From 554fd8c5195424bdbcabf5de30fdc183aba391bd Mon Sep 17 00:00:00 2001 From: upstream source tree Date: Sun, 15 Mar 2015 20:14:05 -0400 Subject: obtained gcc-4.6.4.tar.bz2 from upstream website; verified gcc-4.6.4.tar.bz2.sig; imported gcc-4.6.4 source tree from verified upstream tarball. downloading a git-generated archive based on the 'upstream' tag should provide you with a source tree that is binary identical to the one extracted from the above tarball. if you have obtained the source via the command 'git clone', however, do note that line-endings of files in your working directory might differ from line-endings of the respective files in the upstream repository. --- .../java/security/AccessControlContext.java | 218 ++++ .../java/security/AccessControlException.java | 97 ++ .../classpath/java/security/AccessController.java | 229 ++++ .../java/security/AlgorithmParameterGenerator.java | 277 ++++ .../security/AlgorithmParameterGeneratorSpi.java | 94 ++ .../java/security/AlgorithmParameters.java | 317 +++++ .../java/security/AlgorithmParametersSpi.java | 149 +++ libjava/classpath/java/security/AllPermission.java | 198 +++ .../classpath/java/security/BasicPermission.java | 308 +++++ libjava/classpath/java/security/Certificate.java | 125 ++ libjava/classpath/java/security/CodeSource.java | 356 ++++++ .../classpath/java/security/DigestException.java | 92 ++ .../classpath/java/security/DigestInputStream.java | 167 +++ .../java/security/DigestOutputStream.java | 158 +++ .../classpath/java/security/DomainCombiner.java | 67 + .../java/security/DummyKeyPairGenerator.java | 75 ++ .../java/security/DummyMessageDigest.java | 90 ++ .../classpath/java/security/DummySignature.java | 102 ++ .../java/security/GeneralSecurityException.java | 97 ++ libjava/classpath/java/security/Guard.java | 60 + libjava/classpath/java/security/GuardedObject.java | 121 ++ libjava/classpath/java/security/Identity.java | 346 +++++ libjava/classpath/java/security/IdentityScope.java | 216 ++++ .../java/security/IntersectingDomainCombiner.java | 82 ++ .../InvalidAlgorithmParameterException.java | 95 ++ .../java/security/InvalidKeyException.java | 91 ++ .../java/security/InvalidParameterException.java | 70 ++ libjava/classpath/java/security/Key.java | 94 ++ libjava/classpath/java/security/KeyException.java | 94 ++ libjava/classpath/java/security/KeyFactory.java | 280 +++++ libjava/classpath/java/security/KeyFactorySpi.java | 134 ++ .../java/security/KeyManagementException.java | 93 ++ libjava/classpath/java/security/KeyPair.java | 87 ++ .../classpath/java/security/KeyPairGenerator.java | 313 +++++ .../java/security/KeyPairGeneratorSpi.java | 102 ++ libjava/classpath/java/security/KeyStore.java | 503 ++++++++ .../classpath/java/security/KeyStoreException.java | 92 ++ libjava/classpath/java/security/KeyStoreSpi.java | 275 ++++ libjava/classpath/java/security/MessageDigest.java | 382 ++++++ .../classpath/java/security/MessageDigestSpi.java | 174 +++ .../java/security/NoSuchAlgorithmException.java | 92 ++ .../java/security/NoSuchProviderException.java | 70 ++ libjava/classpath/java/security/Permission.java | 202 +++ .../java/security/PermissionCollection.java | 169 +++ libjava/classpath/java/security/Permissions.java | 254 ++++ libjava/classpath/java/security/Policy.java | 297 +++++ libjava/classpath/java/security/Principal.java | 85 ++ libjava/classpath/java/security/PrivateKey.java | 62 + .../classpath/java/security/PrivilegedAction.java | 64 + .../java/security/PrivilegedActionException.java | 109 ++ .../java/security/PrivilegedExceptionAction.java | 65 + .../classpath/java/security/ProtectionDomain.java | 252 ++++ libjava/classpath/java/security/Provider.java | 218 ++++ .../classpath/java/security/ProviderException.java | 92 ++ libjava/classpath/java/security/PublicKey.java | 60 + .../classpath/java/security/SecureClassLoader.java | 148 +++ libjava/classpath/java/security/SecureRandom.java | 420 +++++++ .../classpath/java/security/SecureRandomSpi.java | 85 ++ libjava/classpath/java/security/Security.java | 711 +++++++++++ .../java/security/SecurityPermission.java | 178 +++ libjava/classpath/java/security/Signature.java | 593 +++++++++ .../java/security/SignatureException.java | 92 ++ libjava/classpath/java/security/SignatureSpi.java | 316 +++++ libjava/classpath/java/security/SignedObject.java | 203 +++ libjava/classpath/java/security/Signer.java | 148 +++ .../java/security/UnrecoverableKeyException.java | 71 ++ .../java/security/UnresolvedPermission.java | 345 +++++ libjava/classpath/java/security/acl/Acl.java | 153 +++ libjava/classpath/java/security/acl/AclEntry.java | 143 +++ .../java/security/acl/AclNotFoundException.java | 60 + libjava/classpath/java/security/acl/Group.java | 90 ++ .../java/security/acl/LastOwnerException.java | 62 + .../java/security/acl/NotOwnerException.java | 62 + libjava/classpath/java/security/acl/Owner.java | 95 ++ .../classpath/java/security/acl/Permission.java | 67 + libjava/classpath/java/security/acl/package.html | 46 + libjava/classpath/java/security/cert/CRL.java | 98 ++ .../classpath/java/security/cert/CRLException.java | 95 ++ .../classpath/java/security/cert/CRLSelector.java | 69 + libjava/classpath/java/security/cert/CertPath.java | 254 ++++ .../java/security/cert/CertPathBuilder.java | 251 ++++ .../security/cert/CertPathBuilderException.java | 159 +++ .../java/security/cert/CertPathBuilderResult.java | 63 + .../java/security/cert/CertPathBuilderSpi.java | 74 ++ .../java/security/cert/CertPathParameters.java | 58 + .../java/security/cert/CertPathValidator.java | 264 ++++ .../security/cert/CertPathValidatorException.java | 226 ++++ .../security/cert/CertPathValidatorResult.java | 63 + .../java/security/cert/CertPathValidatorSpi.java | 81 ++ .../classpath/java/security/cert/CertSelector.java | 58 + .../classpath/java/security/cert/CertStore.java | 305 +++++ .../java/security/cert/CertStoreException.java | 159 +++ .../java/security/cert/CertStoreParameters.java | 60 + .../classpath/java/security/cert/CertStoreSpi.java | 103 ++ .../classpath/java/security/cert/Certificate.java | 306 +++++ .../cert/CertificateEncodingException.java | 93 ++ .../java/security/cert/CertificateException.java | 96 ++ .../security/cert/CertificateExpiredException.java | 71 ++ .../java/security/cert/CertificateFactory.java | 355 ++++++ .../java/security/cert/CertificateFactorySpi.java | 224 ++++ .../cert/CertificateNotYetValidException.java | 71 ++ .../security/cert/CertificateParsingException.java | 93 ++ .../cert/CollectionCertStoreParameters.java | 122 ++ .../security/cert/LDAPCertStoreParameters.java | 140 +++ .../java/security/cert/PKIXBuilderParameters.java | 149 +++ .../security/cert/PKIXCertPathBuilderResult.java | 104 ++ .../java/security/cert/PKIXCertPathChecker.java | 134 ++ .../security/cert/PKIXCertPathValidatorResult.java | 142 +++ .../java/security/cert/PKIXParameters.java | 547 ++++++++ .../classpath/java/security/cert/PolicyNode.java | 108 ++ .../java/security/cert/PolicyQualifierInfo.java | 169 +++ .../classpath/java/security/cert/TrustAnchor.java | 185 +++ libjava/classpath/java/security/cert/X509CRL.java | 397 ++++++ .../classpath/java/security/cert/X509CRLEntry.java | 169 +++ .../java/security/cert/X509CRLSelector.java | 442 +++++++ .../java/security/cert/X509CertSelector.java | 1319 ++++++++++++++++++++ .../java/security/cert/X509Certificate.java | 589 +++++++++ .../java/security/cert/X509Extension.java | 113 ++ libjava/classpath/java/security/cert/package.html | 46 + .../classpath/java/security/interfaces/DSAKey.java | 56 + .../security/interfaces/DSAKeyPairGenerator.java | 85 ++ .../java/security/interfaces/DSAParams.java | 72 ++ .../java/security/interfaces/DSAPrivateKey.java | 61 + .../java/security/interfaces/DSAPublicKey.java | 61 + .../classpath/java/security/interfaces/RSAKey.java | 57 + .../interfaces/RSAMultiPrimePrivateCrtKey.java | 112 ++ .../java/security/interfaces/RSAPrivateCrtKey.java | 95 ++ .../java/security/interfaces/RSAPrivateKey.java | 60 + .../java/security/interfaces/RSAPublicKey.java | 60 + .../java/security/interfaces/package.html | 46 + libjava/classpath/java/security/package.html | 46 + .../java/security/spec/AlgorithmParameterSpec.java | 52 + .../java/security/spec/DSAParameterSpec.java | 101 ++ .../java/security/spec/DSAPrivateKeySpec.java | 113 ++ .../java/security/spec/DSAPublicKeySpec.java | 113 ++ .../java/security/spec/EncodedKeySpec.java | 85 ++ .../security/spec/InvalidKeySpecException.java | 96 ++ .../spec/InvalidParameterSpecException.java | 76 ++ libjava/classpath/java/security/spec/KeySpec.java | 52 + .../java/security/spec/PKCS8EncodedKeySpec.java | 81 ++ .../java/security/spec/PSSParameterSpec.java | 87 ++ .../java/security/spec/RSAKeyGenParameterSpec.java | 97 ++ .../spec/RSAMultiPrimePrivateCrtKeySpec.java | 223 ++++ .../java/security/spec/RSAOtherPrimeInfo.java | 126 ++ .../java/security/spec/RSAPrivateCrtKeySpec.java | 151 +++ .../java/security/spec/RSAPrivateKeySpec.java | 88 ++ .../java/security/spec/RSAPublicKeySpec.java | 88 ++ .../java/security/spec/X509EncodedKeySpec.java | 82 ++ libjava/classpath/java/security/spec/package.html | 46 + 149 files changed, 24291 insertions(+) create mode 100644 libjava/classpath/java/security/AccessControlContext.java create mode 100644 libjava/classpath/java/security/AccessControlException.java create mode 100644 libjava/classpath/java/security/AccessController.java create mode 100644 libjava/classpath/java/security/AlgorithmParameterGenerator.java create mode 100644 libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java create mode 100644 libjava/classpath/java/security/AlgorithmParameters.java create mode 100644 libjava/classpath/java/security/AlgorithmParametersSpi.java create mode 100644 libjava/classpath/java/security/AllPermission.java create mode 100644 libjava/classpath/java/security/BasicPermission.java create mode 100644 libjava/classpath/java/security/Certificate.java create mode 100644 libjava/classpath/java/security/CodeSource.java create mode 100644 libjava/classpath/java/security/DigestException.java create mode 100644 libjava/classpath/java/security/DigestInputStream.java create mode 100644 libjava/classpath/java/security/DigestOutputStream.java create mode 100644 libjava/classpath/java/security/DomainCombiner.java create mode 100644 libjava/classpath/java/security/DummyKeyPairGenerator.java create mode 100644 libjava/classpath/java/security/DummyMessageDigest.java create mode 100644 libjava/classpath/java/security/DummySignature.java create mode 100644 libjava/classpath/java/security/GeneralSecurityException.java create mode 100644 libjava/classpath/java/security/Guard.java create mode 100644 libjava/classpath/java/security/GuardedObject.java create mode 100644 libjava/classpath/java/security/Identity.java create mode 100644 libjava/classpath/java/security/IdentityScope.java create mode 100644 libjava/classpath/java/security/IntersectingDomainCombiner.java create mode 100644 libjava/classpath/java/security/InvalidAlgorithmParameterException.java create mode 100644 libjava/classpath/java/security/InvalidKeyException.java create mode 100644 libjava/classpath/java/security/InvalidParameterException.java create mode 100644 libjava/classpath/java/security/Key.java create mode 100644 libjava/classpath/java/security/KeyException.java create mode 100644 libjava/classpath/java/security/KeyFactory.java create mode 100644 libjava/classpath/java/security/KeyFactorySpi.java create mode 100644 libjava/classpath/java/security/KeyManagementException.java create mode 100644 libjava/classpath/java/security/KeyPair.java create mode 100644 libjava/classpath/java/security/KeyPairGenerator.java create mode 100644 libjava/classpath/java/security/KeyPairGeneratorSpi.java create mode 100644 libjava/classpath/java/security/KeyStore.java create mode 100644 libjava/classpath/java/security/KeyStoreException.java create mode 100644 libjava/classpath/java/security/KeyStoreSpi.java create mode 100644 libjava/classpath/java/security/MessageDigest.java create mode 100644 libjava/classpath/java/security/MessageDigestSpi.java create mode 100644 libjava/classpath/java/security/NoSuchAlgorithmException.java create mode 100644 libjava/classpath/java/security/NoSuchProviderException.java create mode 100644 libjava/classpath/java/security/Permission.java create mode 100644 libjava/classpath/java/security/PermissionCollection.java create mode 100644 libjava/classpath/java/security/Permissions.java create mode 100644 libjava/classpath/java/security/Policy.java create mode 100644 libjava/classpath/java/security/Principal.java create mode 100644 libjava/classpath/java/security/PrivateKey.java create mode 100644 libjava/classpath/java/security/PrivilegedAction.java create mode 100644 libjava/classpath/java/security/PrivilegedActionException.java create mode 100644 libjava/classpath/java/security/PrivilegedExceptionAction.java create mode 100644 libjava/classpath/java/security/ProtectionDomain.java create mode 100644 libjava/classpath/java/security/Provider.java create mode 100644 libjava/classpath/java/security/ProviderException.java create mode 100644 libjava/classpath/java/security/PublicKey.java create mode 100644 libjava/classpath/java/security/SecureClassLoader.java create mode 100644 libjava/classpath/java/security/SecureRandom.java create mode 100644 libjava/classpath/java/security/SecureRandomSpi.java create mode 100644 libjava/classpath/java/security/Security.java create mode 100644 libjava/classpath/java/security/SecurityPermission.java create mode 100644 libjava/classpath/java/security/Signature.java create mode 100644 libjava/classpath/java/security/SignatureException.java create mode 100644 libjava/classpath/java/security/SignatureSpi.java create mode 100644 libjava/classpath/java/security/SignedObject.java create mode 100644 libjava/classpath/java/security/Signer.java create mode 100644 libjava/classpath/java/security/UnrecoverableKeyException.java create mode 100644 libjava/classpath/java/security/UnresolvedPermission.java create mode 100644 libjava/classpath/java/security/acl/Acl.java create mode 100644 libjava/classpath/java/security/acl/AclEntry.java create mode 100644 libjava/classpath/java/security/acl/AclNotFoundException.java create mode 100644 libjava/classpath/java/security/acl/Group.java create mode 100644 libjava/classpath/java/security/acl/LastOwnerException.java create mode 100644 libjava/classpath/java/security/acl/NotOwnerException.java create mode 100644 libjava/classpath/java/security/acl/Owner.java create mode 100644 libjava/classpath/java/security/acl/Permission.java create mode 100644 libjava/classpath/java/security/acl/package.html create mode 100644 libjava/classpath/java/security/cert/CRL.java create mode 100644 libjava/classpath/java/security/cert/CRLException.java create mode 100644 libjava/classpath/java/security/cert/CRLSelector.java create mode 100644 libjava/classpath/java/security/cert/CertPath.java create mode 100644 libjava/classpath/java/security/cert/CertPathBuilder.java create mode 100644 libjava/classpath/java/security/cert/CertPathBuilderException.java create mode 100644 libjava/classpath/java/security/cert/CertPathBuilderResult.java create mode 100644 libjava/classpath/java/security/cert/CertPathBuilderSpi.java create mode 100644 libjava/classpath/java/security/cert/CertPathParameters.java create mode 100644 libjava/classpath/java/security/cert/CertPathValidator.java create mode 100644 libjava/classpath/java/security/cert/CertPathValidatorException.java create mode 100644 libjava/classpath/java/security/cert/CertPathValidatorResult.java create mode 100644 libjava/classpath/java/security/cert/CertPathValidatorSpi.java create mode 100644 libjava/classpath/java/security/cert/CertSelector.java create mode 100644 libjava/classpath/java/security/cert/CertStore.java create mode 100644 libjava/classpath/java/security/cert/CertStoreException.java create mode 100644 libjava/classpath/java/security/cert/CertStoreParameters.java create mode 100644 libjava/classpath/java/security/cert/CertStoreSpi.java create mode 100644 libjava/classpath/java/security/cert/Certificate.java create mode 100644 libjava/classpath/java/security/cert/CertificateEncodingException.java create mode 100644 libjava/classpath/java/security/cert/CertificateException.java create mode 100644 libjava/classpath/java/security/cert/CertificateExpiredException.java create mode 100644 libjava/classpath/java/security/cert/CertificateFactory.java create mode 100644 libjava/classpath/java/security/cert/CertificateFactorySpi.java create mode 100644 libjava/classpath/java/security/cert/CertificateNotYetValidException.java create mode 100644 libjava/classpath/java/security/cert/CertificateParsingException.java create mode 100644 libjava/classpath/java/security/cert/CollectionCertStoreParameters.java create mode 100644 libjava/classpath/java/security/cert/LDAPCertStoreParameters.java create mode 100644 libjava/classpath/java/security/cert/PKIXBuilderParameters.java create mode 100644 libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java create mode 100644 libjava/classpath/java/security/cert/PKIXCertPathChecker.java create mode 100644 libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java create mode 100644 libjava/classpath/java/security/cert/PKIXParameters.java create mode 100644 libjava/classpath/java/security/cert/PolicyNode.java create mode 100644 libjava/classpath/java/security/cert/PolicyQualifierInfo.java create mode 100644 libjava/classpath/java/security/cert/TrustAnchor.java create mode 100644 libjava/classpath/java/security/cert/X509CRL.java create mode 100644 libjava/classpath/java/security/cert/X509CRLEntry.java create mode 100644 libjava/classpath/java/security/cert/X509CRLSelector.java create mode 100644 libjava/classpath/java/security/cert/X509CertSelector.java create mode 100644 libjava/classpath/java/security/cert/X509Certificate.java create mode 100644 libjava/classpath/java/security/cert/X509Extension.java create mode 100644 libjava/classpath/java/security/cert/package.html create mode 100644 libjava/classpath/java/security/interfaces/DSAKey.java create mode 100644 libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java create mode 100644 libjava/classpath/java/security/interfaces/DSAParams.java create mode 100644 libjava/classpath/java/security/interfaces/DSAPrivateKey.java create mode 100644 libjava/classpath/java/security/interfaces/DSAPublicKey.java create mode 100644 libjava/classpath/java/security/interfaces/RSAKey.java create mode 100644 libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java create mode 100644 libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java create mode 100644 libjava/classpath/java/security/interfaces/RSAPrivateKey.java create mode 100644 libjava/classpath/java/security/interfaces/RSAPublicKey.java create mode 100644 libjava/classpath/java/security/interfaces/package.html create mode 100644 libjava/classpath/java/security/package.html create mode 100644 libjava/classpath/java/security/spec/AlgorithmParameterSpec.java create mode 100644 libjava/classpath/java/security/spec/DSAParameterSpec.java create mode 100644 libjava/classpath/java/security/spec/DSAPrivateKeySpec.java create mode 100644 libjava/classpath/java/security/spec/DSAPublicKeySpec.java create mode 100644 libjava/classpath/java/security/spec/EncodedKeySpec.java create mode 100644 libjava/classpath/java/security/spec/InvalidKeySpecException.java create mode 100644 libjava/classpath/java/security/spec/InvalidParameterSpecException.java create mode 100644 libjava/classpath/java/security/spec/KeySpec.java create mode 100644 libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java create mode 100644 libjava/classpath/java/security/spec/PSSParameterSpec.java create mode 100644 libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java create mode 100644 libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java create mode 100644 libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java create mode 100644 libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java create mode 100644 libjava/classpath/java/security/spec/RSAPrivateKeySpec.java create mode 100644 libjava/classpath/java/security/spec/RSAPublicKeySpec.java create mode 100644 libjava/classpath/java/security/spec/X509EncodedKeySpec.java create mode 100644 libjava/classpath/java/security/spec/package.html (limited to 'libjava/classpath/java/security') diff --git a/libjava/classpath/java/security/AccessControlContext.java b/libjava/classpath/java/security/AccessControlContext.java new file mode 100644 index 000000000..fd964751c --- /dev/null +++ b/libjava/classpath/java/security/AccessControlContext.java @@ -0,0 +1,218 @@ +/* AccessControlContext.java --- Access Control Context Class + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.util.HashSet; + +/** + * AccessControlContext makes system resource access decsion + * based on permission rights. + * + * It is used for a specific context and has only one method + * checkPermission. It is similar to AccessController except + * that it makes decsions based on the current context instead + * of the the current thread. + * + * It is created by call AccessController.getContext method. + * + * @author Mark Benvenuto + * @since 1.2 + */ +public final class AccessControlContext +{ + private final ProtectionDomain[] protectionDomains; + private final DomainCombiner combiner; + + /** + * Construct a new AccessControlContext with the specified + * ProtectionDomains. context must not be + * null and duplicates will be removed. + * + * @param context The ProtectionDomains to use + */ + public AccessControlContext(ProtectionDomain[] context) + { + HashSet domains = new HashSet (context.length); + for (int i = 0; i < context.length; i++) + domains.add (context[i]); + protectionDomains = (ProtectionDomain[]) + domains.toArray (new ProtectionDomain[domains.size()]); + combiner = null; + } + + /** + * Construct a new AccessControlContext with the specified + * {@link ProtectionDomain}s and {@link DomainCombiner}. + * + *

