up the services provided by + * this <code>Provider</code>. + * <p> + * If there is an installed {@link SecurityManager} object in the underlying + * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is + * called with the string <code>"clearProviderProperties." + name</code>, + * where <code>name</code> is this provider's name. For the default + * implementation this translates into a + * {@link SecurityManager#checkPermission(Permission)} for a + * <code>SecurityPermission("clearProviderProperties." + name)</code>. + */ + public void clear() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("clearProviderProperties." + this.name); + super.clear(); + } + + /** + * This method returns a <code>String</code> representation of this + * object. This will include the <code>Provider</code> name and + * version number. + * + * @return A <code>String</code> representation of this object. + */ + public String toString() + { + return (getClass().getName() + ": name=" + getName() + " version=" + + version); + } + + private Object toCanonicalKey(Object key) + { + if (key.getClass().isAssignableFrom(String.class)) // is it ours? + return ((String) key).toUpperCase(); // use default locale + return key; + } +} diff --git a/libjava/classpath/java/security/ProviderException.java b/libjava/classpath/java/security/ProviderException.java new file mode 100644 index 000000000..a2b469a6a --- /dev/null +++ b/libjava/classpath/java/security/ProviderException.java @@ -0,0 +1,92 @@ +/* ProviderException.java -- Generic security provider runtime exception + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception indicates that a runtime problem was encounterd with + * a security provider. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class ProviderException extends RuntimeException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5256023526693665674L; + + /** + * Create an instance with no descriptive error message. + */ + public ProviderException() + { + } + + /** + * Create an instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public ProviderException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public ProviderException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public ProviderException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/PublicKey.java b/libjava/classpath/java/security/PublicKey.java new file mode 100644 index 000000000..9bf145840 --- /dev/null +++ b/libjava/classpath/java/security/PublicKey.java @@ -0,0 +1,60 @@ +/* PublicKey.java -- tagging interface for all public keys + Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This interface specified no methods. In simply provides a common + * super-interface for all algorithm specific public key values. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Key + * @see PrivateKey + * @see Certificate + * @see Signature#initVerify(PublicKey) + * @see DSAPublicKey + * @see RSAPublicKey + * @since 1.1 + * @status updated to 1.4 + */ +public interface PublicKey extends Key +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 7187392471159151072L; +} // interface PublicKey diff --git a/libjava/classpath/java/security/SecureClassLoader.java b/libjava/classpath/java/security/SecureClassLoader.java new file mode 100644 index 000000000..1480b7116 --- /dev/null +++ b/libjava/classpath/java/security/SecureClassLoader.java @@ -0,0 +1,148 @@ +/* SecureClassLoader.java --- A Secure Class Loader + Copyright (C) 1999, 2004, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.nio.ByteBuffer; +import java.util.HashMap; + +/** + * A Secure Class Loader for loading classes with additional + * support for specifying code source and permissions when + * they are retrieved by the system policy handler. + * + * @since 1.2 + * + * @author Mark Benvenuto + */ +public class SecureClassLoader extends ClassLoader +{ + private final HashMap<CodeSource,ProtectionDomain> protectionDomainCache + = new HashMap<CodeSource, ProtectionDomain>(); + + protected SecureClassLoader(ClassLoader parent) + { + super(parent); + } + + protected SecureClassLoader() + { + } + + /** + * Creates a class using an array of bytes and a + * CodeSource. + * + * @param name the name to give the class. null if unknown. + * @param b the data representing the classfile, in classfile format. + * @param off the offset into the data where the classfile starts. + * @param len the length of the classfile data in the array. + * @param cs the CodeSource for the class or null when unknown. + * + * @return the class that was defined and optional CodeSource. + * + * @exception ClassFormatError if the byte array is not in proper classfile format. + */ + protected final Class<?> defineClass(String name, byte[] b, int off, int len, + CodeSource cs) + { + return super.defineClass(name, b, off, len, getProtectionDomain(cs)); + } + + /** + * Creates a class using an ByteBuffer and a + * CodeSource. + * + * @param name the name to give the class. null if unknown. + * @param b the data representing the classfile, in classfile format. + * @param cs the CodeSource for the class or null when unknown. + * + * @return the class that was defined and optional CodeSource. + * + * @exception ClassFormatError if the byte array is not in proper classfile format. + * + * @since 1.5 + */ + protected final Class<?> defineClass(String name, ByteBuffer b, CodeSource cs) + { + return super.defineClass(name, b, getProtectionDomain(cs)); + } + + /* Lookup or create a protection domain for the CodeSource, + * if CodeSource is null it will return null. */ + private ProtectionDomain getProtectionDomain(CodeSource cs) + { + ProtectionDomain protectionDomain = null; + if (cs != null) + { + synchronized (protectionDomainCache) + { + protectionDomain = protectionDomainCache.get(cs); + } + + if (protectionDomain == null) + { + protectionDomain + = new ProtectionDomain(cs, getPermissions(cs), this, null); + synchronized (protectionDomainCache) + { + ProtectionDomain domain = protectionDomainCache.get(cs); + if (domain == null) + protectionDomainCache.put(cs, protectionDomain); + else + protectionDomain = domain; + } + } + } + return protectionDomain; + } + + /** + * Returns a PermissionCollection for the specified CodeSource. + * The default implementation invokes + * java.security.Policy.getPermissions. + * + * This method is called by defineClass that takes a CodeSource + * argument to build a proper ProtectionDomain for the class + * being defined. + */ + protected PermissionCollection getPermissions(CodeSource cs) + { + Policy policy = Policy.getCurrentPolicy(); + return policy.getPermissions(cs); + } +} diff --git a/libjava/classpath/java/security/SecureRandom.java b/libjava/classpath/java/security/SecureRandom.java new file mode 100644 index 000000000..abf4ff308 --- /dev/null +++ b/libjava/classpath/java/security/SecureRandom.java @@ -0,0 +1,420 @@ +/* SecureRandom.java --- Secure Random class implementation + Copyright (C) 1999, 2001, 2002, 2003, 2005, 2006 + Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.classpath.SystemProperties; +import gnu.java.lang.CPStringBuilder; +import gnu.java.security.Engine; +import gnu.java.security.action.GetSecurityPropertyAction; +import gnu.java.security.jce.prng.SecureRandomAdapter; +import gnu.java.security.jce.prng.Sha160RandomSpi; + +import java.io.IOException; +import java.io.InputStream; +import java.lang.reflect.InvocationTargetException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Enumeration; +import java.util.Random; +import java.util.logging.Level; +import java.util.logging.Logger; + +/** + * An interface to a cryptographically secure pseudo-random number + * generator (PRNG). Random (or at least unguessable) numbers are used + * in all areas of security and cryptography, from the generation of + * keys and initialization vectors to the generation of random padding + * bytes. + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + * @author Casey Marshall + */ +public class SecureRandom extends Random +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for PRNGs. */ + private static final String SECURE_RANDOM = "SecureRandom"; + + private static final long serialVersionUID = 4940670005562187L; + + //Serialized Field + long counter = 0; //Serialized + Provider provider = null; + byte[] randomBytes = null; //Always null + int randomBytesUsed = 0; + SecureRandomSpi secureRandomSpi = null; + byte[] state = null; + private String algorithm; + + private boolean isSeeded = false; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + Default constructor for SecureRandom. It constructs a + new SecureRandom by instantating the first SecureRandom + algorithm in the default security provier. + + It is not seeded and should be seeded using setSeed or else + on the first call to getnextBytes it will force a seed. + + It is maintained for backwards compatibility and programs + should use {@link #getInstance(java.lang.String)}. + */ + public SecureRandom() + { + Provider[] p = Security.getProviders(); + + //Format of Key: SecureRandom.algname + String key; + + String classname = null; + int i; + Enumeration e; + for (i = 0; i < p.length; i++) + { + e = p[i].propertyNames(); + while (e.hasMoreElements()) + { + key = (String) e.nextElement(); + if (key.startsWith("SECURERANDOM.")) + { + if ((classname = p[i].getProperty(key)) != null) + { + try + { + secureRandomSpi = (SecureRandomSpi) Class. + forName(classname).newInstance(); + provider = p[i]; + algorithm = key.substring(13); // Minus SecureRandom. + return; + } + catch (ThreadDeath death) + { + throw death; + } + catch (Throwable t) + { + // Ignore. + } + } + } + } + } + + // Nothing found. Fall back to SHA1PRNG + secureRandomSpi = new Sha160RandomSpi(); + algorithm = "Sha160"; + } + + /** + A constructor for SecureRandom. It constructs a new + SecureRandom by instantating the first SecureRandom algorithm + in the default security provier. + + It is seeded with the passed function and is useful if the user + has access to hardware random device (like a radiation detector). + + It is maintained for backwards compatibility and programs + should use getInstance. + + @param seed Seed bytes for class + */ + public SecureRandom(byte[] seed) + { + this(); + setSeed(seed); + } + + /** + A constructor for SecureRandom. It constructs a new + SecureRandom using the specified SecureRandomSpi from + the specified security provier. + + @param secureRandomSpi A SecureRandomSpi class + @param provider A Provider class + */ + protected SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider) + { + this(secureRandomSpi, provider, "unknown"); + } + + /** + * Private constructor called from the getInstance() method. + */ + private SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider, + String algorithm) + { + this.secureRandomSpi = secureRandomSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** + * Returns an instance of a <code>SecureRandom</code> from the first provider + * that implements it. + * + * @param algorithm The algorithm name. + * @return A new <code>SecureRandom</code> implementing the given algorithm. + * @throws NoSuchAlgorithmException If no installed provider implements the + * given algorithm. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static SecureRandom getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of a <code>SecureRandom</code> for the specified + * algorithm from the named provider. + * + * @param algorithm The algorithm name. + * @param provider The provider name. + * @return A new <code>SecureRandom</code> implementing the chosen + * algorithm. + * @throws NoSuchAlgorithmException If the named provider does not implement + * the algorithm, or if the implementation cannot be instantiated. + * @throws NoSuchProviderException If no provider named <code>provider</code> + * is currently installed. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code> or empty. + */ + public static SecureRandom getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of a <code>SecureRandom</code> for the specified + * algorithm from the given provider. + * + * @param algorithm The <code>SecureRandom</code> algorithm to create. + * @param provider The provider to use. + * @throws NoSuchAlgorithmException If the algorithm cannot be found, or if + * the class cannot be instantiated. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static SecureRandom getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("SecureRandom for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(SECURE_RANDOM, algorithm, provider); + return new SecureRandom((SecureRandomSpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + Returns the provider being used by the current SecureRandom class. + + @return The provider from which this SecureRandom was attained + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the algorithm name used or "unknown" when the algorithm + * used couldn't be determined (as when constructed by the protected + * 2 argument constructor). + * + * @since 1.5 + */ + public String getAlgorithm() + { + return algorithm; + } + + /** + Seeds the SecureRandom. The class is re-seeded for each call and + each seed builds on the previous seed so as not to weaken security. + + @param seed seed bytes to seed with + */ + public void setSeed(byte[] seed) + { + secureRandomSpi.engineSetSeed(seed); + isSeeded = true; + } + + /** + Seeds the SecureRandom. The class is re-seeded for each call and + each seed builds on the previous seed so as not to weaken security. + + @param seed 8 seed bytes to seed with + */ + public void setSeed(long seed) + { + // This particular setSeed will be called by Random.Random(), via + // our own constructor, before secureRandomSpi is initialized. In + // this case we can't call a method on secureRandomSpi, and we + // definitely don't want to throw a NullPointerException. + // Therefore we test. + if (secureRandomSpi != null) + { + byte[] tmp = { (byte) (0xff & (seed >> 56)), + (byte) (0xff & (seed >> 48)), + (byte) (0xff & (seed >> 40)), + (byte) (0xff & (seed >> 32)), + (byte) (0xff & (seed >> 24)), + (byte) (0xff & (seed >> 16)), + (byte) (0xff & (seed >> 8)), + (byte) (0xff & seed) + }; + secureRandomSpi.engineSetSeed(tmp); + isSeeded = true; + } + } + + /** + Generates a user specified number of bytes. This function + is the basis for all the random functions. + + @param bytes array to store generated bytes in + */ + public void nextBytes(byte[] bytes) + { + if (!isSeeded) + setSeed(getSeed(32)); + randomBytesUsed += bytes.length; + counter++; + secureRandomSpi.engineNextBytes(bytes); + } + + /** + Generates an integer containing the user specified + number of random bits. It is right justified and padded + with zeros. + + @param numBits number of random bits to get, 0 <= numBits <= 32; + + @return the random bits + */ + protected final int next(int numBits) + { + if (numBits == 0) + return 0; + + byte[] tmp = new byte[(numBits + 7) / 8]; + this.nextBytes(tmp); + int ret = 0; + for (int i = 0; i < tmp.length; i++) + ret |= (tmp[i] & 0xFF) << (8 * i); + + long mask = (1L << numBits) - 1; + return (int) (ret & mask); + } + + /** + Returns the given number of seed bytes. This method is + maintained only for backwards capability. + + @param numBytes number of seed bytes to get + + @return an array containing the seed bytes + */ + public static byte[] getSeed(int numBytes) + { + return SecureRandomAdapter.getSeed(numBytes); + } + + /** + Returns the specified number of seed bytes. + + @param numBytes number of seed bytes to get + + @return an array containing the seed bytes + */ + public byte[] generateSeed(int numBytes) + { + return secureRandomSpi.engineGenerateSeed(numBytes); + } + +} diff --git a/libjava/classpath/java/security/SecureRandomSpi.java b/libjava/classpath/java/security/SecureRandomSpi.java new file mode 100644 index 000000000..08488ced7 --- /dev/null +++ b/libjava/classpath/java/security/SecureRandomSpi.java @@ -0,0 +1,85 @@ +/* SecureRandomSpi.java --- Secure Random Service Provider Interface + Copyright (C) 1999, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; +import java.io.Serializable; + +/** + SecureRandomSpi is the Service Provider Interface for SecureRandom + providers. It provides an interface for providers to the + SecureRandom engine to write their own pseudo-random number + generator. + + @since JDK 1.2 + + @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public abstract class SecureRandomSpi implements Serializable +{ + private static final long serialVersionUID = -2991854161009191830L; + + /** + Default Constructor for SecureRandomSpi + */ + public SecureRandomSpi() + { + } + + /** + Updates the seed for SecureRandomSpi but does not reset seed. + It does to this so repeated called never decrease randomness. + */ + protected abstract void engineSetSeed(byte[] seed); + + /** + Gets a user specified number of bytes depending on the length + of the array? + + @param bytes array to fill with random bytes + */ + protected abstract void engineNextBytes(byte[] bytes); + + /** + Gets a user specified number of bytes specified by the + parameter. + + @param numBytes number of random bytes to generate + + @return an array full of random bytes + */ + protected abstract byte[] engineGenerateSeed(int numBytes); +} diff --git a/libjava/classpath/java/security/Security.java b/libjava/classpath/java/security/Security.java new file mode 100644 index 000000000..6cd98b0fb --- /dev/null +++ b/libjava/classpath/java/security/Security.java @@ -0,0 +1,711 @@ +/* Security.java --- Java base security class implementation + Copyright (C) 1999, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.classpath.SystemProperties; + +import gnu.classpath.Configuration; +import gnu.classpath.VMStackWalker; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.Collections; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.Map; +import java.util.Properties; +import java.util.Set; +import java.util.Vector; + +/** + * This class centralizes all security properties and common security methods. + * One of its primary uses is to manage security providers. + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public final class Security +{ + private static final String ALG_ALIAS = "Alg.Alias."; + + private static Vector providers = new Vector(); + private static Properties secprops = new Properties(); + + static + { + String base = SystemProperties.getProperty("gnu.classpath.home.url"); + String vendor = SystemProperties.getProperty("gnu.classpath.vm.shortname"); + + // Try VM specific security file + boolean loaded = loadProviders (base, vendor); + + // Append classpath standard provider if possible + if (!loadProviders (base, "classpath") + && !loaded + && providers.size() == 0) + { + if (Configuration.DEBUG) + { + /* No providers found and both security files failed to + * load properly. Give a warning in case of DEBUG is + * enabled. Could be done with java.util.logging later. + */ + System.err.println + ("WARNING: could not properly read security provider files:"); + System.err.println + (" " + base + "/security/" + vendor + + ".security"); + System.err.println + (" " + base + "/security/" + "classpath" + + ".security"); + System.err.println + (" Falling back to standard GNU security provider"); + } + // Note that this matches our classpath.security file. + providers.addElement (new gnu.java.security.provider.Gnu()); + providers.addElement(new gnu.javax.crypto.jce.GnuCrypto()); + providers.addElement(new gnu.javax.crypto.jce.GnuSasl()); + providers.addElement(new gnu.javax.net.ssl.provider.Jessie()); + providers.addElement(new gnu.javax.security.auth.callback.GnuCallbacks()); + } + } + // This class can't be instantiated. + private Security() + { + } + + /** + * Tries to load the vender specific security providers from the given base + * URL. Returns true if the resource could be read and completely parsed + * successfully, false otherwise. + */ + private static boolean loadProviders(String baseUrl, String vendor) + { + if (baseUrl == null || vendor == null) + return false; + + boolean result = true; + String secfilestr = baseUrl + "/security/" + vendor + ".security"; + try + { + InputStream fin = new URL(secfilestr).openStream(); + secprops.load(fin); + + int i = 1; + String name; + while ((name = secprops.getProperty("security.provider." + i)) != null) + { + Exception exception = null; + try + { + ClassLoader sys = ClassLoader.getSystemClassLoader(); + providers.addElement(Class.forName(name, true, sys).newInstance()); + } + catch (ClassNotFoundException x) + { + exception = x; + } + catch (InstantiationException x) + { + exception = x; + } + catch (IllegalAccessException x) + { + exception = x; + } + + if (exception != null) + { + System.err.println ("WARNING: Error loading security provider " + + name + ": " + exception); + result = false; + } + i++; + } + } + catch (IOException ignored) + { + result = false; + } + + return result; + } + + /** + * Returns the value associated to a designated property name for a given + * algorithm. + * + * @param algName + * the algorithm name. + * @param propName + * the name of the property to return. + * @return the value of the specified property or <code>null</code> if none + * found. + * @deprecated Use the provider-based and algorithm-independent + * {@link AlgorithmParameters} and {@link KeyFactory} engine + * classes instead. + */ + public static String getAlgorithmProperty(String algName, String propName) + { + if (algName == null || propName == null) + return null; + + String property = String.valueOf(propName) + "." + String.valueOf(algName); + Provider p; + for (Iterator i = providers.iterator(); i.hasNext(); ) + { + p = (Provider) i.next(); + for (Iterator j = p.keySet().iterator(); j.hasNext(); ) + { + String key = (String) j.next(); + if (key.equalsIgnoreCase(property)) + return p.getProperty(key); + } + } + return null; + } + + /** + * Inserts a new designated {@link Provider} at a designated (1-based) + * position in the current list of installed {@link Provider}s, + * + * @param provider + * the new {@link Provider} to add. + * @param position + * the position (starting from 1) of where to install + * <code>provider</code>. + * @return the actual position, in the list of installed Providers. Returns + * <code>-1</code> if <code>provider</code> was laready in the + * list. The actual position may be different than the desired + * <code>position</code>. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #getProvider(String) + * @see #removeProvider(String) + * @see SecurityPermission + */ + public static int insertProviderAt(Provider provider, int position) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("insertProvider." + provider.getName()); + + position--; + int max = providers.size (); + for (int i = 0; i < max; i++) + { + if (((Provider) providers.elementAt(i)).getName().equals(provider.getName())) + return -1; + } + + if (position < 0) + position = 0; + if (position > max) + position = max; + + providers.insertElementAt(provider, position); + + return position + 1; + } + + /** + * Appends the designated new {@link Provider} to the current list of + * installed {@link Provider}s. + * + * @param provider + * the new {@link Provider} to append. + * @return the position (starting from 1) of <code>provider</code> in the + * current list of {@link Provider}s, or <code>-1</code> if + * <code>provider</code> was already there. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #getProvider(String) + * @see #removeProvider(String) + * @see SecurityPermission + */ + public static int addProvider(Provider provider) + { + return insertProviderAt (provider, providers.size () + 1); + } + + /** + * Removes an already installed {@link Provider}, given its name, from the + * current list of installed {@link Provider}s. + * + * @param name + * the name of an already installed {@link Provider} to remove. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #getProvider(String) + * @see #addProvider(Provider) + */ + public static void removeProvider(String name) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("removeProvider." + name); + + int max = providers.size (); + for (int i = 0; i < max; i++) + { + if (((Provider) providers.elementAt(i)).getName().equals(name)) + { + providers.remove(i); + break; + } + } + } + + /** + * Returns the current list of installed {@link Provider}s as an array + * ordered according to their installation preference order. + * + * @return an array of all the installed providers. + */ + public static Provider[] getProviders() + { + Provider[] array = new Provider[providers.size ()]; + providers.copyInto (array); + return array; + } + + /** + * Returns an already installed {@link Provider} given its name. + * + * @param name + * the name of an already installed {@link Provider}. + * @return the {@link Provider} known by <code>name</code>. Returns + * <code>null</code> if the current list of {@link Provider}s does + * not include one named <code>name</code>. + * @see #removeProvider(String) + * @see #addProvider(Provider) + */ + public static Provider getProvider(String name) + { + if (name == null) + return null; + else + { + name = name.trim(); + if (name.length() == 0) + return null; + } + Provider p; + int max = providers.size (); + for (int i = 0; i < max; i++) + { + p = (Provider) providers.elementAt(i); + if (p.getName().equals(name)) + return p; + } + return null; + } + + /** + * Returns the value associated with a Security propery. + * + * @param key + * the key of the property to fetch. + * @return the value of the Security property associated with + * <code>key</code>. Returns <code>null</code> if no such property + * was found. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #setProperty(String, String) + * @see SecurityPermission + */ + public static String getProperty(String key) + { + // XXX To prevent infinite recursion when the SecurityManager calls us, + // don't do a security check if the caller is trusted (by virtue of having + // been loaded by the bootstrap class loader). + SecurityManager sm = System.getSecurityManager(); + if (sm != null && VMStackWalker.getCallingClassLoader() != null) + sm.checkSecurityAccess("getProperty." + key); + + return secprops.getProperty(key); + } + + /** + * Sets or changes a designated Security property to a designated value. + * + * @param key + * the name of the property to set. + * @param datum + * the new value of the property. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #getProperty(String) + * @see SecurityPermission + */ + public static void setProperty(String key, String datum) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setProperty." + key); + + if (datum == null) + secprops.remove(key); + else + secprops.put(key, datum); + } + + /** + * For a given <i>service</i> (e.g. Signature, MessageDigest, etc...) this + * method returns the {@link Set} of all available algorithm names (instances + * of {@link String}, from all currently installed {@link Provider}s. + * + * @param serviceName + * the case-insensitive name of a service (e.g. Signature, + * MessageDigest, etc). + * @return a {@link Set} of {@link String}s containing the names of all + * algorithm names provided by all of the currently installed + * {@link Provider}s. + * @since 1.4 + */ + public static Set<String> getAlgorithms(String serviceName) + { + HashSet<String> result = new HashSet<String>(); + if (serviceName == null || serviceName.length() == 0) + return result; + + serviceName = serviceName.trim(); + if (serviceName.length() == 0) + return result; + + serviceName = serviceName.toUpperCase()+"."; + Provider[] providers = getProviders(); + int ndx; + for (int i = 0; i < providers.length; i++) + for (Enumeration e = providers[i].propertyNames(); e.hasMoreElements(); ) + { + String service = ((String) e.nextElement()).trim(); + if (service.toUpperCase().startsWith(serviceName)) + { + service = service.substring(serviceName.length()).trim(); + ndx = service.indexOf(' '); // get rid of attributes + if (ndx != -1) + service = service.substring(0, ndx); + result.add(service); + } + } + return Collections.unmodifiableSet(result); + } + + /** + * Returns an array of currently installed {@link Provider}s, ordered + * according to their installation preference order, which satisfy a given + * <i>selection</i> criterion. + * + * <p>This implementation recognizes a <i>selection</i> criterion written in + * one of two following forms:</p> + * + * <ul> + * <li><crypto_service>.<algorithm_or_type>: Where + * <i>crypto_service</i> is a case-insensitive string, similar to what has + * been described in the {@link #getAlgorithms(String)} method, and + * <i>algorithm_or_type</i> is a known case-insensitive name of an + * Algorithm, or one of its aliases. + * + * <p>For example, "CertificateFactory.X.509" would return all the installed + * {@link Provider}s which provide a <i>CertificateFactory</i> + * implementation of <i>X.509</i>.</p></li> + * + * <li><crypto_service>.<algorithm_or_type> <attribute_name>:<value>: + * Where <i>crypto_service</i> is a case-insensitive string, similar to what + * has been described in the {@link #getAlgorithms(String)} method, + * <i>algorithm_or_type</i> is a case-insensitive known name of an Algorithm + * or one of its aliases, <i>attribute_name</i> is a case-insensitive + * property name with no whitespace characters, and no dots, in-between, and + * <i>value</i> is a {@link String} with no whitespace characters in-between. + * + * <p>For example, "Signature.Sha1WithDSS KeySize:1024" would return all the + * installed {@link Provider}s which declared their ability to provide + * <i>Signature</i> services, using the <i>Sha1WithDSS</i> algorithm with + * key sizes of <i>1024</i>.</p></li> + * </ul> + * + * @param filter + * the <i>selection</i> criterion for selecting among the installed + * {@link Provider}s. + * @return all the installed {@link Provider}s which satisfy the <i>selection</i> + * criterion. Returns <code>null</code> if no installed + * {@link Provider}s were found which satisfy the <i>selection</i> + * criterion. Returns ALL installed {@link Provider}s if + * <code>filter</code> is <code>null</code> or is an empty string. + * @throws InvalidParameterException + * if an exception occurs while parsing the <code>filter</code>. + * @see #getProviders(Map) + */ + public static Provider[] getProviders(String filter) + { + if (providers == null || providers.isEmpty()) + return null; + + if (filter == null || filter.length() == 0) + return getProviders(); + + HashMap map = new HashMap(1); + int i = filter.indexOf(':'); + if (i == -1) // <service>.<algorithm> + map.put(filter, ""); + else // <service>.<algorithm> <attribute>:<value> + map.put(filter.substring(0, i), filter.substring(i+1)); + + return getProviders(map); + } + + /** + * Returns an array of currently installed {@link Provider}s which satisfy a + * set of <i>selection</i> criteria. + * + * <p>The <i>selection</i> criteria are defined in a {@link Map} where each + * element specifies a <i>selection</i> querry. The <i>Keys</i> in this + * {@link Map} must be in one of the two following forms:</p> + * + * <ul> + * <li><crypto_service>.<algorithm_or_type>: Where + * <i>crypto_service</i> is a case-insensitive string, similar to what has + * been described in the {@link #getAlgorithms(String)} method, and + * <i>algorithm_or_type</i> is a case-insensitive known name of an + * Algorithm, or one of its aliases. The <i>value</i> of the entry in the + * {@link Map} for such a <i>Key</i> MUST be the empty string. + * {@link Provider}s which provide an implementation for the designated + * <i>service algorithm</i> are included in the result.</li> + * + * <li><crypto_service>.<algorithm_or_type> <attribute_name>: + * Where <i>crypto_service</i> is a case-insensitive string, similar to what + * has been described in the {@link #getAlgorithms(String)} method, + * <i>algorithm_or_type</i> is a case-insensitive known name of an Algorithm + * or one of its aliases, and <i>attribute_name</i> is a case-insensitive + * property name with no whitespace characters, and no dots, in-between. The + * <i>value</i> of the entry in this {@link Map} for such a <i>Key</i> MUST + * NOT be <code>null</code> or an empty string. {@link Provider}s which + * declare the designated <i>attribute_name</i> and <i>value</i> for the + * designated <i>service algorithm</i> are included in the result.</li> + * </ul> + * + * @param filter + * a {@link Map} of <i>selection querries</i>. + * @return all currently installed {@link Provider}s which satisfy ALL the + * <i>selection</i> criteria defined in <code>filter</code>. + * Returns ALL installed {@link Provider}s if <code>filter</code> + * is <code>null</code> or empty. + * @throws InvalidParameterException + * if an exception is encountered while parsing the syntax of the + * {@link Map}'s <i>keys</i>. + * @see #getProviders(String) + */ + public static Provider[] getProviders(Map<String,String> filter) + { + if (providers == null || providers.isEmpty()) + return null; + + if (filter == null) + return getProviders(); + + Set<String> querries = filter.keySet(); + if (querries == null || querries.isEmpty()) + return getProviders(); + + LinkedHashSet result = new LinkedHashSet(providers); // assume all + int dot, ws; + String querry, service, algorithm, attribute, value; + LinkedHashSet serviceProviders = new LinkedHashSet(); // preserve insertion order + for (Iterator i = querries.iterator(); i.hasNext(); ) + { + querry = (String) i.next(); + if (querry == null) // all providers + continue; + + querry = querry.trim(); + if (querry.length() == 0) // all providers + continue; + + dot = querry.indexOf('.'); + if (dot == -1) // syntax error + throw new InvalidParameterException( + "missing dot in '" + String.valueOf(querry)+"'"); + + value = filter.get(querry); + // deconstruct querry into [service, algorithm, attribute] + if (value == null || value.trim().length() == 0) // <service>.<algorithm> + { + value = null; + attribute = null; + service = querry.substring(0, dot).trim(); + algorithm = querry.substring(dot+1).trim(); + } + else // <service>.<algorithm> <attribute> + { + ws = querry.indexOf(' '); + if (ws == -1) + throw new InvalidParameterException( + "value (" + String.valueOf(value) + + ") is not empty, but querry (" + String.valueOf(querry) + + ") is missing at least one space character"); + value = value.trim(); + attribute = querry.substring(ws+1).trim(); + // was the dot in the attribute? + if (attribute.indexOf('.') != -1) + throw new InvalidParameterException( + "attribute_name (" + String.valueOf(attribute) + + ") in querry (" + String.valueOf(querry) + ") contains a dot"); + + querry = querry.substring(0, ws).trim(); + service = querry.substring(0, dot).trim(); + algorithm = querry.substring(dot+1).trim(); + } + + // service and algorithm must not be empty + if (service.length() == 0) + throw new InvalidParameterException( + "<crypto_service> in querry (" + String.valueOf(querry) + + ") is empty"); + + if (algorithm.length() == 0) + throw new InvalidParameterException( + "<algorithm_or_type> in querry (" + String.valueOf(querry) + + ") is empty"); + + selectProviders(service, algorithm, attribute, value, result, serviceProviders); + result.retainAll(serviceProviders); // eval next retaining found providers + if (result.isEmpty()) // no point continuing + break; + } + + if (result.isEmpty()) + return null; + + return (Provider[]) result.toArray(new Provider[result.size()]); + } + + private static void selectProviders(String svc, String algo, String attr, + String val, LinkedHashSet providerSet, + LinkedHashSet result) + { + result.clear(); // ensure we start with an empty result set + for (Iterator i = providerSet.iterator(); i.hasNext(); ) + { + Provider p = (Provider) i.next(); + if (provides(p, svc, algo, attr, val)) + result.add(p); + } + } + + private static boolean provides(Provider p, String svc, String algo, + String attr, String val) + { + Iterator it; + String serviceDotAlgorithm = null; + String key = null; + String realVal; + boolean found = false; + // if <svc>.<algo> <attr> is in the set then so is <svc>.<algo> + // but it may be stored under an alias <algo>. resolve + outer: for (int r = 0; r < 3; r++) // guard against circularity + { + serviceDotAlgorithm = (svc+"."+String.valueOf(algo)).trim(); + for (it = p.keySet().iterator(); it.hasNext(); ) + { + key = (String) it.next(); + if (key.equalsIgnoreCase(serviceDotAlgorithm)) // eureka + { + found = true; + break outer; + } + // it may be there but as an alias + if (key.equalsIgnoreCase(ALG_ALIAS + serviceDotAlgorithm)) + { + algo = p.getProperty(key); + continue outer; + } + // else continue inner + } + } + + if (!found) + return false; + + // found a candidate for the querry. do we have an attr to match? + if (val == null) // <service>.<algorithm> querry + return true; + + // <service>.<algorithm> <attribute>; find the key entry that match + String realAttr; + int limit = serviceDotAlgorithm.length() + 1; + for (it = p.keySet().iterator(); it.hasNext(); ) + { + key = (String) it.next(); + if (key.length() <= limit) + continue; + + if (key.substring(0, limit).equalsIgnoreCase(serviceDotAlgorithm+" ")) + { + realAttr = key.substring(limit).trim(); + if (! realAttr.equalsIgnoreCase(attr)) + continue; + + // eveything matches so far. do the value + realVal = p.getProperty(key); + if (realVal == null) + return false; + + realVal = realVal.trim(); + // is it a string value? + if (val.equalsIgnoreCase(realVal)) + return true; + + // assume value is a number. cehck for greater-than-or-equal + return (Integer.parseInt(val) >= Integer.parseInt(realVal)); + } + } + + return false; + } +} diff --git a/libjava/classpath/java/security/SecurityPermission.java b/libjava/classpath/java/security/SecurityPermission.java new file mode 100644 index 000000000..6aba18f34 --- /dev/null +++ b/libjava/classpath/java/security/SecurityPermission.java @@ -0,0 +1,178 @@ +/* SecurityPermission.java -- Class for named security permissions + Copyright (C) 1998, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This class provides a mechanism for specified named permissions + * related to the Java security framework. These permissions have no + * associated actions list. They are either granted or not granted. + * + * <p>The list of valid permission names is:<br> + * <table border=1> + * <tr><th>Permission Name</th><th>Permission Allows</th><th>Risks</th</tr> + * <tr> + * <td><code>createAccessControlContext</code></td> + * <td>Allows creation of an AccessControlContext</td> + * <td>The new control context can have a rogue DomainCombiner, leading + * to a privacy leak</td></tr> + * <tr> + * <td><code>getDomainCombiner</code></td> + * <td>Get a DomainCombiner from an AccessControlContext</td> + * <td>Access to a DomainCombiner can lead to a privacy leak</td></tr> + * <tr> + * <td><code>getPolicy</code></td> + * <td>Allows retrieval of the system security policy</td> + * <td>Malicious code can use information from the policy to better plan + * an attack</td></tr> + * <tr> + * <td><code>setPolicy</code></td> + * <td>Allows the security policy to be changed</td> + * <td>Malicious code can give itself any permission it wants</td></tr> + * <tr> + * <td><code>getProperty.</code><em>key</em></td> + * <td>Retrieve the property specified by the key</td> + * <td>Malicious code can use information from the property to better plan + * an attack</td></tr> + * <tr> + * <td><code>setProperty.</code><em>key</em></td> + * <td>Allows changing of the value of all properties implied by key</td> + * <td>Malicious code can insert rogue classes to steal keys or recreate + * the security policy with whatever permissions it desires</td></tr> + * <tr> + * <td><code>insertProvider.</code><em>key</em></td> + * <td>Allows the named provider to be added</td> + * <td>Malicious code can insert rogue providers that steal data</td></tr> + * <tr> + * <td><code>removeProvider.