Code calling this constructor must have a {@link + * SecurityPermission} of createAccessControlContext.

+ * + * @throws SecurityException If the caller does not have permission + * to create an access control context. + * @since 1.3 + */ + public AccessControlContext(AccessControlContext acc, + DomainCombiner combiner) + { + AccessControlContext acc2 = null; + SecurityManager sm = System.getSecurityManager (); + if (sm != null) + { + Permission perm = + new SecurityPermission ("createAccessControlContext"); + + // The default SecurityManager.checkPermission(perm) just calls + // AccessController.checkPermission(perm) which in turn just + // calls AccessController.getContext().checkPermission(perm). + // This means AccessController.getContext() is called twice, + // once for the security check and once by us. It's a very + // expensive call (on gcj at least) so if we're using the + // default security manager we avoid this duplication. + if (sm.getClass() == SecurityManager.class) + { + acc2 = AccessController.getContext (); + acc2.checkPermission (perm); + } + else + sm.checkPermission (perm); + } + if (acc2 == null) + acc2 = AccessController.getContext (); + protectionDomains = combiner.combine (acc2.protectionDomains, + acc.protectionDomains); + this.combiner = combiner; + } + + AccessControlContext (ProtectionDomain[] domains, AccessControlContext acc, + DomainCombiner combiner) + { + protectionDomains = combiner.combine (domains, acc.protectionDomains); + this.combiner = combiner; + } + + /** + * Returns the Domain Combiner associated with the AccessControlContext + * + * @return the DomainCombiner + */ + public DomainCombiner getDomainCombiner() + { + return combiner; + } + + /** + * Determines whether or not the specific permission is granted + * depending on the context it is within. + * + * @param perm a permission to check + * + * @throws AccessControlException if the permssion is not permitted + */ + public void checkPermission(Permission perm) throws AccessControlException + { + if (protectionDomains.length == 0) + throw new AccessControlException ("permission " + + perm + + " not granted: no protection domains"); + + for (int i = 0; i < protectionDomains.length; i++) + { + final ProtectionDomain domain = protectionDomains[i]; + if (!domain.implies(perm)) + throw new AccessControlException ("permission " + + perm + + " not granted: " + + domain + + " does not imply it."); + } + } + + /** + * Checks if two AccessControlContexts are equal. + * + * It first checks if obj is an AccessControlContext class, and + * then checks if each ProtectionDomain matches. + * + * @param obj The object to compare this class to + * + * @return true if equal, false otherwise + */ + public boolean equals(Object obj) + { + if (obj instanceof AccessControlContext) + { + AccessControlContext acc = (AccessControlContext) obj; + + if (acc.protectionDomains.length != protectionDomains.length) + return false; + + int i, j; + for (i = 0; i < protectionDomains.length; i++) + { + for (j = 0; j < acc.protectionDomains.length; j++) + { + if (acc.protectionDomains[j].equals (protectionDomains[i])) + break; + } + if (j == acc.protectionDomains.length) + return false; + } + return true; + } + return false; + } + + /** + * Computes a hash code of this class + * + * @return a hash code representing this class + */ + public int hashCode() + { + int h = 0; + for (int i = 0; i < protectionDomains.length; i++) + h ^= protectionDomains[i].hashCode(); + + return h; + } + + ProtectionDomain[] getProtectionDomains () + { + return protectionDomains; + } +} diff --git a/libjava/classpath/java/security/AccessControlException.java b/libjava/classpath/java/security/AccessControlException.java new file mode 100644 index 000000000..27aee7c86 --- /dev/null +++ b/libjava/classpath/java/security/AccessControlException.java @@ -0,0 +1,97 @@ +/* AccessControlException.java -- Permission is denied + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when the AccessController denies + * an attempt to perform an operation. This often keeps track of the + * permission that was not granted. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see AccessController + * @status updated to 1.4 + */ +public class AccessControlException extends SecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5138225684096988535L; + + /** + * The Permission associated with this exception. + * + * @serial the permission + */ + private final Permission perm; + + /** + * Create a new instance with a descriptive error message, and a null + * Permission object. + * + * @param msg the descriptive error message + */ + public AccessControlException(String msg) + { + this(msg, null); + } + + /** + * Create a new instance with a descriptive error message and an associated + * Permission object. + * + * @param msg the descriptive error message + * @param perm the permission that caused this + */ + public AccessControlException(String msg, Permission perm) + { + super(msg); + this.perm = perm; + } + + /** + * This method returns the Permission object that caused + * this exception to be thrown. + * + * @return the denied permission, or null + */ + public Permission getPermission() + { + return perm; + } +} diff --git a/libjava/classpath/java/security/AccessController.java b/libjava/classpath/java/security/AccessController.java new file mode 100644 index 000000000..ec5b14c9e --- /dev/null +++ b/libjava/classpath/java/security/AccessController.java @@ -0,0 +1,229 @@ +/* AccessController.java --- Access control context and permission checker + Copyright (C) 2001, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Access control context and permission checker. + * Can check permissions in the access control context of the current thread + * through the checkPermission() method. + * Manipulates the access control context for code that needs to be executed + * the protection domain of the calling class (by explicitly ignoring the + * context of the calling code) in the doPrivileged() methods. + * And provides a getContext() method which gives the access + * control context of the current thread that can be used for checking + * permissions at a later time and/or in another thread. + * + * @author Mark Wielaard (mark@klomp.org) + * @since 1.2 + */ +public final class AccessController +{ + /** + * This class only has static methods so there is no public contructor. + */ + private AccessController() + { + } + + /** + * Checks wether the access control context of the current thread allows + * the given Permission. Throws an AccessControlException + * when the permission is not allowed in the current context. Otherwise + * returns silently without throwing an exception. + * + * @param perm the permission to be checked. + * @exception AccessControlException thrown if the current context does not + * allow the given permission. + */ + public static void checkPermission(Permission perm) + throws AccessControlException + { + getContext().checkPermission(perm); + } + + /** + * Calls the run() method of the given action with as + * (initial) access control context only the protection domain of the + * calling class. Calls to checkPermission() in the + * run() method ignore all earlier protection domains of + * classes in the call chain. Note that the protection domains of classes + * called by the code in the run() method are not ignored. + * + * @param action the PrivilegedAction whose run() + * should be be called. + * @return the result of the action.run() method. + */ + public static T doPrivileged(PrivilegedAction action) + { + VMAccessController.pushContext(null); + try + { + return action.run(); + } + finally + { + VMAccessController.popContext(); + } + } + + /** + * Calls the run() method of the given action with as + * (initial) access control context the given context combined with the + * protection domain of the calling class. Calls to + * checkPermission() in the run() method ignore + * all earlier protection domains of classes in the call chain, but add + * checks for the protection domains given in the supplied context. + * + * @param action the PrivilegedAction whose run() + * should be be called. + * @param context the AccessControlContext whose protection + * domains should be added to the protection domain of the calling class. + * @return the result of the action.run() method. + */ + public static T doPrivileged(PrivilegedAction action, + AccessControlContext context) + { + VMAccessController.pushContext(context); + try + { + return action.run(); + } + finally + { + VMAccessController.popContext(); + } + } + + /** + * Calls the run() method of the given action with as + * (initial) access control context only the protection domain of the + * calling class. Calls to checkPermission() in the + * run() method ignore all earlier protection domains of + * classes in the call chain. Note that the protection domains of classes + * called by the code in the run() method are not ignored. + * If the run() method throws an exception then this method + * will wrap that exception in an PrivilegedActionException. + * + * @param action the PrivilegedExceptionAction whose + * run() should be be called. + * @return the result of the action.run() method. + * @exception PrivilegedActionException wrapped around any checked exception + * that is thrown in the run() method. + */ + public static T doPrivileged(PrivilegedExceptionAction action) + throws PrivilegedActionException + { + VMAccessController.pushContext(null); + try + { + return action.run(); + } + catch (RuntimeException e) + { + throw e; + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + finally + { + VMAccessController.popContext(); + } + } + + /** + * Calls the run() method of the given action with as + * (initial) access control context the given context combined with the + * protection domain of the calling class. Calls to + * checkPermission() in the run() method ignore + * all earlier protection domains of classes in the call chain, but add + * checks for the protection domains given in the supplied context. + * If the run() method throws an exception then this method + * will wrap that exception in an PrivilegedActionException. + * + * @param action the PrivilegedExceptionAction whose + * run() should be be called. + * @param context the AccessControlContext whose protection + * domains should be added to the protection domain of the calling class. + * @return the result of the action.run() method. + * @exception PrivilegedActionException wrapped around any checked exception + * that is thrown in the run() method. + */ + public static T doPrivileged(PrivilegedExceptionAction action, + AccessControlContext context) + throws PrivilegedActionException + { + VMAccessController.pushContext(context); + try + { + return action.run(); + } + catch (RuntimeException e) + { + throw e; + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + finally + { + VMAccessController.popContext(); + } + } + + /** + * Returns the complete access control context of the current thread. + * The returned object encompasses all {@link ProtectionDomain} objects + * for all classes in the current call stack, or the set of protection + * domains until the last call to {@link + * #doPrivileged(java.security.PrivilegedAction)}. + * + *