</code><em>key</em></td> + * <td>Allows the named provider to be removed</td> + * <td>A missing provider can cripple code that relies on it</td></tr> + * <tr> + * <td><code>setSystemScope</code></td> + * <td>Allows the system identity scope to be set</td> + * <td>Malicious code can add certificates not available in the original + * identity scope, to gain more permissions</td></tr> + * <tr> + * <td><code>setIdentityPublicKey</code></td> + * <td>Allows the public key of an Identity to be set</td> + * <td>Malicious code can install its own key to gain permissions not + * allowed by the original identity scope</td></tr> + * <tr> + * <td><code>SetIdentityInfo</code></td> + * <td>Allows the description of an Identity to be set</td> + * <td>Malicious code can spoof users into trusting a fake identity</td></tr> + * <tr> + * <td><code>addIdentityCertificate</code></td> + * <td>Allows a certificate to be set for the public key of an identity</td> + * <td>The public key can become trusted to a wider audience than originally + * intended</td></tr> + * <tr> + * <td><code>removeIdentityCertificate</code></td> + * <td>Allows removal of a certificate from an identity's public key</td> + * <td>The public key can become less trusted than it should be</td></tr> + * <tr> + * <td><code>printIdentity</code></td> + * <td>View the name of the identity and scope, and whether they are + * trusted</td> + * <td>The scope may include a filename, which provides an entry point for + * further security breaches</td></tr> + * <tr> + * <td><code>clearProviderProperties.</code><em>key</em></td> + * <td>Allows the properties of the named provider to be cleared</td> + * <td>This can disable parts of the program which depend on finding the + * provider</td></tr> + * <tr> + * <td><code>putProviderProperty.</code><em>key</em></td> + * <td>Allows the properties of the named provider to be changed</td> + * <td>Malicious code can replace the implementation of a provider</td></tr> + * <tr> + * <td><code>removeProviderProperty.</code><em>key</em></td> + * <td>Allows the properties of the named provider to be deleted</td> + * <td>This can disable parts of the program which depend on finding the + * provider</td></tr> + * <tr> + * <td><code>getSignerPrivateKey</code></td> + * <td>Allows the retrieval of the private key for a signer</td> + * <td>Anyone that can access the private key can claim to be the + * Signer</td></tr> + * <tr> + * <td><code>setSignerKeyPair</code></td> + * <td>Allows the public and private key of a Signer to be changed</td> + * <td>The replacement might be a weaker encryption, or the attacker + * can use knowledge of the replaced key to decrypt an entire + * communication session</td></tr> + * </table> + * + * <p>There is some degree of security risk in granting any of these + * permissions. Some of them can completely compromise system security. + * Please exercise extreme caution in granting these permissions. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Permission + * @see SecurityManager + * @since 1.1 + * @status updated to 1.4 + */ +public final class SecurityPermission extends BasicPermission +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5236109936224050470L; + + /** + * Create a new instance with the specified name. + * + * @param name the name to assign to this permission + */ + public SecurityPermission(String name) + { + super(name); + } + + /** + * Create a new instance with the specified name. As SecurityPermission + * carries no actions, the second parameter is ignored. + * + * @param name the name to assign to this permission + * @param actions ignored + */ + public SecurityPermission(String name, String actions) + { + super(name); + } +} // class SecurityPermission diff --git a/libjava/classpath/java/security/Signature.java b/libjava/classpath/java/security/Signature.java new file mode 100644 index 000000000..d7186395f --- /dev/null +++ b/libjava/classpath/java/security/Signature.java @@ -0,0 +1,593 @@ +/* Signature.java --- Signature Class + Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.nio.ByteBuffer; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.security.spec.AlgorithmParameterSpec; + +/** + * <code>Signature</code> is used to provide an interface to digital signature + * algorithms. Digital signatures provide authentication and data integrity of + * digital data. + * + * <p>The GNU provider provides the NIST standard DSA which uses DSA and SHA-1. + * It can be specified by SHA/DSA, SHA-1/DSA or its OID. If the RSA signature + * algorithm is provided then it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The + * algorithm must be specified because there is no default.</p> + * + * <p>Signature provides implementation-independent algorithms which are + * requested by the user through the <code>getInstance()<?code> methods. It can + * be requested by specifying just the algorithm name or by specifying both the + * algorithm name and provider name.</p> + * + * <p>The three phases of using <code>Signature</code> are:</p> + * + * <ol> + * <li>Initializing: + * <ul> + * <li>It must be initialized with a private key for signing.</li> + * <li>It must be initialized with a public key for verifying.</li> + * </li> + * + * <li>Updating: + * <p>Update the bytes for signing or verifying with calls to update.</p> + * </li> + * + * <li>Signing or Verify the signature on the currently stored bytes by + * calling sign or verify.</li> + * </ol> + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public abstract class Signature extends SignatureSpi +{ + /** Service name for signatures. */ + private static final String SIGNATURE = "Signature"; + + /** + * Possible state value which signifies that this instance has not yet been + * initialized. + */ + protected static final int UNINITIALIZED = 0; + + /** + * Possible state value which signifies that this instance has been + * initialized for signing purposes. + */ + protected static final int SIGN = 2; + + /** + * Possible state value which signifies that this instance has been + * initialized for verification purposes. + */ + protected static final int VERIFY = 3; + + /** Current sate of this instance. */ + protected int state = UNINITIALIZED; + + private String algorithm; + Provider provider; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Constructs a new <code>Signature</code> instance for a designated digital + * signature algorithm. + * + * @param algorithm + * the algorithm to use. + */ + protected Signature(String algorithm) + { + this.algorithm = algorithm; + state = UNINITIALIZED; + } + + /** + * Returns an instance of <code>Signature</code> representing the specified + * signature. + * + * @param algorithm the algorithm to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static Signature getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of <code>Signature</code> representing the specified + * signature from the named provider. + * + * @param algorithm the algorithm to use. + * @param provider the name of the provider to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchProviderException if the named provider was not found. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code> or empty. + */ + public static Signature getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of <code>Signature</code> representing the specified + * signature from the specified {@link Provider}. + * + * @param algorithm the algorithm to use. + * @param provider the {@link Provider} to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * {@link Provider}. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static Signature getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("Signature algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] "); + Object o; + try + { + o = Engine.getInstance(SIGNATURE, algorithm, provider); + } + catch (InvocationTargetException x) + { + Throwable cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + sb.append("could not be created"); + NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString()); + y.initCause(cause); + throw y; + } + Signature result; + if (o instanceof SignatureSpi) + result = new DummySignature((SignatureSpi) o, algorithm); + else if (o instanceof Signature) + { + result = (Signature) o; + result.algorithm = algorithm; + } + else + { + sb.append("is of an unexpected Type: ").append(o.getClass().getName()); + throw new NoSuchAlgorithmException(sb.toString()); + } + result.provider = provider; + return result; + } + + /** + * Returns the {@link Provider} of this instance. + * + * @return the {@link Provider} of this instance. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initializes this instance with the public key for verification purposes. + * + * @param publicKey + * the public key to verify with. + * @throws InvalidKeyException + * if the key is invalid. + */ + public final void initVerify(PublicKey publicKey) throws InvalidKeyException + { + state = VERIFY; + engineInitVerify(publicKey); + } + + /** + * Verify a signature with a designated {@link Certificate}. This is a FIPS + * 140-1 compatible method since it verifies a signature with a certificate. + * + * <p>If the {@link Certificate} is an X.509 one, has a <i>KeyUsage</i> + * parameter and that parameter indicates this key is not to be used for + * signing then an exception is thrown.</p> + * + * @param certificate + * a {@link Certificate} containing a public key to verify with. + * @throws InvalidKeyException if the key is invalid. + */ + public final void initVerify(Certificate certificate) + throws InvalidKeyException + { + state = VERIFY; + if (certificate.getType().equals("X509")) + { + X509Certificate cert = (X509Certificate) certificate; + boolean[]array = cert.getKeyUsage(); + if (array != null && array[0] == false) + throw new InvalidKeyException( + "KeyUsage of this Certificate indicates it cannot be used for digital signing"); + } + this.initVerify(certificate.getPublicKey()); + } + + /** + * Initializes this class with the private key for signing purposes. + * + * @param privateKey + * the private key to sign with. + * @throws InvalidKeyException + * if the key is invalid. + */ + public final void initSign(PrivateKey privateKey) throws InvalidKeyException + { + state = SIGN; + engineInitSign(privateKey); + } + + /** + * Initializes this class with the private key and source of randomness for + * signing purposes. + * + * @param privateKey + * the private key to sign with. + * @param random + * the {@link SecureRandom} to use. + * @throws InvalidKeyException + * if the key is invalid. + */ + public final void initSign(PrivateKey privateKey, SecureRandom random) + throws InvalidKeyException + { + state = SIGN; + engineInitSign(privateKey, random); + } + + /** + * Returns the signature bytes of all the data fed to this instance. The + * format of the output depends on the underlying signature algorithm. + * + * @return the signature bytes. + * @throws SignatureException + * if the engine is not properly initialized. + */ + public final byte[] sign() throws SignatureException + { + if (state == SIGN) + return engineSign(); + else + throw new SignatureException(); + } + + /** + * Generates signature bytes of all the data fed to this instance and stores + * it in the designated array. The format of the result depends on the + * underlying signature algorithm. + * + * <p>After calling this method, the instance is reset to its initial state + * and can then be used to generate additional signatures.</p> + * + * <p><b>IMPLEMENTATION NOTE:</b> Neither this method nor the GNU provider + * will return partial digests. If <code>len</code> is less than the + * signature length, this method will throw a {@link SignatureException}. If + * it is greater than or equal then it is ignored.</p> + * + * @param outbuf + * array of bytes of where to store the resulting signature bytes. + * @param offset + * the offset to start at in the array. + * @param len + * the number of the bytes to use in the array. + * @return the real number of bytes used. + * @throws SignatureException + * if the engine is not properly initialized. + * @since 1.2 + */ + public final int sign(byte[] outbuf, int offset, int len) + throws SignatureException + { + if (state == SIGN) + return engineSign(outbuf, offset, len); + else + throw new SignatureException(); + } + + /** + * Verifies a designated signature. + * + * @param signature + * the signature bytes to verify. + * @return <code>true</code> if verified, <code>false</code> otherwise. + * @throws SignatureException + * if the engine is not properly initialized or the signature does + * not check. + */ + public final boolean verify(byte[]signature) throws SignatureException + { + if (state == VERIFY) + return engineVerify(signature); + else + throw new SignatureException(); + } + + /** + * Verifies a designated signature. + * + * @param signature + * the signature bytes to verify. + * @param offset + * the offset to start at in the array. + * @param length + * the number of the bytes to use from the array. + * @return <code>true</code> if verified, <code>false</code> otherwise. + * @throws IllegalArgumentException + * if the <code>signature</code> byte array is <code>null</code>, + * or the <code>offset</code> or <code>length</code> is less + * than <code>0</code>, or the sum of the <code>offset</code> + * and <code>length</code> is greater than the length of the + * <code>signature</code> byte array. + * @throws SignatureException + * if the engine is not properly initialized or the signature does + * not check. + */ + public final boolean verify(byte[] signature, int offset, int length) + throws SignatureException + { + if (state != VERIFY) + throw new SignatureException("illegal state"); + + if (signature == null) + throw new IllegalArgumentException("signature is null"); + if (offset < 0) + throw new IllegalArgumentException("offset is less than 0"); + if (length < 0) + throw new IllegalArgumentException("length is less than 0"); + if (offset + length < signature.length) + throw new IllegalArgumentException("range is out of bounds"); + + return engineVerify(signature, offset, length); + } + + /** + * Updates the data to be signed or verified with the specified byte. + * + * @param b + * the byte to update with. + * @throws SignatureException + * if the engine is not properly initialized. + */ + public final void update(byte b) throws SignatureException + { + if (state != UNINITIALIZED) + engineUpdate(b); + else + throw new SignatureException(); + } + + /** + * Updates the data to be signed or verified with the specified bytes. + * + * @param data + * the array of bytes to use. + * @throws SignatureException + * if the engine is not properly initialized. + */ + public final void update(byte[]data) throws SignatureException + { + if (state != UNINITIALIZED) + engineUpdate(data, 0, data.length); + else + throw new SignatureException(); + } + + /** + * Updates the data to be signed or verified with the specified bytes. + * + * @param data + * an array of bytes to use. + * @param off + * the offset to start at in the array. + * @param len + * the number of bytes to use from the array. + * @throws SignatureException + * if the engine is not properly initialized. + */ + public final void update(byte[]data, int off, int len) + throws SignatureException + { + if (state != UNINITIALIZED) + engineUpdate(data, off, len); + else + throw new SignatureException(); + } + + /** + * Update this signature with the {@link java.nio.Buffer#remaining()} + * bytes of the input buffer. + * + * @param input The input buffer. + * @throws SignatureException If this instance was not properly + * initialized. + */ + public final void update(ByteBuffer input) throws SignatureException + { + if (state != UNINITIALIZED) + engineUpdate(input); + else + throw new SignatureException("not initialized"); + } + + /** + * Returns the name of the algorithm currently used. The names of algorithms + * are usually SHA/DSA or SHA/RSA. + * + * @return name of algorithm. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns a rstring representation of this instance. + * + * @return a rstring representation of this instance. + */ + public String toString() + { + return (algorithm + " Signature"); + } + + /** + * Sets the specified algorithm parameter to the specified value. + * + * @param param + * the parameter name. + * @param value + * the parameter value. + * @throws InvalidParameterException + * if the parameter is invalid, the parameter is already set and + * can not be changed, a security exception occured, etc. + * @deprecated use the other setParameter + */ + public final void setParameter(String param, Object value) + throws InvalidParameterException + { + engineSetParameter(param, value); + } + + /** + * Sets the signature engine with the specified {@link AlgorithmParameterSpec}. + * + * <p>By default, and unless overriden by the concrete SPI, this method always + * throws an {@link UnsupportedOperationException}.</p> + * + * @param params + * the parameters to use for intializing this instance. + * @throws InvalidParameterException + * if the parameter is invalid, the parameter is already set and + * cannot be changed, a security exception occured, etc. + */ + public final void setParameter(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException + { + engineSetParameter(params); + } + + /** + * Return the parameters of the algorithm used in this instance as an + * {@link AlgorithmParameters}. + * + * @return the parameters used with this instance, or <code>null</code> if + * this instance does not use any parameters. + */ + public final AlgorithmParameters getParameters() + { + return engineGetParameters(); + } + + /** + * Returns the value for the specified algorithm parameter. + * + * @param param + * the parameter name. + * @return the parameter value. + * @throws InvalidParameterException + * if the parameter is invalid. + * @deprecated use the other getParameter + */ + public final Object getParameter(String param) + throws InvalidParameterException + { + return engineGetParameter(param); + } + + /** + * Returns a clone of this instance. + * + * @return a clone of this instace. + * @throws CloneNotSupportedException + * if the implementation does not support cloning. + */ + public Object clone() throws CloneNotSupportedException + { + return super.clone(); + } +} diff --git a/libjava/classpath/java/security/SignatureException.java b/libjava/classpath/java/security/SignatureException.java new file mode 100644 index 000000000..b097bacfc --- /dev/null +++ b/libjava/classpath/java/security/SignatureException.java @@ -0,0 +1,92 @@ +/* SignatureException.java -- Generic error in signature + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when a problem is encountered with a + * digital signature. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class SignatureException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 7509989324975124438L; + + /** + * Create an instance with no descriptive error message. + */ + public SignatureException() + { + } + + /** + * Create an instance with a descriptive error message. + * + * @param msg the message + */ + public SignatureException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public SignatureException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public SignatureException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/SignatureSpi.java b/libjava/classpath/java/security/SignatureSpi.java new file mode 100644 index 000000000..1ed078c0b --- /dev/null +++ b/libjava/classpath/java/security/SignatureSpi.java @@ -0,0 +1,316 @@ +/* SignatureSpi.java --- Signature Service Provider Interface + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.nio.ByteBuffer; +import java.security.spec.AlgorithmParameterSpec; + +/** + * <code>SignatureSpi</code> defines the Service Provider Interface (SPI) for + * the {@link Signature} class. The signature class provides an interface to a + * digital signature algorithm. Digital signatures are used for authentication + * and integrity of data. + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + * @since 1.2 + * @see Signature + */ +public abstract class SignatureSpi +{ + /** Source of randomness. */ + protected SecureRandom appRandom; + + /** + * Creates a new instance of <code>SignatureSpi</code>. + */ + public SignatureSpi() + { + appRandom = null; + } + + /** + * Initializes this instance with the public key for verification purposes. + * + * @param publicKey + * the public key to verify with. + * @throws InvalidKeyException + * if the key is invalid. + */ + protected abstract void engineInitVerify(PublicKey publicKey) + throws InvalidKeyException; + + /** + * Initializes this instance with the private key for signing purposes. + * + * @param privateKey + * the private key to sign with. + * @throws InvalidKeyException + * if the key is invalid. + */ + protected abstract void engineInitSign(PrivateKey privateKey) + throws InvalidKeyException; + + /** + * Initializes this instance with the private key and source of randomness for + * signing purposes. + * + * <p>This method cannot be abstract for backward compatibility reasons.</p> + * + * @param privateKey + * the private key to sign with. + * @param random + * the {@link SecureRandom} to use. + * @throws InvalidKeyException + * if the key is invalid. + * @since 1.2 + */ + protected void engineInitSign(PrivateKey privateKey, SecureRandom random) + throws InvalidKeyException + { + appRandom = random; + engineInitSign(privateKey); + } + + /** + * Updates the data to be signed or verified with the specified byte. + * + * @param b + * byte to update with. + * @throws SignatureException + * if the engine is not properly initialized. + */ + protected abstract void engineUpdate(byte b) throws SignatureException; + + /** + * Updates the data to be signed or verified with the specified bytes. + * + * @param b + * the array of bytes to use. + * @param off + * the offset to start at in the array. + * @param len + * the number of the bytes to use from the array. + * @throws SignatureException + * if the engine is not properly initialized. + */ + protected abstract void engineUpdate(byte[] b, int off, int len) + throws SignatureException; + + /** + * Update this signature with the {@link java.nio.Buffer#remaining()} + * bytes of the given buffer. + * + * @param input The input buffer. + * @throws IllegalStateException if the engine is not properly initialized. + */ + protected void engineUpdate(ByteBuffer input) + { + byte[] buf = new byte[4096]; + while (input.hasRemaining()) + { + int l = Math.min(input.remaining(), buf.length); + input.get(buf, 0, l); + try + { + engineUpdate(buf, 0, l); + } + catch (SignatureException se) + { + throw new IllegalStateException(se); + } + } + } + + /** + * Returns the signature bytes of all the data fed to this instance. The + * format of the output depends on the underlying signature algorithm. + * + * @return the signature bytes. + * @throws SignatureException + * if the engine is not properly initialized. + */ + protected abstract byte[] engineSign() throws SignatureException; + + /** + * Generates signature bytes of all the data fed to this instance and stores + * the result in the designated array. The format of the output depends on + * the underlying signature algorithm. + * + * <p>This method cannot be abstract for backward compatibility reasons. + * After calling this method, the signature is reset to its initial state and + * can be used to generate additional signatures.</p> + * + * <p><b>IMPLEMENTATION NOTE:</b>: Neither this method nor the GNU provider + * will return partial digests. If <code>len</code> is less than the + * signature length, this method will throw a {@link SignatureException}. If + * it is greater than or equal then it is ignored.</p> + * + * @param outbuf + * the array of bytes to store the result in. + * @param offset + * the offset to start at in the array. + * @param len + * the number of the bytes to use in the array. + * @return the real number of bytes used. + * @throws SignatureException + * if the engine is not properly initialized. + * @since 1.2 + */ + protected int engineSign(byte[] outbuf, int offset, int len) + throws SignatureException + { + byte[] tmp = engineSign(); + if (tmp.length > len) + throw new SignatureException("Invalid Length"); + + System.arraycopy(outbuf, offset, tmp, 0, tmp.length); + return tmp.length; + } + + /** + * Verifies a designated signature. + * + * @param sigBytes + * the signature bytes to verify. + * @return <code>true</code> if verified, <code>false</code> otherwise. + * @throws SignatureException + * if the engine is not properly initialized or if it is the wrong + * signature. + */ + protected abstract boolean engineVerify(byte[] sigBytes) + throws SignatureException; + + /** + * Convenience method which calls the method with the same name and one + * argument after copying the designated bytes into a temporary byte array. + * Subclasses may override this method for performance reasons. + * + * @param sigBytes + * the array of bytes to use. + * @param offset + * the offset to start from in the array of bytes. + * @param length + * the number of bytes to use, starting at offset. + * @return <code>true</code> if verified, <code>false</code> otherwise. + * @throws SignatureException + * if the engine is not properly initialized. + */ + protected boolean engineVerify(byte[] sigBytes, int offset, int length) + throws SignatureException + { + byte[] tmp = new byte[length]; + System.arraycopy(sigBytes, offset, tmp, 0, length); + return engineVerify(tmp); + } + + /** + * Sets the specified algorithm parameter to the specified value. + * + * @param param + * the parameter name. + * @param value + * the parameter value. + * @throws InvalidParameterException + * if the parameter invalid, the parameter is already set and + * cannot be changed, a security exception occured, etc. + * @deprecated use the other setParameter. + */ + protected abstract void engineSetParameter(String param, Object value) + throws InvalidParameterException; + + /** + * Sets the signature engine with the specified {@link AlgorithmParameterSpec}. + * + * <p>This method cannot be abstract for backward compatibility reasons. By + * default it always throws {@link UnsupportedOperationException} unless + * overridden.</p> + * + * @param params + * the parameters. + * @throws InvalidParameterException + * if the parameter is invalid, the parameter is already set and + * cannot be changed, a security exception occured, etc. + */ + protected void engineSetParameter(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException + { + throw new UnsupportedOperationException(); + } + + /** + * The default implementaion of this method always throws a + * {@link UnsupportedOperationException}. It MUST be overridden by concrete + * implementations to return the appropriate {@link AlgorithmParameters} for + * this signature engine (or <code>null</code> when that engine does not use + * any parameters. + * + * @return the parameters used with this signature engine, or + * <code>null</code> if it does not use any parameters. + * @throws UnsupportedOperationException + * always. + */ + protected AlgorithmParameters engineGetParameters() + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the value for the specified algorithm parameter. + * + * @param param + * the parameter name. + * @return the parameter value. + * @throws InvalidParameterException + * if the parameter is invalid. + * @deprecated use the other getParameter + */ + protected abstract Object engineGetParameter(String param) + throws InvalidParameterException; + + /** + * Returns a clone of this instance. + * + * @return a clone of this instance. + * @throws CloneNotSupportedException + * if the implementation does not support cloning. + */ + public Object clone() throws CloneNotSupportedException + { + return super.clone(); + } +} diff --git a/libjava/classpath/java/security/SignedObject.java b/libjava/classpath/java/security/SignedObject.java new file mode 100644 index 000000000..79f551cce --- /dev/null +++ b/libjava/classpath/java/security/SignedObject.java @@ -0,0 +1,203 @@ +/* SignedObject.java --- Signed Object Class + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.ObjectInput; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; + +/** + * <code>SignedObject</code> is used for storing runtime objects whose + * integrity cannot be compromised without being detected. + * + * <p><code>SignedObject</code> contains a {@link Serializable} object which is + * yet to be signed and a digital signature of that object.</p> + * + * <p>The signed copy is a "deep copy" (in serialized form) of an original + * object. Any changes to that original instance are not reflected in the + * enclosed copy inside this <code>SignedObject</code>.</p> + * + * <p>Several things to note are that, first there is no need to initialize the + * signature engine as this class will handle that automatically. Second, + * verification will only succeed if the public key corresponds to the private + * key used to generate the digital signature inside this + * <code>SignedObject</code>.</p> + * + * <p>For fexibility, the signature engine can be specified in the constructor + * or the <code>verify()</code> method. Programmers wishing to verify + * <code>SignedObject</code>s should be aware of the {@link Signature} engine + * they use. A malicious or flawed {@link Signature} implementation may always + * return true on verification thus circumventing the intended secrity check + * provided by the <code>SignedObject</code>.</p> + * + * <p>The GNU security provider offers an implementation of the standard NIST + * DSA which uses "DSA" and "SHA-1". It can be specified by "SHA/DSA", + * "SHA-1/DSA" or its OID. If the RSA signature algorithm is provided then it + * could be "MD2/RSA". "MD5/RSA", or "SHA-1/RSA". The algorithm must be + * specified because there is no default.</p> + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + * @since 1.2 + * @see Signature + */ +public final class SignedObject implements Serializable +{ + private static final long serialVersionUID = 720502720485447167L; + + /** @serial */ + private byte[] content; + /** @serial */ + private byte[] signature; + /** @serial */ + private String thealgorithm; + + /** + * Constructs a new instance of <code>SignedObject</code> from a + * {@link Serializable} object. The object is signed with a designated + * private key and a signature engine. + * + * @param object + * the object to sign. + * @param signingKey + * the key to use. + * @param signingEngine + * the signature engine to use. + * @throws IOException + * if a serialization error occurred. + * @throws InvalidKeyException + * if the key is invalid. + * @throws SignatureException + * if a signing error occurs. + */ + public SignedObject(Serializable object, PrivateKey signingKey, + Signature signingEngine) + throws IOException, InvalidKeyException, SignatureException + { + thealgorithm = signingEngine.getAlgorithm(); + + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + ObjectOutputStream p = new ObjectOutputStream(ostream); + p.writeObject(object); + p.flush(); + p.close(); + + content = ostream.toByteArray(); + + signingEngine.initSign(signingKey); + signingEngine.update(content); + signature = signingEngine.sign(); + } + + /** + * Returns the encapsulated object. The object is de-serialized before being + * returned. + * + * @return the encapsulated object. + * @throws IOException + * if a de-serialization error occurs. + * @throws ClassNotFoundException + * if the encapsulated object's class was not found. + */ + public Object getObject() throws IOException, ClassNotFoundException + { + ByteArrayInputStream bais = new ByteArrayInputStream(content); + ObjectInput oi = new ObjectInputStream(bais); + Object obj = oi.readObject(); + oi.close(); + bais.close(); + + return obj; + } + + /** + * Returns the signature bytes of the encapsulated object. + * + * @return the signature bytes of the encapsulated object. + */ + public byte[] getSignature() + { + return (byte[]) signature.clone(); + + } + + /** + * Returns the name of the signature algorithm. + * + * @return the name of the signature algorithm. + */ + public String getAlgorithm() + { + return thealgorithm; + } + + /** + * Verifies the encapsulated digital signature by checking that it was + * generated by the owner of a designated public key. + * + * @param verificationKey + * the public key to use. + * @param verificationEngine + * the signature engine to use. + * @return <code>true</code> if signature is correct, <code>false</code> + * otherwise. + * @throws InvalidKeyException + * if the key is invalid. + * @throws SignatureException + * if verification fails. + */ + public boolean verify(PublicKey verificationKey, Signature verificationEngine) + throws InvalidKeyException, SignatureException + { + verificationEngine.initVerify(verificationKey); + verificationEngine.update(content); + return verificationEngine.verify(signature); + } + + /** Called to restore the state of the SignedObject from a stream. */ + private void readObject(ObjectInputStream s) + throws IOException, ClassNotFoundException + { + s.defaultReadObject(); + content = (byte[]) content.clone(); + signature = (byte[]) signature.clone(); + } +} diff --git a/libjava/classpath/java/security/Signer.java b/libjava/classpath/java/security/Signer.java new file mode 100644 index 000000000..18259c863 --- /dev/null +++ b/libjava/classpath/java/security/Signer.java @@ -0,0 +1,148 @@ +/* Signer.java --- Signer Class + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * <code>Signer</code> is a subclass of {@link Identity}. It is used to store a + * digital signature key with an <i>Identity</i>. + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + * @deprecated Replaced by <code>java.security.KeyStore</code>, the + * <code>java.security.cert</code> package, and <code>java.security.Principal</code>. + */ +public abstract class Signer extends Identity +{ + private static final long serialVersionUID = -1763464102261361480L; + private PrivateKey privateKey = null; + + /** Trivial constructor for serialization purposes. */ + protected Signer() + { + } + + /** + * Constructs a new instance of <code>Signer</code> with the specified + * identity name. + * + * @param name + * the name of the identity to use. + */ + public Signer(String name) + { + super(name); + } + + /** + * Constructs a new instance of <code>Signer</code> with the specified + * identity name and {@link IdentityScope}. + * + * @param name + * the name of the the identity to use. + * @param scope + * the {@link IdentityScope} to use. + * @throws KeyManagementException + * if a duplicate identity <code>name</code> exists within + * <code>scope</code>. + */ + public Signer(String name, IdentityScope scope) throws KeyManagementException + { + super(name, scope); + } + + /** + * Returns the private key of this <code>Signer</code>. + * + * @returns the private key of this <code>Signer</code>. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public PrivateKey getPrivateKey() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("getSignerPrivateKey"); + + return privateKey; + } + + /** + * Specifies the {@link KeyPair} associated with this <code>Signer</code>. + * + * @param pair + * the {@link KeyPair} to use. + * @throws InvalidParameterException + * if the key-pair is invalid. + * @throws KeyException + * if any another key-related error occurs. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public final void setKeyPair(KeyPair pair) + throws InvalidParameterException, KeyException + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setSignerKeyPair"); + + try + { + if (pair.getPublic() != null) + setPublicKey(pair.getPublic()); + else + throw new InvalidParameterException(); + + } + catch (KeyManagementException kme) + { + throw new KeyException(); + } + + if (pair.getPrivate() != null) + privateKey = pair.getPrivate(); + else + throw new InvalidParameterException(); + } + + /** @returns a string representing this <code>Signer</code>. */ + public String toString() + { + return (getName() + ": " + privateKey); + } +} diff --git a/libjava/classpath/java/security/UnrecoverableKeyException.java b/libjava/classpath/java/security/UnrecoverableKeyException.java new file mode 100644 index 000000000..6759c3c7b --- /dev/null +++ b/libjava/classpath/java/security/UnrecoverableKeyException.java @@ -0,0 +1,71 @@ +/* UnrecoverableKeyException.java -- Cannot recover a key from the key store + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when a key cannot be recovered from the key + * store. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.2 + * @status updated to 1.4 + */ +public class UnrecoverableKeyException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 7275063078190151277L; + + /** + * Create an instance with no descriptive error message. + */ + public UnrecoverableKeyException() + { + } + + /** + * Create an instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public UnrecoverableKeyException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/UnresolvedPermission.java b/libjava/classpath/java/security/UnresolvedPermission.java new file mode 100644 index 000000000..449454aaf --- /dev/null +++ b/libjava/classpath/java/security/UnresolvedPermission.java @@ -0,0 +1,345 @@ +/* UnresolvedPermission.java -- Placeholder for unresolved permissions + Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +// All uses of Certificate in this file refer to the one in the listed +// package, not this one. +import java.security.cert.Certificate; +import java.util.Arrays; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.NoSuchElementException; +import java.util.Vector; + +/** + * This class is used to hold instances of all permissions that cannot + * be resolved to available permission classes when the security + * <code>Policy</code> object is instantiated. This may happen when the + * necessary security class has not yet been downloaded from the network. + * + * <p>Instances of this class are re-resolved when + * <code>AccessController</code> check is done. At that time, a scan is + * made of all existing <code>UnresolvedPermission</code> objects and they + * are converted to objects of the appropriate permission type if the class + * for that type is then available. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Permission + * @see Permissions + * @see PermissionCollection + * @see Policy + * @since 1.1 + * @status updated to 1.4 + */ +public final class UnresolvedPermission extends Permission +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -4821973115467008846L; + + /** + * The list of actions associated with this permission object. + * + * @serial the permission actions + */ + private final String actions; + + /** + * The list of <code>Certificates</code> associated with this object. + */ + private final transient Certificate[] certs; + + /** + * The name of the class this object should be resolved to. + * + * @serial the fully-qualified classname of the resolved type + */ + // Package visible for use by UnresolvedPermissionCollection. + final String type; + + /** + * The name of the permission. + * + * @serial the permission name + */ + private final String name; + + /** + * Create a new instance with all the information necessary to resolve it + * to an instance of the proper class at a future time. + * + * @param type the fully-qualified name of the class of this permission + * @param name the name of this permission + * @param actions the action list for this permission + * @param certs the list of certificates that sign this permission + */ + public UnresolvedPermission(String type, String name, String actions, + Certificate[] certs) + { + super(name); + this.name = name; + this.type = type; + this.actions = actions; + this.certs = certs; + } + + /** + * This method returns <code>false</code> always to indicate that this + * permission does not imply the specified permission. An + * <code>UnresolvedPermission</code> never grants any permissions. + * + * @param perm the <code>Permission</code> object to test + * @return false; until a permission is resolved, it implies nothing + */ + public boolean implies(Permission perm) + { + return false; + } + + /** + * This method tests this permission for equality against the specified + * <code>Object</code>. This will be true if and only if the following + * conditions are met:<ul> + * <li>The specified <code>Object</code> is an UnresolvedPermission</li> + * <li>The specified permission has the same type (i.e., desired class name) + * as this permission.</li> + * <li>The specified permission has the same name as this one.