Additionally, if a call was made to {@link + * #doPrivileged(java.security.PrivilegedAction,java.security.AccessControlContext)} + * that supplied an {@link AccessControlContext}, then that context + * will be intersected with the calculated one. + * + * @return The context. + */ + public static AccessControlContext getContext() + { + return VMAccessController.getContext(); + } +} diff --git a/libjava/classpath/java/security/AlgorithmParameterGenerator.java b/libjava/classpath/java/security/AlgorithmParameterGenerator.java new file mode 100644 index 000000000..a92552b9e --- /dev/null +++ b/libjava/classpath/java/security/AlgorithmParameterGenerator.java @@ -0,0 +1,277 @@ +/* AlgorithmParameterGenerator.java --- Algorithm Parameter Generator + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.spec.AlgorithmParameterSpec; + +/** + * AlgorithmParameterGenerator is used to generate algorithm + * parameters for specified algorithms. + * + *

In case the client does not explicitly initialize the + * AlgorithmParameterGenerator (via a call to an + * init() method), each provider must supply (and document) a + * default initialization. For example, the GNU provider uses a default + * modulus prime size of 1024 bits for the generation of DSA + * parameters. + * + * @author Mark Benvenuto + * @since 1.2 + * @see AlgorithmParameters + * @see AlgorithmParameterSpec + */ +public class AlgorithmParameterGenerator +{ + /** Service name for algorithm parameter generators. */ + private static final String ALGORITHM_PARAMETER_GENERATOR = + "AlgorithmParameterGenerator"; + + private AlgorithmParameterGeneratorSpi paramGenSpi; + private Provider provider; + private String algorithm; + + /** + * Constructs a new instance of AlgorithmParameterGenerator. + * + * @param paramGenSpi + * the generator to use. + * @param provider + * the provider to use. + * @param algorithm + * the algorithm to use. + */ + protected AlgorithmParameterGenerator(AlgorithmParameterGeneratorSpi + paramGenSpi, Provider provider, + String algorithm) + { + this.paramGenSpi = paramGenSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** @return the name of the algorithm. */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns a new AlgorithmParameterGenerator instance which + * generates algorithm parameters for the specified algorithm. + * + * @param algorithm the name of algorithm to use. + * @return the new instance. + * @throws NoSuchAlgorithmException if algorithm is not + * implemented by any provider. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static AlgorithmParameterGenerator getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new AlgorithmParameterGenerator instance which + * generates algorithm parameters for the specified algorithm. + * + * @param algorithm the name of algorithm to use. + * @param provider the name of the {@link Provider} to use. + * @return the new instance. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either algorithm or + * provider is null or empty. + */ + public static AlgorithmParameterGenerator getInstance(String algorithm, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new AlgorithmParameterGenerator instance which + * generates algorithm parameters for the specified algorithm. + * + * @param algorithm the name of algorithm to use. + * @param provider the {@link Provider} to use. + * @return the new instance. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by + * {@link Provider}. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + * @since 1.4 + * @see Provider + */ + public static AlgorithmParameterGenerator getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder() + .append("AlgorithmParameterGenerator for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(ALGORITHM_PARAMETER_GENERATOR, + algorithm, + provider); + return new AlgorithmParameterGenerator((AlgorithmParameterGeneratorSpi) spi, + provider, + algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** @return the {@link Provider} of this generator. */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initializes this instance with the specified size. Since no source of + * randomness is supplied, a default one will be used. + * + * @param size + * size (in bits) to use. + */ + public final void init(int size) + { + init(size, new SecureRandom()); + } + + /** + * Initializes this instance with the specified key-size and source of + * randomness. + * + * @param size + * the size (in bits) to use. + * @param random + * the {@link SecureRandom} to use. + */ + public final void init(int size, SecureRandom random) + { + paramGenSpi.engineInit(size, random); + } + + /** + * Initializes this instance with the specified {@link AlgorithmParameterSpec}. + * Since no source of randomness is supplied, a default one will be used. + * + * @param genParamSpec + * the {@link AlgorithmParameterSpec} to use. + * @throws InvalidAlgorithmParameterException + * if genParamSpec is invalid. + */ + public final void init(AlgorithmParameterSpec genParamSpec) + throws InvalidAlgorithmParameterException + { + init(genParamSpec, new SecureRandom()); + } + + /** + * Initializes this instance with the specified {@link AlgorithmParameterSpec} + * and source of randomness. + * + * @param genParamSpec + * the {@link AlgorithmParameterSpec} to use. + * @param random + * the {@link SecureRandom} to use. + * @throws InvalidAlgorithmParameterException + * if genParamSpec is invalid. + */ + public final void init(AlgorithmParameterSpec genParamSpec, + SecureRandom random) + throws InvalidAlgorithmParameterException + { + paramGenSpi.engineInit(genParamSpec, random); + } + + /** @return a new instance of {@link AlgorithmParameters}. */ + public final AlgorithmParameters generateParameters() + { + return paramGenSpi.engineGenerateParameters(); + } +} diff --git a/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java b/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java new file mode 100644 index 000000000..15f39f646 --- /dev/null +++ b/libjava/classpath/java/security/AlgorithmParameterGeneratorSpi.java @@ -0,0 +1,94 @@ +/* AlgorithmParameterGeneratorSpi.java --- Algorithm Parameter Generator SPI + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; +import java.security.spec.AlgorithmParameterSpec; + +/** + AlgorithmParameterGeneratorSpi is the Service Provider + Interface for the AlgorithmParameterGenerator class. + This class is used to generate the algorithm parameters + for a specific algorithm. + + @since JDK 1.2 + @author Mark Benvenuto + */ +public abstract class AlgorithmParameterGeneratorSpi +{ + + /** + Constructs a new AlgorithmParameterGeneratorSpi + */ + public AlgorithmParameterGeneratorSpi() + { + } + + /** + Initializes the parameter generator with the specified size + and SecureRandom + + @param size the size( in number of bits) + @param random the SecureRandom class to use for randomness + */ + protected abstract void engineInit(int size, SecureRandom random); + + /** + Initializes the parameter generator with the specified + AlgorithmParameterSpec and SecureRandom classes. + + If genParamSpec is an invalid AlgorithmParameterSpec for this + AlgorithmParameterGeneratorSpi then it throws + InvalidAlgorithmParameterException + + @param genParamSpec the AlgorithmParameterSpec class to use + @param random the SecureRandom class to use for randomness + + @throws InvalidAlgorithmParameterException genParamSpec is invalid + */ + protected abstract void engineInit(AlgorithmParameterSpec genParamSpec, + SecureRandom random) throws + InvalidAlgorithmParameterException; + + + /** + Generate a new set of AlgorithmParameters. + + @returns a new set of algorithm parameters + */ + protected abstract AlgorithmParameters engineGenerateParameters(); + +} diff --git a/libjava/classpath/java/security/AlgorithmParameters.java b/libjava/classpath/java/security/AlgorithmParameters.java new file mode 100644 index 000000000..ba805143e --- /dev/null +++ b/libjava/classpath/java/security/AlgorithmParameters.java @@ -0,0 +1,317 @@ +/* AlgorithmParameters.java --- Algorithm Parameters Implementation Class + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +/** + * AlgorithmParameters is an Algorithm Parameters class which + * provides an interface through which the user can manage the parameters of an + * Algorithm. + * + * @author Mark Benvenuto + * @since 1.2 + * @see AlgorithmParameterSpec + * @see java.security.spec.DSAParameterSpec + * @see KeyPairGenerator + */ +public class AlgorithmParameters +{ + /** Service name for algorithm parameters. */ + private static final String ALGORITHM_PARAMETERS = "AlgorithmParameters"; + + private AlgorithmParametersSpi paramSpi; + private Provider provider; + private String algorithm; + + /** + * Constructs a new instance of AlgorithmParameters. + * + * @param paramSpi + * the engine to use. + * @param provider + * the provider to use. + * @param algorithm + * the algorithm to use. + */ + protected AlgorithmParameters(AlgorithmParametersSpi paramSpi, + Provider provider, String algorithm) + { + this.paramSpi = paramSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** @return A string with the name of the algorithm used. */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns a new instance of AlgorithmParameters representing + * the specified algorithm parameters. + *

+ * The returned AlgorithmParameters must still be initialized + * with an init() method. + * + * @param algorithm the algorithm to use. + * @return the new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static AlgorithmParameters getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new instance of AlgorithmParameters representing + * the specified algorithm parameters from a named provider. + *

+ * The returned AlgorithmParameters must still be intialized + * with an init() method. + *

+ * + * @param algorithm the algorithm to use. + * @param provider the name of the {@link Provider} to use. + * @return the new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either algorithm or + * provider is null or empty. + */ + public static AlgorithmParameters getInstance(String algorithm, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new instance of AlgorithmParameters representing + * the specified algorithm parameters from the specified {@link Provider}. + *