</li> + * <li>The specified permissoin has the same action list as this one.</li> + * <li>The specified permission has the same certificate list as this + * one.</li> + * </ul> + * + * @param obj the <code>Object</code> to test for equality + * @return true if the specified object is equal to this one + */ + public boolean equals(Object obj) + { + if (! (obj instanceof UnresolvedPermission)) + return (false); + UnresolvedPermission up = (UnresolvedPermission) obj; + return up.name.equals(name) && up.actions.equals(actions) + && up.type.equals(type) && Arrays.equals(up.certs, certs); + } + + /** + * Returns a hash code value for this object. Following the lead of + * Permission, this returns the hashcode of the permission name. + * + * @return A hash value + */ + public int hashCode() + { + return name.hashCode(); + } + + /** + * This method returns the list of actions associated with this + * permission. + * + * @return the action list + */ + public String getActions() + { + return actions; + } + + /** + * This method returns a <code>String</code> representation of this + * class. The format is: '(unresolved "ClassName "name" "actions")' + * + * @return <code>String</code> representation of this object + */ + public String toString() + { + return "(unresolved " + type + ' ' + name + ' ' + actions + ')'; + } + + /** + * This class returns a <code>PermissionCollection</code> object that can + * be used to store instances of <code>UnresolvedPermission</code>. + * + * @return a new <code>PermissionCollection</code> + */ + public PermissionCollection newPermissionCollection() + { + return new UnresolvedPermissionCollection(); + } + + /** + * Return the name of the class of the unresolved permission. + * @since 1.5 + */ + public String getUnresolvedType() + { + return type; + } + + /** + * Return the name of the unresolved permission. + * @since 1.5 + */ + public String getUnresolvedName() + { + return name; + } + + /** + * Return the actions of the unresolved permission, or null + * if there are no actions. + * @since 1.5 + */ + public String getUnresolvedActions() + { + return actions; + } + + /** + * Return the certificates of the unresolved permission. + * If there are no certificates, null is returned. Otherwise, + * a new array is returned. + * @since 1.5 + */ + public Certificate[] getUnresolvedCerts() + { + if (certs == null) + return null; + return (Certificate[]) certs.clone(); + } +} // class UnresolvedPermission + +/** + * Implements the permission collection for unresolved permissions, and + * obeys serialization of JDK. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ +class UnresolvedPermissionCollection extends PermissionCollection +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -7176153071733132400L; + + // Package-private to avoid a trampoline. + /** + * Hashtable where we store permissions. + * + * @serial map of typename to a Vector of permissions (you'd think Sun + * would document this better!) + */ + final Hashtable permissions = new Hashtable(); + + /** + * Add a permission. + * + * @param perm the permission to add + * @throws IllegalArgumentException if perm is not an UnresolvedPermission + * @throws SecurityException if the collection is read-only + */ + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException(); + if (! (perm instanceof UnresolvedPermission)) + throw new IllegalArgumentException(); + UnresolvedPermission up = (UnresolvedPermission) perm; + Vector v = (Vector) permissions.get(up.type); + if (v == null) + { + v = new Vector(); + permissions.put(up.type, v); + } + v.add(up); + } + + /** + * Returns true if perm is implied by the collection. + * + * @param perm the permission to check + * @return false; unresolved permissions imply nothing + */ + public boolean implies(Permission perm) + { + return false; + } + + /** + * Return the elements. + * + * @return the elements + */ + public Enumeration elements() + { + return new Enumeration() + { + Enumeration main_enum = permissions.elements(); + Enumeration sub_enum; + + public boolean hasMoreElements() + { + if (sub_enum == null) + { + if (main_enum == null) + return false; + if (! main_enum.hasMoreElements()) + { + main_enum = null; + return false; + } + Vector v = (Vector) main_enum.nextElement(); + sub_enum = v.elements(); + } + if (! sub_enum.hasMoreElements()) + { + sub_enum = null; + return hasMoreElements(); + } + return true; + } + + public Object nextElement() + { + if (! hasMoreElements()) + throw new NoSuchElementException(); + return sub_enum.nextElement(); + } + }; + } +} // class UnresolvedPermissionCollection diff --git a/libjava/classpath/java/security/acl/Acl.java b/libjava/classpath/java/security/acl/Acl.java new file mode 100644 index 000000000..10a59fdf5 --- /dev/null +++ b/libjava/classpath/java/security/acl/Acl.java @@ -0,0 +1,153 @@ +/* Acl.java -- An access control list + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +import java.security.Principal; +import java.util.Enumeration; + +/** + * A Java access control list (ACL) is a group of individual ACL entries. + * These entries consist of a <code>Principal</code> and a list of + * permissions this <code>Principal</code> is either granted or denied. + * A given <code>Principal</code> can have at most one positive ACL entry + * (i.e., one that grants permissions) and one negative ACL entry (i.e., one + * that denies permissions). If a given permission is both granted and + * denied, the ACL treats it as if it were never granted or denied. If + * both a <code>Principal</code> and a <code>Group</code> to which the + * <code>Principal</code> belongs have an ACL entry, the permissions for + * the individual <code>Principal</code> take precedence over the + * permissions of the <code>Group</code> if there is a conflict. + * <p> + * Additionally, the ACL interface extends the <code>Owner</code> interface + * and so an ACL has owners. Actions which modify the ACL are restricted + * to owners. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface Acl extends Owner +{ + + /** + * This method returns the name of this ACL. + * + * @return The name of this ACL + */ + String getName(); + + /** + * This method sets the name of the ACL + * + * @param caller The <code>Principal</code> requesting the action. + * @param name The new name for this ACL. + * + * @exception NotOwnerException If the caller is not an owner of this ACL. + */ + void setName(Principal caller, String name) + throws NotOwnerException; + + /** + * This method adds the specified entry to the ACL + * + * @param caller The <code>Principal</code> requesting the addition + * @param entry The ACL entry to add + * + * @return <code>true</code> if the entry was added, <code>false</code> + * if there is already an entry of the same type for the + * <code>Principal</code>. + * + * @exception NotOwnerException If the caller is not an owner of this ACL. + */ + boolean addEntry(Principal caller, AclEntry entry) + throws NotOwnerException; + + /** + * This method delets the specified entry from the ACL + * + * @param caller The <code>Principal</code> requesting the deletion. + * @param entry The ACL entry to delete + * + * @return <code>true</code> if the entry was deleted, or <code>false</code> + * if this entry was not part of the ACL to begin with + * + * @exception NotOwnerException If the caller is not an owner of this ACL. + */ + boolean removeEntry(Principal caller, AclEntry entry) + throws NotOwnerException; + + /** + * This method returns a list of all the entries in the ACL as an + * <code>Enumeration</code>. + * + * @return An enumeration of the ACL entries + */ + Enumeration<AclEntry> entries(); + + /** + * This method tests whether or not the specified <code>Principal</code> + * has the specified <code>Permission</code> + * + * @param user The <code>Principal</code> to test + * @param perm The <code>Permission</code> to test for + * + * @return <code>true</code> if the user has been granted the permission, + * <code>false</code> otherwise + */ + boolean checkPermission(Principal user, Permission perm); + + /** + * This method returns a list of <code>Permission</code>'s that are granted + * to a particular <code>Principal</code>. This includes any permissions + * that are granted to <code>Group</code>'s to which the <code>Principal</code> + * belongs unless they are overridden by a negative ACL. This permission + * list is returned as an <code>Enumeration</code>. + * + * @param user The <code>Principal</code> to retrieve permissions for. + * + * @return A list of permissions for the <code>Principal</code>. + */ + Enumeration<Permission> getPermissions(Principal user); + + /** + * This method returns the ACL as a <code>String</code> + * + * @return A <code>String</code> representation of this ACL + */ + String toString(); +} diff --git a/libjava/classpath/java/security/acl/AclEntry.java b/libjava/classpath/java/security/acl/AclEntry.java new file mode 100644 index 000000000..47154b285 --- /dev/null +++ b/libjava/classpath/java/security/acl/AclEntry.java @@ -0,0 +1,143 @@ +/* AclEntry.java -- An entry in an ACL list. + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +import java.security.Principal; +import java.util.Enumeration; + +/** + * This interface models an entry in an access control list (ACL). Java + * ACL's consist of a list of entries, where each consists of a + * <code>Principal</code> and a list of <code>Permission</code>'s which + * have been granted to that <code>Principal</code>. An ACL can also + * be <em>negative</em>, which indicates that the list of + * <code>Permission</code>'s is a list of permissions that are <em>not</em> + * granted to the <code>Principal</code>. A <code>Principal</code> can + * have at most one regular (or positive) ACL entry and one negative + * ACL entry. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface AclEntry extends Cloneable +{ + /** + * This method returns the <code>Principal</code> associated with this + * ACL entry. + * + * @return The <code>Principal</code> for this ACL entry + */ + Principal getPrincipal(); + + /** + * This method sets ths <code>Principal</code> associated with this + * ACL entry. This operation will only succeed if there is not already + * a <code>Principal</code> assigned. + * + * @param user The <code>Principal</code> for this ACL entry + * + * @return <code>true</code> if the <code>Principal</code> was successfully set or <code>false</code> if this entry already has a <code>Principal</code>. + */ + boolean setPrincipal(Principal user); + + /** + * This method sets this ACL entry to be a <em>negative</em> entry, indicating + * that it contains a list of permissions that are <em>not</em> granted + * to the entry's <code>Principal</code>. Note that there is no way to + * undo this operation. + */ + void setNegativePermissions(); + + /** + * This method tests whether or not this ACL entry is a negative entry or not. + * + * @return <code>true</code> if this ACL entry is negative, <code>false</code> otherwise + */ + boolean isNegative(); + + /** + * This method adds the specified permission to this ACL entry. + * + * @param permission The <code>Permission</code> to add + * + * @return <code>true</code> if the permission was added or <code>false</code> if it was already set for this entry + */ + boolean addPermission(Permission permission); + + /** + * This method deletes the specified permission to this ACL entry. + * + * @param perm The <code>Permission</code> to delete from this ACL entry. + * + * @return <code>true</code> if the permission was successfully deleted or <code>false</code> if the permission was not part of this ACL to begin with + */ + boolean removePermission(Permission perm); + + /** + * This method tests whether or not the specified permission is associated + * with this ACL entry. + * + * @param permission The <code>Permission</code> to test + * + * @return <code>true</code> if this permission is associated with this entry or <code>false</code> otherwise + */ + boolean checkPermission(Permission permission); + + /** + * This method returns a list of all <code>Permission</code> objects + * associated with this ACL entry as an <code>Enumeration</code>. + * + * @return A list of permissions for this ACL entry + */ + Enumeration<Permission> permissions(); + + /** + * This method returns this object as a <code>String</code>. + * + * @return A <code>String</code> representation of this object + */ + String toString(); + + /** + * This method returns a clone of this ACL entry + * + * @return A clone of this ACL entry + */ + Object clone(); +} diff --git a/libjava/classpath/java/security/acl/AclNotFoundException.java b/libjava/classpath/java/security/acl/AclNotFoundException.java new file mode 100644 index 000000000..9a16d9c50 --- /dev/null +++ b/libjava/classpath/java/security/acl/AclNotFoundException.java @@ -0,0 +1,60 @@ +/* AclNotFoundException.java -- thrown when an ACL is not found + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +/** + * This exception is thrown when a requested access control list (ACL) is + * not found. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class AclNotFoundException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5684295034092681791L; + + /** + * Initializes a new instance of this class with no descriptive message + */ + public AclNotFoundException() + { + } +} diff --git a/libjava/classpath/java/security/acl/Group.java b/libjava/classpath/java/security/acl/Group.java new file mode 100644 index 000000000..a0df75526 --- /dev/null +++ b/libjava/classpath/java/security/acl/Group.java @@ -0,0 +1,90 @@ +/* Group.java -- Represents a group of Principals + Copyright (C) 1998, 2001 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +import java.security.Principal; +import java.util.Enumeration; + +/** + * This interface represents a group of <code>Principals</code>. Note that + * since this interface extends <code>Principal</code>, a <code>Group</code> + * can be used where ever a <code>Principal</code> is requested. This + * includes arguments to the methods in this interface. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface Group extends Principal +{ + /** + * This method adds a new <code>Principal</code> to this group. + * + * @param user The new <code>Principal</code> to add + * + * @return <code>true</code> if the user was successfully added or <code>false</code> if the user is already a member + */ + boolean addMember(Principal user); + + /** + * This method deletes a member from the group. + * + * @param user The <code>Principal</code> to delete + * + * @return <code>true</code> if the user was successfully deleted or <code>false</code> if the user is not a member of the group + */ + boolean removeMember(Principal user); + + /** + * This method tests whether or not a given <code>Principal</code> is a + * member of this group. + * + * @param member The <code>Principal</code> to test for membership + * + * @return <code>true</code> if the user is member, <code>false</code> otherwise + */ + boolean isMember(Principal member); + + /** + * This method returns a list of all members of the group as an + * <code>Enumeration</code>. + * + * @return The list of all members of the group + */ + Enumeration<? extends Principal> members(); +} diff --git a/libjava/classpath/java/security/acl/LastOwnerException.java b/libjava/classpath/java/security/acl/LastOwnerException.java new file mode 100644 index 000000000..952724459 --- /dev/null +++ b/libjava/classpath/java/security/acl/LastOwnerException.java @@ -0,0 +1,62 @@ +/* LastOwnerException.java -- User attempted to delete last ACL owner + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +/** + * This exception is thrown when an attempt is made to delete the last owner + * of an access control list (ACL) + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Owner#deleteOwner(java.security.Principal, java.security.Principal) + * @status updated to 1.4 + */ +public class LastOwnerException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -5141997548211140359L; + + /** + * Initialize a new instance of <code>LastOwnerException</code> that does + * not have a log message. + */ + public LastOwnerException() + { + } +} diff --git a/libjava/classpath/java/security/acl/NotOwnerException.java b/libjava/classpath/java/security/acl/NotOwnerException.java new file mode 100644 index 000000000..bea94763e --- /dev/null +++ b/libjava/classpath/java/security/acl/NotOwnerException.java @@ -0,0 +1,62 @@ +/* NotOwnerException.java -- Attempt to modify an unowned ACL + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +/** + * This exception is thrown whenever an operation is attempted that requires + * the caller to be the owner of the access control list (ACL) when the caller + * is in fact not the owner of the ACL. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class NotOwnerException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -5555597911163362399L; + + /** + * Initializes a new instance of <code>NotOwnerException</code> that does + * not have a descriptive message. + */ + public NotOwnerException() + { + } +} diff --git a/libjava/classpath/java/security/acl/Owner.java b/libjava/classpath/java/security/acl/Owner.java new file mode 100644 index 000000000..c671cd362 --- /dev/null +++ b/libjava/classpath/java/security/acl/Owner.java @@ -0,0 +1,95 @@ +/* Owner.java -- ACL owner + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +import java.security.Principal; + +/** + * This interface provides a mechanism for maintaining a list of owners + * of an access control list (ACL). Since a <code>Principal</code> must + * be an owner in order to modify the owner list, a mechanism must be + * provided to specify the initial owner of the ACL. The proper way to do + * this is for the implementing class to specify the initial owner in + * the contructor for that class. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface Owner +{ + /** + * This method adds an owner to the access control list (ACL). Only a + * <code>Principal</code> who is already an owner can perform this operation. + * + * @param caller The <code>Principal</code> who is requesting that an owner be added + * @param owner The <code>Principal</code> to add as a new owner + * + * @param <code>true</code> if the new owner was successfully added or <code>false</code> if the specified new owner is already an owner + * + * @exception NotOwnerException If the caller is not already an owner of this ACL + */ + boolean addOwner(Principal caller, Principal owner) + throws NotOwnerException; + + /** + * This method delets an owner from the access control list (ACL). Only a + * <code>Principal</code> who is an owner can perform this operation. An + * owner can delete itself from the list. If there is only one + * owner remaining on this list, any attempt to delete it will throw an + * exception. + * + * @param caller The <code>Principal</code> who is requesting that an owner be deleted + * @param owner The <code>Principal</code> to delete as an owner + * + * @param <code>true</code> if the new owner was successfully deleted or <code>false</code> if the specified owner is not currently an owner + * + * @exception NotOwnerException If the caller is not already an owner of this ACL + * @exception LastOwnerException If completing the operation would delete the last ACL owner + */ + boolean deleteOwner(Principal caller, Principal owner) + throws NotOwnerException, LastOwnerException; + + /** + * This method tests whether or not a given <code>Principal</code> is an + * owner of this access control list (ACL). + * + * @return <code>true</code> if the <code>Principal</code> is an owner, <code>false</code> otherwise + */ + boolean isOwner(Principal owner); +} diff --git a/libjava/classpath/java/security/acl/Permission.java b/libjava/classpath/java/security/acl/Permission.java new file mode 100644 index 000000000..e5ba29138 --- /dev/null +++ b/libjava/classpath/java/security/acl/Permission.java @@ -0,0 +1,67 @@ +/* Permission.java -- Information about an ACL permission + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +/** + * This interface provides information about a permission that can be + * granted. Note that this is <em>not</em> the same as the class + * <code>java.security.Permission</code>. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface Permission +{ + /** + * This method tests whether or not a specified <code>Permission</code> + * (passed as an <code>Object</code>) is the same as this permission. + * + * @param perm The permission to check for equality + * + * @return <code>true</code> if the specified permission is the same as this one, <code>false</code> otherwise + */ + boolean equals (Object perm); + + /** + * This method returns this <code>Permission</code> as a <code>String</code>. + * + * @return A <code>String</code> representing this permission. + */ + String toString(); +} diff --git a/libjava/classpath/java/security/acl/package.html b/libjava/classpath/java/security/acl/package.html new file mode 100644 index 000000000..19facf190 --- /dev/null +++ b/libjava/classpath/java/security/acl/package.html @@ -0,0 +1,46 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in java.security.acl package. + Copyright (C) 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head><title>GNU Classpath - java.security.acl</title></head> + +<body> +<p></p> + +</body> +</html> diff --git a/libjava/classpath/java/security/cert/CRL.java b/libjava/classpath/java/security/cert/CRL.java new file mode 100644 index 000000000..1eaa70fa9 --- /dev/null +++ b/libjava/classpath/java/security/cert/CRL.java @@ -0,0 +1,98 @@ +/* CRL.java --- Certificate Revocation List + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + Certificate Revocation List class for managing CRLs that + have different formats but the same general use. They + all serve as lists of revoked certificates and can + be queried for a given certificate. + + Specialized CRLs extend this class. + + @author Mark Benvenuto + + @since JDK 1.2 +*/ +public abstract class CRL +{ + + private String type; + + /** + Creates a new CRL for the specified type. An example + is "X.509". + + @param type the standard name for the CRL type. + */ + protected CRL(String type) + { + this.type = type; + } + + /** + Returns the CRL type. + + @return a string representing the CRL type + */ + public final String getType() + { + return type; + } + + /** + Returns a string representing the CRL. + + @return a string representing the CRL. + */ + public abstract String toString(); + + /** + Determines whether or not the specified Certificate + is revoked. + + @param cert A certificate to check if it is revoked + + @return true if the certificate is revoked, + false otherwise. + */ + public abstract boolean isRevoked(Certificate cert); + + +} diff --git a/libjava/classpath/java/security/cert/CRLException.java b/libjava/classpath/java/security/cert/CRLException.java new file mode 100644 index 000000000..10171c418 --- /dev/null +++ b/libjava/classpath/java/security/cert/CRLException.java @@ -0,0 +1,95 @@ +/* CRLException.java -- Certificate Revocation List Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.GeneralSecurityException; + +/** + * Exception for a Certificate Revocation List. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.5 +*/ +public class CRLException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = -6694728944094197147L; + + /** + * Constructs an CRLExceptionwithout a message string. + */ + public CRLException() + { + } + + /** + * Constructs an CRLException with a message string. + * + * @param msg a message to display with exception + */ + public CRLException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public CRLException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public CRLException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/cert/CRLSelector.java b/libjava/classpath/java/security/cert/CRLSelector.java new file mode 100644 index 000000000..6cd657c7f --- /dev/null +++ b/libjava/classpath/java/security/cert/CRLSelector.java @@ -0,0 +1,69 @@ +/* CRLSelector.java -- matches CRLs against criteria. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * A generic interface to classes that match certificate revocation + * lists (CRLs) to some given criteria. Implementations of this + * interface are useful for finding {@link CRL} objects in a {@link + * CertStore}. + * + * @see CertStore + * @see CertSelector + * @see X509CRLSelector + */ +public interface CRLSelector extends Cloneable +{ + + /** + * Returns a clone of this instance. + * + * @return The clone. + */ + Object clone(); + + /** + * Match a given certificate revocation list to this selector's + * criteria, returning true if it matches, false otherwise. + * + * @param crl The certificate revocation list to test. + * @return The boolean result of this test. + */ + boolean match(CRL crl); +} diff --git a/libjava/classpath/java/security/cert/CertPath.java b/libjava/classpath/java/security/cert/CertPath.java new file mode 100644 index 000000000..7211647a4 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPath.java @@ -0,0 +1,254 @@ +/* CertPath.java -- a sequence of certificates + Copyright (C) 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import java.io.ByteArrayInputStream; +import java.io.NotSerializableException; +import java.io.ObjectStreamException; +import java.io.Serializable; +import java.util.Iterator; +import java.util.List; + +/** + * This class represents an immutable sequence, or path, of security + * certificates. The path type must match the type of each certificate in the + * path, or in other words, for all instances of cert in a certpath object, + * <code>cert.getType().equals(certpath.getType())</code> will return true. + * + * <p>Since this class is immutable, it is thread-safe. During serialization, + * the path is consolidated into a {@link CertPathRep}, which preserves the + * data regardless of the underlying implementation of the path. + * + * @author Eric Blake (ebb9@email.byu.edu) + * @since 1.4 + * @status updated to 1.4 + */ +public abstract class CertPath implements Serializable +{ + /** + * The serialized representation of a path. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ + protected static class CertPathRep implements Serializable + { + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = 3015633072427920915L; + + /** + * The certificate type. + * + * @serial the type of the certificate path + */ + private final String type; + + /** + * The encoded form of the path. + * + * @serial the encoded form + */ + private final byte[] data; + + /** + * Create the new serial representation. + * + * @param type the path type + * @param data the encoded path data + */ + protected CertPathRep(String type, byte[] data) + { + this.type = type; + this.data = data; + } + + /** + * Decode the data into an actual {@link CertPath} upon deserialization. + * + * @return the replacement object + * @throws ObjectStreamException if replacement fails + */ + protected Object readResolve() throws ObjectStreamException + { + try + { + return CertificateFactory.getInstance(type) + .generateCertPath(new ByteArrayInputStream(data)); + } + catch (CertificateException e) + { + throw (ObjectStreamException) + new NotSerializableException("java.security.cert.CertPath: " + + type).initCause(e); + } + } + } // class CertPathRep + + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = 6068470306649138683L; + + /** + * The path type. + * + * @serial the type of all certificates in this path + */ + private final String type; + + /** + * Create a certificate path with the given type. Most code should use + * {@link CertificateFactory} to create CertPaths. + * + * @param type the type of the path + */ + protected CertPath(String type) + { + this.type = type; + } + + /** + * Get the (non-null) type of all certificates in the path. + * + * @return the path certificate type + */ + public String getType() + { + return type; + } + + /** + * Get an immutable iterator over the path encodings (all String names), + * starting with the default encoding. The iterator will throw an + * <code>UnsupportedOperationException</code> if an attempt is made to + * remove items from the list. + * + * @return the iterator of supported encodings in the path + */ + public abstract Iterator<String> getEncodings(); + + /** + * Compares this path to another for semantic equality. To be equal, both + * must be instances of CertPath, with the same type, and identical + * certificate lists. Overriding classes must not change this behavior. + * + * @param o the object to compare to + * @return true if the two are equal + */ + public boolean equals(Object o) + { + if (! (o instanceof CertPath)) + return false; + CertPath cp = (CertPath) o; + return type.equals(cp.type) + && getCertificates().equals(cp.getCertificates()); + } + + /** + * Returns the hashcode of this certificate path. This is defined as:<br> + * <code>31 * getType().hashCode() + getCertificates().hashCode()</code>. + * + * @return the hashcode + */ + public int hashCode() + { + return 31 * type.hashCode() + getCertificates().hashCode(); + } + + public String toString() + { + List l = getCertificates(); + int size = l.size(); + int i = 0; + CPStringBuilder result = new CPStringBuilder(type); + result.append(" Cert Path: length = ").append(size).append(".\n[\n"); + while (--size >= 0) + result.append(l.get(i++)).append('\n'); + return result.append("\n]").toString(); + } + + /** + * Returns the encoded form of this path, via the default encoding. + * + * @return the encoded form + * @throws CertificateEncodingException if encoding fails + */ + public abstract byte[] getEncoded() throws CertificateEncodingException; + + /** + * Returns the encoded form of this path, via the specified encoding. + * + * @param encoding the encoding to use + * @return the encoded form + * @throws CertificateEncodingException if encoding fails or does not exist + */ + public abstract byte[] getEncoded(String encoding) + throws CertificateEncodingException; + + /** + * Returns the immutable, thread-safe list of certificates in this path. + * + * @return the list of certificates, non-null but possibly empty + */ + public abstract List<? extends Certificate> getCertificates(); + + /** + * Serializes the path in its encoded form, to ensure reserialization with + * the appropriate factory object without worrying about list implementation. + * The result will always be an instance of {@link CertPathRep}. + * + * @return the replacement object + * @throws ObjectStreamException if the replacement creation fails + */ + protected Object writeReplace() throws ObjectStreamException + { + try + { + return new CertPathRep(type, getEncoded()); + } + catch (CertificateEncodingException e) + { + throw (ObjectStreamException) + new NotSerializableException("java.security.cert.CertPath: " + + type).initCause(e); + } + } +} // class CertPath diff --git a/libjava/classpath/java/security/cert/CertPathBuilder.java b/libjava/classpath/java/security/cert/CertPathBuilder.java new file mode 100644 index 000000000..47bae6db8 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathBuilder.java @@ -0,0 +1,251 @@ +/* CertPathBuilder.java -- bulids CertPath objects from Certificates. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.Security; + +/** + * This class builds certificate paths (also called certificate chains), + * which can be used to establish trust for a particular certificate by + * building a path from a trusted certificate (a trust anchor) to the + * untrusted certificate. + * + * @see CertPath + */ +public class CertPathBuilder +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertPathBuilder. */ + private static final String CERT_PATH_BUILDER = "CertPathBuilder"; + + /** The underlying implementation. */ + private CertPathBuilderSpi cpbSpi; + + /** The provider of this implementation. */ + private Provider provider; + + /** The name of this implementation. */ + private String algorithm; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathBuilder. + * + * @param cpbSpi The underlying implementation. + * @param provider The provider of the implementation. + * @param algorithm This implementation's name. + */ + protected CertPathBuilder(CertPathBuilderSpi cpbSpi, Provider provider, + String algorithm) + { + this.cpbSpi = cpbSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Get the default cert path builder type. + * + * <p>This value can be set at run-time by the security property + * <code>"certpathbuilder.type"</code>. If this property is not set, + * then the value returned is <code>"PKIX"</code>. + * + * @return The default CertPathBuilder algorithm. + */ + public static final String getDefaultType() + { + String type = Security.getProperty("certpathbuilder.type"); + if (type == null) + type = "PKIX"; + return type; + } + + /** + * Returns an instance of a named <code>CertPathBuilder</code> from the + * first provider that implements it. + * + * @param algorithm The name of the <code>CertPathBuilder</code> to create. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider implements the + * named algorithm. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static CertPathBuilder getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of a named <code>CertPathBuilder</code> from a named + * provider. + * + * @param algorithm The name of the <code>CertPathBuilder</code> to create. + * @param provider The name of the provider to use. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider implements the + * named algorithm. + * @throws NoSuchProviderException If the named provider does not exist. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static CertPathBuilder getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of a named <code>CertPathBuilder</code> from the + * specified provider. + * + * @param algorithm The name of the <code>CertPathBuilder</code> to create. + * @param provider The provider to use. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider implements the + * named algorithm. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static CertPathBuilder getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("CertPathBuilder for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(CERT_PATH_BUILDER, algorithm, provider); + return new CertPathBuilder((CertPathBuilderSpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Return the name of this CertPathBuilder algorithm. + * + * @return The algorithm name. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Return the provider of this instance's implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Builds a certificate path. The {@link CertPathParameters} parameter + * passed to this method is implementation-specific, but in general + * should contain some number of certificates and some number of + * trusted certificates (or "trust anchors"). + * + * @param params The parameters. + * @retrun The certificate path result. + * @throws CertPathBuilderException If the certificate path cannot be + * built. + * @throws InvalidAlgorithmParameterException If the implementation + * rejects the specified parameters. + */ + public final CertPathBuilderResult build(CertPathParameters params) + throws CertPathBuilderException, InvalidAlgorithmParameterException + { + return cpbSpi.engineBuild(params); + } +} diff --git a/libjava/classpath/java/security/cert/CertPathBuilderException.java b/libjava/classpath/java/security/cert/CertPathBuilderException.java new file mode 100644 index 000000000..985151010 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathBuilderException.java @@ -0,0 +1,159 @@ +/* CertPathBuilderException.java -- wraps an exception during certificate + path building + Copyright (C) 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.PrintStream; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; + +/** + * Indicates a problem while using a <code>CertPathBuilder</code>, wrapping + * the lower exception. This class is not thread-safe. + * + * @author Eric Blake (ebb9@email.byu.edu) + * @see CertPathBuilder + * @since 1.4 + * @status updated to 1.4 +*/ +public class CertPathBuilderException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = 5316471420178794402L; + + /** + * Create an exception without a message. The cause may be initialized. + */ + public CertPathBuilderException() + { + } + + /** + * Create an exception with a message. The cause may be initialized. + * + * @param msg a message to display with exception + */ + public CertPathBuilderException(String msg) + { + super(msg); + } + + /** + * Create an exception with a cause. The message will be + * <code>cause == null ? null : cause.toString()</code>. + * + * @param cause the cause + */ + public CertPathBuilderException(Throwable cause) + { + this(cause == null ? null : cause.toString(), cause); + } + + /** + * Create an exception with a cause and a message. + * + * @param msg the message + * @param cause the cause + */ + public CertPathBuilderException(String msg, Throwable cause) + { + super(msg); + initCause(cause); + } + + /** + * Get the detail message. + * + * @return the detail message + */ + public String getMessage() + { + return super.getMessage(); + } + + /** + * Get the cause, null if unknown. + * + * @return the cause + */ + public Throwable getCause() + { + return super.getCause(); + } + + /** + * Convert this to a string, including its cause. + * + * @return the string conversion + */ + public String toString() + { + return super.toString(); + } + + /** + * Print the stack trace to <code>System.err</code>. + */ + public void printStackTrace() + { + super.printStackTrace(); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintStream stream) + { + super.printStackTrace(stream); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintWriter stream) + { + super.printStackTrace(stream); + } +} diff --git a/libjava/classpath/java/security/cert/CertPathBuilderResult.java b/libjava/classpath/java/security/cert/CertPathBuilderResult.java new file mode 100644 index 000000000..edae88f64 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathBuilderResult.java @@ -0,0 +1,63 @@ +/* CertPathBuilderResult -- results from building cert paths. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * A standard interface for the result of building a certificate path. + * All implementations of this class must provide a way to get the + * certificate path, but may also define additional methods for + * returning other result data generated by the certificate path + * builder. + */ +public interface CertPathBuilderResult extends Cloneable { + + /** + * Creates a copy of this builder result. + * + * @return The copy. + */ + Object clone(); + + /** + * Get the certificate path that was built. + * + * @retrn The certificate path. + */ + CertPath getCertPath(); +} diff --git a/libjava/classpath/java/security/cert/CertPathBuilderSpi.java b/libjava/classpath/java/security/cert/CertPathBuilderSpi.java new file mode 100644 index 000000000..afc7fc073 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathBuilderSpi.java @@ -0,0 +1,74 @@ +/* CertPathBuilderSpi -- CertPathBuilder service provider interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.cert; + +/** + * The {@link CertPathBuilder} <i>Service Provider Interface</i> + * (<b>SPI</b>). + * + * @see CertPathBuilder + */ +public abstract class CertPathBuilderSpi { + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathBuilderSpi. + */ + public CertPathBuilderSpi() { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Creates a certificate path from the specified parameters. + * + * @param params The parameters to use. + * @return The certificate path result. + * @throws CertPathBuilderException If the certificate path cannot be + * built. + * @throws java.security.InvalidAlgorithmParameterException If the + * implementation rejects the specified parameters. + */ + public abstract CertPathBuilderResult engineBuild(CertPathParameters params) + throws CertPathBuilderException, + java.security.InvalidAlgorithmParameterException; +} diff --git a/libjava/classpath/java/security/cert/CertPathParameters.java b/libjava/classpath/java/security/cert/CertPathParameters.java new file mode 100644 index 000000000..62a5cb6a6 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathParameters.java @@ -0,0 +1,58 @@ +/* CertPathParameters.java -- parameters for CertPathBuilder. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.cert; + +/** + * Parameters for generating and validating certificate paths. This + * class does not define any methods (except a required cloneable + * interface) and is provided only to provide type safety for + * implementations. Concrete implementations implement this interface + * in accord with thier own needs. + * + * @see CertPathBuilder + * @see CertPathValidator + */ +public interface CertPathParameters extends Cloneable { + + /** + * Makes a copy of this CertPathParameters instance. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/classpath/java/security/cert/CertPathValidator.java b/libjava/classpath/java/security/cert/CertPathValidator.java new file mode 100644 index 000000000..8bd7b58e8 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathValidator.java @@ -0,0 +1,264 @@ +/* CertPathValidator -- validates certificate paths. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.AccessController; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; + +/** + * Generic interface to classes that validate certificate paths. + * + * <p>Using this class is similar to all the provider-based security + * classes; the method of interest, {@link + * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}, + * which takes provider-specific implementations of {@link + * CertPathParameters}, and return provider-specific implementations of + * {@link CertPathValidatorResult}. + * + * @since JDK 1.4 + * @see CertPath + */ +public class CertPathValidator { + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertPathValidator. */ + private static final String CERT_PATH_VALIDATOR = "CertPathValidator"; + + /** The underlying implementation. */ + private final CertPathValidatorSpi validatorSpi; + + /** The provider of this implementation. */ + private final Provider provider; + + /** The algorithm's name. */ + private final String algorithm; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathValidator. + * + * @param validatorSpi The underlying implementation. + * @param provider The provider of the implementation. + * @param algorithm The algorithm name. + */ + protected CertPathValidator(CertPathValidatorSpi validatorSpi, + Provider provider, String algorithm) + { + this.validatorSpi = validatorSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Returns the default validator type. + * + * <p>This value may be set at run-time via the security property + * "certpathvalidator.type", or the value "PKIX" if this property is + * not set. + * + * @return The default validator type. + */ + public static synchronized String getDefaultType() { + String type = (String) AccessController.doPrivileged( + new PrivilegedAction() + { + public Object run() + { + return Security.getProperty("certpathvalidator.type"); + } + } + ); + if (type == null) + type = "PKIX"; + return type; + } + + /** + * Returns an instance of the given validator from the first provider that + * implements it. + * + * @param algorithm The name of the algorithm to get. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider implements the + * requested algorithm. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static CertPathValidator getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of the given validator from the named provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The name of the provider from which to get the + * implementation. + * @return The new instance. + * @throws NoSuchAlgorithmException If the named provider does not implement + * the algorithm. + * @throws NoSuchProviderException If no provider named <i>provider</i> is + * installed. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static CertPathValidator getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of the given validator from the given provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The provider from which to get the implementation. + * @return The new instance. + * @throws NoSuchAlgorithmException If the provider does not implement the + * algorithm. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static CertPathValidator getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("CertPathValidator for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider); + return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Return the name of this validator. + * + * @return This validator's name. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Return the provider of this implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Attempt to validate a certificate path. + * + * @param certPath The path to validate. + * @param params The algorithm-specific parameters. + * @return The result of this validation attempt. + * @throws CertPathValidatorException If the certificate path cannot + * be validated. + * @throws InvalidAlgorithmParameterException If this implementation + * rejects the specified parameters. + */ + public final CertPathValidatorResult validate(CertPath certPath, + CertPathParameters params) + throws CertPathValidatorException, InvalidAlgorithmParameterException + { + return validatorSpi.engineValidate(certPath, params); + } +} diff --git a/libjava/classpath/java/security/cert/CertPathValidatorException.java b/libjava/classpath/java/security/cert/CertPathValidatorException.java new file mode 100644 index 000000000..f3195be29 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathValidatorException.java @@ -0,0 +1,226 @@ +/* CertPathValidatorException.java -- wraps an exception during validation + of a CertPath + Copyright (C) 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.PrintStream; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; + +/** + * Indicates a problem while validating a certification path. In addition, + * it can store the path an index in that path that caused the problem. This + * class is not thread-safe. + * + * @author Eric Blake (ebb9@email.byu.edu) + * @see CertPathValidator + * @since 1.4 + * @status updated to 1.4 +*/ +public class CertPathValidatorException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = -3083180014971893139L; + + /** + * The index of the certificate path that failed, or -1. + * + * @serial the failed index + */ + private final int index; + + /** + * The <code>CertPath</code> that failed. + * + * @serial the object being validated at time of failure + */ + private final CertPath certPath; + + /** + * Create an exception without a message. The cause may be initialized. The + * index is set to -1 and the failed CertPath object to null. + */ + public CertPathValidatorException() + { + this((String) null); + } + + /** + * Create an exception with a message. The cause may be initialized. The + * index is set to -1 and the failed CertPath object to null. + * + * @param msg a message to display with exception + */ + public CertPathValidatorException(String msg) + { + super(msg); + index = -1; + certPath = null; + } + + /** + * Create an exception with a cause. The message will be + * <code>cause == null ? null : cause.toString()</code>. The index is set + * to -1 and the failed CertPath object to null. + * + * @param cause the cause + */ + public CertPathValidatorException(Throwable cause) + { + this(cause == null ? null : cause.toString(), cause, null, -1); + } + + /** + * Create an exception with a cause and a message. The index is set to -1 + * and the failed CertPath object to null. + * + * @param msg the message + * @param cause the cause + */ + public CertPathValidatorException(String msg, Throwable cause) + { + this(msg, cause, null, -1); + } + + /** + * Create an exception with a cause, message, failed object, and index of + * failure in that CertPath. + * + * @param msg the message + * @param cause the cause + * @param certPath the path that was being validated, or null + * @param index the index of the path, or -1 + * @throws IndexOutOfBoundsException if index is < -1 or + * > certPath.getCertificates().size() + * @throws IllegalArgumentException if certPath is null but index != -1 + */ + public CertPathValidatorException(String msg, Throwable cause, + CertPath certPath, int index) + { + super(msg); + initCause(cause); + if (index < -1 || (certPath != null + && index >= certPath.getCertificates().size())) + throw new IndexOutOfBoundsException(); + if ((certPath == null) != (index == -1)) + throw new IllegalArgumentException(); + this.certPath = certPath; + this.index = index; + } + + /** + * Get the detail message. + * + * @return the detail message + */ + public String getMessage() + { + return super.getMessage(); + } + + /** + * Get the certificate path that had the failure, or null. + * + * @return the culprit path + */ + public CertPath getCertPath() + { + return certPath; + } + + /** + * Get the index that failed, or -1. + * + * @return the colprit index + */ + public int getIndex() + { + return index; + } + + /** + * Get the cause, null if unknown. + * + * @return the cause + */ + public Throwable getCause() + { + return super.getCause(); + } + + /** + * Convert this to a string, including its cause. + * + * @return the string conversion + */ + public String toString() + { + return super.toString(); + } + + /** + * Print the stack trace to <code>System.err</code>. + */ + public void printStackTrace() + { + super.printStackTrace(); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintStream stream) + { + super.printStackTrace(stream); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintWriter stream) + { + super.printStackTrace(stream); + } +} diff --git a/libjava/classpath/java/security/cert/CertPathValidatorResult.java b/libjava/classpath/java/security/cert/CertPathValidatorResult.java new file mode 100644 index 000000000..0ccd1be78 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathValidatorResult.java @@ -0,0 +1,63 @@ +/* CertPathValidatorResult -- result of validating certificate paths + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Interface to the result of calling {@link + * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}. + * + * <p>This interface defines no methods other than the required + * {@link java.lang.Cloneable} interface, and is intended to group and + * provide type safety for validator results. Providers that implement + * a certificate path validator must also provide an implementation of + * this interface, possibly defining additional methods. + * + * @since JDK 1.4 + * @see CertPathValidator + */ +public interface CertPathValidatorResult extends Cloneable +{ + + /** + * Returns a copy of this validator result. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/classpath/java/security/cert/CertPathValidatorSpi.java b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java new file mode 100644 index 000000000..d4531e716 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java @@ -0,0 +1,81 @@ +/* CertPathValidatorSpi -- cert path validator service provider interface + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; + +/** + * The <i>service provider interface</i> (<b>SPI</b>) for the {@link + * CertPathValidator} class. Providers implementing certificate path + * validators must subclass this class and implement its abstract + * methods. + */ +public abstract class CertPathValidatorSpi +{ + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Default constructor. + */ + public CertPathValidatorSpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Attempt to validate a certificate path. + * + * @param certPath The path to validate. + * @param params The algorithm-specific parameters. + * @return The result of this validation attempt. + * @throws CertPathValidatorException If the certificate path cannot + * be validated. + * @throws InvalidAlgorithmParameterException If this implementation + * rejects the specified parameters. + */ + public abstract CertPathValidatorResult + engineValidate(CertPath certPath, CertPathParameters params) + throws CertPathValidatorException, + InvalidAlgorithmParameterException; +} diff --git a/libjava/classpath/java/security/cert/CertSelector.java b/libjava/classpath/java/security/cert/CertSelector.java new file mode 100644 index 000000000..4a2e7d921 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertSelector.java @@ -0,0 +1,58 @@ +/* CertSelector.java -- certificate selector interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +public interface CertSelector extends Cloneable +{ + + /** + * Returns a copy of this CertSelector. + * + * @return The copy. + */ + Object clone(); + + /** + * Match a certificate according to this selector's criteria. + * + * @param cert The certificate to match. + * @return true if the certificate matches thin criteria. + */ + boolean match(Certificate cert); +} diff --git a/libjava/classpath/java/security/cert/CertStore.java b/libjava/classpath/java/security/cert/CertStore.java new file mode 100644 index 000000000..630e96762 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertStore.java @@ -0,0 +1,305 @@ +/* CertStore -- stores and retrieves certificates. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; +import java.util.Collection; + +/** + * A CertStore is a read-only repository for certificates and + * certificate revocation lists. + * + * @since 1.4 + */ +public class CertStore +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertStore. */ + private static final String CERT_STORE = "CertStore"; + + /** The underlying implementation. */ + private CertStoreSpi storeSpi; + + /** This implementation's provider. */ + private Provider provider; + + /** The name of this key store type. */ + private String type; + + /** The parameters used to initialize this instance, if any. */ + private CertStoreParameters params; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Create a new CertStore. + * + * @param storeSpi The underlying implementation. + * @param provider The provider of this implementation. + * @param type The type of CertStore this class represents. + * @param params The parameters used to initialize this instance, if any. + */ + protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, + CertStoreParameters params) + { + this.storeSpi = storeSpi; + this.provider = provider; + this.type = type; + this.params = params; + } + +// Class methods. + // ------------------------------------------------------------------------ + + /** + * Returns the default certificate store type. + * + * <p>This value can be set at run-time via the security property + * "certstore.type"; if not specified than the default type will be + * "LDAP". + * + * @return The default CertStore type. + */ + public static final synchronized String getDefaultType() + { + String type = null; + type = (String) java.security.AccessController.doPrivileged( + new PrivilegedAction() { + public Object run() { + return Security.getProperty("certstore.type"); + } + } + ); + if (type == null) + type = "LDAP"; + return type; + } + + /** + * Returns an instance of the given certificate store type from the first + * installed provider. + * + * @param type The type of <code>CertStore</code> to create. + * @param params The parameters to initialize this cert store with. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects the + * specified parameters. + * @throws NoSuchAlgorithmException If no installed provider implements the + * specified CertStore. + * @throws IllegalArgumentException if <code>type</code> is + * <code>null</code> or is an empty string. + */ + public static CertStore getInstance(String type, CertStoreParameters params) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(type, params, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(type); + } + + /** + * Returns an instance of the given certificate store type from a named + * provider. + * + * @param type The type of <code>CertStore</code> to create. + * @param params The parameters to initialize this cert store with. + * @param provider The name of the provider to use. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects the + * specified parameters. + * @throws NoSuchAlgorithmException If the specified provider does not + * implement the specified CertStore. + * @throws NoSuchProviderException If no provider named <i>provider</i> is + * installed. + * @throws IllegalArgumentException if either <code>type</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>type</code> is an empty string. + */ + public static CertStore getInstance(String type, CertStoreParameters params, + String provider) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, + NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(type, params, p); + } + + /** + * Returns an instance of the given certificate store type from a given + * provider. + * + * @param type The type of <code>CertStore</code> to create. + * @param params The parameters to initialize this cert store with. + * @param provider The provider to use. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects + * the specified parameters. + * @throws NoSuchAlgorithmException If the specified provider does not + * implement the specified CertStore. + * @throws IllegalArgumentException if either <code>type</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>type</code> is an empty string. + */ + public static CertStore getInstance(String type, CertStoreParameters params, + Provider provider) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("CertStore of type [") + .append(type).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object[] args = new Object[] { params }; + Object spi = Engine.getInstance(CERT_STORE, type, provider, args); + return new CertStore((CertStoreSpi) spi, provider, type, params); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Return the type of certificate store this instance represents. + * + * @return The CertStore type. + */ + public final String getType() + { + return type; + } + + /** + * Return the provider of this implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Get the parameters this instance was created with, if any. The + * parameters will be cloned before they are returned. + * + * @return The parameters, or null. + */ + public final CertStoreParameters getCertStoreParameters() + { + return params != null ? (CertStoreParameters) params.clone() : null; + } + + /** + * Get a collection of certificates from this CertStore, optionally + * filtered by the specified CertSelector. The Collection returned may + * be empty, but will never be null. + * + * <p>Implementations may not allow a null argument, even if no + * filtering is desired. + * + * @param selector The certificate selector. + * @return The collection of certificates. + * @throws CertStoreException If the certificates cannot be retrieved. + */ + public final Collection<? extends Certificate> getCertificates(CertSelector selector) + throws CertStoreException + { + return storeSpi.engineGetCertificates(selector); + } + + /** + * Get a collection of certificate revocation lists from this CertStore, + * optionally filtered by the specified CRLSelector. The Collection + * returned may be empty, but will never be null. + * + * <p>Implementations may not allow a null argument, even if no + * filtering is desired. + * + * @param selector The certificate selector. + * @return The collection of certificate revocation lists. + * @throws CertStoreException If the CRLs cannot be retrieved. + */ + public final Collection<? extends CRL> getCRLs(CRLSelector selector) + throws CertStoreException + { + return storeSpi.engineGetCRLs(selector); + } +} diff --git a/libjava/classpath/java/security/cert/CertStoreException.java b/libjava/classpath/java/security/cert/CertStoreException.java new file mode 100644 index 000000000..a4d8b7a46 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertStoreException.java @@ -0,0 +1,159 @@ +/* CertStoreException.java -- wraps an exception during certificate storage + Copyright (C) 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.PrintStream; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; + +/** + * Indicates a problem while retrieving certificates and CRLs from + * <code>CertStore</code>, wrapping the lower exception. This class is not + * thread-safe. + * + * @author Eric Blake (ebb9@email.byu.edu) + * @see CertStore + * @since 1.4 + * @status updated to 1.4 +*/ +public class CertStoreException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = 2395296107471573245L; + + /** + * Create an exception without a message. The cause may be initialized. + */ + public CertStoreException() + { + } + + /** + * Create an exception with a message. The cause may be initialized. + * + * @param msg a message to display with exception + */ + public CertStoreException(String msg) + { + super(msg); + } + + /** + * Create an exception with a cause. The message will be + * <code>cause == null ? null : cause.toString()</code>. + * + * @param cause the cause + */ + public CertStoreException(Throwable cause) + { + this(cause == null ? null : cause.toString(), cause); + } + + /** + * Create an exception with a cause and a message. + * + * @param msg the message + * @param cause the cause + */ + public CertStoreException(String msg, Throwable cause) + { + super(msg); + initCause(cause); + } + + /** + * Get the detail message. + * + * @return the detail message + */ + public String getMessage() + { + return super.getMessage(); + } + + /** + * Get the cause, null if unknown. + * + * @return the cause + */ + public Throwable getCause() + { + return super.getCause(); + } + + /** + * Convert this to a string, including its cause. + * + * @return the string conversion + */ + public String toString() + { + return super.toString(); + } + + /** + * Print the stack trace to <code>System.err</code>. + */ + public void printStackTrace() + { + super.printStackTrace(); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintStream stream) + { + super.printStackTrace(stream); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintWriter stream) + { + super.printStackTrace(stream); + } +} diff --git a/libjava/classpath/java/security/cert/CertStoreParameters.java b/libjava/classpath/java/security/cert/CertStoreParameters.java new file mode 100644 index 000000000..71bcd6109 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertStoreParameters.java @@ -0,0 +1,60 @@ +/* CertStoreParameters -- interface to CertStore parameters. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Parameters used when creating instances of {@link CertStore}. This + * class does not define any methods (except a required cloneable + * interface) and is provided only to provide type safety for + * implementations. Concrete implementations implement this interface + * in accord with thier own needs. + * + * @see LDAPCertStoreParameters + * @see CollectionCertStoreParameters + */ +public interface CertStoreParameters extends Cloneable +{ + + /** + * Create a copy of these parameters. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/classpath/java/security/cert/CertStoreSpi.java b/libjava/classpath/java/security/cert/CertStoreSpi.java new file mode 100644 index 000000000..a47978a22 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertStoreSpi.java @@ -0,0 +1,103 @@ +/* CertStoreSpi -- certificate store service provider interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.util.Collection; + +/** + * The <i>service provider interface</i> (<b>SPI</b>) for the {@link + * CertStore} class. + * + * <p>Providers wishing to implement a CertStore must subclass this + * class, implementing all the abstract methods. Providers may also + * implement the {@link CertStoreParameters} interface, if they require + * parameters. + * + * @since 1.4 + * @see CertStore + * @see CollectionCertStoreParameters + * @see LDAPCertStoreParameters + */ +public abstract class CertStoreSpi +{ + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertStoreSpi. + * + * @param params The parameters to initialize this instance with, or + * null if no parameters are required. + * @throws InvalidAlgorithmParameterException If the specified + * parameters are inappropriate for this class. + */ + public CertStoreSpi(CertStoreParameters params) + throws InvalidAlgorithmParameterException + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Get the certificates from this store, filtering them through the + * specified CertSelector. + * + * @param selector The CertSelector to filter certificates. + * @return A (non-null) collection of certificates. + * @throws CertStoreException If the certificates cannot be retrieved. + */ + public abstract Collection<? extends Certificate> engineGetCertificates(CertSelector selector) + throws CertStoreException; + + /** + * Get the certificate revocation list from this store, filtering them + * through the specified CRLSelector. + * + * @param selector The CRLSelector to filter certificate revocation + * lists. + * @return A (non-null) collection of certificate revocation list. + * @throws CertStoreException If the CRLs cannot be retrieved. + */ + public abstract Collection<? extends CRL> engineGetCRLs(CRLSelector selector) + throws CertStoreException; +} diff --git a/libjava/classpath/java/security/cert/Certificate.java b/libjava/classpath/java/security/cert/Certificate.java new file mode 100644 index 000000000..be1713cbf --- /dev/null +++ b/libjava/classpath/java/security/cert/Certificate.java @@ -0,0 +1,306 @@ +/* Certificate.java --- Certificate class + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.ByteArrayInputStream; +import java.io.InvalidObjectException; +import java.io.ObjectStreamException; +import java.io.Serializable; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.SignatureException; + +/** + * The Certificate class is an abstract class used to manage + * identity certificates. An identity certificate is a + * combination of a principal and a public key which is + * certified by another principal. This is the puprose of + * Certificate Authorities (CA). + * + * <p>This class is used to manage different types of certificates + * but have important common puposes. Different types of + * certificates like X.509 and OpenPGP share general certificate + * functions (like encoding and verifying) and information like + * public keys. + * + * <p>X.509, OpenPGP, and SDSI can be implemented by subclassing this + * class even though they differ in storage methods and information + * stored. + * + * @see CertificateFactory + * @see X509Certificate + * @since JDK 1.2 + * @author Mark Benvenuto + * @author Casey Marshall + */ +public abstract class Certificate implements Serializable +{ + private static final long serialVersionUID = -3585440601605666277L; + + private String type; + + /** + Constructs a new certificate of the specified type. An example + is "X.509". + + @param type a valid standard name for a certificate. + */ + protected Certificate(String type) + { + this.type = type; + } + + /** + Returns the Certificate type. + + @return a string representing the Certificate type + */ + public final String getType() + { + return type; + } + + /** + Compares this Certificate to other. It checks if the + object if instanceOf Certificate and then checks if + the encoded form matches. + + @param other An Object to test for equality + + @return true if equal, false otherwise + */ + public boolean equals(Object other) + { + if( other instanceof Certificate ) { + try { + Certificate x = (Certificate) other; + if( getEncoded().length != x.getEncoded().length ) + return false; + + byte[] b1 = getEncoded(); + byte[] b2 = x.getEncoded(); + + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; + + } catch( CertificateEncodingException cee ) { + return false; + } + return true; + } + return false; + } + + /** + Returns a hash code for this Certificate in its encoded + form. + + @return A hash code of this class + */ + public int hashCode() + { + return super.hashCode(); + } + + /** + Gets the DER ASN.1 encoded format for this Certificate. + It assumes each certificate has only one encoding format. + Ex: X.509 is encoded as ASN.1 DER + + @return byte array containg encoded form + + @throws CertificateEncodingException if an error occurs + */ + public abstract byte[] getEncoded() throws CertificateEncodingException; + + /** + Verifies that this Certificate was properly signed with the + PublicKey that corresponds to its private key. + + @param key PublicKey to verify with + + @throws CertificateException encoding error + @throws NoSuchAlgorithmException unsupported algorithm + @throws InvalidKeyException incorrect key + @throws NoSuchProviderException no provider + @throws SignatureException signature error + */ + public abstract void verify(PublicKey key) + throws CertificateException, + NoSuchAlgorithmException, + InvalidKeyException, + NoSuchProviderException, + SignatureException; + + /** + Verifies that this Certificate was properly signed with the + PublicKey that corresponds to its private key and uses + the signature engine provided by the provider. + + @param key PublicKey to verify with + @param sigProvider Provider to use for signature algorithm + + @throws CertificateException encoding error + @throws NoSuchAlgorithmException unsupported algorithm + @throws InvalidKeyException incorrect key + @throws NoSuchProviderException incorrect provider + @throws SignatureException signature error + */ + public abstract void verify(PublicKey key, + String sigProvider) + throws CertificateException, + NoSuchAlgorithmException, + InvalidKeyException, + NoSuchProviderException, + SignatureException; + + /** + Returns a string representing the Certificate. + + @return a string representing the Certificate. + */ + public abstract String toString(); + + + /** + Returns the public key stored in the Certificate. + + @return The public key + */ + public abstract PublicKey getPublicKey(); + + // Protected methods. + // ------------------------------------------------------------------------ + + /** + * Returns a replacement for this certificate to be serialized. This + * method returns the equivalent to the following for this class: + * + * <blockquote> + * <pre>new CertificateRep(getType(), getEncoded());</pre> + * </blockquote> + * + * <p>This thusly replaces the certificate with its name and its + * encoded form, which can be deserialized later with the {@link + * CertificateFactory} implementation for this certificate's type. + * + * @return The replacement object to be serialized. + * @throws ObjectStreamException If the replacement could not be + * created. + */ + protected Object writeReplace() throws ObjectStreamException + { + try + { + return new CertificateRep(getType(), getEncoded()); + } + catch (CertificateEncodingException cee) + { + throw new InvalidObjectException(cee.toString()); + } + } + + // Inner class. + // ------------------------------------------------------------------------ + + /** + Certificate.CertificateRep is an inner class used to provide an alternate + storage mechanism for serialized Certificates. + */ + protected static class CertificateRep implements java.io.Serializable + { + + /** From JDK1.4. */ + private static final long serialVersionUID = -8563758940495660020L; + + /** The certificate type, e.g. "X.509". */ + private String type; + + /** The encoded certificate data. */ + private byte[] data; + + /** + * Create an alternative representation of this certificate. The + * <code>(type, data)</code> pair is typically the certificate's + * type as returned by {@link Certificate#getType()} (i.e. the + * canonical name of the certificate type) and the encoded form as + * returned by {@link Certificate#getEncoded()}. + * + * <p>For example, X.509 certificates would create an instance of + * this class with the parameters "X.509" and the ASN.1 + * representation of the certificate, encoded as DER bytes. + * + * @param type The certificate type. + * @param data The encoded certificate data. + */ + protected CertificateRep(String type, byte[] data) + { + this.type = type; + this.data = data; + } + + /** + * Deserialize this certificate replacement into the appropriate + * certificate object. That is, this method attempts to create a + * {@link CertificateFactory} for this certificate's type, then + * attempts to parse the encoded data with that factory, returning + * the resulting certificate. + * + * @return The deserialized certificate. + * @throws ObjectStreamException If there is no appropriate + * certificate factory for the given type, or if the encoded form + * cannot be parsed. + */ + protected Object readResolve() throws ObjectStreamException + { + try + { + CertificateFactory fact = CertificateFactory.getInstance(type); + return fact.generateCertificate(new ByteArrayInputStream(data)); + } + catch (Exception e) + { + throw new InvalidObjectException(e.toString()); + } + } + } +} diff --git a/libjava/classpath/java/security/cert/CertificateEncodingException.java b/libjava/classpath/java/security/cert/CertificateEncodingException.java new file mode 100644 index 000000000..3f871691d --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateEncodingException.java @@ -0,0 +1,93 @@ +/* CertificateEncodingException.java -- Certificate Encoding Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Exception for a Certificate Encoding. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.5 + */ +public class CertificateEncodingException extends CertificateException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 6219492851589449162L; + + /** + * Constructs an exception without a message string. + */ + public CertificateEncodingException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg A message to display with exception + */ + public CertificateEncodingException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public CertificateEncodingException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public CertificateEncodingException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateException.java b/libjava/classpath/java/security/cert/CertificateException.java new file mode 100644 index 000000000..8a6f383bb --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateException.java @@ -0,0 +1,96 @@ +/* CertificateException.java -- Certificate Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.GeneralSecurityException; + +/** + * Exception for a Certificate. + * + * @author Mark Benvenuto + * @see Certificate + * @since 1.2 + * @status updated to 1.5 + */ +public class CertificateException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 3192535253797119798L; + + /** + * Constructs an exception without a message string. + */ + public CertificateException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg a message to display with exception + */ + public CertificateException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public CertificateException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public CertificateException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateExpiredException.java b/libjava/classpath/java/security/cert/CertificateExpiredException.java new file mode 100644 index 000000000..5b37142b5 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateExpiredException.java @@ -0,0 +1,71 @@ +/* CertificateExpiredException.java --- Certificate Expired Exception + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Exception for a Certificate Expiring. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.4 + */ +public class CertificateExpiredException extends CertificateException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 9071001339691533771L; + + /** + * Constructs an exception without a message string. + */ + public CertificateExpiredException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg a message to display with exception + */ + public CertificateExpiredException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateFactory.java b/libjava/classpath/java/security/cert/CertificateFactory.java new file mode 100644 index 000000000..4fd5b3965 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateFactory.java @@ -0,0 +1,355 @@ +/* CertificateFactory.java -- Certificate Factory Class + Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.security.Engine; + +import java.io.InputStream; +import java.lang.reflect.InvocationTargetException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.Security; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +/** + * This class implements the CertificateFactory class interface used to + * generate certificates, certificate revocation lists (CRLs), and certificate + * paths objects from their encoded forms. + * + * @author Mark Benvenuto + * @author Casey Marshall + * @since 1.2 + * @status Fully compatible with JDK 1.4. + */ +public class CertificateFactory +{ + + /** The service name for certificate factories. */ + private static final String CERTIFICATE_FACTORY = "CertificateFactory"; + + private CertificateFactorySpi certFacSpi; + private Provider provider; + private String type; + + /** + * Creates an instance of CertificateFactory. + * + * @param certFacSpi The underlying CertificateFactory engine. + * @param provider The provider of this implementation. + * @param type The type of Certificate this factory creates. + */ + protected CertificateFactory(CertificateFactorySpi certFacSpi, + Provider provider, String type) + { + this.certFacSpi = certFacSpi; + this.provider = provider; + this.type = type; + } + + /** + * Returns an instance of a <code>CertificateFactory</code> representing the + * specified certificate factory type. + * + * @param type The type of certificate factory to create. + * @return A <code>CertificateFactory</code> of the desired type. + * @throws CertificateException If the type of certificate factory is not + * implemented by any installed provider. + * @throws IllegalArgumentException if <code>type</code> is + * <code>null</code> or is an empty string. + */ + public static final CertificateFactory getInstance(String type) + throws CertificateException + { + Provider[] p = Security.getProviders(); + CertificateException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(type, p[i]); + } + catch (CertificateException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new CertificateException(type); + } + + /** + * Returns an instance of a <code>CertificateFactory</code> representing the + * specified certificate factory type from the named provider. + * + * @param type The type of certificate factory to create. + * @param provider The name of the provider to use. + * @return A <code>CertificateFactory</code> for the desired type. + * @throws CertificateException If the type of certificate is not implemented + * by the named provider. + * @throws NoSuchProviderException If the named provider is not installed. + * @throws IllegalArgumentException if either <code>type</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>type</code> is an empty string. + */ + public static final CertificateFactory getInstance(String type, + String provider) + throws CertificateException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(type, p); + } + + /** + * Returns an instance of a <code>CertificateFactory</code> representing the + * specified certificate factory type from the designated provider. + * + * @param type The type of certificate factory to create. + * @param provider The provider from which to get the implementation. + * @return A <code>CertificateFactory</code> for the desired type. + * @throws CertificateException If the type of certificate is not implemented + * by the provider. + * @throws IllegalArgumentException if either <code>type</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>type</code> is an empty string. + */ + public static final CertificateFactory getInstance(String type, + Provider provider) + throws CertificateException + { + Throwable cause; + try + { + Object spi = Engine.getInstance(CERTIFICATE_FACTORY, type, provider); + return new CertificateFactory((CertificateFactorySpi) spi, provider, type); + } + catch (ClassCastException x) + { + cause = x; + } + catch (InvocationTargetException x) + { + cause = x.getCause() != null ? x.getCause() : x; + } + catch (NoSuchAlgorithmException x) + { + cause = x; + } + CertificateException x = new CertificateException(type); + x.initCause(cause); + throw x; + } + + /** + * Gets the provider of this implementation. + * + * @return The provider of this implementation. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the type of the certificate this factory creates. + * + * @return A string with the type of certificate + */ + public final String getType() + { + return type; + } + + /** + * Generates a Certificate from the encoded data read + * from an InputStream. + * + * <p>The input stream must contain only one certificate. + * + * <p>If there exists a specialized certificate class for the + * certificate format handled by the certificate factory + * then the return Ceritificate should be a typecast of it. + * Ex: A X.509 CertificateFactory should return X509Certificate. + * + * <p>For X.509 certificates, the certificate in inStream must be + * DER encoded and supplied in binary or printable (Base64) + * encoding. If the certificate is in Base64 encoding, it must be + * bounded by -----BEGINCERTIFICATE-----, and + * -----END CERTIFICATE-----. + * + * @param inStream An input stream containing the certificate data. + * @return A certificate initialized from the decoded InputStream data. + * @throws CertificateException If an error occurs decoding the + * certificate. + */ + public final Certificate generateCertificate(InputStream inStream) + throws CertificateException + { + return certFacSpi.engineGenerateCertificate(inStream); + } + + /** + * Returns a collection of certificates that were read from the + * input stream. It may be empty, have only one, or have + * multiple certificates. + * + * For a X.509 certificate factory, the stream may contain a + * single DER encoded certificate or a PKCS#7 certificate + * chain. This is a PKCS#7 <I>SignedData</I> object with the + * most significant field being <I>certificates</I>. If no + * CRLs are present, then an empty collection is returned. + * + * @param inStream An input stream containing the certificate data. + * @return A collection of certificates initialized from the decoded + * InputStream data. + * @throws CertificateException If an error occurs decoding the + * certificates. + */ + public final Collection<? extends Certificate> generateCertificates(InputStream inStream) + throws CertificateException + { + return certFacSpi.engineGenerateCertificates(inStream); + } + + /** + * Generates a CRL based on the encoded data read + * from the InputStream. + * + * <p>The input stream must contain only one CRL. + * + * <p>If there exists a specialized CRL class for the + * CRL format handled by the certificate factory + * then the return CRL should be a typecast of it. + * Ex: A X.509 CertificateFactory should return X509CRL. + * + * @param inStream An input stream containing the CRL data. + * @return A CRL initialized from the decoded InputStream data. + * @throws CRLException If an error occurs decoding the CRL. + */ + public final CRL generateCRL(InputStream inStream) + throws CRLException + { + return certFacSpi.engineGenerateCRL(inStream); + } + + /** + * <p>Generates CRLs based on the encoded data read + * from the InputStream. + * + * <p>For a X.509 certificate factory, the stream may contain a + * single DER encoded CRL or a PKCS#7 CRL set. This is a + * PKCS#7 <I>SignedData</I> object with the most significant + * field being <I>crls</I>. If no CRLs are present, then an + * empty collection is returned. + * + * @param inStream an input stream containing the CRLs. + * @return a collection of CRLs initialized from the decoded + * InputStream data. + * @throws CRLException If an error occurs decoding the CRLs. + */ + public final Collection<? extends CRL> generateCRLs(InputStream inStream) + throws CRLException + { + return certFacSpi.engineGenerateCRLs( inStream ); + } + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream. The default encoding of this factory is used. + * + * @param inStream The InputStream containing the CertPath data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public final CertPath generateCertPath(InputStream inStream) + throws CertificateException + { + return certFacSpi.engineGenerateCertPath(inStream); + } + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream, using the specified encoding. + * + * @param inStream The InputStream containing the CertPath data. + * @param encoding The encoding of the InputStream data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public final CertPath generateCertPath(InputStream inStream, String encoding) + throws CertificateException + { + return certFacSpi.engineGenerateCertPath(inStream, encoding); + } + + /** + * Generate a {@link CertPath} and initialize it with the certificates + * in the {@link java.util.List} argument. + * + * @param certificates The list of certificates with which to create + * the CertPath. + * @return A CertPath initialized from the certificates. + * @throws CertificateException If an error occurs generating the + * CertPath. + */ + public final CertPath generateCertPath(List<? extends Certificate> certificates) + throws CertificateException + { + return certFacSpi.engineGenerateCertPath(certificates); + } + + /** + * Returns an Iterator of CertPath encodings supported by this + * factory, with the default encoding first. The returned Iterator + * cannot be modified. + * + * @return The Iterator of supported encodings. + */ + public final Iterator<String> getCertPathEncodings() + { + return certFacSpi.engineGetCertPathEncodings(); + } +} // class CertificateFactory diff --git a/libjava/classpath/java/security/cert/CertificateFactorySpi.java b/libjava/classpath/java/security/cert/CertificateFactorySpi.java new file mode 100644 index 000000000..2c9ca5d38 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateFactorySpi.java @@ -0,0 +1,224 @@ +/* CertificateFactorySpi.java --- Certificate Factory Class + Copyright (C) 1999,2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.InputStream; + +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +/** + CertificateFactorySpi is the abstract class Service Provider + Interface (SPI) for the CertificateFactory class. A provider + must implement all the abstract methods if they wish to + supply a certificate factory for a particular certificate + type. Ex: X.509 + + Certificate factories are used to generate certificates and + certificate revocation lists (CRL) from their encoding. + + @since 1.2 + + @author Mark Benvenuto + */ +public abstract class CertificateFactorySpi +{ + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Constructs a new CertificateFactorySpi + */ + public CertificateFactorySpi() + {} + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + Generates a Certificate based on the encoded data read + from the InputStream. + + The input stream must contain only one certificate. + + If there exists a specialized certificate class for the + certificate format handled by the certificate factory + then the return Ceritificate should be a typecast of it. + Ex: A X.509 CertificateFactory should return X509Certificate. + + For X.509 certificates, the certificate in inStream must be + DER encoded and supplied in binary or printable (Base64) + encoding. If the certificate is in Base64 encoding, it must be + bounded by -----BEGIN CERTIFICATE-----, and + -----END CERTIFICATE-----. + + @param inStream an input stream containing the certificate data + + @return a certificate initialized with InputStream data. + + @throws CertificateException Certificate parsing error + */ + public abstract Certificate engineGenerateCertificate(InputStream inStream) + throws CertificateException; + + /** + Returns a collection of certificates that were read from the + input stream. It may be empty, have only one, or have + multiple certificates. + + For a X.509 certificate factory, the stream may contain a + single DER encoded certificate or a PKCS#7 certificate + chain. This is a PKCS#7 <I>SignedData</I> object with the + most significant field being <I>certificates</I>. If no + CRLs are present, then an empty collection is returned. + + @param inStream an input stream containing the certificates + + @return a collection of certificates initialized with + the InputStream data. + + @throws CertificateException Certificate parsing error + */ + public abstract Collection<? extends Certificate> engineGenerateCertificates(InputStream inStream) + throws CertificateException; + + /** + Generates a CRL based on the encoded data read + from the InputStream. + + The input stream must contain only one CRL. + + If there exists a specialized CRL class for the + CRL format handled by the certificate factory + then the return CRL should be a typecast of it. + Ex: A X.509 CertificateFactory should return X509CRL. + + @param inStream an input stream containing the CRL data + + @return a CRL initialized with InputStream data. + + @throws CRLException CRL parsing error + */ + public abstract CRL engineGenerateCRL(InputStream inStream) + throws CRLException; + + /** + Generates CRLs based on the encoded data read + from the InputStream. + + For a X.509 certificate factory, the stream may contain a + single DER encoded CRL or a PKCS#7 CRL set. This is a + PKCS#7 <I>SignedData</I> object with the most significant + field being <I>crls</I>. If no CRLs are present, then an + empty collection is returned. + + @param inStream an input stream containing the CRLs + + @return a collection of CRLs initialized with + the InputStream data. + + @throws CRLException CRL parsing error + */ + public abstract Collection<? extends CRL> engineGenerateCRLs(InputStream inStream) + throws CRLException; + + // 1.4 instance methods. + // ------------------------------------------------------------------------ + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream. The default encoding of this factory is used. + * + * @param inStream The InputStream containing the CertPath data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public CertPath engineGenerateCertPath(InputStream inStream) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream, using the specified encoding. + * + * @param inStream The InputStream containing the CertPath data. + * @param encoding The encoding of the InputStream data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public CertPath engineGenerateCertPath(InputStream inStream, String encoding) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Generate a {@link CertPath} and initialize it with the certificates + * in the {@link java.util.List} argument. + * + * @param certificates The list of certificates with which to create + * the CertPath. + * @return A CertPath initialized from the certificates. + * @throws CertificateException If an error occurs generating the + * CertPath. + */ + public CertPath engineGenerateCertPath(List<? extends Certificate> certificates) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Returns an Iterator of CertPath encodings supported by this + * factory, with the default encoding first. The returned Iterator + * cannot be modified. + * + * @return The Iterator of supported encodings. + */ + public Iterator<String> engineGetCertPathEncodings() + { + throw new UnsupportedOperationException("not implemented"); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateNotYetValidException.java b/libjava/classpath/java/security/cert/CertificateNotYetValidException.java new file mode 100644 index 000000000..dfb4b4837 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateNotYetValidException.java @@ -0,0 +1,71 @@ +/* CertificateNotYetValidException.java -- Certificate Not Yet Valid Exception + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Exception for a Certificate that is not yet valid. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.4 +*/ +public class CertificateNotYetValidException extends CertificateException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 4355919900041064702L; + + /** + * Constructs an exception without a message string. + */ + public CertificateNotYetValidException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg A message to display with exception + */ + public CertificateNotYetValidException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateParsingException.java b/libjava/classpath/java/security/cert/CertificateParsingException.java new file mode 100644 index 000000000..5a930f41b --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateParsingException.java @@ -0,0 +1,93 @@ +/* CertificateParsingException.java -- Certificate Parsing Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Exception for parsing a DER-encoded Certificate. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.5 +*/ +public class CertificateParsingException extends CertificateException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = -7989222416793322029L; + + /** + * Constructs an exception without a message string. + */ + public CertificateParsingException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg a message to display with exception + */ + public CertificateParsingException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public CertificateParsingException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public CertificateParsingException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java new file mode 100644 index 000000000..389874854 --- /dev/null +++ b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java @@ -0,0 +1,122 @@ +/* CollectionCertStoreParameters -- collection-based cert store parameters + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; + +/** + * An implementation of {@link CertStoreParameters} with a simple, + * in-memory {@link Collection} of certificates and certificate + * revocation list. + * + * <p>Note that this class is not thread-safe, and its underlying + * collection may be changed at any time. + * + * @see CertStore + * @since 1.4 + */ +public class CollectionCertStoreParameters implements CertStoreParameters +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** The underlying collection. */ + private final Collection collection; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CollectionCertStoreParameters with an empty, + * immutable collection. + */ + public CollectionCertStoreParameters() + { + this(Collections.EMPTY_LIST); + } + + /** + * Create a new CollectionCertStoreParameters with the specified + * collection. The argument is not copied, and subsequent changes to + * the collection will change this class's collection. + * + * @param collection The collection. + * @throws NullPointerException If <i>collection</i> is null. + */ + public CollectionCertStoreParameters(Collection<?> collection) + { + if (collection == null) + throw new NullPointerException(); + this.collection = collection; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public Object clone() + { + return new CollectionCertStoreParameters(new ArrayList(collection)); + } + + /** + * Return the underlying collection. The collection is not copied + * before being returned, so callers may update the collection that is + * returned. + * + * @return The collection. + */ + public Collection<?> getCollection() + { + return collection; + } + + /** + * Return a string representation of these parameters. + * + * @return The string representation of these parameters. + */ + public String toString() + { + return "CollectionCertStoreParameters: [ collection: " + + collection + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java new file mode 100644 index 000000000..f2dff764a --- /dev/null +++ b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java @@ -0,0 +1,140 @@ +/* LDAPCertStoreParameters.java -- LDAP CertStore parameters. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Parameters for CertStores that are retrieved via the <i>lightweight + * directory access protocol</i> (<b>LDAP</b>). + * + * @see CertStore + */ +public class LDAPCertStoreParameters implements CertStoreParameters +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** The default LDAP port. */ + private static final int LDAP_PORT = 389; + + /** The server name. */ + private final String serverName; + + /** The LDAP port. */ + private final int port; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new LDAPCertStoreParameters object, with a servername of + * "localhost" and a port of 389. + */ + public LDAPCertStoreParameters() + { + this("localhost", LDAP_PORT); + } + + /** + * Create a new LDAPCertStoreParameters object, with a specified + * server name and a port of 389. + * + * @param serverName The LDAP server name. + * @throws NullPointerException If <i>serverName</i> is null. + */ + public LDAPCertStoreParameters(String serverName) + { + this(serverName, LDAP_PORT); + } + + /** + * Create a new LDAPCertStoreParameters object, with a specified + * server name and port. + * + * @param serverName The LDAP server name. + * @param port The LDAP port. + * @throws NullPointerException If <i>serverName</i> is null. + */ + public LDAPCertStoreParameters(String serverName, int port) + { + if (serverName == null) + throw new NullPointerException(); + this.serverName = serverName; + this.port = port; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public Object clone() + { + return new LDAPCertStoreParameters(serverName, port); + } + + /** + * Return the server name. + * + * @return The server name. + */ + public String getServerName() + { + return serverName; + } + + /** + * Return the port. + * + * @return the port. + */ + public int getPort() + { + return port; + } + + /** + * Return a string representation of these parameters. + * + * @return The string representation of these parameters. + */ + public String toString() + { + return "LDAPCertStoreParameters: [ serverName: " + serverName + + "; port: " + port + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/PKIXBuilderParameters.java b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java new file mode 100644 index 000000000..3a29b5218 --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java @@ -0,0 +1,149 @@ +/* PKIXBuilderParameters.java -- parameters for PKIX cert path builders + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +import java.util.Set; + +/** + * Parameters for building certificate paths using the PKIX algorithm. + * + * @see CertPathBuilder + * @since 1.4 + */ +public class PKIXBuilderParameters extends PKIXParameters +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The maximum path length. */ + private int maxPathLength; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new PKIXBuilderParameters object, populating the trusted + * certificates set with all X.509 certificates found in the given key + * store. All certificates found in the key store are assumed to be + * trusted by this constructor. + * + * @param keystore The key store. + * @param targetConstraints The target certificate constraints. + * @throws KeyStoreException If the certificates cannot be retrieved + * from the key store. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the key store. + * @throws NullPointerException If <i>keystore</i> is null. + */ + public PKIXBuilderParameters(KeyStore keystore, + CertSelector targetConstraints) + throws KeyStoreException, InvalidAlgorithmParameterException + { + super(keystore); + setTargetCertConstraints(targetConstraints); + maxPathLength = 5; + } + + /** + * Create a new PKIXBuilderParameters object, populating the trusted + * certificates set with the elements of the given set, each of which + * must be a {@link TrustAnchor}. + * + * @param trustAnchors The set of trust anchors. + * @param targetConstraints The target certificate constraints. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If <i>trustAnchors</i> is null. + * @throws ClassCastException If every element in <i>trustAnchors</i> + * is not a {@link TrustAnchor}. + */ + public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, + CertSelector targetConstraints) + throws InvalidAlgorithmParameterException + { + super(trustAnchors); + setTargetCertConstraints(targetConstraints); + maxPathLength = 5; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the maximum length of certificate paths to build. + * + * <p>If this value is 0 it is taken to mean that the certificate path + * should contain only one certificate. A value of -1 means that the + * certificate path length is unconstrained. The default value is 5. + * + * @return The maximum path length. + */ + public int getMaxPathLength() + { + return maxPathLength; + } + + /** + * Sets the maximum length of certificate paths to build. + * + * @param maxPathLength The new path length. + * @throws IllegalArgumentException If <i>maxPathLength</i> is less + * than -1. + */ + public void setMaxPathLength(int maxPathLength) + { + if (maxPathLength < -1) + throw new IllegalArgumentException(); + this.maxPathLength = maxPathLength; + } + + public String toString() + { + CPStringBuilder buf = new CPStringBuilder(super.toString()); + buf.insert(buf.length() - 2, "; Max Path Length=" + maxPathLength); + return buf.toString(); + } +} diff --git a/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java new file mode 100644 index 000000000..52984b543 --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java @@ -0,0 +1,104 @@ +/* PKIXCertPathBuilderResult.java -- PKIX cert path bulider result + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +/** + * The result of calling the {@link + * CertPathBuilder#build(java.security.cert.CertPathParameters)} method + * of PKIX {@link CertPathBuilder}s. + * + * @see CertPathBuilder + * @see CertPathBuilderResult + */ +public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult + implements CertPathBuilderResult +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The certificate path. */ + private CertPath certPath; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new PKIXCertPathBuilderResult. + * + * @param certPath The certificate path. + * @param trustAnchor The trust anchor. + * @param policyTree The root node of the policy tree. + * @param subjectPublicKey The public key. + * @throws NullPointerException If <i>certPath</i>, <i>trustAnchor</i> or + * <i>subjectPublicKey</i> is null. + */ + public PKIXCertPathBuilderResult(CertPath certPath, + TrustAnchor trustAnchor, + PolicyNode policyTree, + java.security.PublicKey subjectPublicKey) + { + super(trustAnchor, policyTree, subjectPublicKey); + if (certPath == null) + throw new NullPointerException(); + this.certPath = certPath; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the certificate path that was built. + * + * @return The certificate path that was built. + */ + public CertPath getCertPath() + { + return certPath; + } + + public String toString() + { + CPStringBuilder buf = new CPStringBuilder(super.toString()); + buf.insert(buf.length() - 2, "; CertPath=" + certPath); + return buf.toString(); + } +} diff --git a/libjava/classpath/java/security/cert/PKIXCertPathChecker.java b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java new file mode 100644 index 000000000..0bedf401a --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java @@ -0,0 +1,134 @@ +/* PKIXCertPathChecker.java -- checks X.509 certificate paths. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.Collection; +import java.util.Set; + +/** + * A validator for X.509 certificates when approving certificate chains. + * + * <p>Concrete subclasses can be passed to the {@link + * PKIXParameters#setCertPathCheckers(java.util.List)} and {@link + * PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker)} + * methods, which are then used to set up PKIX certificate chain + * builders or validators. These classes then call the {@link + * #check(java.security.cert.Certificate,java.util.Collection)} method + * of this class, performing whatever checks on the certificate, + * throwing an exception if any check fails. + * + * <p>Subclasses of this must be able to perform their checks in the + * backward direction -- from the most-trusted certificate to the target + * -- and may optionally support forward checking -- from the target to + * the most-trusted certificate. + * + * @see PKIXParameters + * @since 1.4 + */ +public abstract class PKIXCertPathChecker implements Cloneable +{ + + // Constructor. + // ------------------------------------------------------------------------ + + /** Default constructor. */ + protected PKIXCertPathChecker() + { + super(); + } + + // Cloneable interface. + // ------------------------------------------------------------------------ + + public Object clone() + { + try + { + return super.clone(); + } + catch (CloneNotSupportedException cnse) + { + throw new InternalError(cnse.getMessage()); + } + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Initialize this PKIXCertPathChecker. If subclasses support forward + * checking, a value of true can be passed to this method, and + * certificates can be validated from the target certificate to the + * most-trusted certifcate. + * + * @param forward The direction of this PKIXCertPathChecker. + * @throws CertPathValidatorException If <i>forward</i> is true and + * this class does not support forward checking. + */ + public abstract void init(boolean forward) throws CertPathValidatorException; + + /** + * Returns whether or not this class supports forward checking. + * + * @return Whether or not this class supports forward checking. + */ + public abstract boolean isForwardCheckingSupported(); + + /** + * Returns an immutable set of X.509 extension object identifiers (OIDs) + * supported by this PKIXCertPathChecker. + * + * @return An immutable set of Strings of the supported X.509 OIDs, or + * null if no extensions are supported. + */ + public abstract Set<String> getSupportedExtensions(); + + /** + * Checks a certificate, removing any critical extensions that are + * resolved in this check. + * + * @param cert The certificate to check. + * @param unresolvedCritExts The (mutable) collection of as-of-yet + * unresolved critical extensions, as OID strings. + * @throws CertPathValidatorException If this certificate fails this + * check. + */ + public abstract void check(Certificate cert, Collection<String> unresolvedCritExts) + throws CertPathValidatorException; +} diff --git a/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java new file mode 100644 index 000000000..17b5c86f8 --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java @@ -0,0 +1,142 @@ +/* PKIXCertPathValidatorResult.java -- PKIX cert path builder result + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.PublicKey; + +/** + * Results returned by the {@link + * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)} + * method for PKIX {@link CertPathValidator}s. + * + * @see CertPathValidator + */ +public class PKIXCertPathValidatorResult implements CertPathValidatorResult +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The trust anchor. */ + private final TrustAnchor trustAnchor; + + /** The root node of the policy tree. */ + private final PolicyNode policyTree; + + /** The subject's public key. */ + private final PublicKey subjectPublicKey; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new PKIXCertPathValidatorResult. + * + * @param trustAnchor The trust anchor. + * @param policyTree The root node of the policy tree. + * @param subjectPublicKey The public key. + * @throws NullPointerException If either <i>trustAnchor</i> or + * <i>subjectPublicKey</i> is null. + */ + public PKIXCertPathValidatorResult(TrustAnchor trustAnchor, + PolicyNode policyTree, + PublicKey subjectPublicKey) + { + if (trustAnchor == null || subjectPublicKey == null) + throw new NullPointerException(); + this.trustAnchor = trustAnchor; + this.policyTree = policyTree; + this.subjectPublicKey = subjectPublicKey; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the trust anchor. + * + * @return The trust anchor. + */ + public TrustAnchor getTrustAnchor() + { + return trustAnchor; + } + + /** + * Returns the root node of the policy tree. + * + * @return The root node of the policy tree. + */ + public PolicyNode getPolicyTree() + { + return policyTree; + } + + /** + * Returns the subject public key. + * + * @return The subject public key. + */ + public PublicKey getPublicKey() + { + return subjectPublicKey; + } + + /** + * Returns a copy of this object. + * + * @return The copy. + */ + public Object clone() + { + return new PKIXCertPathValidatorResult(trustAnchor, policyTree, + subjectPublicKey); + } + + /** + * Returns a printable string representation of this result. + * + * @return A printable string representation of this result. + */ + public String toString() + { + return "[ Trust Anchor=" + trustAnchor + "; Policy Tree=" + + policyTree + "; Subject Public Key=" + subjectPublicKey + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/PKIXParameters.java b/libjava/classpath/java/security/cert/PKIXParameters.java new file mode 100644 index 000000000..bbb75571f --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXParameters.java @@ -0,0 +1,547 @@ +/* PKIXParameters.java -- parameters for the PKIX cert path algorithm + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +/** + * Parameters for verifying certificate paths using the PKIX + * (Public-Key Infrastructure (X.509)) algorithm. + * + * @see CertPathBuilder + * @since 1.4 + */ +public class PKIXParameters implements CertPathParameters +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The trusted certificates. */ + private final Set trustAnchors; + + /** The set of initial policy identifiers. */ + private final Set initPolicies; + + /** The list of certificate stores. */ + private final List certStores; + + /** The list of path checkers. */ + private final List pathCheckers; + + /** The revocation enabled flag. */ + private boolean revocationEnabled; + + /** The explicit policy required flag. */ + private boolean exPolicyRequired; + + /** The policy mapping inhibited flag. */ + private boolean policyMappingInhibited; + + /** The any policy inhibited flag. */ + private boolean anyPolicyInhibited; + + /** The policy qualifiers rejected flag. */ + private boolean policyQualRejected; + + /** The target validation date. */ + private Date date; + + /** The signature algorithm provider. */ + private String sigProvider; + + /** The target constraints. */ + private CertSelector targetConstraints; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new PKIXParameters object, populating the trusted + * certificates set with all certificates found in the given key + * store. All certificates found in the key store are assumed to be + * trusted by this constructor. + * + * @param keystore The key store. + * @throws KeyStoreException If the certificates cannot be retrieved + * from the key store. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the key store. + * @throws NullPointerException If <i>keystore</i> is null. + */ + public PKIXParameters(KeyStore keystore) + throws KeyStoreException, InvalidAlgorithmParameterException + { + this(); + for (Enumeration e = keystore.aliases(); e.hasMoreElements(); ) + { + String alias = (String) e.nextElement(); + if (!keystore.isCertificateEntry(alias)) + continue; + Certificate cert = keystore.getCertificate(alias); + if (cert instanceof X509Certificate) + trustAnchors.add(new TrustAnchor((X509Certificate) cert, null)); + } + if (trustAnchors.isEmpty()) + throw new InvalidAlgorithmParameterException("no certs in the key store"); + } + + /** + * Create a new PKIXParameters object, populating the trusted + * certificates set with the elements of the given set, each of which + * must be a {@link TrustAnchor}. + * + * @param trustAnchors The set of trust anchors. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If <i>trustAnchors</i> is null. + * @throws ClassCastException If every element in <i>trustAnchors</i> + * is not a {@link TrustAnchor}. + */ + public PKIXParameters(Set<TrustAnchor> trustAnchors) + throws InvalidAlgorithmParameterException + { + this(); + setTrustAnchors(trustAnchors); + } + + /** + * Default constructor. + */ + private PKIXParameters() + { + trustAnchors = new HashSet(); + initPolicies = new HashSet(); + certStores = new LinkedList(); + pathCheckers = new LinkedList(); + revocationEnabled = true; + exPolicyRequired = false; + policyMappingInhibited = false; + anyPolicyInhibited = false; + policyQualRejected = true; + } + + /** + * Copying constructor for cloning. + * + * @param that The instance being cloned. + */ + private PKIXParameters(PKIXParameters that) + { + this(); + this.trustAnchors.addAll(that.trustAnchors); + this.initPolicies.addAll(that.initPolicies); + this.certStores.addAll(that.certStores); + this.pathCheckers.addAll(that.pathCheckers); + this.revocationEnabled = that.revocationEnabled; + this.exPolicyRequired = that.exPolicyRequired; + this.policyMappingInhibited = that.policyMappingInhibited; + this.anyPolicyInhibited = that.anyPolicyInhibited; + this.policyQualRejected = that.policyQualRejected; + this.date = that.date; + this.sigProvider = that.sigProvider; + this.targetConstraints = that.targetConstraints != null + ? (CertSelector) that.targetConstraints.clone() : null; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns an immutable set of trust anchors. The set returned will + * never be null and will never be empty. + * + * @return A (never null, never empty) immutable set of trust anchors. + */ + public Set<TrustAnchor> getTrustAnchors() + { + return Collections.unmodifiableSet(trustAnchors); + } + + /** + * Sets the trust anchors of this class, replacing the current trust + * anchors with those in the given set. The supplied set is copied to + * prevent modification. + * + * @param trustAnchors The new set of trust anchors. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If <i>trustAnchors</i> is null. + * @throws ClassCastException If every element in <i>trustAnchors</i> + * is not a {@link TrustAnchor}. + */ + public void setTrustAnchors(Set<TrustAnchor> trustAnchors) + throws InvalidAlgorithmParameterException + { + if (trustAnchors.isEmpty()) + throw new InvalidAlgorithmParameterException("no trust anchors"); + this.trustAnchors.clear(); + for (Iterator i = trustAnchors.iterator(); i.hasNext(); ) + { + this.trustAnchors.add((TrustAnchor) i.next()); + } + } + + /** + * Returns the set of initial policy identifiers (as OID strings). If + * any policy is accepted, this method returns the empty set. + * + * @return An immutable set of initial policy OID strings, or the + * empty set if any policy is acceptable. + */ + public Set<String> getInitialPolicies() + { + return Collections.unmodifiableSet(initPolicies); + } + + /** + * Sets the initial policy identifiers (as OID strings). If the + * argument is null or the empty set, then any policy identifier will + * be accepted. + * + * @param initPolicies The new set of policy strings, or null. + * @throws ClassCastException If any element in <i>initPolicies</i> is + * not a string. + */ + public void setInitialPolicies(Set<String> initPolicies) + { + this.initPolicies.clear(); + if (initPolicies == null) + return; + for (Iterator i = initPolicies.iterator(); i.hasNext(); ) + { + this.initPolicies.add((String) i.next()); + } + } + + /** + * Add a {@link CertStore} to the list of cert stores. + * + * @param store The CertStore to add. + */ + public void addCertStore(CertStore store) + { + if (store != null) + certStores.add(store); + } + + /** + * Returns an immutable list of cert stores. This method never returns + * null. + * + * @return The list of cert stores. + */ + public List<CertStore> getCertStores() + { + return Collections.unmodifiableList(certStores); + } + + /** + * Set the cert stores. If the argument is null the list of cert + * stores will be empty. + * + * @param certStores The cert stores. + */ + public void setCertStores(List<CertStore> certStores) + { + this.certStores.clear(); + if (certStores == null) + return; + for (Iterator i = certStores.iterator(); i.hasNext(); ) + { + this.certStores.add((CertStore) i.next()); + } + } + + /** + * Returns the value of the <i>revocation enabled</i> flag. The default + * value for this flag is <code>true</code>. + * + * @return The <i>revocation enabled</i> flag. + */ + public boolean isRevocationEnabled() + { + return revocationEnabled; + } + + /** + * Sets the value of the <i>revocation enabled</i> flag. + * + * @param value The new value. + */ + public void setRevocationEnabled(boolean value) + { + revocationEnabled = value; + } + + /** + * Returns the value of the <i>explicit policy required</i> flag. The + * default value of this flag is <code>false</code>. + * + * @return The <i>explicit policy required</i> flag. + */ + public boolean isExplicitPolicyRequired() + { + return exPolicyRequired; + } + + /** + * Sets the value of the <i>explicit policy required</i> flag. + * + * @param value The new value. + */ + public void setExplicitPolicyRequired(boolean value) + { + exPolicyRequired = value; + } + + /** + * Returns the value of the <i>policy mapping inhibited</i> flag. The + * default value of this flag is <code>false</code>. + * + * @return The <i>policy mapping inhibited</i> flag. + */ + public boolean isPolicyMappingInhibited() + { + return policyMappingInhibited; + } + + /** + * Sets the value of the <i>policy mapping inhibited</i> flag. + * + * @param value The new value. + */ + public void setPolicyMappingInhibited(boolean value) + { + policyMappingInhibited = value; + } + + /** + * Returns the value of the <i>any policy inhibited</i> flag. The + * default value of this flag is <code>false</code>. + * + * @return The <i>any policy inhibited</i> flag. + */ + public boolean isAnyPolicyInhibited() + { + return anyPolicyInhibited; + } + + /** + * Sets the value of the <i>any policy inhibited</i> flag. + * + * @param value The new value. + */ + public void setAnyPolicyInhibited(boolean value) + { + anyPolicyInhibited = value; + } + + /** + * Returns the value of the <i>policy qualifiers enabled</i> flag. The + * default value of this flag is <code>true</code>. + * + * @return The <i>policy qualifiers enabled</i> flag. + */ + public boolean getPolicyQualifiersRejected() + { + return policyQualRejected; + } + + /** + * Sets the value of the <i>policy qualifiers enabled</i> flag. + * + * @param value The new value. + */ + public void setPolicyQualifiersRejected(boolean value) + { + policyQualRejected = value; + } + + /** + * Returns the date for which the certificate path should be + * validated, or null if the current time should be used. The date + * object is copied to prevent subsequent modification. + * + * @return The date, or null if not set. + */ + public Date getDate() + { + return date != null ? (Date) date.clone() : null; + } + + /** + * Sets the date for which the certificate path should be validated, + * or null if the current time should be used. + * + * @param date The new date, or null. + */ + public void setDate(Date date) + { + if (date != null) + this.date = (Date) date.clone(); + else + this.date = null; + } + + /** + * Add a certificate path checker. + * + * @param checker The certificate path checker to add. + */ + public void addCertPathChecker(PKIXCertPathChecker checker) + { + if (checker != null) + pathCheckers.add(checker); + } + + /** + * Returns an immutable list of all certificate path checkers. + * + * @return An immutable list of all certificate path checkers. + */ + public List<PKIXCertPathChecker> getCertPathCheckers() + { + return Collections.unmodifiableList(pathCheckers); + } + + /** + * Sets the certificate path checkers. If the argument is null, the + * list of checkers will merely be cleared. + * + * @param pathCheckers The new list of certificate path checkers. + * @throws ClassCastException If any element of <i>pathCheckers</i> is + * not a {@link PKIXCertPathChecker}. + */ + public void setCertPathCheckers(List<PKIXCertPathChecker> pathCheckers) + { + this.pathCheckers.clear(); + if (pathCheckers == null) + return; + for (Iterator i = pathCheckers.iterator(); i.hasNext(); ) + { + this.pathCheckers.add((PKIXCertPathChecker) i.next()); + } + } + + /** + * Returns the signature algorithm provider, or null if not set. + * + * @return The signature algorithm provider, or null if not set. + */ + public String getSigProvider() + { + return sigProvider; + } + + /** + * Sets the signature algorithm provider, or null if there is no + * preferred provider. + * + * @param sigProvider The signature provider name. + */ + public void setSigProvider(String sigProvider) + { + this.sigProvider = sigProvider; + } + + /** + * Returns the constraints placed on the target certificate, or null + * if there are none. The target constraints are copied to prevent + * subsequent modification. + * + * @return The target constraints, or null. + */ + public CertSelector getTargetCertConstraints() + { + return targetConstraints != null + ? (CertSelector) targetConstraints.clone() : null; + } + + /** + * Sets the constraints placed on the target certificate. + * + * @param targetConstraints The target constraints. + */ + public void setTargetCertConstraints(CertSelector targetConstraints) + { + this.targetConstraints = targetConstraints != null + ? (CertSelector) targetConstraints.clone() : null; + } + + /** + * Returns a copy of these parameters. + * + * @return The copy. + */ + public Object clone() + { + return new PKIXParameters(this); + } + + /** + * Returns a printable representation of these parameters. + * + * @return A printable representation of these parameters. + */ + public String toString() { + return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs=" + + (initPolicies != null ? initPolicies.toString() : "any") + + "; Validity Date=" + date + "; Signature Provider=" + + sigProvider + "; Default Revocation Enabled=" + revocationEnabled + + "; Explicit Policy Required=" + exPolicyRequired + + "; Policy Mapping Inhibited=" + policyMappingInhibited + + "; Any Policy Inhibited=" + anyPolicyInhibited + + "; Policy Qualifiers Rejected=" + policyQualRejected + + "; Target Cert Contstraints=" + targetConstraints + + "; Certification Path Checkers=" + pathCheckers + + "; CertStores=" + certStores + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/PolicyNode.java b/libjava/classpath/java/security/cert/PolicyNode.java new file mode 100644 index 000000000..5da78c188 --- /dev/null +++ b/libjava/classpath/java/security/cert/PolicyNode.java @@ -0,0 +1,108 @@ +/* PolicyNode.java -- a single node in a policy tree + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.Iterator; +import java.util.Set; + +/** + * @since 1.4 + */ +public interface PolicyNode +{ + + /** + * Get the iterator of the child nodes of this node. The returned + * iterator is (naturally) unmodifiable. + * + * @return An iterator over the child nodes. + */ + Iterator<? extends PolicyNode> getChildren(); + + /** + * Get the depth of this node within the tree, starting at 0 for the + * root node. + * + * @return The depth of this node. + */ + int getDepth(); + + /** + * Returns a set of policies (string OIDs) that will satisfy this + * node's policy. The root node should always return the singleton set + * with the element "any-policy". + * + * @return The set of expected policies. + */ + Set<String> getExpectedPolicies(); + + /** + * Returns the parent node of this node, or null if this is the root + * node. + * + * @return The parent node, or null. + */ + PolicyNode getParent(); + + /** + * Returns a set of {@link PolicyQualifierInfo} objects that qualify + * the valid policy of this node. The root node should always return + * the empty set. + * + * @return The set of {@link PolicyQualifierInfo} objects. + */ + Set<? extends PolicyQualifierInfo> getPolicyQualifiers(); + + /** + * Get the policy OID this node represents. The root node should return + * the special value "any-policy". + * + * @return The policy of this node. + */ + String getValidPolicy(); + + /** + * Return the criticality flag of this policy node. Nodes who return + * true for this method should be considered critical. The root node + * is never critical. + * + * @return The criticality flag. + */ + boolean isCritical(); +} diff --git a/libjava/classpath/java/security/cert/PolicyQualifierInfo.java b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java new file mode 100644 index 000000000..b53faa935 --- /dev/null +++ b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java @@ -0,0 +1,169 @@ +/* PolicyQualifierInfo.java -- policy qualifier info object. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.OID; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +/** + * The PolicyQualifierInfo X.509 certificate extension. + * PolicyQualifierInfo objects are represented by the ASN.1 structure: + * + * <pre> + * PolicyQualifierInfo ::= SEQUENCE { + * policyQualifierId PolicyQualifierId, + * qualifier ANY DEFINED BY policyQualifierId + * } + * + * PolicyQualifierId ::= OBJECT IDENTIFIER + * </pre> + * + * @since 1.4 + * @specnote this class was final in 1.4, but beginning with 1.5 is not + */ +public class PolicyQualifierInfo +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The <code>policyQualifierId</code> field. */ + private OID oid; + + /** The DER encoded form of this object. */ + private byte[] encoded; + + /** The DER encoded form of the <code>qualifier</code> field. */ + private DERValue qualifier; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Create a new PolicyQualifierInfo object from the DER encoded form + * passed in the byte array. The argument is copied. + * + * <p>The ASN.1 form of PolicyQualifierInfo is: +<pre> +PolicyQualifierInfo ::= SEQUENCE { + policyQualifierId PolicyQualifierId, + qualifier ANY DEFINED BY policyQualifierId +} + +PolicyQualifierId ::= OBJECT IDENTIFIER +</pre> + * + * @param encoded The DER encoded form. + * @throws IOException If the structure cannot be parsed from the + * encoded bytes. + */ + public PolicyQualifierInfo(byte[] encoded) throws IOException + { + if (encoded == null) + throw new IOException("null bytes"); + this.encoded = (byte[]) encoded.clone(); + DERReader in = new DERReader(new ByteArrayInputStream(this.encoded)); + DERValue qualInfo = in.read(); + if (!qualInfo.isConstructed()) + throw new ASN1ParsingException("malformed PolicyQualifierInfo"); + DERValue val = in.read(); + if (!(val.getValue() instanceof OID)) + throw new ASN1ParsingException("value read not an OBJECT IDENTIFIER"); + oid = (OID) val.getValue(); + if (val.getEncodedLength() < val.getLength()) + qualifier = in.read(); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the <code>policyQualifierId</code> field of this structure, + * as a dotted-decimal representation of the object identifier. + * + * @return This structure's OID field. + */ + public final String getPolicyQualifierId() + { + return oid.toString(); + } + + /** + * Returns the DER encoded form of this object; the contents of the + * returned byte array are equivalent to those that were passed to the + * constructor. The byte array is cloned every time this method is + * called. + * + * @return The encoded form. + */ + public final byte[] getEncoded() + { + return (byte[]) encoded.clone(); + } + + /** + * Get the <code>qualifier</code> field of this object, as a DER + * encoded byte array. The byte array returned is cloned every time + * this method is called. + * + * @return The encoded qualifier. + */ + public final byte[] getPolicyQualifier() + { + if (qualifier == null) + return new byte[0]; + return qualifier.getEncoded(); + } + + /** + * Returns a printable string representation of this object. + * + * @return The string representation. + */ + public String toString() + { + return "PolicyQualifierInfo { policyQualifierId ::= " + oid + + ", qualifier ::= " + qualifier + " }"; + } +} diff --git a/libjava/classpath/java/security/cert/TrustAnchor.java b/libjava/classpath/java/security/cert/TrustAnchor.java new file mode 100644 index 000000000..2110ed518 --- /dev/null +++ b/libjava/classpath/java/security/cert/TrustAnchor.java @@ -0,0 +1,185 @@ +/* TrustAnchor.java -- an ultimately-trusted certificate. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.security.x509.X500DistinguishedName; + +import java.security.PublicKey; + +/** + * An ultimately-trusted certificate to serve as the root of a + * certificate chain. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class TrustAnchor +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The certificate authority's distinguished name. */ + private final X500DistinguishedName caName; + + /** The certficate authority's public key. */ + private final PublicKey caKey; + + /** The certficate authority's certificate. */ + private final X509Certificate trustedCert; + + /** The encoded name constraints bytes. */ + private final byte[] nameConstraints; + + // Constnuctors. + // ------------------------------------------------------------------------ + + /** + * Create a new trust anchor from a certificate and (optional) name + * constraints. + * + * <p>If the <i>nameConstraints</i> argument in non-null, it will be + * copied to prevent modification. + * + * @param trustedCert The trusted certificate. + * @param nameConstraints The encoded nameConstraints. + */ + public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) + { + if (trustedCert == null) + throw new NullPointerException(); + this.trustedCert = trustedCert; + caName = null; + caKey = null; + if (nameConstraints != null) + this.nameConstraints = (byte[]) nameConstraints.clone(); + else + this.nameConstraints = null; + } + + /** + * Create a new trust anchor from a certificate authority's + * distinguished name, public key, and (optional) name constraints. + * + * <p>If the <i>nameConstraints</i> argument in non-null, it will be + * copied to prevent modification. + * + * @params caName The CA's distinguished name. + * @params caKey The CA's public key. + * @params nameConstraints The encoded nameConstraints. + */ + public TrustAnchor(String caName, PublicKey caKey, byte[] nameConstraints) + { + if (caName == null || caKey == null) + throw new NullPointerException(); + if (caName.length() == 0) + throw new IllegalArgumentException(); + trustedCert = null; + this.caName = new X500DistinguishedName(caName); + this.caKey = caKey; + if (nameConstraints != null) + this.nameConstraints = (byte[]) nameConstraints.clone(); + else + this.nameConstraints = null; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Return the trusted certificate, or null if none was specified. + * + * @return The trusted certificate. + */ + public final X509Certificate getTrustedCert() + { + return trustedCert; + } + + /** + * Return the certificate authority's distinguished name, or null if + * none was specified. + * + * @return The CA's distinguished name. + */ + public final String getCAName() + { + if (caName != null) + return caName.toString(); + return null; + } + + /** + * Return the certificate authority's public key, or null if none was + * specified. + * + * @return The CA's public key. + */ + public final PublicKey getCAPublicKey() + { + return caKey; + } + + /** + * Return the encoded name constraints, or null if none was specified. + * + * <p>The name constraints byte array is copied when this method is + * called to prevent modification. + * + * @return The encoded name constraints. + */ + public final byte[] getNameConstraints() + { + if (nameConstraints == null) + return null; + return (byte[]) nameConstraints.clone(); + } + + /** + * Return a printable representation of this trust anchor. + * + * @return The printable representation. + */ + public String toString() + { + if (trustedCert == null) + return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name=" + + caName.toString() + " ]"; + return "[ Trusted CA Certificate=" + trustedCert + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/X509CRL.java b/libjava/classpath/java/security/cert/X509CRL.java new file mode 100644 index 000000000..895ba33e7 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509CRL.java @@ -0,0 +1,397 @@ +/* X509CRL.java --- X.509 Certificate Revocation List + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.SignatureException; +import java.util.Date; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +/** + The X509CRL class is the abstract class used to manage + X.509 Certificate Revocation Lists. The CRL is a list of + time stamped entries which indicate which lists have been + revoked. The list is signed by a Certificate Authority (CA) + and made publically available in a repository. + + Each revoked certificate in the CRL is identified by its + certificate serial number. When a piece of code uses a + certificate, the certificates validity is checked by + validating its signature and determing that it is not + only a recently acquired CRL. The recently aquired CRL + is depends on the local policy in affect. The CA issues + a new CRL periodically and entries are removed as the + certificate expiration date is reached + + + A description of the X.509 v2 CRL follows below from rfc2459. + + "The X.509 v2 CRL syntax is as follows. For signature calculation, + the data that is to be signed is ASN.1 DER encoded. ASN.1 DER + encoding is a tag, length, value encoding system for each element. + + CertificateList ::= SEQUENCE { + tbsCertList TBSCertList, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING } + + TBSCertList ::= SEQUENCE { + version Version OPTIONAL, + -- if present, shall be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, shall be v2 + } OPTIONAL, + crlExtensions [0] EXPLICIT Extensions OPTIONAL + -- if present, shall be v2 + }" + + @author Mark Benvenuto + + @since 1.2 +*/ +public abstract class X509CRL extends CRL implements X509Extension +{ + + /** + Constructs a new X509CRL. + */ + protected X509CRL() + { + super("X.509"); + } + + /** + Compares this X509CRL to other. It checks if the + object if instanceOf X509CRL and then checks if + the encoded form matches. + + @param other An Object to test for equality + + @return true if equal, false otherwise + */ + public boolean equals(Object other) + { + if( other instanceof X509CRL ) { + try { + X509CRL x = (X509CRL) other; + if( getEncoded().length != x.getEncoded().length ) + return false; + + byte[] b1 = getEncoded(); + byte[] b2 = x.getEncoded(); + + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; + + } catch( CRLException crle ) { + return false; + } + return true; + } + return false; + } + + /** + Returns a hash code for this X509CRL in its encoded + form. + + @return A hash code of this class + */ + public int hashCode() + { + return super.hashCode(); + } + + /** + Gets the DER ASN.1 encoded format for this X.509 CRL. + + @return byte array containg encoded form + + @throws CRLException if an error occurs + */ + public abstract byte[] getEncoded() throws CRLException; + + /** + Verifies that this CRL was properly signed with the + PublicKey that corresponds to its private key. + + @param key PublicKey to verify with + + @throws CRLException encoding error + @throws NoSuchAlgorithmException unsupported algorithm + @throws InvalidKeyException incorrect key + @throws NoSuchProviderException no provider + @throws SignatureException signature error + */ + public abstract void verify(PublicKey key) + throws CRLException, + NoSuchAlgorithmException, + InvalidKeyException, + NoSuchProviderException, + SignatureException; + + /** + Verifies that this CRL was properly signed with the + PublicKey that corresponds to its private key and uses + the signature engine provided by the provider. + + @param key PublicKey to verify with + @param sigProvider Provider to use for signature algorithm + + @throws CRLException encoding error + @throws NoSuchAlgorithmException unsupported algorithm + @throws InvalidKeyException incorrect key + @throws NoSuchProviderException incorrect provider + @throws SignatureException signature error + */ + public abstract void verify(PublicKey key, + String sigProvider) + throws CRLException, + NoSuchAlgorithmException, + InvalidKeyException, + NoSuchProviderException, + SignatureException; + + /** + Gets the version of this CRL. + + The ASN.1 encoding is: + + version Version OPTIONAL, + -- if present, shall be v2 + + Version ::= INTEGER { v1(0), v2(1), v3(2) } + + Consult rfc2459 for more information. + + @return the version number, Ex: 1 or 2 + */ + public abstract int getVersion(); + + /** + Returns the issuer (issuer distinguished name) of the CRL. + The issuer is the entity who signed and issued the + Certificate Revocation List. + + The ASN.1 DER encoding is: + + issuer Name, + + Name ::= CHOICE { + RDNSequence } + + RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + + RelativeDistinguishedName ::= + SET OF AttributeTypeAndValue + + AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue } + + AttributeType ::= OBJECT IDENTIFIER + + AttributeValue ::= ANY DEFINED BY AttributeType + + DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1.. MAX)), + bmpString BMPString (SIZE (1..MAX)) } + + Consult rfc2459 for more information. + + @return the issuer in the Principal class + */ + public abstract Principal getIssuerDN(); + + /** + Returns the thisUpdate date of the CRL. + + The ASN.1 DER encoding is: + + thisUpdate Time, + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Consult rfc2459 for more information. + + @return the thisUpdate date + */ + public abstract Date getThisUpdate(); + + /* + Gets the nextUpdate field + + The ASN.1 DER encoding is: + + nextUpdate Time OPTIONAL, + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Consult rfc2459 for more information. + + @return the nextUpdate date + */ + public abstract Date getNextUpdate(); + + /** + Gets the requeste dX509Entry for the specified + certificate serial number. + + @return a X509CRLEntry representing the X.509 CRL entry + */ + public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber); + + /** + Returns a Set of revoked certificates. + + @return a set of revoked certificates. + */ + public abstract Set<? extends X509CRLEntry> getRevokedCertificates(); + + /** + Returns the DER ASN.1 encoded tbsCertList which is + the basic information of the list and associated certificates + in the encoded state. See top for more information. + + The ASN.1 DER encoding is: + + tbsCertList TBSCertList, + + Consult rfc2459 for more information. + + @return byte array representing tbsCertList + */ + public abstract byte[] getTBSCertList() throws CRLException; + + + /** + Returns the signature for the CRL. + + The ASN.1 DER encoding is: + + signatureValue BIT STRING + + Consult rfc2459 for more information. + */ + public abstract byte[] getSignature(); + + /** + Returns the signature algorithm used to sign the CRL. + An examples is "SHA-1/DSA". + + The ASN.1 DER encoding is: + + signatureAlgorithm AlgorithmIdentifier, + + AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL } + + Consult rfc2459 for more information. + + The algorithm name is determined from the OID. + + @return a string with the signature algorithm name + */ + public abstract String getSigAlgName(); + + /** + Returns the OID for the signature algorithm used. + Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\ + + The ASN.1 DER encoding for the example is: + + id-dsa-with-sha1 ID ::= { + iso(1) member-body(2) us(840) x9-57 (10040) + x9cm(4) 3 } + + Consult rfc2459 for more information. + + @return a string containing the OID. + */ + public abstract String getSigAlgOID(); + + /** + Returns the AlgorithmParameters in the encoded form + for the signature algorithm used. + + If access to the parameters is need, create an + instance of AlgorithmParameters. + + @return byte array containing algorithm parameters, null + if no parameters are present in CRL + */ + public abstract byte[] getSigAlgParams(); + + // 1.4 instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the X.500 distinguished name of this CRL's issuer. + * + * @return The issuer's X.500 distinguished name. + * @since JDK 1.4 + */ + public X500Principal getIssuerX500Principal() + { + throw new UnsupportedOperationException(); + } +} diff --git a/libjava/classpath/java/security/cert/X509CRLEntry.java b/libjava/classpath/java/security/cert/X509CRLEntry.java new file mode 100644 index 000000000..ac5ef4714 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509CRLEntry.java @@ -0,0 +1,169 @@ +/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.math.BigInteger; +import java.util.Date; + +/** + Abstract class for entries in the CRL (Certificate Revocation + List). The ASN.1 definition for <I>revokedCertificates</I> is + + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, shall be v2 + } OPTIONAL, + + CertificateSerialNumber ::= INTEGER + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + + Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING } + + For more information consult rfc2459. + + @author Mark Benvenuto + + @since JDK 1.2 +*/ +public abstract class X509CRLEntry implements X509Extension +{ + + /** + Creates a new X509CRLEntry + */ + public X509CRLEntry() + {} + + /** + Compares this X509CRLEntry to other. It checks if the + object if instanceOf X509CRLEntry and then checks if + the encoded form( the inner SEQUENCE) matches. + + @param other An Object to test for equality + + @return true if equal, false otherwise + */ + public boolean equals(Object other) + { + if( other instanceof X509CRLEntry ) { + try { + X509CRLEntry xe = (X509CRLEntry) other; + if( getEncoded().length != xe.getEncoded().length ) + return false; + + byte[] b1 = getEncoded(); + byte[] b2 = xe.getEncoded(); + + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; + + } catch( CRLException crle ) { + return false; + } + return true; + } + return false; + } + + /** + Returns a hash code for this X509CRLEntry in its encoded + form. + + @return A hash code of this class + */ + public int hashCode() + { + return super.hashCode(); + } + + /** + Gets the DER ASN.1 encoded format for this CRL Entry, + the inner SEQUENCE. + + @return byte array containg encoded form + + @throws CRLException if an error occurs + */ + public abstract byte[] getEncoded() throws CRLException; + + /** + Gets the serial number for <I>userCertificate</I> in + this X509CRLEntry. + + @return the serial number for this X509CRLEntry. + */ + public abstract BigInteger getSerialNumber(); + + + /** + Gets the revocation date in <I>revocationDate</I> for + this X509CRLEntry. + + @return the revocation date for this X509CRLEntry. + */ + public abstract Date getRevocationDate(); + + + /** + Checks if this X509CRLEntry has extensions. + + @return true if it has extensions, false otherwise + */ + public abstract boolean hasExtensions(); + + + /** + Returns a string that represents this X509CRLEntry. + + @return a string representing this X509CRLEntry. + */ + public abstract String toString(); + +} diff --git a/libjava/classpath/java/security/cert/X509CRLSelector.java b/libjava/classpath/java/security/cert/X509CRLSelector.java new file mode 100644 index 000000000..d412a1ae3 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509CRLSelector.java @@ -0,0 +1,442 @@ +/* X509CRLSelector.java -- selects X.509 CRLs by criteria. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.classpath.SystemProperties; +import gnu.java.lang.CPStringBuilder; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; + +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; + +import javax.security.auth.x500.X500Principal; + +/** + * A class for matching X.509 certificate revocation lists by criteria. + * + * <p>Use of this class requires extensive knowledge of the Internet + * Engineering Task Force's Public Key Infrastructure (X.509). The primary + * document describing this standard is <a + * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 + * Public Key Infrastructure Certificate and Certificate Revocation List + * (CRL) Profile</a>. + * + * <p>Note that this class is not thread-safe. If multiple threads will + * use or modify this class then they need to synchronize on the object. + * + * @author Casey Marshall (csm@gnu.org) + * @since 1.4 + */ +public class X509CRLSelector implements CRLSelector, Cloneable +{ + + // Fields. + // ------------------------------------------------------------------------- + + private static final String CRL_NUMBER_ID = "2.5.29.20"; + + private List issuerNames; + private BigInteger maxCrlNumber; + private BigInteger minCrlNumber; + private Date date; + private X509Certificate cert; + + // Constructor. + // ------------------------------------------------------------------------- + + /** + * Creates a new CRL selector with no criteria enabled; i.e., every CRL + * will be matched. + */ + public X509CRLSelector() + { + } + + // Instance methods. + // ------------------------------------------------------------------------- + + /** + * Add an issuer name to the set of issuer names criteria, as the DER + * encoded form. + * + * @param name The name to add, as DER bytes. + * @throws IOException If the argument is not a valid DER-encoding. + */ + public void addIssuerName(byte[] name) throws IOException + { + X500Principal p = null; + try + { + p = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name"); + ioe.initCause(iae); + throw ioe; + } + if (issuerNames == null) + issuerNames = new LinkedList(); + issuerNames.add(p); + } + + /** + * Add an issuer name to the set of issuer names criteria, as a + * String representation. + * + * @param name The name to add. + * @throws IOException If the argument is not a valid name. + */ + public void addIssuerName(String name) throws IOException + { + X500Principal p = null; + try + { + p = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name: " + name); + ioe.initCause(iae); + throw ioe; + } + if (issuerNames == null) + issuerNames = new LinkedList(); + issuerNames.add(p); + } + + /** + * Sets the issuer names criterion. Pass <code>null</code> to clear this + * value. CRLs matched by this selector must have an issuer name in this + * set. + * + * @param names The issuer names. + * @throws IOException If any of the elements in the collection is not + * a valid name. + */ + public void setIssuerNames(Collection<?> names) throws IOException + { + if (names == null) + { + issuerNames = null; + return; + } + List l = new ArrayList(names.size()); + for (Iterator it = names.iterator(); it.hasNext(); ) + { + Object o = it.next(); + if (o instanceof X500Principal) + l.add(o); + else if (o instanceof String) + { + try + { + l.add(new X500Principal((String) o)); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name: " + o); + ioe.initCause(iae); + throw ioe; + } + } + else if (o instanceof byte[]) + { + try + { + l.add(new X500Principal((byte[]) o)); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name"); + ioe.initCause(iae); + throw ioe; + } + } + else if (o instanceof InputStream) + { + try + { + l.add(new X500Principal((InputStream) o)); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name"); + ioe.initCause(iae); + throw ioe; + } + } + else + throw new IOException("not a valid name: " + + (o != null ? o.getClass().getName() : "null")); + + } + issuerNames = l; + } + + /** + * Returns the set of issuer names that are matched by this selector, + * or <code>null</code> if this criteria is not set. The returned + * collection is not modifiable. + * + * @return The set of issuer names. + */ + public Collection<Object> getIssuerNames() + { + if (issuerNames != null) + return Collections.unmodifiableList(issuerNames); + else + return null; + } + + /** + * Returns the maximum value of the CRLNumber extension present in + * CRLs matched by this selector, or <code>null</code> if this + * criteria is not set. + * + * @return The maximum CRL number. + */ + public BigInteger getMaxCRL() + { + return maxCrlNumber; + } + + /** + * Returns the minimum value of the CRLNumber extension present in + * CRLs matched by this selector, or <code>null</code> if this + * criteria is not set. + * + * @return The minimum CRL number. + */ + public BigInteger getMinCRL() + { + return minCrlNumber; + } + + /** + * Sets the maximum value of the CRLNumber extension present in CRLs + * matched by this selector. Specify <code>null</code> to clear this + * criterion. + * + * @param maxCrlNumber The maximum CRL number. + */ + public void setMaxCRLNumber(BigInteger maxCrlNumber) + { + this.maxCrlNumber = maxCrlNumber; + } + + /** + * Sets the minimum value of the CRLNumber extension present in CRLs + * matched by this selector. Specify <code>null</code> to clear this + * criterion. + * + * @param minCrlNumber The minimum CRL number. + */ + public void setMinCRLNumber(BigInteger minCrlNumber) + { + this.minCrlNumber = minCrlNumber; + } + + /** + * Returns the date when this CRL must be valid; that is, the date + * must be after the thisUpdate date, but before the nextUpdate date. + * Returns <code>null</code> if this criterion is not set. + * + * @return The date. + */ + public Date getDateAndTime() + { + return date != null ? (Date) date.clone() : null; + } + + /** + * Sets the date at which this CRL must be valid. Specify + * <code>null</code> to clear this criterion. + * + * @param date The date. + */ + public void setDateAndTime(Date date) + { + this.date = date != null ? (Date) date.clone() : null; + } + + /** + * Returns the certificate being checked, or <code>null</code> if this + * value is not set. + * + * @return The certificate. + */ + public X509Certificate getCertificateChecking() + { + return cert; + } + + /** + * Sets the certificate being checked. This is not a criterion, but + * info used by certificate store implementations to aid in searching. + * + * @param cert The certificate. + */ + public void setCertificateChecking(X509Certificate cert) + { + this.cert = cert; + } + + /** + * Returns a string representation of this selector. The string will + * only describe the enabled criteria, so if none are enabled this will + * return a string that contains little else besides the class name. + * + * @return The string. + */ + public String toString() + { + CPStringBuilder str = new CPStringBuilder(X509CRLSelector.class.getName()); + String nl = SystemProperties.getProperty("line.separator"); + String eol = ";" + nl; + + str.append(" {").append(nl); + if (issuerNames != null) + str.append(" issuer names = ").append(issuerNames).append(eol); + if (maxCrlNumber != null) + str.append(" max CRL = ").append(maxCrlNumber).append(eol); + if (minCrlNumber != null) + str.append(" min CRL = ").append(minCrlNumber).append(eol); + if (date != null) + str.append(" date = ").append(date).append(eol); + if (cert != null) + str.append(" certificate = ").append(cert).append(eol); + str.append("}").append(nl); + return str.toString(); + } + + /** + * Checks a CRL against the criteria of this selector, returning + * <code>true</code> if the given CRL matches all the criteria. + * + * @param _crl The CRL being checked. + * @return True if the CRL matches, false otherwise. + */ + public boolean match(CRL _crl) + { + if (!(_crl instanceof X509CRL)) + return false; + X509CRL crl = (X509CRL) _crl; + if (issuerNames != null) + { + if (!issuerNames.contains(crl.getIssuerX500Principal())) + return false; + } + BigInteger crlNumber = null; + if (maxCrlNumber != null) + { + byte[] b = crl.getExtensionValue(CRL_NUMBER_ID); + if (b == null) + return false; + try + { + DERValue val = DERReader.read(b); + if (!(val.getValue() instanceof BigInteger)) + return false; + crlNumber = (BigInteger) val.getValue(); + } + catch (IOException ioe) + { + return false; + } + if (maxCrlNumber.compareTo(crlNumber) < 0) + return false; + } + if (minCrlNumber != null) + { + if (crlNumber == null) + { + byte[] b = crl.getExtensionValue(CRL_NUMBER_ID); + if (b == null) + return false; + try + { + DERValue val = DERReader.read(b); + if (!(val.getValue() instanceof BigInteger)) + return false; + crlNumber = (BigInteger) val.getValue(); + } + catch (IOException ioe) + { + return false; + } + } + if (minCrlNumber.compareTo(crlNumber) > 0) + return false; + } + if (date != null) + { + if (date.compareTo(crl.getThisUpdate()) < 0 || + date.compareTo(crl.getNextUpdate()) > 0) + return false; + } + return true; + } + + /** + * Returns a copy of this object. + * + * @return The copy. + */ + public Object clone() + { + try + { + return super.clone(); + } + catch (CloneNotSupportedException shouldNotHappen) + { + throw new Error(shouldNotHappen); + } + } +} diff --git a/libjava/classpath/java/security/cert/X509CertSelector.java b/libjava/classpath/java/security/cert/X509CertSelector.java new file mode 100644 index 000000000..8c1230afb --- /dev/null +++ b/libjava/classpath/java/security/cert/X509CertSelector.java @@ -0,0 +1,1319 @@ +/* X509CertSelector.java -- selects X.509 certificates by criteria. + Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.classpath.SystemProperties; +import gnu.java.lang.CPStringBuilder; +import gnu.java.security.OID; +import gnu.java.security.x509.GnuPKIExtension; +import gnu.java.security.x509.ext.CertificatePolicies; +import gnu.java.security.x509.ext.Extension; +import gnu.java.security.x509.ext.GeneralName; +import gnu.java.security.x509.ext.GeneralSubtree; +import gnu.java.security.x509.ext.NameConstraints; +import gnu.java.security.x509.ext.GeneralName.Kind; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.InetAddress; +import java.security.KeyFactory; +import java.security.PublicKey; +import java.security.spec.X509EncodedKeySpec; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +/** + * A concrete implementation of {@link CertSelector} for X.509 certificates, + * which allows a number of criteria to be set when accepting certificates, + * from validity dates, to issuer and subject distinguished names, to some + * of the various X.509 extensions. + * + * <p>Use of this class requires extensive knowledge of the Internet + * Engineering Task Force's Public Key Infrastructure (X.509). The primary + * document describing this standard is <a + * href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 + * Public Key Infrastructure Certificate and Certificate Revocation List + * (CRL) Profile</a>. + * + * <p>Note that this class is not thread-safe. If multiple threads will + * use or modify this class then they need to synchronize on the object. + * + * @author Casey Marshall (csm@gnu.org) + * @since 1.4 + */ +public class X509CertSelector implements CertSelector, Cloneable +{ + + // Constants and fields. + // ------------------------------------------------------------------------- + + private static final String AUTH_KEY_ID = "2.5.29.35"; + private static final String SUBJECT_KEY_ID = "2.5.29.14"; + private static final String NAME_CONSTRAINTS_ID = "2.5.29.30"; + + private static boolean checkOid(int[] oid) + { + return (oid != null && oid.length > 2 && + (oid[0] >= 0 && oid[0] <= 2) && (oid[1] >= 0 && oid[1] <= 39)); + } + + private static GeneralName makeName(int id, String name) throws IOException + { + byte[] nameBytes = null; + GeneralName.Kind kind = GeneralName.Kind.forTag(id); + switch (Kind.forTag(id)) + { + case dNSName: + case rfc822Name: + case uniformResourceIdentifier: + nameBytes = name.getBytes("ASCII"); + break; + + case iPAddress: + InetAddress addr = InetAddress.getByName(name); + nameBytes = addr.getAddress(); + break; + + case registeredId: + OID oid = new OID(name); + nameBytes = oid.getDER(); + break; + + case directoryName: + X500Principal xname = new X500Principal(name); + nameBytes = xname.getEncoded(); + break; + + case ediPartyName: + case x400Address: + case otherName: + throw new IOException("cannot decode string representation of " + + kind); + } + return new GeneralName(kind, nameBytes); + } + + private int basicConstraints; + private X509Certificate cert; + private BigInteger serialNo; + private X500Principal issuer; + private X500Principal subject; + private byte[] subjectKeyId; + private byte[] authKeyId; + private boolean[] keyUsage; + private Date certValid; + private OID sigId; + private PublicKey subjectKey; + private X509EncodedKeySpec subjectKeySpec; + private Set<String> keyPurposeSet; + private List<GeneralName> altNames; + private boolean matchAllNames; + private byte[] nameConstraints; + private Set<OID> policy; + private List<GeneralName> pathToNames; + + /** + * Creates a new X.509 certificate selector. The new selector will be + * empty, and will accept any certificate (provided that it is an + * {@link X509Certificate}). + */ + public X509CertSelector() + { + basicConstraints = -1; + } + + /** + * Add a name to match in the NameConstraints extension. The argument is + * the DER-encoded bytes of a GeneralName structure. + * + * See the method {@link #addSubjectAlternativeName(int, byte[])} for the + * format of the GeneralName structure. + * + * @param id The name identifier. Must be between 0 and 8. + * @param name The DER-encoded bytes of the name to match. + * @throws IOException If the name DER is malformed. + */ + public void addPathToName(int id, byte[] name) throws IOException + { + GeneralName generalName = new GeneralName(GeneralName.Kind.forTag(id), name); + if (pathToNames == null) + pathToNames = new LinkedList<GeneralName>(); + pathToNames.add(generalName); + } + + /** + * Add a name to match in the NameConstraints extension. This method will + * only recognize certain types of name that have convenient string + * encodings. For robustness, you should use the {@link + * #addPathToName(int, byte[])} method whenever possible. + * + * @param id The name identifier. Must be between 0 and 8. + * @param name The name. + * @throws IOException If the name cannot be decoded. + */ + public void addPathToName(int id, String name) throws IOException + { + GeneralName generalName = makeName(id, name); + if (pathToNames == null) + pathToNames = new LinkedList<GeneralName>(); + pathToNames.add(generalName); + } + + /** + * Add a name, as DER-encoded bytes, to the subject alternative names + * criterion. + * + * The name is a GeneralName structure, which has the ASN.1 format: + * + * <pre> + GeneralName ::= CHOICE { + otherName [0] OtherName, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ORAddress, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER } +</pre> + * + * @param id The type of name this is. + * @param name The DER-encoded name. + * @throws IOException If the name is not a valid DER sequence. + */ + public void addSubjectAlternativeName(int id, byte[] name) + throws IOException + { + GeneralName generalName = new GeneralName(GeneralName.Kind.forTag(id), name); + if (altNames == null) + altNames = new LinkedList<GeneralName>(); + altNames.add(generalName); + } + + /** + * Add a name to the subject alternative names criterion. This method will + * only recognize certain types of name that have convenient string + * encodings. For robustness, you should use the {@link + * #addSubjectAlternativeName(int, byte[])} method whenever possible. + * + * This method can only decode certain name kinds of names as strings. + * + * @param id The type of name this is. Must be in the range [0,8]. + * @param name The name. + * @throws IOException If the id is out of range, or if the name + * is null. + */ + public void addSubjectAlternativeName(int id, String name) + throws IOException + { + GeneralName generalName = makeName(id, name); + if (altNames == null) + altNames = new LinkedList<GeneralName>(); + altNames.add(generalName); + } + + public Object clone() + { + try + { + return super.clone(); + } + catch (CloneNotSupportedException shouldNotHappen) + { + throw new Error(shouldNotHappen); + } + } + + /** + * Returns the authority key identifier criterion, or <code>null</code> if + * this value was not set. Note that the byte array is cloned to prevent + * modification. + * + * @return The authority key identifier. + */ + public byte[] getAuthorityKeyIdentifier() + { + if (authKeyId != null) + return (byte[]) authKeyId.clone(); + else + return null; + } + + /** + * Returns the basic constraints criterion, or -1 if this value is not set. + * + * @return The basic constraints. + */ + public int getBasicConstraints() + { + return basicConstraints; + } + + /** + * Returns the certificate criterion, or <code>null</code> if this value + * was not set. + * + * @return The certificate. + */ + public X509Certificate getCertificate() + { + return cert; + } + + /** + * Returns the date at which certificates must be valid, or <code>null</code> + * if this criterion was not set. + * + * @return The target certificate valitity date. + */ + public Date getCertificateValid() + { + if (certValid != null) + return (Date) certValid.clone(); + else + return null; + } + + /** + * Returns the set of extended key purpose IDs, as an unmodifiable set + * of OID strings. Returns <code>null</code> if this criterion is not + * set. + * + * @return The set of key purpose OIDs (strings). + */ + public Set<String> getExtendedKeyUsage() + { + if (keyPurposeSet != null) + return Collections.unmodifiableSet(keyPurposeSet); + else + return null; + } + + /** + * Returns the issuer criterion as a sequence of DER bytes, or + * <code>null</code> if this value was not set. + * + * @return The issuer. + */ + public byte[] getIssuerAsBytes() throws IOException + { + if (issuer != null) + return issuer.getEncoded(); + else + return null; + } + + /** + * Returns the issuer criterion as a string, or <code>null</code> if this + * value was not set. + * + * @return The issuer. + */ + public String getIssuerAsString() + { + if (issuer != null) + return issuer.getName(); + else + return null; + } + + /** + * Returns the public key usage criterion, or <code>null</code> if this + * value is not set. Note that the array is cloned to prevent modification. + * + * @return The public key usage. + */ + public boolean[] getKeyUsage() + { + if (keyUsage != null) + return (boolean[]) keyUsage.clone(); + else + return null; + } + + /** + * Returns whether or not all specified alternative names must match. + * If false, a certificate is considered a match if <em>one</em> of the + * specified alternative names matches. + * + * @return true if all names must match. + */ + public boolean getMatchAllSubjectAltNames() + { + return matchAllNames; + } + + /** + * Returns the name constraints criterion, or <code>null</code> if this + * value is not set. Note that the byte array is cloned to prevent + * modification. + * + * @return The name constraints. + */ + public byte[] getNameConstraints() + { + if (nameConstraints != null) + return (byte[]) nameConstraints.clone(); + else + return null; + } + + public Collection<List<?