+ * The returned AlgorithmParameters must still be intialized + * with an init() method. + * + * @param algorithm the algorithm to use. + * @param provider the {@link Provider} to use. + * @return the new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * {@link Provider}. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + * @since 1.4 + */ + public static AlgorithmParameters getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("AlgorithmParameters for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(ALGORITHM_PARAMETERS, algorithm, provider); + return new AlgorithmParameters((AlgorithmParametersSpi) spi, + provider, + algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** @return the provider of this parameter object. */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initializes the engine with the specified {@link AlgorithmParameterSpec}. + * + * @param paramSpec + * A {@link AlgorithmParameterSpec} to use. + * @throws InvalidParameterSpecException + * if paramSpec is invalid. + */ + public final void init(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException + { + paramSpi.engineInit(paramSpec); + } + + /** + * Initializes the engine with the specified parameters stored in the byte + * array and decodes them according to the ASN.1 specification. If the ASN.1 + * specification exists then it succeeds otherwise an {@link IOException} is + * thrown. + * + * @param params + * the parameters to use. + * @throws IOException + * if a decoding error occurs. + */ + public final void init(byte[]params) throws IOException + { + paramSpi.engineInit(params); + } + + /** + * Initializes the engine with the specified parameters stored in the byte + * array and decodes them according to the specified decoding specification. + * If format is null, then this method decodes the + * byte array using the ASN.1 specification if it exists, otherwise it throws + * an {@link IOException}. + * + * @param params + * the parameters to use. + * @param format + * the name of decoding format to use. + * @throws IOException + * if a decoding error occurs. + */ + public final void init(byte[]params, String format) throws IOException + { + paramSpi.engineInit(params, format); + } + + /** + * Returns a new instance of AlgorithmParameters as a + * designated parameter specification {@link Class}. + * + * @param paramSpec + * the {@link Class} to use. + * @return the parameter specification. + * @throws InvalidParameterSpecException + * if paramSpec is invalid. + */ + public final + T getParameterSpec(Class paramSpec) + throws InvalidParameterSpecException + { + return paramSpi.engineGetParameterSpec(paramSpec); + } + + /** + * Returns the parameters in the default encoding format. The primary encoding + * format is ASN.1 if it exists for the specified type. + * + * @return byte array representing the parameters. + */ + public final byte[] getEncoded() throws IOException + { + return paramSpi.engineGetEncoded(); + } + + /** + * Returns the parameters in the specified encoding format. If + * format is null then the ASN.1 encoding + * format is used if it exists for the specified type. + * + * @param format + * the name of the encoding format to use. + * @return the parameters encoded using the specified encoding scheme. + * @throws IOException + * if an encoding exception occurs, or if this parameter object has + * not been initialized. + */ + public final byte[] getEncoded(String format) throws IOException + { + return paramSpi.engineGetEncoded(format); + } + + /** + * Returns a string representation of the encoded form. + * + * @return a string representation of the encoded form. + */ + public final String toString() + { + return paramSpi.engineToString(); + } +} diff --git a/libjava/classpath/java/security/AlgorithmParametersSpi.java b/libjava/classpath/java/security/AlgorithmParametersSpi.java new file mode 100644 index 000000000..15cc1c657 --- /dev/null +++ b/libjava/classpath/java/security/AlgorithmParametersSpi.java @@ -0,0 +1,149 @@ +/* AlgorithmParametersSpi.java --- Algorithm Parameters SPI + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.IOException; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.InvalidParameterSpecException; + +/** + * AlgorithmParametersSpi is the Service Provider Interface + * for the Algorithm Parameters class. This class is used + * to manage the algorithm parameters. + * + * @since 1.2 + * @author Mark Benvenuto + */ +public abstract class AlgorithmParametersSpi +{ + /** + * Creates a new instance of AlgorithmParametersSpi + */ + public AlgorithmParametersSpi() + { + } + + /** + * Initializes the engine with the specified + * AlgorithmParameterSpec class. + * + * @param paramSpec A AlgorithmParameterSpec to initialize with + * + * @throws InvalidParameterSpecException For an inapporiate + * ParameterSpec class + */ + protected abstract void engineInit(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException; + + /** + * Initializes the engine with the specified + * parameters stored in the byte array and decodes them + * according to the ASN.1 specification. If the ASN.1 + * specification exists then it succeeds or else it throws + * IOException. + * + * @param params Parameters to initialize with + * + * @throws IOException Decoding Error + */ + protected abstract void engineInit(byte[]params) throws IOException; + + /** + * Initializes the engine with the specified + * parameters stored in the byte array and decodes them + * according to the specified decoding specification. + * If format is null, then it is decoded using the ASN.1 + * specification if it exists or else it throws + * IOException. + * + * @param params Parameters to initialize with + * @param format Name of decoding format to use + * + * @throws IOException Decoding Error + */ + protected abstract void engineInit(byte[]params, String format) + throws IOException; + + + /** + * Returns a specification of this AlgorithmParameters object. + * paramSpec identifies the class to return the AlgortihmParameters + * in. + * + * @param paramSpec Class to return AlgorithmParameters in + * + * @return the parameter specification + * + * @throws InvalidParameterSpecException if the paramSpec is an + * invalid parameter class + */ + protected abstract + T engineGetParameterSpec(Class paramSpec) + throws InvalidParameterSpecException; + + + /** + * Returns the parameters in the default encoding format. + * The primary encoding format is ASN.1 format if it exists + * for the specified type. + * + * @return byte array representing the parameters + */ + protected abstract byte[] engineGetEncoded() throws IOException; + + + /** + * Returns the parameters in the specified encoding format. + * If format is null then the + * primary encoding format is used, the ASN.1 format, + * if it exists for the specified type. + * + * @return byte array representing the parameters + */ + protected abstract byte[] engineGetEncoded(String format) + throws IOException; + + /** + * Returns a string describing the parameters in the + * AlgorithmParametersSpi class. + * + * @return A string representing the format of the parameters. + */ + protected abstract String engineToString(); +} diff --git a/libjava/classpath/java/security/AllPermission.java b/libjava/classpath/java/security/AllPermission.java new file mode 100644 index 000000000..6adcd8c9c --- /dev/null +++ b/libjava/classpath/java/security/AllPermission.java @@ -0,0 +1,198 @@ +/* AllPermission.java -- Permission to do anything + Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.util.EmptyEnumeration; + +import java.util.Collections; +import java.util.Enumeration; + +/** + * This class is a permission that implies all other permissions. Granting + * this permission effectively grants all others. Extreme caution should + * be exercised in granting this permission. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @see AccessController + * @see Permissions + * @see SecurityManager + * @since 1.1 + * @status updated to 1.4 + */ +public final class AllPermission extends Permission +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -2916474571451318075L; + + /** + * Create a new AllPermission object. + */ + public AllPermission() + { + super("*"); + } + + /** + * Create a new AllPermission object. The parameters are ignored, as all + * permission implies ALL PERMISSION. + * + * @param name ignored + * @param actions ignored + */ + public AllPermission(String name, String actions) + { + super("*"); + } + + /** + * This method always returns true to indicate that this + * permission always implies that any other permission is also granted. + * + * @param perm ignored + * @return true, the permission is implied + */ + public boolean implies(Permission perm) + { + return true; + } + + /** + * Checks an object for equality. All AllPermissions are equal. + * + * @param obj the Object to test for equality + */ + public boolean equals(Object obj) + { + return obj instanceof AllPermission; + } + + /** + * This method returns a hash code for this object. This returns 1. + * + * @return a hash value for this object + */ + public int hashCode() + { + return 1; + } + + /** + * This method returns the list of actions associated with this object. + * This will always be the empty string ("") for this class. + * + * @return the action list + */ + public String getActions() + { + return ""; + } + + /** + * Returns a PermissionCollection which can hold AllPermission. + * + * @return a permission collection + */ + public PermissionCollection newPermissionCollection() + { + return new AllPermissionCollection(); + } + + /** + * Implements AllPermission.newPermissionCollection, and obeys serialization + * of JDK. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ + private static final class AllPermissionCollection extends PermissionCollection + { + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -4023755556366636806L; + + /** + * Whether an AllPermission has been added to the collection. + * + * @serial if all permission is in the collection yet + */ + private boolean all_allowed; + + /** + * Add an AllPermission. + * + * @param perm the permission to add + * @throws IllegalArgumentException if perm is not an AllPermission + * @throws SecurityException if the collection is read-only + */ + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException(); + if (! (perm instanceof AllPermission)) + throw new IllegalArgumentException(); + all_allowed = true; + } + + /** + * Returns true if this collection implies a permission. + * + * @param perm the permission to check + * @return true if this collection contains an AllPermission + */ + public boolean implies(Permission perm) + { + return all_allowed; + } + + /** + * Returns an enumeration of the elements in the collection. + * + * @return the elements in the collection + */ + public Enumeration elements() + { + return all_allowed + ? Collections.enumeration(Collections.singleton(new AllPermission())) + : EmptyEnumeration.getInstance(); + } + } // class AllPermissionCollection +} // class AllPermission diff --git a/libjava/classpath/java/security/BasicPermission.java b/libjava/classpath/java/security/BasicPermission.java new file mode 100644 index 000000000..6296cffea --- /dev/null +++ b/libjava/classpath/java/security/BasicPermission.java @@ -0,0 +1,308 @@ +/* BasicPermission.java -- implements a simple named permission + Copyright (C) 1998, 1999, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.Serializable; +import java.util.Enumeration; +import java.util.Hashtable; + +/** + * This class implements a simple model for named permissions without an + * associated action list. That is, either the named permission is granted + * or it is not. + * + *

It also supports trailing wildcards to allow the easy granting of + * permissions in a hierarchical fashion. (For example, the name "org.gnu.*" + * might grant all permissions under the "org.gnu" permissions hierarchy). + * The only valid wildcard character is a '*' which matches anything. It + * must be the rightmost element in the permission name and must follow a + * '.' or else the Permission name must consist of only a '*'. Any other + * occurrence of a '*' is not valid. + * + *

This class ignores the action list. Subclasses can choose to implement + * actions on top of this class if desired. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @see Permission + * @see Permissions + * @see PermissionCollection + * @see RuntimePermission + * @see SecurityPermission + * @see PropertyPermission + * @see AWTPermission + * @see NetPermission + * @see SecurityManager + * @since 1.1 + * @status updated to 1.4 + */ +public abstract class BasicPermission extends Permission + implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 6279438298436773498L; + + /** + * Create a new instance with the specified permission name. If the + * name is empty an exception is thrown. + * + * @param name the name of this permission + * @throws NullPointerException if name is null + * @throws IllegalArgumentException if name is invalid + */ + public BasicPermission(String name) + { + super(name); + + // This routine used to check for illegal wildcards, but no such + // requirement exists in the specification and Sun's runtime + // doesn't appear to do it. + + if (name.equals("")) + throw new IllegalArgumentException("Empty name"); + } + + /** + * Create a new instance with the specified permission name. If the name + * is empty, or contains an illegal wildcard character, an exception is + * thrown. The actions parameter is ignored. + * + * @param name the name of this permission + * @param actions ignored + * @throws NullPointerException if name is null + * @throws IllegalArgumentException if name is invalid + */ + public BasicPermission(String name, String actions) + { + this(name); + } + + /** + * This method tests to see if the specified permission is implied by this + * permission. This will be true if the following conditions are met:

    + *
  • The specified object is an instance of the same class as this + * object.
    • + *
  • The name of the specified permission is implied by this permission's + * name based on wildcard matching. For example, "a.*" implies "a.b".
    • + *
+ * + * @param perm the Permission object to test against + * @return true if the specified permission is implied + */ + public boolean implies(Permission perm) + { + if (! getClass().isInstance(perm)) + return false; + + String otherName = perm.getName(); + String name = getName(); + + if (name.equals(otherName)) + return true; + + int last = name.length() - 1; + return name.charAt(last) == '*' + && otherName.startsWith(name.substring(0, last)); + } + + /** + * This method tests to see if this object is equal to the specified + * Object. This will be true if and only if the specified + * object meets the following conditions:
    + *
  • It is an instance of the same class as this.
    • + *
  • It has the same name as this permission.
    • + *
+ * + * @param obj the Object to test for equality + * @return true if obj is semantically equal to this + */ + public boolean equals(Object obj) + { + return getClass().isInstance(obj) + && getName().equals(((BasicPermission) obj).getName()); + } + + /** + * This method returns a hash code for this permission object. The hash + * code returned is the value returned by calling the hashCode + * method on the String that is the name of this permission. + * + * @return a hash value for this object + */ + public int hashCode() + { + return getName().hashCode(); + } + + /** + * This method returns a list of the actions associated with this + * permission. This method always returns the empty string ("") since + * this class ignores actions. + * + * @return the action list + */ + public String getActions() + { + return ""; + } + + /** + * This method returns an instance of PermissionCollection + * suitable for storing BasicPermission objects. The + * collection returned can only store objects of the same type as this. + * Subclasses which use actions must override this method; but a class with + * no actions will work fine with this. + * + * @return a new empty PermissionCollection object + */ + public PermissionCollection newPermissionCollection() + { + return new BasicPermissionCollection(getClass()); + } + + /** + * Implements AllPermission.newPermissionCollection, and obeys serialization + * of JDK. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ + private static final class BasicPermissionCollection extends PermissionCollection + { + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 739301742472979399L; + + /** + * The permissions in the collection. + * + * @serial a hash mapping name to permissions, all of type permClass + */ + private final Hashtable permissions = new Hashtable(); + + /** + * If "*" is in the collection. + * + * @serial true if a permission named "*" is in the collection + */ + private boolean all_allowed; + + /** + * The runtime class which all entries in the table must belong to. + * + * @serial the limiting subclass of this collection + */ + private final Class permClass; + + /** + * Construct a collection over the given runtime class. + * + * @param c the class + */ + BasicPermissionCollection(Class c) + { + permClass = c; + } + + /** + * Add a Permission. It must be of the same type as the permission which + * created this collection. + * + * @param perm the permission to add + * @throws IllegalArgumentException if perm is not the correct type + * @throws SecurityException if the collection is read-only + */ + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException("readonly"); + if (! permClass.isInstance(perm)) + throw new IllegalArgumentException("Expecting instance of " + permClass); + BasicPermission bp = (BasicPermission) perm; + String name = bp.getName(); + if (name.equals("*")) + all_allowed = true; + permissions.put(name, bp); + } + + /** + * Returns true if this collection implies the given permission. + * + * @param permission the permission to check + * @return true if it is implied by this + */ + public boolean implies(Permission permission) + { + if (! permClass.isInstance(permission)) + return false; + if (all_allowed) + return true; + BasicPermission toImply = (BasicPermission) permission; + String name = toImply.getName(); + if (name.equals("*")) + return false; + int prefixLength = name.length(); + if (name.endsWith("*")) + prefixLength -= 2; + + while (true) + { + if (permissions.get(name) != null) + return true; + prefixLength = name.lastIndexOf('.', prefixLength); + if (prefixLength < 0) + return false; + name = name.substring(0, prefixLength + 1) + '*'; + } + } + + /** + * Enumerate over the collection. + * + * @return an enumeration of the collection contents + */ + public Enumeration elements() + { + return permissions.elements(); + } + } // class BasicPermissionCollection +} // class BasicPermission diff --git a/libjava/classpath/java/security/Certificate.java b/libjava/classpath/java/security/Certificate.java new file mode 100644 index 000000000..5cdba6e10 --- /dev/null +++ b/libjava/classpath/java/security/Certificate.java @@ -0,0 +1,125 @@ +/* Certificate.java -- deprecated interface for modeling digital certificates + Copyright (C) 1998, 2002, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +/** + * This interface models a digital certificate which verifies the + * authenticity of a party. This class simply allows certificate + * information to be queried, it does not guarantee that the certificate + * is valid. + * + *

This class is deprecated in favor of the new java.security.cert package. + * It exists for backward compatibility only. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.1 + * @deprecated use {@link java.security.cert} instead + * @status updated to 1.4 + */ +public interface Certificate +{ + /** + * This method returns the Principal that is guaranteeing + * this certificate. + * + * @return the Principal guaranteeing the certificate + */ + Principal getGuarantor(); + + /** + * This method returns the Principal being guaranteed by + * this certificate. + * + * @return the Principal guaranteed by this certificate + */ + Principal getPrincipal(); + + /** + * This method returns the public key for the Principal that + * is being guaranteed. + * + * @return the PublicKey of the Principal being guaranteed + */ + PublicKey getPublicKey(); + + /** + * This method writes the certificate to an OutputStream in + * a format that can be understood by the decode method. + * + * @param out the OutputStream to write to + * @throws KeyException if there is a problem with the certificate + * @throws IOException if an error occurs writing to the stream + * @see #decode(InputStream) + * @see #getFormat() + */ + void encode(OutputStream out) throws KeyException, IOException; + + /** + * This method reads an encoded certificate from an InputStream. + * + * @param in the InputStream to read from + * @throws KeyException if there is a problem with the certificate data + * @throws IOException if an error occurs reading from the stream + * @see #encode(OutputStream) + * @see #getFormat() + */ + void decode(InputStream in) throws KeyException, IOException; + + /** + * This method returns the encoding format of the certificate (e.g., "PGP", + * "X.509"). This format is used by the encode and + * decode methods. + * + * @return the encoding format being used + */ + String getFormat(); + + /** + * This method returns a String representation of the contents + * of this certificate. + * + * @param detail true to provided more detailed information + * @return the string representation + */ + String toString(boolean detail); +} // interface Certificate diff --git a/libjava/classpath/java/security/CodeSource.java b/libjava/classpath/java/security/CodeSource.java new file mode 100644 index 000000000..dd353eda0 --- /dev/null +++ b/libjava/classpath/java/security/CodeSource.java @@ -0,0 +1,356 @@ +/* CodeSource.java -- Code location and certifcates + Copyright (C) 1998, 2002, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; +import java.net.SocketPermission; +import java.net.URL; +// Note that this overrides Certificate in this package. +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.Arrays; +import java.util.HashSet; +import java.util.Iterator; + +/** + * This class represents a location from which code is loaded (as + * represented by a URL), and the list of certificates that are used to + * check the signatures of signed code loaded from this source. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @since 1.1 + * @status updated to 1.4 + */ +public class CodeSource implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 4977541819976013951L; + + /** + * This is the URL that represents the code base from which code will + * be loaded. + * + * @serial the code location + */ + private final URL location; + + /** The set of certificates for this code base. */ + private transient HashSet certs; + + /** + * This creates a new instance of CodeSource that loads code + * from the specified URL location and which uses the specified certificates + * for verifying signatures. + * + * @param location the location from which code will be loaded + * @param certs the list of certificates + */ + public CodeSource(URL location, Certificate[] certs) + { + this.location = location; + if (certs != null) + this.certs = new HashSet(Arrays.asList(certs)); + } + + /** + * This method returns a hash value for this object. + * + * @return a hash value for this object + */ + public int hashCode() + { + return (location == null ? 0 : location.hashCode()) + ^ (certs == null ? 0 : certs.hashCode()); + } + + /** + * This method tests the specified Object for equality with + * this object. This will be true if and only if the locations are equal + * and the certificate sets are identical (ignoring order). + * + * @param obj the Object to test against + * @return true if the specified object is equal to this one + */ + public boolean equals(Object obj) + { + if (! (obj instanceof CodeSource)) + return false; + CodeSource cs = (CodeSource) obj; + return (certs == null ? cs.certs == null : certs.equals(cs.certs)) + && (location == null ? cs.location == null + : location.equals(cs.location)); + } + + /** + * This method returns the URL specifying the location from which code + * will be loaded under this CodeSource. + * + * @return the code location for this CodeSource + */ + public final URL getLocation() + { + return location; + } + + /** + * This method returns the list of digital certificates that can be used + * to verify the signatures of code loaded under this + * CodeSource. + * + * @return the certifcate list for this CodeSource + */ + public final Certificate[] getCertificates() + { + if (certs == null) + return null; + Certificate[] c = new Certificate[certs.size()]; + certs.toArray(c); + return c; + } + + /** + * This method tests to see if a specified CodeSource is + * implied by this object. Effectively, to meet this test, the specified + * object must have all the certifcates this object has (but may have more), + * and must have a location that is a subset of this object's. In order + * for this object to imply the specified object, the following must be + * true: + * + *

    + *
  1. codesource must not be null.
    2. + *
  2. If codesource has a certificate list, all of it's + * certificates must be present in the certificate list of this + * code source.
    3. + *
  3. If this object does not have a null location, then + * the following addtional tests must be passed. + * + *
      + *
    1. codesource must not have a null + * location.
      2. + *
    2. codesource's location must be equal to this object's + * location, or + *
        + *
      • codesource's location protocol, port, and ref (aka, + * anchor) must equal this objects
        • + *
      • codesource's location host must imply this object's + * location host, as determined by contructing + * SocketPermission objects from each with no + * action list and using that classes's implies + * method
        • + *
      • If this object's location file ends with a '/', then the + * specified object's location file must start with this + * object's location file. Otherwise, the specified object's + * location file must start with this object's location file + * with the '/' character appended to it.
        • + *
      3. + *
    4. + *
+ * + *

For example, each of these locations imply the location + * "http://java.sun.com/classes/foo.jar":

+ * + * 
+   * http:
+   * http://*.sun.com/classes/*
+   * http://java.sun.com/classes/-
+   * http://java.sun.com/classes/foo.jar
+   *
+ * + *

Note that the code source with null location and null certificates implies + * all other code sources.