>> getPathToNames() + { + if (pathToNames != null) + { + List<List<?>> names = new ArrayList<List<?>>(pathToNames.size()); + for (GeneralName name : pathToNames) + { + List<Object> n = new ArrayList<Object>(2); + n.add(name.kind().tag()); + n.add(name.name()); + names.add(n); + } + + return names; + } + return null; + } + + /** + * Returns the certificate policy extension that will be matched by this + * selector, or null if the certificate policy will not be matched. + * + * @return The policy to be matched, or null. + */ + public Set<String> getPolicy() + { + Set<OID> p = this.policy; + if (p != null) + { + Set<String> strings = new HashSet<String>(p.size()); + for (OID o : p) + { + strings.add(o.toString()); + } + return strings; + } + return null; + } + + /** + * This method, and its related X.509 certificate extension — the + * private key usage period — is not supported under the Internet + * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this + * method is not supported either. + * + * <p>Do not use this method. It is not deprecated, as it is not deprecated + * in the Java standard, but it is basically a no-operation and simply + * returns <code>null</code>. + * + * @return Null. + */ + public Date getPrivateKeyValid() + { + return null; + } + + /** + * Returns the serial number criterion, or <code>null</code> if this + * value was not set. + * + * @return The serial number. + */ + public BigInteger getSerialNumber() + { + return serialNo; + } + + /** + * Get the subject alternative names criterion. The collection returned + * is a collection of pairs: the first element is an {@link Integer} + * containing the name type, and the second is a byte array containing + * the DER-encoded name bytes. + * + * @return The subject alternative names criterion. Returns null if this + * criterion is not set. + */ + public Collection<List<?>> getSubjectAlternativeNames() + { + if (altNames != null) + { + List<List<?>> names = new ArrayList<List<?>>(altNames.size()); + for (GeneralName name : altNames) + { + List<Object> n = new ArrayList<Object>(2); + n.add(name.kind().tag()); + n.add(name.name()); + names.add(n); + } + return names; + } + return null; + } + + /** + * Returns the subject criterion as a sequence of DER bytes, or + * <code>null</code> if this value is not set. + * + * @return The subject. + */ + public byte[] getSubjectAsBytes() throws IOException + { + if (subject != null) + return subject.getEncoded(); + else + return null; + } + + /** + * Returns the subject criterion as a string, of <code>null</code> if + * this value was not set. + * + * @return The subject. + */ + public String getSubjectAsString() + { + if (subject != null) + return subject.getName(); + else + return null; + } + + /** + * Returns the subject key identifier criterion, or <code>null</code> if + * this value was not set. Note that the byte array is cloned to prevent + * modification. + * + * @return The subject key identifier. + */ + public byte[] getSubjectKeyIdentifier() + { + if (subjectKeyId != null) + return (byte[]) subjectKeyId.clone(); + else + return null; + } + + /** + * Returns the subject public key criterion, or <code>null</code> if this + * value is not set. + * + * @return The subject public key. + */ + public PublicKey getSubjectPublicKey() + { + return subjectKey; + } + + /** + * Returns the public key algorithm ID that matching certificates must have, + * or <code>null</code> if this criterion was not set. + * + * @return The public key algorithm ID. + */ + public String getSubjectPublicKeyAlgID() + { + return String.valueOf(sigId); + } + + /** + * Match a certificate. This method will check the given certificate + * against all the enabled criteria of this selector, and will return + * <code>true</code> if the given certificate matches. + * + * @param certificate The certificate to check. + * @return true if the certificate matches all criteria. + */ + public boolean match(Certificate certificate) + { + if (!(certificate instanceof X509Certificate)) + return false; + X509Certificate cert = (X509Certificate) certificate; + if (this.cert != null) + { + try + { + byte[] e1 = this.cert.getEncoded(); + byte[] e2 = cert.getEncoded(); + if (!Arrays.equals(e1, e2)) + return false; + } + catch (CertificateEncodingException cee) + { + return false; + } + } + if (serialNo != null) + { + if (!serialNo.equals(cert.getSerialNumber())) + return false; + } + if (certValid != null) + { + try + { + cert.checkValidity(certValid); + } + catch (CertificateException ce) + { + return false; + } + } + if (issuer != null) + { + if (!issuer.equals(cert.getIssuerX500Principal())) + return false; + } + if (subject != null) + { + if (!subject.equals(cert.getSubjectX500Principal())) + return false; + } + if (sigId != null) + { + if (!sigId.toString().equals(cert.getSigAlgOID())) + return false; + } + if (subjectKeyId != null) + { + byte[] b = cert.getExtensionValue(SUBJECT_KEY_ID); + if (!Arrays.equals(b, subjectKeyId)) + return false; + } + if (authKeyId != null) + { + byte[] b = cert.getExtensionValue(AUTH_KEY_ID); + if (!Arrays.equals(b, authKeyId)) + return false; + } + if (keyUsage != null) + { + boolean[] b = cert.getKeyUsage(); + if (!Arrays.equals(b, keyUsage)) + return false; + } + if (basicConstraints >= 0) + { + if (cert.getBasicConstraints() != basicConstraints) + return false; + } + if (keyPurposeSet != null) + { + List kp = null; + try + { + kp = cert.getExtendedKeyUsage(); + } + catch (CertificateParsingException cpe) + { + return false; + } + if (kp == null) + return false; + for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); ) + { + if (!kp.contains(it.next())) + return false; + } + } + if (altNames != null) + { + Collection<List<?>> an = null; + try + { + an = cert.getSubjectAlternativeNames(); + } + catch (CertificateParsingException cpe) + { + return false; + } + if (an == null) + return false; + int match = 0; + for (GeneralName name : altNames) + { + for (List<?> list : an) + { + try + { + Integer id = (Integer) list.get(0); + Object val = list.get(1); + GeneralName n = null; + if (val instanceof String) + n = makeName(id, (String) val); + else if (val instanceof byte[]) + { + n = new GeneralName(GeneralName.Kind.forTag(id), + (byte[]) val); + } + else + continue; + if (name.equals(n)) + match++; + } + catch (Exception e) + { + continue; + } + } + if (match == 0 || (matchAllNames && match < altNames.size())) + return false; + } + } + if (nameConstraints != null) + { + byte[] nc = cert.getExtensionValue(NAME_CONSTRAINTS_ID); + if (!Arrays.equals(nameConstraints, nc)) + return false; + } + + if (policy != null) + { + CertificatePolicies policies = null; + if (cert instanceof GnuPKIExtension) + { + policies = (CertificatePolicies) + ((GnuPKIExtension) cert).getExtension(CertificatePolicies.ID).getValue(); + } + else + { + byte[] policiesDer = + cert.getExtensionValue(CertificatePolicies.ID.toString()); + try + { + policies = new CertificatePolicies(policiesDer); + } + catch (IOException ioe) + { + // ignored + } + } + + if (policies == null) + return false; + if (!policies.getPolicies().containsAll(policy)) + return false; + } + + if (pathToNames != null) + { + NameConstraints nc = null; + if (cert instanceof GnuPKIExtension) + { + Extension e = + ((GnuPKIExtension) cert).getExtension(NameConstraints.ID); + if (e != null) + nc = (NameConstraints) e.getValue(); + } + else + { + byte[] b = cert.getExtensionValue(NameConstraints.ID.toString()); + if (b != null) + { + try + { + nc = new NameConstraints(b); + } + catch (IOException ioe) + { + } + } + } + + if (nc == null) + return false; + + int match = 0; + for (GeneralName name : pathToNames) + { + for (GeneralSubtree subtree : nc.permittedSubtrees()) + { + if (name.equals(subtree.base())) + match++; + } + } + if (match == 0 || (matchAllNames && match < pathToNames.size())) + return false; + } + + return true; + } + + /** + * Sets the authority key identifier criterion, or <code>null</code> to clear + * this criterion. Note that the byte array is cloned to prevent modification. + * + * @param authKeyId The authority key identifier. + */ + public void setAuthorityKeyIdentifier(byte[] authKeyId) + { + this.authKeyId = authKeyId != null ? (byte[]) authKeyId.clone() : null; + } + + /** + * Sets the basic constraints criterion. Specify -1 to clear this parameter. + * + * @param basicConstraints The new basic constraints value. + */ + public void setBasicConstraints(int basicConstraints) + { + if (basicConstraints < -1) + basicConstraints = -1; + this.basicConstraints = basicConstraints; + } + + /** + * Sets the certificate criterion. If set, only certificates that are + * equal to the certificate passed here will be accepted. + * + * @param cert The certificate. + */ + public void setCertificate(X509Certificate cert) + { + this.cert = cert; + } + + /** + * Sets the date at which certificates must be valid. Specify + * <code>null</code> to clear this criterion. + * + * @param certValid The certificate validity date. + */ + public void setCertificateValid(Date certValid) + { + this.certValid = certValid != null ? (Date) certValid.clone() : null; + } + + /** + * Sets the extended key usage criterion, as a set of OID strings. Specify + * <code>null</code> to clear this value. + * + * @param keyPurposeSet The set of key purpose OIDs. + * @throws IOException If any element of the set is not a valid OID string. + */ + public void setExtendedKeyUsage(Set<String> keyPurposeSet) throws IOException + { + if (keyPurposeSet == null) + { + this.keyPurposeSet = null; + return; + } + Set<String> s = new HashSet<String>(); + for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); ) + { + Object o = it.next(); + if (!(o instanceof String)) + throw new IOException("not a string: " + o); + try + { + OID oid = new OID((String) o); + int[] comp = oid.getIDs(); + if (!checkOid(comp)) + throw new IOException("malformed OID: " + o); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed OID: " + o); + ioe.initCause(iae); + throw ioe; + } + } + this.keyPurposeSet = s; + } + + /** + * Sets the issuer, specified as the DER encoding of the issuer's + * distinguished name. Only certificates issued by this issuer will + * be accepted. + * + * @param name The DER encoding of the issuer's distinguished name. + * @throws IOException If the given name is incorrectly formatted. + */ + public void setIssuer(byte[] name) throws IOException + { + if (name != null) + { + try + { + issuer = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + throw new IOException(iae.getMessage()); + } + } + else + issuer = null; + } + + /** + * Sets the issuer, specified as a string representation of the issuer's + * distinguished name. Only certificates issued by this issuer will + * be accepted. + * + * @param name The string representation of the issuer's distinguished name. + * @throws IOException If the given name is incorrectly formatted. + */ + public void setIssuer(String name) throws IOException + { + if (name != null) + { + try + { + issuer = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + throw new IOException(iae.getMessage()); + } + } + else + issuer = null; + } + + /** + * Sets the public key usage criterion. Specify <code>null</code> to clear + * this value. + * + * @param keyUsage The public key usage. + */ + public void setKeyUsage(boolean[] keyUsage) + { + this.keyUsage = keyUsage != null ? (boolean[]) keyUsage.clone() : null; + } + + /** + * Sets whether or not all subject alternative names must be matched. + * If false, then a certificate will be considered a match if one + * alternative name matches. + * + * @param matchAllNames Whether or not all alternative names must be + * matched. + */ + public void setMatchAllSubjectAltNames(boolean matchAllNames) + { + this.matchAllNames = matchAllNames; + } + + /** + * Sets the name constraints criterion; specify <code>null</code> to + * clear this criterion. Note that if non-null, the argument will be + * cloned to prevent modification. + * + * @param nameConstraints The new name constraints. + * @throws IOException If the argument is not a valid DER-encoded + * name constraints. + */ + public void setNameConstraints(byte[] nameConstraints) + throws IOException + { + // Check if the input is well-formed... + new NameConstraints(nameConstraints); + + // But we just compare raw byte arrays. + this.nameConstraints = nameConstraints != null + ? (byte[]) nameConstraints.clone() : null; + } + + /** + * Sets the pathToNames criterion. The argument is a collection of + * pairs, the first element of which is an {@link Integer} giving + * the ID of the name, and the second element is either a {@link String} + * or a byte array. + * + * See {@link #addPathToName(int, byte[])} and {@link #addPathToName(int, String)} + * for how these arguments are handled. + * + * @param names The names. + * @throws IOException If any argument is malformed. + */ + public void setPathToNames(Collection<List<?>> names) throws IOException + { + if (names == null || names.size() == 0) + { + pathToNames = null; + } + else + { + pathToNames = new ArrayList<GeneralName>(names.size()); + for (List<?> name : names) + { + Integer id = (Integer) name.get(0); + Object name2 = name.get(1); + if (name2 instanceof String) + addPathToName(id, (String) name2); + else if (name2 instanceof byte[]) + addPathToName(id, (byte[]) name2); + else + throw new IOException("invalid name type: " + + name2.getClass().getName()); + } + } + } + + /** + * Sets the certificate policy to match, or null if this criterion should + * not be checked. Each element if the set must be a dotted-decimal form + * of certificate policy object identifier. + * + * @param policy The policy to match. + * @throws IOException If some element of the policy is not a valid + * policy extenison OID. + */ + public void setPolicy(Set<String> policy) throws IOException + { + if (policy != null) + { + HashSet<OID> p = new HashSet<OID>(policy.size()); + for (String s : policy) + { + try + { + OID oid = new OID(s); + int[] i = oid.getIDs(); + if (!checkOid(i)) + throw new IOException("invalid OID"); + p.add(oid); + } + catch (IOException ioe) + { + throw ioe; + } + catch (Exception x) + { + IOException ioe = new IOException("invalid OID"); + ioe.initCause(x); + throw ioe; + } + } + this.policy = p; + } + else + this.policy = null; + } + + /** + * This method, and its related X.509 certificate extension — the + * private key usage period — is not supported under the Internet + * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this + * method is not supported either. + * + * <p>Do not use this method. It is not deprecated, as it is not deprecated + * in the Java standard, but it is basically a no-operation. + * + * @param UNUSED Is silently ignored. + */ + public void setPrivateKeyValid(Date UNUSED) + { + } + + /** + * Sets the serial number of the desired certificate. Only certificates that + * contain this serial number are accepted. + * + * @param serialNo The serial number. + */ + public void setSerialNumber(BigInteger serialNo) + { + this.serialNo = serialNo; + } + + /** + * Sets the subject, specified as the DER encoding of the subject's + * distinguished name. Only certificates with the given subject will + * be accepted. + * + * @param name The DER encoding of the subject's distinguished name. + * @throws IOException If the given name is incorrectly formatted. + */ + public void setSubject(byte[] name) throws IOException + { + if (name != null) + { + try + { + subject = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + throw new IOException(iae.getMessage()); + } + } + else + subject = null; + } + + /** + * Sets the subject, specified as a string representation of the + * subject's distinguished name. Only certificates with the given + * subject will be accepted. + * + * @param name The string representation of the subject's distinguished name. + * @throws IOException If the given name is incorrectly formatted. + */ + public void setSubject(String name) throws IOException + { + if (name != null) + { + try + { + subject = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + throw new IOException(iae.getMessage()); + } + } + else + subject = null; + } + + /** + * Sets the subject alternative names critertion. Each element of the + * argument must be a {@link java.util.List} that contains exactly two + * elements: the first an {@link Integer}, representing the type of + * name, and the second either a {@link String} or a byte array, + * representing the name itself. + * + * @param altNames The alternative names. + * @throws IOException If any element of the argument is invalid. + */ + public void setSubjectAlternativeNames(Collection<List<?>> altNames) + throws IOException + { + if (altNames == null || altNames.isEmpty()) + { + this.altNames = null; + return; + } + List<GeneralName> l = new ArrayList<GeneralName>(altNames.size()); + for (List<?> list : altNames) + { + Integer id = (Integer) list.get(0); + Object value = list.get(1); + GeneralName name = null; + if (value instanceof String) + name = makeName(id, (String) value); + else if (value instanceof byte[]) + name = new GeneralName(GeneralName.Kind.forTag(id), (byte[]) value); + else + throw new IOException("invalid name type: " + value.getClass().getName()); + l.add(name); + } + this.altNames = l; + } + + /** + * Sets the subject key identifier criterion, or <code>null</code> to clear + * this criterion. Note that the byte array is cloned to prevent modification. + * + * @param subjectKeyId The subject key identifier. + */ + public void setSubjectKeyIdentifier(byte[] subjectKeyId) + { + this.subjectKeyId = subjectKeyId != null ? (byte[]) subjectKeyId.clone() : + null; + } + + /** + * Sets the subject public key criterion as a DER-encoded key. Specify + * <code>null</code> to clear this value. + * + * @param key The DER-encoded key bytes. + * @throws IOException If the argument is not a valid DER-encoded key. + */ + public void setSubjectPublicKey(byte[] key) throws IOException + { + if (key == null) + { + subjectKey = null; + subjectKeySpec = null; + return; + } + try + { + subjectKeySpec = new X509EncodedKeySpec(key); + KeyFactory enc = KeyFactory.getInstance("X.509"); + subjectKey = enc.generatePublic(subjectKeySpec); + } + catch (Exception x) + { + subjectKey = null; + subjectKeySpec = null; + IOException ioe = new IOException(x.getMessage()); + ioe.initCause(x); + throw ioe; + } + } + + /** + * Sets the subject public key criterion as an opaque representation. + * Specify <code>null</code> to clear this criterion. + * + * @param key The public key. + */ + public void setSubjectPublicKey(PublicKey key) + { + this.subjectKey = key; + if (key == null) + { + subjectKeySpec = null; + return; + } + try + { + KeyFactory enc = KeyFactory.getInstance("X.509"); + subjectKeySpec = (X509EncodedKeySpec) + enc.getKeySpec(key, X509EncodedKeySpec.class); + } + catch (Exception x) + { + subjectKey = null; + subjectKeySpec = null; + } + } + + /** + * Sets the public key algorithm ID that matching certificates must have. + * Specify <code>null</code> to clear this criterion. + * + * @param sigId The public key ID. + * @throws IOException If the specified ID is not a valid object identifier. + */ + public void setSubjectPublicKeyAlgID(String sigId) throws IOException + { + if (sigId != null) + { + try + { + OID oid = new OID(sigId); + int[] comp = oid.getIDs(); + if (!checkOid(comp)) + throw new IOException("malformed OID: " + sigId); + this.sigId = oid; + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed OID: " + sigId); + ioe.initCause(iae); + throw ioe; + } + } + else + this.sigId = null; + } + + public String toString() + { + CPStringBuilder str = new CPStringBuilder(X509CertSelector.class.getName()); + String nl = SystemProperties.getProperty("line.separator"); + String eol = ";" + nl; + str.append(" {").append(nl); + if (cert != null) + str.append(" certificate = ").append(cert).append(eol); + if (basicConstraints >= 0) + str.append(" basic constraints = ").append(basicConstraints).append(eol); + if (serialNo != null) + str.append(" serial number = ").append(serialNo).append(eol); + if (certValid != null) + str.append(" valid date = ").append(certValid).append(eol); + if (issuer != null) + str.append(" issuer = ").append(issuer).append(eol); + if (subject != null) + str.append(" subject = ").append(subject).append(eol); + if (sigId != null) + str.append(" signature OID = ").append(sigId).append(eol); + if (subjectKey != null) + str.append(" subject public key = ").append(subjectKey).append(eol); + if (subjectKeyId != null) + { + str.append(" subject key ID = "); + for (int i = 0; i < subjectKeyId.length; i++) + { + str.append(Character.forDigit((subjectKeyId[i] & 0xF0) >>> 8, 16)); + str.append(Character.forDigit((subjectKeyId[i] & 0x0F), 16)); + if (i < subjectKeyId.length - 1) + str.append(':'); + } + str.append(eol); + } + if (authKeyId != null) + { + str.append(" authority key ID = "); + for (int i = 0; i < authKeyId.length; i++) + { + str.append(Character.forDigit((authKeyId[i] & 0xF0) >>> 8, 16)); + str.append(Character.forDigit((authKeyId[i] & 0x0F), 16)); + if (i < authKeyId.length - 1) + str.append(':'); + } + str.append(eol); + } + if (keyUsage != null) + { + str.append(" key usage = "); + for (int i = 0; i < keyUsage.length; i++) + str.append(keyUsage[i] ? '1' : '0'); + str.append(eol); + } + if (keyPurposeSet != null) + str.append(" key purpose = ").append(keyPurposeSet).append(eol); + if (altNames != null) + str.append(" alternative names = ").append(altNames).append(eol); + if (nameConstraints != null) + str.append(" name constraints = <blob of data>").append(eol); + if (policy != null) + str.append(" policy = ").append(policy).append(eol); + if (pathToNames != null) + str.append(" pathToNames = ").append(pathToNames).append(eol); + str.append("}").append(nl); + return str.toString(); + } +} diff --git a/libjava/classpath/java/security/cert/X509Certificate.java b/libjava/classpath/java/security/cert/X509Certificate.java new file mode 100644 index 000000000..ab9e1be37 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509Certificate.java @@ -0,0 +1,589 @@ +/* X509Certificate.java --- X.509 Certificate class + Copyright (C) 1999,2003, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.math.BigInteger; +import java.security.Principal; +import java.util.Date; +import java.util.List; + +/** + * X509Certificate is the abstract class for X.509 certificates. + * This provides a stanard class interface for accessing all + * the attributes of X.509 certificates. + * + * <p>In June 1996, the basic X.509 v3 format was finished by + * ISO/IEC and ANSI X.9. The ASN.1 DER format is below: + * + * <blockquote><pre> + * Certificate ::= SEQUENCE { + * tbsCertificate TBSCertificate, + * signatureAlgorithm AlgorithmIdentifier, + * signatureValue BIT STRING } + * </pre></blockquote> + * + * <p>These certificates are widely used in various Internet + * protocols to support authentication. It is used in + * Privacy Enhanced Mail (PEM), Transport Layer Security (TLS), + * Secure Sockets Layer (SSL), code signing for trusted software + * distribution, and Secure Electronic Transactions (SET). + * + * <p>The certificates are managed and vouched for by + * <I>Certificate Authorities</I> (CAs). CAs are companies or + * groups that create certificates by placing the data in the + * X.509 certificate format and signing it with their private + * key. CAs serve as trusted third parties by certifying that + * the person or group specified in the certificate is who + * they say they are. + * + * <p>The ASN.1 defintion for <I>tbsCertificate</I> is + * + * <blockquote><pre> + * TBSCertificate ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * serialNumber CertificateSerialNumber, + * signature AlgorithmIdentifier, + * issuer Name, + * validity Validity, + * subject Name, + * subjectPublicKeyInfo SubjectPublicKeyInfo, + * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + * -- If present, version shall be v2 or v3 + * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + * -- If present, version shall be v2 or v3 + * extensions [3] EXPLICIT Extensions OPTIONAL + * -- If present, version shall be v3 + * } + * + * Version ::= INTEGER { v1(0), v2(1), v3(2) } + * + * CertificateSerialNumber ::= INTEGER + * + * Validity ::= SEQUENCE { + * notBefore Time, + * notAfter Time } + * + * Time ::= CHOICE { + * utcTime UTCTime, + * generalTime GeneralizedTime } + * + * UniqueIdentifier ::= BIT STRING + * + * SubjectPublicKeyInfo ::= SEQUENCE { + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING } + * + * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + * + * Extension ::= SEQUENCE { + * extnID OBJECT IDENTIFIER, + * critical BOOLEAN DEFAULT FALSE, + * extnValue OCTET STRING } + * </pre></blockquote> + * + * Certificates are created with the CertificateFactory. + * + * <p>References: + * + * <ol> + * <li>Olivier Dubuisson, Philippe Fouquart (Translator) <i>ASN.1 - + * Communication between heterogeneous systems</i>, (C) September 2000, + * Morgan Kaufmann Publishers, ISBN 0-12-6333361-0. Available on-line at + * <a + * href="http://www.oss.com/asn1/dubuisson.html">http://www.oss.com/asn1/dubuisson.html</a></li> + * <li>R. Housley et al, <i><a href="http://www.ietf.org/rfc/rfc3280.txt">RFC + * 3280: Internet X.509 Public Key Infrastructure Certificate and CRL + * Profile</a></i>.</li> + * </ol> + * + * @since 1.2 + * @author Mark Benvenuto + * @author Casey Marshall (rsdio@metastatic.org) + */ +public abstract class X509Certificate + extends Certificate + implements X509Extension +{ + private static final long serialVersionUID = -2491127588187038216L; + + /** + * Constructs a new certificate of the specified type. + */ + protected X509Certificate() + { + super( "X.509" ); + } + + /** + Checks the validity of the X.509 certificate. It is valid + if the current date and time are within the period specified + by the certificate. + + The ASN.1 DER encoding is: + + validity Validity, + + Validity ::= SEQUENCE { + notBefore Time, + notAfter Time } + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Consult rfc2459 for more information. + + @throws CertificateExpiredException if the certificate expired + @throws CertificateNotYetValidException if the certificate is + not yet valid + */ + public abstract void checkValidity() + throws CertificateExpiredException, + CertificateNotYetValidException; + + /** + Checks the validity of the X.509 certificate for the + specified time and date. It is valid if the specified + date and time are within the period specified by + the certificate. + + @throws CertificateExpiredException if the certificate expired + based on the date + @throws CertificateNotYetValidException if the certificate is + not yet valid based on the date + */ + public abstract void checkValidity(Date date) + throws CertificateExpiredException, + CertificateNotYetValidException; + + /** + Returns the version of this certificate. + + The ASN.1 DER encoding is: + + version [0] EXPLICIT Version DEFAULT v1, + + Version ::= INTEGER { v1(0), v2(1), v3(2) } + + Consult rfc2459 for more information. + + @return version number of certificate + */ + public abstract int getVersion(); + + /** + Gets the serial number for serial Number in + this Certifcate. It must be a unique number + unique other serial numbers from the granting CA. + + The ASN.1 DER encoding is: + + serialNumber CertificateSerialNumber, + + CertificateSerialNumber ::= INTEGER + + Consult rfc2459 for more information. + + @return the serial number for this X509CRLEntry. + */ + public abstract BigInteger getSerialNumber(); + + /** + Returns the issuer (issuer distinguished name) of the + Certificate. The issuer is the entity who signed + and issued the Certificate. + + The ASN.1 DER encoding is: + + issuer Name, + + Name ::= CHOICE { + RDNSequence } + + RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + + RelativeDistinguishedName ::= + SET OF AttributeTypeAndValue + + AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue } + + AttributeType ::= OBJECT IDENTIFIER + + AttributeValue ::= ANY DEFINED BY AttributeType + + DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1.. MAX)), + bmpString BMPString (SIZE (1..MAX)) } + + Consult rfc2459 for more information. + + @return the issuer in the Principal class + */ + public abstract Principal getIssuerDN(); + + /** + Returns the subject (subject distinguished name) of the + Certificate. The subject is the entity who the Certificate + identifies. + + The ASN.1 DER encoding is: + + subject Name, + + Consult rfc2459 for more information. + + @return the issuer in the Principal class + */ + public abstract Principal getSubjectDN(); + + /** + Returns the date that this certificate is not to be used + before, <I>notBefore</I>. + + The ASN.1 DER encoding is: + + validity Validity, + + Validity ::= SEQUENCE { + notBefore Time, + notAfter Time } + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Consult rfc2459 for more information. + + @return the date <I>notBefore</I> + */ + public abstract Date getNotBefore(); + + /** + Returns the date that this certificate is not to be used + after, <I>notAfter</I>. + + @return the date <I>notAfter</I> + */ + public abstract Date getNotAfter(); + + + /** + Returns the <I>tbsCertificate</I> from the certificate. + + @return the DER encoded tbsCertificate + + @throws CertificateEncodingException if encoding error occurred + */ + public abstract byte[] getTBSCertificate() throws CertificateEncodingException; + + /** + Returns the signature in its raw DER encoded format. + + The ASN.1 DER encoding is: + + signatureValue BIT STRING + + Consult rfc2459 for more information. + + @return byte array representing signature + */ + public abstract byte[] getSignature(); + + /** + Returns the signature algorithm used to sign the CRL. + An examples is "SHA-1/DSA". + + The ASN.1 DER encoding is: + + signatureAlgorithm AlgorithmIdentifier, + + AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL } + + Consult rfc2459 for more information. + + The algorithm name is determined from the OID. + + @return a string with the signature algorithm name + */ + public abstract String getSigAlgName(); + + + /** + Returns the OID for the signature algorithm used. + Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\ + + The ASN.1 DER encoding for the example is: + + id-dsa-with-sha1 ID ::= { + iso(1) member-body(2) us(840) x9-57 (10040) + x9cm(4) 3 } + + Consult rfc2459 for more information. + + @return a string containing the OID. + */ + public abstract String getSigAlgOID(); + + + /** + Returns the AlgorithmParameters in the encoded form + for the signature algorithm used. + + If access to the parameters is need, create an + instance of AlgorithmParameters. + + @return byte array containing algorithm parameters, null + if no parameters are present in certificate + */ + public abstract byte[] getSigAlgParams(); + + + /** + Returns the issuer unique ID for this certificate. + + The ASN.1 DER encoding is: + + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version shall be v2 or v3 + + UniqueIdentifier ::= BIT STRING + + Consult rfc2459 for more information. + + @return bit representation of <I>issuerUniqueID</I> + */ + public abstract boolean[] getIssuerUniqueID(); + + /** + Returns the subject unique ID for this certificate. + + The ASN.1 DER encoding is: + + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version shall be v2 or v3 + + UniqueIdentifier ::= BIT STRING + + Consult rfc2459 for more information. + + @return bit representation of <I>subjectUniqueID</I> + */ + public abstract boolean[] getSubjectUniqueID(); + + /** + Returns a boolean array representing the <I>KeyUsage</I> + extension for the certificate. The KeyUsage (OID = 2.5.29.15) + defines the purpose of the key in the certificate. + + The ASN.1 DER encoding is: + + id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } + + KeyUsage ::= BIT STRING { + digitalSignature (0), + nonRepudiation (1), + keyEncipherment (2), + dataEncipherment (3), + keyAgreement (4), + keyCertSign (5), + cRLSign (6), + encipherOnly (7), + decipherOnly (8) } + + Consult rfc2459 for more information. + + @return bit representation of <I>KeyUsage</I> + */ + public abstract boolean[] getKeyUsage(); + + /** + Returns the certificate constraints path length from the + critical BasicConstraints extension, (OID = 2.5.29.19). + + The basic constraints extensions is used to determine if + the subject of the certificate is a Certificate Authority (CA) + and how deep the certification path may exist. The + <I>pathLenConstraint</I> only takes affect if <I>cA</I> + is set to true. "A value of zero indicates that only an + end-entity certificate may follow in the path." (rfc2459) + + The ASN.1 DER encoding is: + + id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } + + BasicConstraints ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER (0..MAX) OPTIONAL } + + Consult rfc2459 for more information. + + @return the length of the path constraint if BasicConstraints + is present and cA is TRUE. Otherwise returns -1. + */ + public abstract int getBasicConstraints(); + + // 1.4 instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the <code>ExtendedKeyUsage</code> extension of this + * certificate, or null if there is no extension present. The returned + * value is a {@link java.util.List} strings representing the object + * identifiers of the extended key usages. This extension has the OID + * 2.5.29.37. + * + * <p>The ASN.1 definition for this extension is: + * + * <blockquote><pre> + * ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId + * + * KeyPurposeId ::= OBJECT IDENTIFIER + * </pre></blockquote> + * + * @return The list of extension OIDs, or null if there are none + * present in this certificate. + * @throws CertificateParsingException If this extension cannot be + * parsed from its encoded form. + */ + public java.util.List<String> getExtendedKeyUsage() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the alternative names for this certificate's subject (the + * owner), or null if there are none. + * + * <p>This is an X.509 extension with OID 2.5.29.17 and is defined by + * the ASN.1 construction: + * + * <blockquote><pre> + * SubjectAltNames ::= GeneralNames + * + * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + * + * GeneralName ::= CHOICE { + * otherName [0] OtherName, + * rfc822Name [1] IA5String, + * dNSName [2] IA5String, + * x400Address [3] ORAddress, + * directoryName [4] Name, + * ediPartyName [5] EDIPartyName, + * uniformResourceIdentifier [6] IA5String, + * iPAddress [7] OCTET STRING, + * registeredID [8] OBJECT IDENTIFIER + * } + * </pre></blockquote> + * + * <p>The returned collection contains one or more two-element Lists, + * with the first object being an Integer representing the choice + * above (with value 0 through 8) and the second being an (a) String + * if the <code>GeneralName</code> is a rfc822Name, dNSName, + * uniformResourceIdentifier, iPAddress, or registeredID, or (b) a + * byte array of the DER encoded form for any others. + * + * @return The collection of alternative names, or null if there are + * none. + * @throws CertificateParsingException If the encoded extension cannot + * be parsed. + * @since JDK 1.4 + */ + public java.util.Collection<List<?>> getSubjectAlternativeNames() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the alternative names for this certificate's issuer, or + * null if there are none. + * + * <p>This is an X.509 extension with OID 2.5.29.18, and is defined by + * the ASN.1 construction: + * + * <blockquote><pre> + * IssuerAltNames ::= GeneralNames + * </pre></blockquote> + * + * <p>The <code>GeneralNames</code> construct and the form of the + * returned collection are the same as with {@link + * #getSubjectAlternativeNames()}. + * + * @return The collection of alternative names, or null if there are + * none. + * @throws CertificateParsingException If the encoded extension cannot + * be parsed. + * @since JDK 1.4 + */ + public java.util.Collection<List<?>> getIssuerAlternativeNames() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the X.500 distinguished name of this certificate's subject. + * + * @return The subject's X.500 distinguished name. + * @since JDK 1.4 + */ + public javax.security.auth.x500.X500Principal getSubjectX500Principal() + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the X.500 distinguished name of this certificate's issuer. + * + * @return The issuer's X.500 distinguished name. + * @since JDK 1.4 + */ + public javax.security.auth.x500.X500Principal getIssuerX500Principal() + { + throw new UnsupportedOperationException(); + } +} diff --git a/libjava/classpath/java/security/cert/X509Extension.java b/libjava/classpath/java/security/cert/X509Extension.java new file mode 100644 index 000000000..a0c24f429 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509Extension.java @@ -0,0 +1,113 @@ +/* X509Extension.java --- X.509 Extension + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; +import java.util.Set; + +/** + Public interface for the X.509 Extension. + + This is used for X.509 v3 Certificates and CRL v2 (Certificate + Revocation Lists) for managing attributes assoicated with + Certificates, for managing the hierarchy of certificates, + and for managing the distribution of CRL. This extension + format is used to define private extensions. + + Each extensions for a certificate or CRL must be marked + either critical or non-critical. If the certificate/CRL + system encounters a critical extension not recognized then + it must reject the certificate. A non-critical extension + may be just ignored if not recognized. + + + The ASN.1 definition for this class is: + + Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + + Extension ::= SEQUENCE { + extnId OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING + -- contains a DER encoding of a value + -- of the type registered for use with + -- the extnId object identifier value + } + + @author Mark Benvenuto + + @since 1.2 +*/ +public interface X509Extension +{ + + /** + Returns true if the certificate contains a critical extension + that is not supported. + + @return true if has unsupported extension, false otherwise + */ + boolean hasUnsupportedCriticalExtension(); + + /** + Returns a set of the CRITICAL extension OIDs from the + certificate/CRL that the object implementing this interface + manages. + + @return A Set containing the OIDs. If there are no CRITICAL + extensions or extensions at all this returns null. + */ + Set<String> getCriticalExtensionOIDs(); + + /** + Returns a set of the NON-CRITICAL extension OIDs from the + certificate/CRL that the object implementing this interface + manages. + + @return A Set containing the OIDs. If there are no NON-CRITICAL + extensions or extensions at all this returns null. + */ + Set<String> getNonCriticalExtensionOIDs(); + + /** + Returns the DER encoded OCTET string for the specified + extension value identified by a OID. The OID is a string + of number separated by periods. Ex: 12.23.45.67 + */ + byte[] getExtensionValue(String oid); + +} diff --git a/libjava/classpath/java/security/cert/package.html b/libjava/classpath/java/security/cert/package.html new file mode 100644 index 000000000..14b12d16c --- /dev/null +++ b/libjava/classpath/java/security/cert/package.html @@ -0,0 +1,46 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in java.security.cert package. + Copyright (C) 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head><title>GNU Classpath - java.security.cert</title></head> + +<body> +<p></p> + +</body> +</html> diff --git a/libjava/classpath/java/security/interfaces/DSAKey.java b/libjava/classpath/java/security/interfaces/DSAKey.java new file mode 100644 index 000000000..c6e819eb0 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAKey.java @@ -0,0 +1,56 @@ +/* DSAKey.java -- Interface for Digital Signature Algorithm key + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +/** + * This interface is implemented by a class to return the parameters + * of a Digital Signature Algorithm (DSA) public or private key. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAKey +{ + /** + * This method returns non-secret parameters of the DSA key + * + * @return The DSA parameters + */ + DSAParams getParams(); +} diff --git a/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java b/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java new file mode 100644 index 000000000..e657c54b4 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java @@ -0,0 +1,85 @@ +/* DSAKeyPairGenerator.java -- Initialize a DSA key generator + Copyright (C) 1998, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.security.InvalidParameterException; +import java.security.SecureRandom; + +/** + * This interface contains methods for intializing a Digital Signature + * Algorithm key generation engine. The initialize methods may be called + * any number of times. If no explicity initialization call is made, then + * the engine defaults to generating 1024-bit keys using pre-calculated + * base, prime, and subprime values. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAKeyPairGenerator +{ + /** + * Initializes the key generator with the specified DSA parameters and + * random bit source + * + * @param params The DSA parameters to use + * @param random The random bit source to use + * + * @exception InvalidParameterException If the parameters passed are not valid + */ + void initialize (DSAParams params, SecureRandom random) + throws InvalidParameterException; + + /** + * Initializes the key generator to a give modulus. If the <code>genParams</code> + * value is <code>true</code> then new base, prime, and subprime values + * will be generated for the given modulus. If not, the pre-calculated + * values will be used. If no pre-calculated values exist for the specified + * modulus, an exception will be thrown. It is guaranteed that there will + * always be pre-calculated values for all modulus values between 512 and + * 1024 bits inclusives. + * + * @param modlen The modulus length + * @param genParams <code>true</code> to generate new DSA parameters, <code>false</code> otherwise + * @param random The random bit source to use + * + * @exception InvalidParameterException If a parameter is invalid + */ + void initialize (int modlen, boolean genParams, SecureRandom random) + throws InvalidParameterException; +} diff --git a/libjava/classpath/java/security/interfaces/DSAParams.java b/libjava/classpath/java/security/interfaces/DSAParams.java new file mode 100644 index 000000000..42baeeb95 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAParams.java @@ -0,0 +1,72 @@ +/* DSAParams.java -- Digital Signature Algorithm parameter access + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; + +/** + * This interface allows the Digital Signature Algorithm (DSA) parameters + * to be queried. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAParams +{ + /** + * Returns the base, or 'g' value + * + * @return The DSA base value + */ + BigInteger getG(); + + /** + * Returns the prime, or 'p' value + * + * @return The DSA prime value + */ + BigInteger getP(); + + /** + * Returns the subprime, or 'q' value + * + * @return The DSA subprime value + */ + BigInteger getQ(); +} diff --git a/libjava/classpath/java/security/interfaces/DSAPrivateKey.java b/libjava/classpath/java/security/interfaces/DSAPrivateKey.java new file mode 100644 index 000000000..d79b34b90 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAPrivateKey.java @@ -0,0 +1,61 @@ +/* DSAPublicKey.java -- A Digital Signature Algorithm private key + Copyright (C) 1998, 2000, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.PrivateKey; + +/** + * This interface models a Digital Signature Algorithm (DSA) private key + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAPrivateKey extends DSAKey, PrivateKey +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 7776497482533790279L; + + /** + * This method returns the value of the DSA private key + */ + BigInteger getX(); +} diff --git a/libjava/classpath/java/security/interfaces/DSAPublicKey.java b/libjava/classpath/java/security/interfaces/DSAPublicKey.java new file mode 100644 index 000000000..d73e189f6 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAPublicKey.java @@ -0,0 +1,61 @@ +/* DSAPublicKey.java -- A Digital Signature Algorithm public key + Copyright (C) 1998, 2000, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.PublicKey; + +/** + * This interface models a Digital Signature Algorithm (DSA) public key + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAPublicKey extends DSAKey, PublicKey +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 1234526332779022332L; + + /** + * This method returns the value of the DSA public key + */ + BigInteger getY(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAKey.java b/libjava/classpath/java/security/interfaces/RSAKey.java new file mode 100644 index 000000000..485fa81e0 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAKey.java @@ -0,0 +1,57 @@ +/* RSAKey.java --- A generic RSA Key interface + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; + +/** + A generic RSA Key interface for public and private keys + + @since JDK 1.3 + + @author Mark Benvenuto + */ +public interface RSAKey +{ + /** + Generates a modulus. + + @returns a modulus + */ + BigInteger getModulus(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java b/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java new file mode 100644 index 000000000..da7d7479d --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java @@ -0,0 +1,112 @@ +/* RSAMultiPrimePrivateCrtKey.java -- + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.spec.RSAOtherPrimeInfo; + +/** + * The interface to an RSA multi-prime private key, as defined in the PKCS#1 + * v2.1, using the <i>Chinese Remainder Theorem</i> (CRT) information values. + * + * @since 1.4 + * @see java.security.spec.RSAPrivateKeySpec + * @see java.security.spec.RSAMultiPrimePrivateCrtKeySpec + * @see RSAPrivateKey + * @see RSAPrivateCrtKey + */ +public interface RSAMultiPrimePrivateCrtKey extends RSAPrivateKey +{ + // Constants + // -------------------------------------------------------------------------- + + long serialVersionUID = 618058533534628008L; + + // Methods + // -------------------------------------------------------------------------- + + /** + * Returns the public exponent. + * + * @return the public exponent. + */ + BigInteger getPublicExponent(); + + /** + * Returns the prime p. + * + * @return the prime p. + */ + BigInteger getPrimeP(); + + /** + * Returns the prime q. + * + * @return the prime q. + */ + BigInteger getPrimeQ(); + + /** + * Returns the prime's exponent p. + * + * @return the prime's exponent p. + */ + BigInteger getPrimeExponentP(); + + /** + * Returns the prime's exponent q. + * + * @return the prime's exponent q. + */ + BigInteger getPrimeExponentQ(); + + /** + * Returns the CRT Coefficient. + * + * @return the CRT Coefficient. + */ + BigInteger getCrtCoefficient(); + + /** + * Returns the <i>OtherPrimeInfo</i> triplet MPIs or <code>null</code> if + * there are only two known prime factors (p and q). + * + * @return the <i>OtherPrimeInfo</i> INTEGERs. + */ + RSAOtherPrimeInfo[] getOtherPrimeInfo(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java b/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java new file mode 100644 index 000000000..96a1496cf --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java @@ -0,0 +1,95 @@ +/* RSAPrivateCrtKey.java -- An RSA private key in CRT format + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; + +/** + * This interface provides access to information about an RSA private + * key in Chinese Remainder Theorem (CRT) format. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface RSAPrivateCrtKey extends RSAPrivateKey +{ + long serialVersionUID = -5682214253527700368L; + + /** + * Returns the public exponent for this key + * + * @return The public exponent for this key + */ + BigInteger getPublicExponent(); + + /** + * Returns the primeP value + * + * @return The primeP value + */ + BigInteger getPrimeP(); + + /** + * Returns the primeQ value + * + * @return The primeQ value + */ + BigInteger getPrimeQ(); + + /** + * Returns the primeExponentP + * + * @return The primeExponentP + */ + BigInteger getPrimeExponentP(); + + /** + * Returns the primeExponentQ + * + * @return The primeExponentQ + */ + BigInteger getPrimeExponentQ(); + + /** + * Returns the CRT coefficient + * + * @return The CRT coefficient + */ + BigInteger getCrtCoefficient(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAPrivateKey.java b/libjava/classpath/java/security/interfaces/RSAPrivateKey.java new file mode 100644 index 000000000..514987625 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAPrivateKey.java @@ -0,0 +1,60 @@ +/* RSAPrivateKey.java -- An RSA private key + Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.PrivateKey; + +/** + * This interface provides access to information about an RSA private key. + * + * @version 0.1 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface RSAPrivateKey extends PrivateKey, RSAKey +{ + long serialVersionUID = 5187144804936595022L; + + /** + * Returns the private exponent value for this key + * + * @return The private exponent value for this key + */ + BigInteger getPrivateExponent(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAPublicKey.java b/libjava/classpath/java/security/interfaces/RSAPublicKey.java new file mode 100644 index 000000000..5fb569d1d --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAPublicKey.java @@ -0,0 +1,60 @@ +/* RSAPublicKey.java -- An RSA public key + Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.PublicKey; + +/** + * This interface provides access to information about an RSA public key. + * + * @version 0.1 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface RSAPublicKey extends PublicKey, RSAKey +{ + long serialVersionUID = -8727434096241101194L; + + /** + * Returns the public exponent value for this key + * + * @return The public exponent value for this key + */ + BigInteger getPublicExponent(); +} diff --git a/libjava/classpath/java/security/interfaces/package.html b/libjava/classpath/java/security/interfaces/package.html new file mode 100644 index 000000000..aab0d6375 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/package.html @@ -0,0 +1,46 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in java.security.interfaces package. + Copyright (C) 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head><title>GNU Classpath - java.security.interfaces</title></head> + +<body> +<p></p> + +</body> +</html> diff --git a/libjava/classpath/java/security/package.html b/libjava/classpath/java/security/package.html new file mode 100644 index 000000000..328b7044b --- /dev/null +++ b/libjava/classpath/java/security/package.html @@ -0,0 +1,46 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in java.security package. + Copyright (C) 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head><title>GNU Classpath - java.security</title></head> + +<body> +<p></p> + +</body> +</html> diff --git a/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java b/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java new file mode 100644 index 000000000..bc877e312 --- /dev/null +++ b/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java @@ -0,0 +1,52 @@ +/* AlgorithmParameterSpec.java --- Algorithm Parameter Spec Interface + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + A transparent interface for Algorithm Parameter Specifications. + It contains no member functions. It is used to group + algorithm parameter classes. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public interface AlgorithmParameterSpec +{ +} diff --git a/libjava/classpath/java/security/spec/DSAParameterSpec.java b/libjava/classpath/java/security/spec/DSAParameterSpec.java new file mode 100644 index 000000000..f7f673110 --- /dev/null +++ b/libjava/classpath/java/security/spec/DSAParameterSpec.java @@ -0,0 +1,101 @@ +/* DSAParameterSpec.java --- DSA Parameter Specificaton class + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +import java.math.BigInteger; +import java.security.interfaces.DSAParams; + +/** + * DSA Parameter class Specification. Used to maintain the DSA + * Parameters. + * + * @since 1.2 + * + * @author Mark Benvenuto +*/ +public class DSAParameterSpec implements AlgorithmParameterSpec, DSAParams +{ + private BigInteger p = null; + private BigInteger q = null; + private BigInteger g = null; + + /** + * Constructs a new DSAParameterSpec with the specified p, q, and g. + * + * @param p the prime + * @param q the sub-prime + * @param g the base + */ + public DSAParameterSpec(BigInteger p, BigInteger q, BigInteger g) + { + this.p = p; + this.q = q; + this.g = g; + } + + /** + * Returns p for the DSA algorithm. + * + * @return Returns the requested BigInteger + */ + public BigInteger getP() + { + return this.p; + } + + /** + * Returns p for the DSA algorithm. + * + * @return Returns the requested BigInteger + */ + public BigInteger getQ() + { + return this.q; + } + + /** + * Returns g for the DSA algorithm. + * + * @return Returns the requested BigInteger + */ + public BigInteger getG() + { + return this.g; + } +} diff --git a/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java b/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java new file mode 100644 index 000000000..19af107e6 --- /dev/null +++ b/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java @@ -0,0 +1,113 @@ +/* DSAPrivateKeySpec.java --- DSA Private Key Specificaton class + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + DSA Private Key class Specification. Used to maintain the DSA + Private Keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class DSAPrivateKeySpec implements KeySpec +{ + private BigInteger x = null; + private BigInteger p = null; + private BigInteger q = null; + private BigInteger g = null; + + /** + Constructs a new DSAPrivateKeySpec with the specified x, p, q, and g. + + @param x the private key + @param p the prime + @param q the sub-prime + @param g the base + */ + public DSAPrivateKeySpec(BigInteger x, BigInteger p, BigInteger q, BigInteger g) + { + this.x = x; + this.p = p; + this.q = q; + this.g = g; + } + + /** + Returns private key x for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getX() + { + return this.x; + } + + /** + Returns p for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getP() + { + return this.p; + } + + /** + Returns p for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getQ() + { + return this.q; + } + + /** + Returns g for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getG() + { + return this.g; + } + +} diff --git a/libjava/classpath/java/security/spec/DSAPublicKeySpec.java b/libjava/classpath/java/security/spec/DSAPublicKeySpec.java new file mode 100644 index 000000000..751844bcc --- /dev/null +++ b/libjava/classpath/java/security/spec/DSAPublicKeySpec.java @@ -0,0 +1,113 @@ +/* DSAPublicKeySpec.java --- DSA Public Key Specificaton class + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + DSA Public Key class Specification. Used to maintain the DSA + Public Keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class DSAPublicKeySpec implements KeySpec +{ + private BigInteger y = null; + private BigInteger p = null; + private BigInteger q = null; + private BigInteger g = null; + + /** + Constructs a new DSAPublicKeySpec with the specified y, p, q, and g. + + @param y the public key + @param p the prime + @param q the sub-prime + @param g the base + */ + public DSAPublicKeySpec(BigInteger y, BigInteger p, BigInteger q, BigInteger g) + { + this.y = y; + this.p = p; + this.q = q; + this.g = g; + } + + /** + Returns public key y for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getY() + { + return this.y; + } + + /** + Returns p for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getP() + { + return this.p; + } + + /** + Returns p for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getQ() + { + return this.q; + } + + /** + Returns g for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getG() + { + return this.g; + } + +} diff --git a/libjava/classpath/java/security/spec/EncodedKeySpec.java b/libjava/classpath/java/security/spec/EncodedKeySpec.java new file mode 100644 index 000000000..93e158385 --- /dev/null +++ b/libjava/classpath/java/security/spec/EncodedKeySpec.java @@ -0,0 +1,85 @@ +/* EncodedKeySpec.java --- Encoded Key Specificaton class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + Encoded Key Specification class which is used to store + byte encoded keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public abstract class EncodedKeySpec implements KeySpec +{ + + private byte[] encodedKey; + + /** + Constructs a new EncodedKeySpec with the specified encoded key. + + @param encodedKey A key to store + */ + public EncodedKeySpec(byte[] encodedKey) + { + this.encodedKey = encodedKey; + } + + /** + Gets the encoded key in byte format. + + @returns the encoded key + */ + public byte[] getEncoded() + { + return this.encodedKey; + } + + /** + Returns the name of the key format used. + + This name is the format such as "PKCS#8" or "X.509" which + if it matches a Key class name of the same type can be + transformed using the apporiate KeyFactory. + + @return a string representing the name + */ + public abstract String getFormat(); + +} diff --git a/libjava/classpath/java/security/spec/InvalidKeySpecException.java b/libjava/classpath/java/security/spec/InvalidKeySpecException.java new file mode 100644 index 000000000..bbbbcc6d7 --- /dev/null +++ b/libjava/classpath/java/security/spec/InvalidKeySpecException.java @@ -0,0 +1,96 @@ +/* InvalidKeySpecException.java -- invalid KeySpec Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +import java.security.GeneralSecurityException; + +/** + * Exception for an invalid key specification. + * + * @author Mark Benvenuto + * @see KeySpec + * @since 1.2 + * @status updated to 1.5 + */ +public class InvalidKeySpecException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 3546139293998810778L; + + /** + * Constructs an InvalidKeySpecException without a message string. + */ + public InvalidKeySpecException() + { + } + + /** + * Constructs an InvalidKeySpecException with a message string. + * + * @param msg a message to display with exception + */ + public InvalidKeySpecException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public InvalidKeySpecException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public InvalidKeySpecException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/spec/InvalidParameterSpecException.java b/libjava/classpath/java/security/spec/InvalidParameterSpecException.java new file mode 100644 index 000000000..ff34565f1 --- /dev/null +++ b/libjava/classpath/java/security/spec/InvalidParameterSpecException.java @@ -0,0 +1,76 @@ +/* InvalidParameterSpecException.java --- invalid ParameterSpec Exception + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +import java.security.GeneralSecurityException; + +/** + * Exception for an invalid algorithm specification. + * + * @author Mark Benvenuto + * @see AlogorithmParameters + * @see AlogorithmParameterSpec + * @see DSAParameterSpec + * @since 1.2 + * @status updated to 1.4 +*/ +public class InvalidParameterSpecException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = -970468769593399342L; + + /** + * Constructs an InvalidParameterSpecException without a message string. + */ + public InvalidParameterSpecException() + { + } + + /** + * Constructs an InvalidParameterSpecException with a message string. + * + * @param msg a message to display with exception + */ + public InvalidParameterSpecException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/spec/KeySpec.java b/libjava/classpath/java/security/spec/KeySpec.java new file mode 100644 index 000000000..13c7dad42 --- /dev/null +++ b/libjava/classpath/java/security/spec/KeySpec.java @@ -0,0 +1,52 @@ +/* KeySpec.java --- Key Specification interface + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + A transparent interface for Key Specifications. + It contains no member functions. It is used to group + key classes. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public interface KeySpec +{ +} diff --git a/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java b/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java new file mode 100644 index 000000000..53b68de47 --- /dev/null +++ b/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java @@ -0,0 +1,81 @@ +/* PKCS8EncodedKeySpec.java --- PKCS8 Encoded Key Specificaton class + Copyright (C) 1999, 2001 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + PKCS8 Encoded Key Specification class which is used to store + "PKCS#8" byte encoded keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class PKCS8EncodedKeySpec extends EncodedKeySpec +{ + /** + Constructs a new PKCS8EncodedKeySpec with the specified encoded key. + + @param encodedKey A key to store, assumed to be "PKCS#8" + */ + public PKCS8EncodedKeySpec(byte[] encodedKey) + { + super( encodedKey ); + } + + /** + Gets the encoded key in byte format. + + @returns the encoded key +*/ + public byte[] getEncoded() + { + return super.getEncoded(); + } + + /** + Returns the name of the key format used which is "PKCS#8" + + @return a string representing the name +*/ + public final String getFormat() + { + return "PKCS#8"; + } + +} diff --git a/libjava/classpath/java/security/spec/PSSParameterSpec.java b/libjava/classpath/java/security/spec/PSSParameterSpec.java new file mode 100644 index 000000000..92a6c9edd --- /dev/null +++ b/libjava/classpath/java/security/spec/PSSParameterSpec.java @@ -0,0 +1,87 @@ +/* PSSParameterSpec.java -- + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.spec; + +/** + * An implementation of {@link AlgorithmParameterSpec} for the RSA PSS encoding + * scheme. + * + * @since 1.4 + * @see AlgorithmParameterSpec + * @see java.security.Signature + */ +public class PSSParameterSpec implements AlgorithmParameterSpec +{ + // Constants and fields + // -------------------------------------------------------------------------- + + private int saltLen; + + // Constructor(s) + // -------------------------------------------------------------------------- + + /** + * Construct a new instance of <code>PSSParameterSpec</code> given a salt + * length. + * + * @param saltLen + * the length in bits of the salt. + * @throws IllegalArgumentException + * if <code>saltLen</code> is less than <code>0</code>. + */ + public PSSParameterSpec(int saltLen) + { + super(); + + if (saltLen < 0) + throw new IllegalArgumentException(); + this.saltLen = saltLen; + } + + // Class methods + // -------------------------------------------------------------------------- + + // Instance methods + // -------------------------------------------------------------------------- + + /** @return the length (in bits) of the salt. */ + public int getSaltLength() + { + return this.saltLen; + } +} diff --git a/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java b/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java new file mode 100644 index 000000000..5a1dafe2a --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java @@ -0,0 +1,97 @@ +/* RSAKeyGenParameterSpec.java --- RSA Key Generator Parameter Spec Class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + This class generates a set of RSA Key parameters used in the generation + of RSA keys. + + @since JDK 1.3 + + @author Mark Benvenuto +*/ +public class RSAKeyGenParameterSpec implements AlgorithmParameterSpec +{ + private int keysize; + private BigInteger publicExponent; + + /** + Public Exponent F0 = 3 + */ + public static final BigInteger F0 = BigInteger.valueOf(3); + + /** + Public Exponent F4 = 3 + */ + public static final BigInteger F4 = BigInteger.valueOf(65537L); + + /** + Create a new RSAKeyGenParameterSpec to store the RSA key's keysize + and public exponent + + @param keysize Modulus size of key in bits + @param publicExponent - the exponent + */ + public RSAKeyGenParameterSpec(int keysize, BigInteger publicExponent) + { + this.keysize = keysize; + this.publicExponent = publicExponent; + } + + /** + Return the size of the key. + + @return the size of the key. + */ + public int getKeysize() + { + return keysize; + } + + /** + Return the public exponent. + + @return the public exponent. + */ + public BigInteger getPublicExponent() + { + return publicExponent; + } +} diff --git a/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java b/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java new file mode 100644 index 000000000..09b8438df --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java @@ -0,0 +1,223 @@ +/* PSSParameterSpec.java -- + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.spec; + +import java.math.BigInteger; + +/** + * This class represents an RSA multi-prime private key, as defined in the + * PKCS#1 v2.1, using the <i>Chinese Remainder Theorem</i> (CRT) information + * values. + * + * @since 1.4 + * @see java.security.Key + * @see java.security.KeyFactory + * @see KeySpec + * @see PKCS8EncodedKeySpec + * @see RSAPrivateKeySpec + * @see RSAPublicKeySpec + * @see RSAOtherPrimeInfo + */ +public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec +{ + // Constants and fields + // -------------------------------------------------------------------------- + + private BigInteger publicExponent; + private BigInteger primeP; + private BigInteger primeQ; + private BigInteger primeExponentP; + private BigInteger primeExponentQ; + private BigInteger crtCoefficient; + private RSAOtherPrimeInfo[] otherPrimeInfo; + + // Constructor(s) + // -------------------------------------------------------------------------- + + /** + * Constructs a new instance of <code>RSAMultiPrimePrivateCrtKeySpec</code> + * given the various PKCS#1 v2.1 parameters. + * + * <p>Note that <code>otherPrimeInfo</code> is cloned when constructing this + * object.</p> + * + * @param modulus + * the modulus n. + * @param publicExponent + * the public exponent e. + * @param privateExponent + * the private exponent d. + * @param primeP + * the prime factor p of n. + * @param primeQ + * the prime factor q of n. + * @param primeExponentP + * this is d mod (p-1). + * @param primeExponentQ + * this is d mod (q-1). + * @param crtCoefficient + * the Chinese Remainder Theorem coefficient q-1 mod p. + * @param otherPrimeInfo + * triplets of the rest of primes, <code>null</code> can be + * specified if there are only two prime factors (p and q). + * @throws NullPointerException + * if any of the parameters is <code>null</code>. + * @throws IllegalArgumentException + * if an empty <code>otherPrimeInfo</code> is specified. + */ + public RSAMultiPrimePrivateCrtKeySpec(BigInteger modulus, + BigInteger publicExponent, + BigInteger privateExponent, + BigInteger primeP, + BigInteger primeQ, + BigInteger primeExponentP, + BigInteger primeExponentQ, + BigInteger crtCoefficient, + RSAOtherPrimeInfo[] otherPrimeInfo) + { + super(modulus, privateExponent); + + if (modulus == null) + throw new NullPointerException("modulus"); + if (publicExponent == null) + throw new NullPointerException("publicExponent"); + if (privateExponent == null) + throw new NullPointerException("privateExponent"); + if (primeP == null) + throw new NullPointerException("primeP"); + if (primeQ == null) + throw new NullPointerException("primeQ"); + if (primeExponentP == null) + throw new NullPointerException("primeExponentP"); + if (primeExponentQ == null) + throw new NullPointerException("primeExponentQ"); + if (crtCoefficient == null) + throw new NullPointerException("crtCoefficient"); + if (otherPrimeInfo != null) + if (otherPrimeInfo.length == 0) + throw new IllegalArgumentException(); + else + this.otherPrimeInfo = (RSAOtherPrimeInfo[]) otherPrimeInfo.clone(); + + this.publicExponent = publicExponent; + this.primeP = primeP; + this.primeQ = primeQ; + this.primeExponentP = primeExponentP; + this.primeExponentQ = primeExponentQ; + this.crtCoefficient = crtCoefficient; + } + + // Class methods + // -------------------------------------------------------------------------- + + // Instance methods + // -------------------------------------------------------------------------- + + /** + * Returns the public exponent. + * + * @return the public exponent. + */ + public BigInteger getPublicExponent() + { + return this.publicExponent; + } + + /** + * Returns the prime p. + * + * @return the prime p. + */ + public BigInteger getPrimeP() + { + return this.primeP; + } + + /** + * Returns the prime q. + * + * @return the prime q. + */ + public BigInteger getPrimeQ() + { + return this.primeQ; + } + + /** + * Returns d mod (p-1). + * + * @return d mod (p-1). + */ + public BigInteger getPrimeExponentP() + { + return this.primeExponentP; + } + + /** + * Returns d mod (q-1). + * + * @return d mod (q-1). + */ + public BigInteger getPrimeExponentQ() + { + return this.primeExponentQ; + } + + /** + * Returns the CRT Coefficient q-1 mod p. + * + * @return the CRT Coefficient q-1 mod p. + */ + public BigInteger getCrtCoefficient() + { + return this.crtCoefficient; + } + + /** + * Returns a clone of <code>otherPrimeInfo</code> or <code>null</code> if + * it was <code>null</code> at construction time. + * + * @return a cloned copy of <code>otherPrimeInfo</code>. + */ + public RSAOtherPrimeInfo[] getOtherPrimeInfo() + { + return this.otherPrimeInfo == null + ? null + : (RSAOtherPrimeInfo[]) this.otherPrimeInfo.clone(); + } +} diff --git a/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java b/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java new file mode 100644 index 000000000..45dd53fab --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java @@ -0,0 +1,126 @@ +/* RSAOtherPrimeInfo.java -- + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.spec; + +import java.math.BigInteger; + +/** + * An in-memory representation of the RSA triplet (prime, exponent, and + * coefficient) inside a PKCS#1 v2.1 <i>OtherPrimeInfo</i> structure. + * + * @since 1.4 + * @see RSAPrivateCrtKeySpec + * @see java.security.interfaces.RSAMultiPrimePrivateCrtKey + */ +public class RSAOtherPrimeInfo +{ + // Constants and fields + // -------------------------------------------------------------------------- + + private BigInteger prime; + private BigInteger primeExponent; + private BigInteger crtCoefficient; + + // Constructor(s) + // -------------------------------------------------------------------------- + + /** + * Constructs a new <code>RSAOtherPrimeInfo</code> given the PKCS#1 MPIs. + * + * @param prime + * the prime factor of n. + * @param primeExponent + * the exponent. + * @param crtCoefficient + * the Chinese Remainder Theorem coefficient. + * @throws NullPointerException + * if any of the parameters is <code>null</code>. + */ + public RSAOtherPrimeInfo(BigInteger prime, BigInteger primeExponent, + BigInteger crtCoefficient) + { + super(); + + if (prime == null) + throw new NullPointerException("prime"); + if (primeExponent == null) + throw new NullPointerException("primeExponent"); + if (crtCoefficient == null) + throw new NullPointerException("crtCoefficient"); + + this.prime = prime; + this.primeExponent = primeExponent; + this.crtCoefficient = crtCoefficient; + } + + // Class methods + // -------------------------------------------------------------------------- + + // Instance methods + // -------------------------------------------------------------------------- + + /** + * Returns the prime. + * + * @return the prime. + */ + public final BigInteger getPrime() + { + return this.prime; + } + + /** + * Returns the prime's exponent. + * + * @return the primeExponent. + */ + public final BigInteger getExponent() + { + return this.primeExponent; + } + + /** + * Returns the CRT Coefficient. + * + * @return the CRT Coefficient. + */ + public final BigInteger getCrtCoefficient() + { + return this.crtCoefficient; + } +} diff --git a/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java b/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java new file mode 100644 index 000000000..6d327e62b --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java @@ -0,0 +1,151 @@ +/* RSAPrivateCrtKeySpec.java --- RSA Private Certificate Key Specificaton class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + RSA Private Certificate Key class Specification. Used to + maintain the RSA Private Certificate Keys with the + <I>Chinese Remainder Theorem</I>(CRT) as specified by PKCS#1. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class RSAPrivateCrtKeySpec extends RSAPrivateKeySpec +{ + private BigInteger publicExponent; + private BigInteger primeP; + private BigInteger primeQ; + private BigInteger primeExponentP; + private BigInteger primeExponentQ; + private BigInteger crtCoefficient; + + /** + Constructs a new RSAPrivateKeySpec with the specified + variables. + + @param modulus the RSA modulus + @param publicExponent the public key exponent + @param privateExponent the private key exponent + @param primeP the prime P + @param primeQ the prime Q + @param primeExponentP the prime exponent P + @param primeExponentQ the prime exponent P + @param crtCoefficient the CRT coefficient + */ + public RSAPrivateCrtKeySpec(BigInteger modulus, + BigInteger publicExponent, + BigInteger privateExponent, + BigInteger primeP, + BigInteger primeQ, + BigInteger primeExponentP, + BigInteger primeExponentQ, + BigInteger crtCoefficient) + { + super( modulus, privateExponent); + this.publicExponent = publicExponent; + this.primeP = primeP; + this.primeQ = primeQ; + this.primeExponentP = primeExponentP; + this.primeExponentQ = primeExponentQ; + this.crtCoefficient = crtCoefficient; + } + + /** + Gets the RSA public exponent. + + @return the RSA public exponent + */ + public BigInteger getPublicExponent() + { + return this.publicExponent; + } + + /** + Gets the RSA prime P. + + @return the RSA prime P + */ + public BigInteger getPrimeP() + { + return this.primeP; + } + + /** + Gets the RSA prime Q. + + @return the RSA prime Q + */ + public BigInteger getPrimeQ() + { + return this.primeQ; + } + + /** + Gets the RSA prime exponent P. + + @return the RSA prime exponent P + */ + public BigInteger getPrimeExponentP() + { + return this.primeExponentP; + } + + /** + Gets the RSA prime exponent P. + + @return the RSA prime exponent Q + */ + public BigInteger getPrimeExponentQ() + { + return this.primeExponentQ; + } + + /** + Gets the RSA CRT coefficient. + + @return the RSA CRT coefficient + */ + public BigInteger getCrtCoefficient() + { + return this.crtCoefficient; + } + +} diff --git a/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java b/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java new file mode 100644 index 000000000..f812766ba --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java @@ -0,0 +1,88 @@ +/* RSAPrivateKeySpec.java --- RSA Private Key Specificaton class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + RSA Private Key class Specification. Used to maintain the RSA + Private Keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class RSAPrivateKeySpec implements KeySpec +{ + private BigInteger modulus; + private BigInteger privateExponent; + + /** + Constructs a new RSAPrivateKeySpec with the specified + modulus and privateExponent. + + @param modulus the RSA modulus + @param privateExponent the private key exponent + */ + public RSAPrivateKeySpec(BigInteger modulus, BigInteger privateExponent) + { + this.modulus = modulus; + this.privateExponent = privateExponent; + } + + /** + Gets the RSA modulus. + + @return the RSA modulus + */ + public BigInteger getModulus() + { + return this.modulus; + } + + /** + Gets the RSA private exponent. + + @return the RSA private exponent + */ + public BigInteger getPrivateExponent() + { + return this.privateExponent; + } + +} diff --git a/libjava/classpath/java/security/spec/RSAPublicKeySpec.java b/libjava/classpath/java/security/spec/RSAPublicKeySpec.java new file mode 100644 index 000000000..acee6bcdf --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAPublicKeySpec.java @@ -0,0 +1,88 @@ +/* RSAPublicKeySpec.java --- RSA Public Key Specificaton class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + RSA Public Key class Specification. Used to maintain the RSA + Public Keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class RSAPublicKeySpec implements KeySpec +{ + private BigInteger modulus; + private BigInteger publicExponent; + + /** + Constructs a new RSAPublicKeySpec with the specified + modulus and publicExponent. + + @param modulus the RSA modulus + @param publicExponent the public key exponent + */ + public RSAPublicKeySpec(BigInteger modulus, BigInteger publicExponent) + { + this.modulus = modulus; + this.publicExponent = publicExponent; + } + + /** + Gets the RSA modulus. + + @return the RSA modulus + */ + public BigInteger getModulus() + { + return this.modulus; + } + + /** + Gets the RSA public exponent. + + @return the RSA public exponent + */ + public BigInteger getPublicExponent() + { + return this.publicExponent; + } + +} diff --git a/libjava/classpath/java/security/spec/X509EncodedKeySpec.java b/libjava/classpath/java/security/spec/X509EncodedKeySpec.java new file mode 100644 index 000000000..8b50aaae1 --- /dev/null +++ b/libjava/classpath/java/security/spec/X509EncodedKeySpec.java @@ -0,0 +1,82 @@ +/* X509EncodedKeySpec.java --- X.509 Encoded Key Specificaton class + Copyright (C) 1999, 2001 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + X.509 Encoded Key Specification class which is used to store + "X.509" byte encoded keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class X509EncodedKeySpec extends EncodedKeySpec +{ + + /** + Constructs a new X509EncodedKeySpec with the specified encoded key. + + @param encodedKey A key to store, assumed to be "X.509" + */ + public X509EncodedKeySpec(byte[] encodedKey) + { + super( encodedKey ); + } + + /** + Gets the encoded key in byte format. + + @returns the encoded key + */ + public byte[] getEncoded() + { + return super.getEncoded(); + } + + /** + Returns the name of the key format used which is "X.509" + + @return a string representing the name + */ + public final String getFormat() + { + return "X.509"; + } + +} diff --git a/libjava/classpath/java/security/spec/package.html b/libjava/classpath/java/security/spec/package.html new file mode 100644 index 000000000..8e818896a --- /dev/null +++ b/libjava/classpath/java/security/spec/package.html @@ -0,0 +1,46 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in java.security.spec package. + Copyright (C) 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head><title>GNU Classpath - java.security.spec</title></head> + +<body> +<p></p> + +</body> +</html> |