+ * + * @param cs the CodeSource to test against this object + * @return true if this specified CodeSource is implied + */ + public boolean implies(CodeSource cs) + { + if (cs == null) + return false; + // First check the certificate list. + if (certs != null && (cs.certs == null || ! certs.containsAll(cs.certs))) + return false; + // Next check the location. + if (location == null) + return true; + if (cs.location == null + || ! location.getProtocol().equals(cs.location.getProtocol()) + || (location.getPort() != -1 + && location.getPort() != cs.location.getPort()) + || (location.getRef() != null + && ! location.getRef().equals(cs.location.getRef()))) + return false; + if (location.getHost() != null) + { + String their_host = cs.location.getHost(); + if (their_host == null) + return false; + SocketPermission our_sockperm = + new SocketPermission(location.getHost(), "accept"); + SocketPermission their_sockperm = + new SocketPermission(their_host, "accept"); + if (! our_sockperm.implies(their_sockperm)) + return false; + } + String our_file = location.getFile(); + if (our_file != null) + { + if (! our_file.endsWith("/")) + our_file += "/"; + String their_file = cs.location.getFile(); + if (their_file == null + || ! their_file.startsWith(our_file)) + return false; + } + return true; + } + + /** + * This method returns a String that represents this object. + * The result is in the format "(" + getLocation() followed + * by a space separated list of certificates (or "<no certificates>"), + * followed by ")". + * + * @return a String for this object + */ + public String toString() + { + CPStringBuilder sb = new CPStringBuilder("(").append(location); + if (certs == null || certs.isEmpty()) + sb.append(" "); + else + { + Iterator iter = certs.iterator(); + for (int i = certs.size(); --i >= 0; ) + sb.append(' ').append(iter.next()); + } + return sb.append(")").toString(); + } + + /** + * Reads this object from a serialization stream. + * + * @param s the input stream + * @throws IOException if reading fails + * @throws ClassNotFoundException if deserialization fails + * @serialData this reads the location, then expects an int indicating the + * number of certificates. Each certificate is a String type + * followed by an int encoding length, then a byte[] encoding + */ + private void readObject(ObjectInputStream s) + throws IOException, ClassNotFoundException + { + s.defaultReadObject(); + int count = s.readInt(); + certs = new HashSet(); + while (--count >= 0) + { + String type = (String) s.readObject(); + int bytes = s.readInt(); + byte[] encoded = new byte[bytes]; + for (int i = 0; i < bytes; i++) + encoded[i] = s.readByte(); + ByteArrayInputStream stream = new ByteArrayInputStream(encoded); + try + { + CertificateFactory factory = CertificateFactory.getInstance(type); + certs.add(factory.generateCertificate(stream)); + } + catch (CertificateException e) + { + // XXX Should we ignore this certificate? + } + } + } + + /** + * Writes this object to a serialization stream. + * + * @param s the output stream + * @throws IOException if writing fails + * @serialData this writes the location, then writes an int indicating the + * number of certificates. Each certificate is a String type + * followed by an int encoding length, then a byte[] encoding + */ + private void writeObject(ObjectOutputStream s) throws IOException + { + s.defaultWriteObject(); + if (certs == null) + s.writeInt(0); + else + { + int count = certs.size(); + s.writeInt(count); + Iterator iter = certs.iterator(); + while (--count >= 0) + { + Certificate c = (Certificate) iter.next(); + s.writeObject(c.getType()); + byte[] encoded; + try + { + encoded = c.getEncoded(); + } + catch (CertificateEncodingException e) + { + // XXX Should we ignore this certificate? + encoded = null; + } + if (encoded == null) + s.writeInt(0); + else + { + s.writeInt(encoded.length); + for (int i = 0; i < encoded.length; i++) + s.writeByte(encoded[i]); + } + } + } + } +} // class CodeSource diff --git a/libjava/classpath/java/security/DigestException.java b/libjava/classpath/java/security/DigestException.java new file mode 100644 index 000000000..b4df0c1d5 --- /dev/null +++ b/libjava/classpath/java/security/DigestException.java @@ -0,0 +1,92 @@ +/* DigestException.java -- A generic message digest exception + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception indicates that a generic message digest exception has + * occurred. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class DigestException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5821450303093652515L; + + /** + * Create a new instance with no descriptive message. + */ + public DigestException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive message + */ + public DigestException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public DigestException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public DigestException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/DigestInputStream.java b/libjava/classpath/java/security/DigestInputStream.java new file mode 100644 index 000000000..c0a74f3ab --- /dev/null +++ b/libjava/classpath/java/security/DigestInputStream.java @@ -0,0 +1,167 @@ +/* DigestInputStream.java --- An Input stream tied to a message digest + Copyright (C) 1999, 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.FilterInputStream; +import java.io.IOException; +import java.io.InputStream; + +/** + * DigestInputStream is a class that ties an InputStream with a + * MessageDigest. The Message Digest is used by the class to + * update it self as bytes are read from the InputStream. + * + * The updating to the digest depends on the on flag which is set + * to true by default to tell the class to update the data + * in the message digest. + * + * @version 0.0 + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public class DigestInputStream extends FilterInputStream +{ + /** + * The message digest for the DigestInputStream + */ + protected MessageDigest digest; + + //Manages the on flag + private boolean state = true; + + /** + * Constructs a new DigestInputStream. + * It associates a MessageDigest with the stream to + * compute the stream as data is written. + * + * @param stream An InputStream to associate this stream with + * @param digest A MessageDigest to hash the stream with + */ + public DigestInputStream(InputStream stream, MessageDigest digest) + { + super(stream); + //this.in = stream; + this.digest = digest; + } + + /** + * Returns the MessageDigest associated with this DigestInputStream + * + * @return The MessageDigest used to hash this stream + */ + public MessageDigest getMessageDigest() + { + return digest; + } + + /** + * Sets the current MessageDigest to current parameter + * + * @param digest A MessageDigest to associate with this stream + */ + public void setMessageDigest(MessageDigest digest) + { + this.digest = digest; + } + + /** + * Reads a byte from the input stream and updates the digest. + * This method reads the underlying input stream and if the + * on flag is true then updates the message digest. + * + * @return Returns a byte from the input stream, -1 is returned to indicate that + * the end of stream was reached before this read call + * + * @throws IOException if an IO error occurs in the underlying input stream, + * this error is thrown + */ + public int read() throws IOException + { + int temp = in.read(); + + if (state == true && temp != -1) + digest.update((byte) temp); + + return temp; + } + + /** + * Reads bytes from the input stream and updates the digest. + * This method reads the underlying input stream and if the + * on flag is true then updates the message digest. + * + * @param b a byte array to store the data from the input stream + * @param off an offset to start at in the array + * @param len length of data to read + * @return Returns count of bytes read, -1 is returned to indicate that + * the end of stream was reached before this read call + * + * @throws IOException if an IO error occurs in the underlying input stream, + * this error is thrown + */ + public int read(byte[]b, int off, int len) throws IOException + { + int temp = in.read(b, off, len); + + if (state == true && temp != -1) + digest.update(b, off, temp); + + return temp; + } + + /** + * Sets the flag specifing if this DigestInputStream updates the + * digest in the write() methods. The default is on; + * + * @param on True means it digests stream, false means it does not + */ + public void on(boolean on) + { + state = on; + } + + /** + * Converts the input stream and underlying message digest to a string. + * + * @return A string representing the input stream and message digest. + */ + public String toString() + { + return "[Digest Input Stream] " + digest.toString(); + } +} diff --git a/libjava/classpath/java/security/DigestOutputStream.java b/libjava/classpath/java/security/DigestOutputStream.java new file mode 100644 index 000000000..748f83d79 --- /dev/null +++ b/libjava/classpath/java/security/DigestOutputStream.java @@ -0,0 +1,158 @@ +/* DigestOutputStream.java --- An output stream tied to a message digest + Copyright (C) 1999, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.FilterOutputStream; +import java.io.IOException; +import java.io.OutputStream; + +/** + * DigestOutputStream is a class that ties an OutputStream with a + * MessageDigest. The Message Digest is used by the class to update it + * self as bytes are written to the OutputStream. + * + * The updating to the digest depends on the on flag which is set to + * true by default that tells the class to update the data in the + * message digest. + * + * @version 0.0 + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public class DigestOutputStream extends FilterOutputStream +{ + /** + * The message digest for the DigestOutputStream + */ + protected MessageDigest digest; + + //Manages the on flag + private boolean state = true; + + /** + * Constructs a new DigestOutputStream. It associates a + * MessageDigest with the stream to compute the stream as data is + * written. + * + * @param stream An OutputStream to associate this stream with + * @param digest A MessageDigest to hash the stream with + */ + public DigestOutputStream(OutputStream stream, MessageDigest digest) + { + super(stream); + this.digest = digest; + } + + /** + * Returns the MessageDigest associated with this DigestOutputStream + * + * @return The MessageDigest used to hash this stream + */ + public MessageDigest getMessageDigest() + { + return digest; + } + + /** + * Sets the current MessageDigest to current parameter + * + * @param digest A MessageDigest to associate with this stream + */ + public void setMessageDigest(MessageDigest digest) + { + this.digest = digest; + } + + + /** + * Updates the hash if the on flag is true and then writes a byte to + * the underlying output stream. + * + * @param b A byte to write to the output stream + * + * @exception IOException if the underlying output stream + * cannot write the byte, this is thrown. + */ + public void write(int b) throws IOException + { + if (state) + digest.update((byte) b); + + out.write(b); + } + + /** + * Updates the hash if the on flag is true and then writes the bytes + * to the underlying output stream. + * + * @param b Bytes to write to the output stream + * @param off Offset to start to start at in array + * @param len Length of data to write + * + * @exception IOException if the underlying output stream + * cannot write the bytes, this is thrown. + */ + public void write(byte[]b, int off, int len) throws IOException + { + if (state) + digest.update(b, off, len); + + out.write(b, off, len); + } + + /** + * Sets the flag specifying if this DigestOutputStream updates the + * digest in the write() methods. The default is on; + * + * @param on True means it digests stream, false means it does not + */ + public void on(boolean on) + { + state = on; + } + + /** + * Converts the output stream and underlying message digest to a string. + * + * @return A string representing the output stream and message digest. + */ + public String toString() + { + return "[Digest Output Stream] " + digest.toString(); + } +} diff --git a/libjava/classpath/java/security/DomainCombiner.java b/libjava/classpath/java/security/DomainCombiner.java new file mode 100644 index 000000000..9ec680c63 --- /dev/null +++ b/libjava/classpath/java/security/DomainCombiner.java @@ -0,0 +1,67 @@ +/* DomainCombiner.java -- Combines ProtectionDomains + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * A public interface used to combine two ProtectionDomains in a new + * ProtectionDomain and update the current Protection Domains + * associated with the current AccessControlContext. + * + * It can add, subtract, or update ProtectionDomains or possibly + * remove duplicates or any possible complex action but just not add + * ones that do not already exist in either array. + * + * @author Mark Benvenuto + * @see AccessControlContext + * @see AccessController + * @since 1.3 + * @status updated to 1.4 + */ +public interface DomainCombiner +{ + /** + * Combines the current ProtectionDomains of the Thread with new + * ProtectionDomains. + * + * @param currentDomains - the ProtectionDomains for the current thread. + * @param assignedDomains - ProtectionsDomains to add + * @return a new array of all the ProtectionDomains + */ + ProtectionDomain[] combine(ProtectionDomain[] currentDomains, + ProtectionDomain[] assignedDomains); +} // interface DomainCombiner diff --git a/libjava/classpath/java/security/DummyKeyPairGenerator.java b/libjava/classpath/java/security/DummyKeyPairGenerator.java new file mode 100644 index 000000000..da8c362eb --- /dev/null +++ b/libjava/classpath/java/security/DummyKeyPairGenerator.java @@ -0,0 +1,75 @@ +/* DummyKeyPairGenerator.java - Wrapper for KeyPairGeneratorSpi + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.security.spec.AlgorithmParameterSpec; + +final class DummyKeyPairGenerator extends KeyPairGenerator +{ + private KeyPairGeneratorSpi kpgSpi = null; + + public DummyKeyPairGenerator(KeyPairGeneratorSpi kpgSpi, String algorithm) + { + super(algorithm); + this.kpgSpi = kpgSpi; + } + + public Object clone() throws CloneNotSupportedException + { + KeyPairGenerator result = new DummyKeyPairGenerator + ((KeyPairGeneratorSpi) kpgSpi.clone(), this.getAlgorithm()); + result.provider = this.getProvider(); + return result; + } + + public void initialize(int keysize, SecureRandom random) + { + kpgSpi.initialize(keysize, random); + } + + public void initialize(AlgorithmParameterSpec params, SecureRandom random) + throws InvalidAlgorithmParameterException + { + kpgSpi.initialize(params, random); + } + + public KeyPair generateKeyPair() + { + return kpgSpi.generateKeyPair(); + } +} diff --git a/libjava/classpath/java/security/DummyMessageDigest.java b/libjava/classpath/java/security/DummyMessageDigest.java new file mode 100644 index 000000000..6cecdcf68 --- /dev/null +++ b/libjava/classpath/java/security/DummyMessageDigest.java @@ -0,0 +1,90 @@ +/* DummyMessageDigest.java - Wrapper for MessageDigestSpi + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +final class DummyMessageDigest extends MessageDigest +{ + private MessageDigestSpi mdSpi = null; + + public DummyMessageDigest(MessageDigestSpi mdSpi, String algorithm) + { + super(algorithm); + this.mdSpi = mdSpi; + } + + public Object clone() throws CloneNotSupportedException + { + MessageDigest result = new DummyMessageDigest + ((MessageDigestSpi) mdSpi.clone(), this.getAlgorithm()); + result.provider = this.getProvider(); + return result; + } + + // java.security.MessageDigestSpi abstract methods implementation --------- + + public byte[] engineDigest() + { + return mdSpi.engineDigest(); + } + + public int engineDigest(byte[] buf, int offset, int len) + throws DigestException + { + return mdSpi.engineDigest(buf, offset, len); + } + + public int engineGetDigestLength() + { + return mdSpi.engineGetDigestLength(); + } + + public void engineReset() + { + mdSpi.engineReset(); + } + + public void engineUpdate(byte input) + { + mdSpi.engineUpdate(input); + } + + public void engineUpdate(byte[] input, int offset, int len) + { + mdSpi.engineUpdate(input, offset, len); + } +} diff --git a/libjava/classpath/java/security/DummySignature.java b/libjava/classpath/java/security/DummySignature.java new file mode 100644 index 000000000..b74885c99 --- /dev/null +++ b/libjava/classpath/java/security/DummySignature.java @@ -0,0 +1,102 @@ +/* DummySignature.java - Signature wrapper for SignatureSpi. + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +final class DummySignature extends Signature +{ + private SignatureSpi sigSpi = null; + + public DummySignature(SignatureSpi sigSpi, String algorithm) + { + super(algorithm); + this.sigSpi = sigSpi; + } + + public Object clone() throws CloneNotSupportedException + { + Signature result = new DummySignature + ((SignatureSpi) sigSpi.clone(), this.getAlgorithm()); + result.provider = this.getProvider(); + return result; + } + + protected void engineInitVerify(PublicKey publicKey) + throws InvalidKeyException + { + sigSpi.engineInitVerify(publicKey); + } + + protected void engineInitSign(PrivateKey privateKey) + throws InvalidKeyException + { + sigSpi.engineInitSign(privateKey); + } + + protected void engineUpdate(byte b) throws SignatureException + { + sigSpi.engineUpdate(b); + } + + protected void engineUpdate(byte[]b, int off, int len) + throws SignatureException + { + sigSpi.engineUpdate(b, off, len); + } + + protected byte[] engineSign() throws SignatureException + { + return sigSpi.engineSign(); + } + + protected boolean engineVerify(byte[]sigBytes) throws SignatureException + { + return sigSpi.engineVerify(sigBytes); + } + + protected void engineSetParameter(String param, Object value) + throws InvalidParameterException + { + sigSpi.engineSetParameter(param, value); + } + + protected Object engineGetParameter(String param) + throws InvalidParameterException + { + return sigSpi.engineGetParameter(param); + } +} diff --git a/libjava/classpath/java/security/GeneralSecurityException.java b/libjava/classpath/java/security/GeneralSecurityException.java new file mode 100644 index 000000000..b2594c5fb --- /dev/null +++ b/libjava/classpath/java/security/GeneralSecurityException.java @@ -0,0 +1,97 @@ +/* GeneralSecurityException.java -- Common superclass of security exceptions + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This class is the common superclass of all security exceptions. All + * exceptions in java.security extend this class with the exception (no + * pun intended) of AccessControlException and + * CertificateException (which extend + * SecurityException), ProviderException + * (RuntimeException), and InvalidParamterException + * (IllegalArgumentException). + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class GeneralSecurityException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 894798122053539237L; + + /** + * Create a new instance with no descriptive error message. + */ + public GeneralSecurityException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public GeneralSecurityException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public GeneralSecurityException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public GeneralSecurityException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/Guard.java b/libjava/classpath/java/security/Guard.java new file mode 100644 index 000000000..4f22360a4 --- /dev/null +++ b/libjava/classpath/java/security/Guard.java @@ -0,0 +1,60 @@ +/* Guard.java -- Check access to a guarded object + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This interface specifies a mechanism for querying whether or not + * access is allowed to a guarded object. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see GuardedObject + * @since 1.1 + * @status updated to 1.4 + */ +public interface Guard +{ + /** + * This method tests whether or not access is allowed to the specified + * guarded object. Access is allowed if this method returns silently. If + * access is denied, an exception is generated. + * + * @param obj the Object to test + * @throws SecurityException if access to the object is denied + */ + void checkGuard(Object obj); +} // interface Guard diff --git a/libjava/classpath/java/security/GuardedObject.java b/libjava/classpath/java/security/GuardedObject.java new file mode 100644 index 000000000..5ca08835d --- /dev/null +++ b/libjava/classpath/java/security/GuardedObject.java @@ -0,0 +1,121 @@ +/* GuardedObject.java -- An object protected by a Guard + Copyright (C) 1998, 2002, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.IOException; +import java.io.ObjectOutputStream; +import java.io.Serializable; + +/** + * This class is an object that is guarded by a Guard object. + * The object that is being guarded is retrieved by a call to the only + * method in this class - getObject. That method returns the + * guarded Object after first checking with the + * Guard. If the Guard disallows access, an + * exception will be thrown. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.1 + * @status updated to 1.4 + */ +public class GuardedObject implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -5240450096227834308L; + + /** + * This is the Guard that is protecting the object. + * + * @serial the guard + */ + private final Guard guard; + + /** + * This is the object that is being guarded. + * + * @serial the protected object + */ + private final Object object; + + /** + * This method initializes a new instance of GuardedObject + * that protects the specified Object using the specified + * Guard. A null guard means there are no restrictions on + * accessing the object. + * + * @param object the Object to guard + * @param guard the Guard that is protecting the object + */ + public GuardedObject(Object object, Guard guard) + { + this.object = object; + this.guard = guard; + } + + /** + * This method first call the checkGuard method on the + * Guard object protecting the guarded object. If the + * Guard disallows access, an exception is thrown, otherwise + * the Object is returned. + * + * @return The object being guarded + * @throws SecurityException if access is denied + */ + public Object getObject() + { + if (guard != null) + guard.checkGuard(object); + return object; + } + + /** + * Ensures that serialization is legal, by checking the guard. + * + * @param s the stream to write to + * @throws IOException if the underlying stream fails + */ + private void writeObject(ObjectOutputStream s) throws IOException + { + if (guard != null) + guard.checkGuard(object); + s.defaultWriteObject(); + } +} // class GuardedObject diff --git a/libjava/classpath/java/security/Identity.java b/libjava/classpath/java/security/Identity.java new file mode 100644 index 000000000..83ec4c8e1 --- /dev/null +++ b/libjava/classpath/java/security/Identity.java @@ -0,0 +1,346 @@ +/* Identity.java --- Identity Class + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.io.Serializable; +import java.util.Vector; + +/** + * The Identity class is used to represent people and companies + * that can be authenticated using public key encryption. The identities can + * also be abstract objects such as smart cards. + * + *

Identity objects store a name and public key for each + * identity. The names cannot be changed and the identities can be scoped. Each + * identity (name and public key) within a scope are unique to that scope.

+ * + *

Each identity has a set of ceritificates which all specify the same + * public key, but not necessarily the same name.

+ * + *

The Identity class can be subclassed to allow additional + * information to be attached to it.

+ * + * @author Mark Benvenuto + * @see IdentityScope + * @see Signer + * @see Principal + * @deprecated Replaced by java.security.KeyStore, the + * java.security.cert package, and + * java.security.Principal. + */ +public abstract class Identity implements Principal, Serializable +{ + private static final long serialVersionUID = 3609922007826600659L; + + private String name; + private IdentityScope scope; + private PublicKey publicKey; + private String info; + private Vector certificates; + + /** Constructor for serialization only. */ + protected Identity() + { + } + + /** + * Constructs a new instance of Identity with the specified + * name and scope. + * + * @param name + * the name to use. + * @param scope + * the scope to use. + * @throws KeyManagementException + * if the identity is already present. + */ + public Identity(String name, IdentityScope scope) + throws KeyManagementException + { + this.name = name; + this.scope = scope; + } + + /** + * Constructs a new instance of Identity with the specified + * name and no scope. + * + * @param name + * the name to use. + */ + public Identity(String name) + { + this.name = name; + this.scope = null; + } + + /** @return the name of this identity. */ + public final String getName() + { + return name; + } + + /** @return the scope of this identity. */ + public final IdentityScope getScope() + { + return scope; + } + + /** + * @return the public key of this identity. + * @see #setPublicKey(java.security.PublicKey) + */ + public PublicKey getPublicKey() + { + return publicKey; + } + + /** + * Sets the public key for this identity. The old key and all certificates + * are removed. + * + * @param key + * the public key to use. + * @throws KeyManagementException + * if this public key is used by another identity in the current + * scope. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public void setPublicKey(PublicKey key) throws KeyManagementException + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setIdentityPublicKey"); + + this.publicKey = key; + } + + /** + * Sets the general information string. + * + * @param info + * the general information string. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public void setInfo(String info) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setIdentityInfo"); + + this.info = info; + } + + /** + * @return the general information string of this identity. + * @see #setInfo(String) + */ + public String getInfo() + { + return info; + } + + /** + * Adds a certificate to the list of ceritificates for this identity. The + * public key in this certificate must match the existing public key if it + * exists. + * + * @param certificate + * the certificate to add. + * @throws KeyManagementException + * if the certificate is invalid, or the public key conflicts. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public void addCertificate(Certificate certificate) + throws KeyManagementException + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("addIdentityCertificate"); + + // Check public key of this certificate against the first one in the vector + if (certificates.size() > 0) + { + if (((Certificate) certificates.firstElement()).getPublicKey() != publicKey) + throw new KeyManagementException("Public key does not match"); + } + certificates.addElement(certificate); + } + + /** + * Removes a certificate from the list of ceritificates for this identity. + * + * @param certificate + * the certificate to remove. + * @throws KeyManagementException + * if the certificate is invalid. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public void removeCertificate(Certificate certificate) + throws KeyManagementException + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("removeIdentityCertificate"); + + if (certificates.contains(certificate) == false) + throw new KeyManagementException("Certificate not found"); + + certificates.removeElement(certificate); + } + + /** @return an array of {@link Certificate}s for this identity. */ + public Certificate[] certificates() + { + Certificate[] certs = new Certificate[certificates.size()]; + int max = certificates.size(); + for (int i = 0; i < max; i++) + certs[i] = (Certificate) certificates.elementAt(i); + + return certs; + } + + /** + * Checks for equality between this Identity and a specified object. It first + * checks if they are the same object, then if the name and scope match and + * returns true if successful. If these tests fail, the + * {@link #identityEquals(Identity)} method is called. + * + * @return true if they are equal, false + * otherwise. + */ + public final boolean equals(Object identity) + { + if (identity instanceof Identity) + { + if (identity == this) + return true; + + if ((((Identity) identity).getName().equals(this.name)) && + (((Identity) identity).getScope().equals(this.scope))) + return true; + + return identityEquals((Identity) identity); + } + return false; + } + + /** + * Checks for equality between this Identity and a specified object. A + * subclass should override this method. The default behavior is to return + * true if the public key and names match. + * + * @return true if they are equal, false + * otherwise. + */ + protected boolean identityEquals(Identity identity) + { + return ((identity.getName().equals(this.name)) && + (identity.getPublicKey().equals(this.publicKey))); + } + + /** + * Returns a string representation of this Identity. + * + * @return a string representation of this Identity. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public String toString() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("printIdentity"); + + /* TODO: Insert proper format here */ + return (name + ":@" + scope + " Public Key: " + publicKey); + } + + /** + * Returns a detailed string representation of this Identity. + * + * @param detailed + * indicates whether or detailed information is desired. + * @return a string representation of this Identity. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public String toString(boolean detailed) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("printIdentity"); + + if (detailed) + { + /* TODO: Insert proper detailed format here */ + return (name + ":@" + scope + " Public Key: " + publicKey); + } + else + { + /* TODO: Insert proper format here */ + return (name + ":@" + scope + " Public Key: " + publicKey); + } + } + + /** @return a hashcode of this identity. */ + public int hashCode() + { + int ret = name.hashCode(); + if (publicKey != null) + ret |= publicKey.hashCode(); + if (scope != null) + ret |= scope.hashCode(); + if (info != null) + ret |= info.hashCode(); + if (certificates != null) + ret |= certificates.hashCode(); + + return ret; + } +} diff --git a/libjava/classpath/java/security/IdentityScope.java b/libjava/classpath/java/security/IdentityScope.java new file mode 100644 index 000000000..4391fbd49 --- /dev/null +++ b/libjava/classpath/java/security/IdentityScope.java @@ -0,0 +1,216 @@ +/* IdentityScope.java --- IdentityScope Class + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.util.Enumeration; + +/** + * IdentityScope represents a scope of an identity. + * IdentityScope is also an {@link Identity} and can have a name + * and scope along with the other qualitites identities possess. + * + *

An IdentityScope contains other {@link Identity} objects. + * All {@link Identity} objects are manipulated in the scope the same way. The + * scope is supposed to apply different scope to different type of + * Identities.

+ * + *

No identity within the same scope can have the same public key.

+ * + * @author Mark Benvenuto + * @see Identity + * @see Signer + * @see Principal + * @see Key + * @deprecated Use java.security.KeyStore, the java.security.cert package, and + * java.security.Principal. + */ +public abstract class IdentityScope extends Identity +{ + private static final long serialVersionUID = -2337346281189773310L; + private static IdentityScope systemScope; + + /** Constructor for serialization purposes. */ + protected IdentityScope() + { + super(); + } + + /** + * Constructs a new instance of IdentityScope with the + * specified name and no scope. + * + * @param name + * the name to use. + */ + public IdentityScope(String name) + { + super(name); + } + + /** + * Constructs a new instance of IdentityScope with the + * specified name and {@link IdentityScope}. + * + * @param name + * the name to use. + * @param scope + * the scope to use. + * @throws KeyManagementException + * if the identity scope is already present. + */ + public IdentityScope(String name, IdentityScope scope) + throws KeyManagementException + { + super(name, scope); + } + + /** + * Returns the system's Scope. + * + * @return the system's Scope. + */ + public static IdentityScope getSystemScope() + { + if (systemScope == null) + { + //Load it + //systemScope; + } + return systemScope; + } + + /** + * Sets the scope of the system. + * + * @param scope + * the new system scope. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + protected static void setSystemScope(IdentityScope scope) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setSystemScope"); + + systemScope = scope; + } + + /** + * Returns the number of entries within this IdentityScope. + * + * @return the number of entries within this IdentityScope. + */ + public abstract int size(); + + /** + * Returns the specified {@link Identity}, by name, within this scope. + * + * @param name + * name of {@link Identity} to get. + * @return an {@link Identity} representing the name or null if + * it cannot be found. + */ + public abstract Identity getIdentity(String name); + + /** + * Returns the specified {@link Identity}, by {@link Principal}, within this + * scope. + * + * @param principal + * the {@link Principal} to use. + * @return an identity representing the {@link Principal} or null + * if it cannot be found. + */ + public Identity getIdentity(Principal principal) + { + return getIdentity(principal.getName()); + } + + /** + * Returns the specified {@link Identity}, by public key, within this scope. + * + * @param key + * the {@link PublicKey} to use. + * @return an identity representing the public key or null if + * it cannot be found. + */ + public abstract Identity getIdentity(PublicKey key); + + /** + * Adds an identity to his scope. + * + * @param identity + * the {@link Identity} to add. + * @throws KeyManagementException + * if it is an invalid identity, an identity with the same key + * exists, or if another error occurs. + */ + public abstract void addIdentity(Identity identity) + throws KeyManagementException; + + /** + * Removes an identity in this scope. + * + * @param identity + * the {@link Identity} to remove. + * @throws KeyManagementException + * if it is a missing identity, or if another error occurs. + */ + public abstract void removeIdentity(Identity identity) + throws KeyManagementException; + + /** + * Returns an {@link Enumeration} of identities in this scope. + * + * @return an {@link Enumeration} of the identities in this scope. + */ + public abstract Enumeration identities(); + + /** + * Returns a string representing this instance. It includes the name, the + * scope name, and number of identities. + * + * @return a string representation of this instance. + */ + public String toString() + { + return (super.getName() + " " + super.getScope().getName() + " " + size()); + } +} diff --git a/libjava/classpath/java/security/IntersectingDomainCombiner.java b/libjava/classpath/java/security/IntersectingDomainCombiner.java new file mode 100644 index 000000000..2bfcfb442 --- /dev/null +++ b/libjava/classpath/java/security/IntersectingDomainCombiner.java @@ -0,0 +1,82 @@ +/* IntersectingDomainCombiner.java -- + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.util.HashSet; + +/** + * A trivial implementation of {@link DomainCombiner} that produces the + * intersection of the supplied {@link ProtectionDomain} objects. + */ +final class IntersectingDomainCombiner implements DomainCombiner +{ + + // Contstant. + // ------------------------------------------------------------------------- + + static final IntersectingDomainCombiner SINGLETON = new IntersectingDomainCombiner(); + + // Constructor. + // ------------------------------------------------------------------------- + + private IntersectingDomainCombiner() + { + } + + // Methods. + // ------------------------------------------------------------------------- + + public ProtectionDomain[] combine (ProtectionDomain[] currentDomains, + ProtectionDomain[] assignedDomains) + { + HashSet newDomains = new HashSet (); + for (int i = 0; i < currentDomains.length; i++) + { + if (currentDomains[i] == null) + continue; + for (int j = 0; j < assignedDomains.length; j++) + { + if (currentDomains[i].equals (assignedDomains[j])) + newDomains.add (currentDomains[i]); + } + } + return (ProtectionDomain[]) + newDomains.toArray(new ProtectionDomain[newDomains.size()]); + } +} diff --git a/libjava/classpath/java/security/InvalidAlgorithmParameterException.java b/libjava/classpath/java/security/InvalidAlgorithmParameterException.java new file mode 100644 index 000000000..aa77937fb --- /dev/null +++ b/libjava/classpath/java/security/InvalidAlgorithmParameterException.java @@ -0,0 +1,95 @@ +/* InvalidAlgorithmParameterException.java -- an invalid parameter to a + security algorithm + Copyright (C) 2000, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Thrown for an invalid security algorithm parameter. + * + * @author Warren Levy (warrenl@cygnus.com) + * @since 1.2 + * @status updated to 1.4 + */ +public class InvalidAlgorithmParameterException + extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 2864672297499471472L; + + /** + * Construct an exception with no message. + */ + public InvalidAlgorithmParameterException() + { + super(); + } + + /** + * Construct an exception with a message. + * + * @param msg the message + */ + public InvalidAlgorithmParameterException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public InvalidAlgorithmParameterException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public InvalidAlgorithmParameterException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/InvalidKeyException.java b/libjava/classpath/java/security/InvalidKeyException.java new file mode 100644 index 000000000..39aa3df43 --- /dev/null +++ b/libjava/classpath/java/security/InvalidKeyException.java @@ -0,0 +1,91 @@ +/* InvalidKeyException -- thrown for an invalid key + Copyright (C) 2000, 2002, 2006 Free Software Foundation + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Thrown for an invalid key. + * + * @author Warren Levy (warrenl@cygnus.com) + * @status updated to 1.4 + */ +public class InvalidKeyException extends KeyException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5698479920593359816L; + + /** + * Construct an exception with no message. + */ + public InvalidKeyException() + { + } + + /** + * Construct an exception with a message. + * + * @param msg the message + */ + public InvalidKeyException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public InvalidKeyException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public InvalidKeyException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/InvalidParameterException.java b/libjava/classpath/java/security/InvalidParameterException.java new file mode 100644 index 000000000..c5218a049 --- /dev/null +++ b/libjava/classpath/java/security/InvalidParameterException.java @@ -0,0 +1,70 @@ +/* InvalidParameterException.java -- an invalid parameter in the JCA/JCE engine + Copyright (C) 2000, 2002 Free Software Foundation + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Thrown when an invalid parameter is passed to a method of the JCA/JCE + * engine classes. + * + * @author Warren Levy (warrenl@cygnus.com) + * @status updated to 1.4 + */ +public class InvalidParameterException extends IllegalArgumentException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -857968536935667808L; + + /** + * Construct an exception with no message. + */ + public InvalidParameterException() + { + } + + /** + * Construct an exception with a message. + * + * @param msg the message + */ + public InvalidParameterException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/Key.java b/libjava/classpath/java/security/Key.java new file mode 100644 index 000000000..23652b6e7 --- /dev/null +++ b/libjava/classpath/java/security/Key.java @@ -0,0 +1,94 @@ +/* Key.java -- A abstract representation of a digital key + Copyright (C) 1998, 2000, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.io.Serializable; + +/** + * This interfaces models the base characteristics that all keys must + * have. These are: a key algorithm, an encoded form, and a format used + * to encode the key. Specific key types inherit from this interface. + * Note that since this interface extends Serializable, all + * keys may be serialized. Keys are generally obtained through key generators, + * including {@link KeyFactory}. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see PublicKey + * @see PrivateKey + * @see KeyPair + * @see KeyPairGenerator + * @see KeyFactory + * @see KeySpec + * @see Identity + * @see Signer + * @since 1.1 + * @status updated to 1.4 + */ +public interface Key extends Serializable +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 6603384152749567654L; + + /** + * This method returns the name of the algorithm for this key. This is a + * String such as "RSA". + * + * @return the name of the algorithm in use + */ + String getAlgorithm(); + + /** + * This method returns the name of the encoding format for this key. This + * is the name of the ASN.1 data format used for this key, such as + * "X.509" or "PKCS#8". This method returns null if this key + * does not have an encoding format. + * + * @return the name of the encoding format for this key, or null + */ + String getFormat(); + + /** + * This method returns the encoded form of the key. If this key does not + * support encoding, this method returns null. + * + * @return the encoded form of the key, or null + */ + byte[] getEncoded(); +} // interface Key diff --git a/libjava/classpath/java/security/KeyException.java b/libjava/classpath/java/security/KeyException.java new file mode 100644 index 000000000..66f1feb64 --- /dev/null +++ b/libjava/classpath/java/security/KeyException.java @@ -0,0 +1,94 @@ +/* KeyException.java -- Thrown when there is a problem with a key + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when there is a problem with a key. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Key + * @status updated to 1.4 + */ +public class KeyException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -7483676942812432108L; + + /** + * This method initializes a new instance of KeyException + * with no descriptive message. + */ + public KeyException() + { + } + + /** + * This method initializes a new instance of KeyException + * with a descriptive message. + * + * @param msg the descriptive message + */ + public KeyException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public KeyException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public KeyException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/KeyFactory.java b/libjava/classpath/java/security/KeyFactory.java new file mode 100644 index 000000000..6f47de044 --- /dev/null +++ b/libjava/classpath/java/security/KeyFactory.java @@ -0,0 +1,280 @@ +/* KeyFactory.java --- Key Factory Class + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +/** + * Key factories are used to convert keys (opaque cryptographic keys of type + * {@link Key}) into key specifications (transparent representations of the + * underlying key material). + * + *

Key factories are bi-directional. They allow a key class to be converted + * into a key specification (key material) and back again. For example DSA + * public keys can be specified as DSAPublicKeySpec or + * X509EncodedKeySpec. A key factory translates these key + * specifications.

+ * + * @since 1.2 + * @see Key + * @see KeySpec + * @see java.security.spec.DSAPublicKeySpec + * @see java.security.spec.X509EncodedKeySpec + @author Mark Benvenuto + */ +public class KeyFactory +{ + /** The service name for key factories. */ + private static final String KEY_FACTORY = "KeyFactory"; + + private KeyFactorySpi keyFacSpi; + private Provider provider; + private String algorithm; + + /** + * Constructs a new instance of KeyFactory with the specified + * parameters. + * + * @param keyFacSpi + * the key factory to use. + * @param provider + * the provider to use. + * @param algorithm + * the name of the key algorithm to use. + */ + protected KeyFactory(KeyFactorySpi keyFacSpi, Provider provider, + String algorithm) + { + this.keyFacSpi = keyFacSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** + * Returns a new instance of KeyFactory representing the + * specified key factory. + * + * @param algorithm the name of algorithm to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static KeyFactory getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new instance of KeyFactory representing the + * specified key factory from the specified provider. + * + * @param algorithm the name of algorithm to use. + * @param provider the name of the provider to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either algorithm or + * provider is null or empty. + */ + public static KeyFactory getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new instance of KeyFactory representing the + * specified key factory from the designated {@link Provider}. + * + * @param algorithm the name of algorithm to use. + * @param provider the {@link Provider} to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by + * {@link Provider}. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + * @since 1.4 + * @see Provider + */ + public static KeyFactory getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("KeyFactory for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(KEY_FACTORY, algorithm, provider); + return new KeyFactory((KeyFactorySpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Returns the {@link Provider} of this instance. + * + * @return the {@link Provider} of this instance. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the name of the algorithm used. + * + * @return the name of the algorithm used. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Generates a public key from the provided key specification. + * + * @param keySpec + * the key specification. + * @return the public key. + * @throws InvalidKeySpecException + * if the key specification is invalid. + */ + public final PublicKey generatePublic(KeySpec keySpec) + throws InvalidKeySpecException + { + return keyFacSpi.engineGeneratePublic(keySpec); + } + + /** + * Generates a private key from the provided key specification. + * + * @param keySpec + * the key specification. + * @return the private key. + * @throws InvalidKeySpecException + * if the key specification is invalid. + */ + public final PrivateKey generatePrivate(KeySpec keySpec) + throws InvalidKeySpecException + { + return keyFacSpi.engineGeneratePrivate(keySpec); + } + + /** + * Returns a key specification for the given key. keySpec + * identifies the specification class to return the key material in. + * + * @param key + * the key to use. + * @param keySpec + * the specification class to use. + * @return the key specification in an instance of the requested specification + * class. + * @throws InvalidKeySpecException + * the requested key specification is inappropriate for this key or + * the key is unrecognized. + */ + public final T getKeySpec(Key key, Class keySpec) + throws InvalidKeySpecException + { + return keyFacSpi.engineGetKeySpec(key, keySpec); + } + + /** + * Translates the key from an unknown or untrusted provider into a key from + * this key factory. + * + * @param key + * the key to translate from. + * @return the translated key. + * @throws InvalidKeyException + * if the key cannot be processed by this key factory. + */ + public final Key translateKey(Key key) throws InvalidKeyException + { + return keyFacSpi.engineTranslateKey(key); + } +} diff --git a/libjava/classpath/java/security/KeyFactorySpi.java b/libjava/classpath/java/security/KeyFactorySpi.java new file mode 100644 index 000000000..b8424638f --- /dev/null +++ b/libjava/classpath/java/security/KeyFactorySpi.java @@ -0,0 +1,134 @@ +/* KeyFactorySpi.java --- Key Factory Service Provider Interface + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +/** + * KeyFactorySpi is the Service Provider Interface (SPI) for the + * KeyFactory class. This is the interface for providers to + * supply to implement a key factory for an algorithm. + * + * Key factories are used to convert keys (opaque cryptographic + * keys of type Key) into key specifications (transparent + * representations of the underlying key material). + * + * Key factories are bi-directional. They allow a key class + * to be converted into a key specification (key material) and + * back again. + * + * For example DSA public keys can be specified as + * DSAPublicKeySpec or X509EncodedKeySpec. The key factory + * translate these key specifications. + * + * @since JDK 1.2 + * @author Mark Benvenuto + */ +public abstract class KeyFactorySpi +{ + /** + * Constucts a new KeyFactorySpi. + */ + public KeyFactorySpi() + { + } + + /** + * Generates a public key from the provided key specification. + * + * @param keySpec key specification + * + * @return the public key + * + * @throws InvalidKeySpecException invalid key specification for + * this key factory to produce a public key + */ + protected abstract PublicKey engineGeneratePublic(KeySpec keySpec) + throws InvalidKeySpecException; + + + /** + * Generates a private key from the provided key specification. + * + * @param keySpec key specification + * + * @return the private key + * + * @throws InvalidKeySpecException invalid key specification for + * this key factory to produce a private key + */ + protected abstract PrivateKey engineGeneratePrivate(KeySpec keySpec) + throws InvalidKeySpecException; + + /** + * Returns a key specification for the given key. keySpec + * identifies the specification class to return the key + * material in. + * + * @param key the key + * @param keySpec the specification class to return the + * key material in. + * + * @return the key specification in an instance of the requested + * specification class + * + * @throws InvalidKeySpecException the requested key specification + * is inappropriate for this key or the key is + * unrecognized. + */ + protected abstract T engineGetKeySpec(Key key, + Class keySpec) + throws InvalidKeySpecException; + + + /** + * Translates the key from an unknown or untrusted provider + * into a key for this key factory. + * + * @param key key from an unknown or untrusted provider + * + * @return the translated key + * + * @throws InvalidKeyException if the key cannot be + * processed by this key factory + */ + protected abstract Key engineTranslateKey(Key key) + throws InvalidKeyException; +} diff --git a/libjava/classpath/java/security/KeyManagementException.java b/libjava/classpath/java/security/KeyManagementException.java new file mode 100644 index 000000000..f39fe312e --- /dev/null +++ b/libjava/classpath/java/security/KeyManagementException.java @@ -0,0 +1,93 @@ +/* KeyManagementException.java -- an exception in key management + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown whenever a problem related to the management of + * security keys is encountered. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Key + * @status updated to 1.4 + */ +public class KeyManagementException extends KeyException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 947674216157062695L; + + /** + * Create a new instance with no descriptive error message. + */ + public KeyManagementException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public KeyManagementException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public KeyManagementException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public KeyManagementException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/KeyPair.java b/libjava/classpath/java/security/KeyPair.java new file mode 100644 index 000000000..bf1a40a23 --- /dev/null +++ b/libjava/classpath/java/security/KeyPair.java @@ -0,0 +1,87 @@ +/* KeyPair.java --- Key Pair Class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; +import java.io.Serializable; + +/** + KeyPair serves as a simple container for public and private keys. + If properly initialized, this class should be treated like the + private key since it contains it and take approriate security + measures. + + @author Mark Benvenuto + */ +public final class KeyPair implements Serializable +{ + private static final long serialVersionUID = -7565189502268009837L; + + private PublicKey publicKey; + private PrivateKey privateKey; + + /** + Initializes the KeyPair with a pubilc and private key. + + @param publicKey Public Key to store + @param privateKey Private Key to store + */ + public KeyPair(PublicKey publicKey, PrivateKey privateKey) + { + this.publicKey = publicKey; + this.privateKey = privateKey; + } + + /** + Returns the public key stored in the KeyPair + + @return The public key + */ + public PublicKey getPublic() + { + return publicKey; + } + + /** + Returns the private key stored in the KeyPair + + @return The private key + */ + public PrivateKey getPrivate() + { + return privateKey; + } +} diff --git a/libjava/classpath/java/security/KeyPairGenerator.java b/libjava/classpath/java/security/KeyPairGenerator.java new file mode 100644 index 000000000..5e6bb1a3c --- /dev/null +++ b/libjava/classpath/java/security/KeyPairGenerator.java @@ -0,0 +1,313 @@ +/* KeyPairGenerator.java --- Key Pair Generator Class + Copyright (C) 1999, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.spec.AlgorithmParameterSpec; + +/** + * KeyPairGenerator is a class used to generate key-pairs for a + * security algorithm. + * + *

The KeyPairGenerator is created with the + * getInstance() Factory methods. It is used to generate a pair of + * public and private keys for a specific algorithm and associate this key-pair + * with the algorithm parameters it was initialized with.

+ * + * @see KeyPair + * @see AlgorithmParameterSpec + * @author Mark Benvenuto + * @author Casey Marshall + */ +public abstract class KeyPairGenerator extends KeyPairGeneratorSpi +{ + /** The service name for key pair generators. */ + private static final String KEY_PAIR_GENERATOR = "KeyPairGenerator"; + + Provider provider; + private String algorithm; + + /** + * Constructs a new instance of KeyPairGenerator. + * + * @param algorithm + * the algorithm to use. + */ + protected KeyPairGenerator(String algorithm) + { + this.algorithm = algorithm; + this.provider = null; + } + + /** + * Returns the name of the algorithm used. + * + * @return the name of the algorithm used. + */ + public String getAlgorithm() + { + return algorithm; + } + + /** + * Returns a new instance of KeyPairGenerator which generates + * key-pairs for the specified algorithm. + * + * @param algorithm the name of the algorithm to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static KeyPairGenerator getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new instance of KeyPairGenerator which generates + * key-pairs for the specified algorithm from a named provider. + * + * @param algorithm the name of the algorithm to use. + * @param provider the name of a {@link Provider} to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either algorithm or + * provider is null or empty. + */ + public static KeyPairGenerator getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new instance of KeyPairGenerator which generates + * key-pairs for the specified algorithm from a designated {@link Provider}. + * + * @param algorithm + * the name of the algorithm to use. + * @param provider + * the {@link Provider} to use. + * @return a new insatnce repesenting the desired algorithm. + * @throws NoSuchAlgorithmException + * if the algorithm is not implemented by the {@link Provider}. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + * @since 1.4 + * @see Provider + */ + public static KeyPairGenerator getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("KeyPairGenerator for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] "); + Object o; + try + { + o = Engine.getInstance(KEY_PAIR_GENERATOR, algorithm, provider); + } + catch (InvocationTargetException x) + { + Throwable cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + sb.append("could not be created"); + NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString()); + y.initCause(cause); + throw y; + } + KeyPairGenerator result; + if (o instanceof KeyPairGenerator) + { + result = (KeyPairGenerator) o; + result.algorithm = algorithm; + } + else if (o instanceof KeyPairGeneratorSpi) + result = new DummyKeyPairGenerator((KeyPairGeneratorSpi) o, algorithm); + else + { + sb.append("is of an unexpected Type: ").append(o.getClass().getName()); + throw new NoSuchAlgorithmException(sb.toString()); + } + result.provider = provider; + return result; + } + + /** + * Returns the {@link Provider} of this instance. + * + * @return the {@link Provider} of this instance. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initializes this instance for the specified key size. Since no source of + * randomness is specified, a default one will be used. + * + * @param keysize + * the size of keys to use. + */ + public void initialize(int keysize) + { + initialize(keysize, new SecureRandom()); + } + + /** + * Initializes this instance for the specified key size and + * {@link SecureRandom}. + * + * @param keysize + * the size of keys to use. + * @param random + * the {@link SecureRandom} to use. + * @since 1.2 + */ + public void initialize(int keysize, SecureRandom random) + { + } + + /** + * Initializes this instance with the specified + * {@link AlgorithmParameterSpec}. Since no source of randomness is specified, + * a default one will be used. + * + * @param params + * the {@link AlgorithmParameterSpec} to use. + * @throws InvalidAlgorithmParameterException + * if the designated specifications are invalid. + * @since 1.2 + */ + public void initialize(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException + { + initialize(params, new SecureRandom()); + } + + /** + * Initializes this instance with the specified {@link AlgorithmParameterSpec} + * and {@link SecureRandom}. + * + * @param params + * the {@link AlgorithmParameterSpec} to use. + * @param random + * the {@link SecureRandom} to use. + * @throws InvalidAlgorithmParameterException + * if the designated specifications are invalid. + * @since 1.2 + */ + public void initialize(AlgorithmParameterSpec params, SecureRandom random) + throws InvalidAlgorithmParameterException + { + super.initialize(params, random); + } + + /** + * Generates a new "DSA" {@link KeyPair} from the "GNU" security provider. + * + *

This method generates a unique key-pair each time it is called.

+ * + * @return a new unique {@link KeyPair}. + * @see #generateKeyPair() + * @since 1.2 + */ + public final KeyPair genKeyPair() + { + try + { + return getInstance("DSA", "GNU").generateKeyPair(); + } + catch (Exception e) + { + System.err.println("genKeyPair failed: " + e); + e.printStackTrace(); + return null; + } + } + + /** + * Generates a new "DSA" {@link KeyPair} from the "GNU" security provider. + * + *

This method generates a unique key pair each time it is called.

+ * + * @return a new unique {@link KeyPair}. + * @see #genKeyPair() + */ + public KeyPair generateKeyPair() + { + return genKeyPair(); + } +} diff --git a/libjava/classpath/java/security/KeyPairGeneratorSpi.java b/libjava/classpath/java/security/KeyPairGeneratorSpi.java new file mode 100644 index 000000000..1eaad9832 --- /dev/null +++ b/libjava/classpath/java/security/KeyPairGeneratorSpi.java @@ -0,0 +1,102 @@ +/* KeyPairGeneratorSpi.java --- Key Pair Generator SPI Class + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; +import java.security.spec.AlgorithmParameterSpec; + +/** + KeyPairGeneratorSpi is the interface used to generate key pairs + for security algorithms. + + @author Mark Benvenuto + */ +public abstract class KeyPairGeneratorSpi +{ + /** + Constructs a new KeyPairGeneratorSpi + */ + public KeyPairGeneratorSpi() + { + } + + /** + Initialize the KeyPairGeneratorSpi with the specified + key size and source of randomness + + @param keysize size of the key to generate + @param random A SecureRandom source of randomness + */ + public abstract void initialize(int keysize, SecureRandom random); + + /** + Initialize the KeyPairGeneratorSpi with the specified + AlgorithmParameterSpec and source of randomness + + This is a concrete method. It may be overridden by the provider + and if the AlgorithmParameterSpec class is invalid + throw InvalidAlgorithmParameterException. By default this + method just throws UnsupportedOperationException. + + @param params A AlgorithmParameterSpec to intialize with + @param random A SecureRandom source of randomness + + @throws InvalidAlgorithmParameterException + */ + public void initialize(AlgorithmParameterSpec params, SecureRandom random) + throws InvalidAlgorithmParameterException + { + throw new java.lang.UnsupportedOperationException(); + } + + /** + Generates a KeyPair according the rules for the algorithm. + Unless intialized, algorithm defaults will be used. It + creates a unique key pair each time. + + @return a key pair + */ + public abstract KeyPair generateKeyPair(); + + /** + * We override clone here to make it accessible for use by + * DummyKeyPairGenerator. + */ + protected Object clone() throws CloneNotSupportedException + { + return super.clone(); + } +} diff --git a/libjava/classpath/java/security/KeyStore.java b/libjava/classpath/java/security/KeyStore.java new file mode 100644 index 000000000..b7a0e2ab1 --- /dev/null +++ b/libjava/classpath/java/security/KeyStore.java @@ -0,0 +1,503 @@ +/* KeyStore.java --- Key Store Class + Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.security.Engine; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.lang.reflect.InvocationTargetException; +import java.security.cert.CertificateException; +import java.util.Date; +import java.util.Enumeration; + +/** + * Keystore represents an in-memory collection of keys and + * certificates. There are two types of entries: + * + *
+ *
Key Entry
+ * + *

This type of keystore entry store sensitive crytographic key + * information in a protected format.Typically this is a secret + * key or a private key with a certificate chain.

+ * + *
Trusted Ceritificate Entry
+ * + *

This type of keystore entry contains a single public key + * certificate belonging to annother entity. It is called trusted + * because the keystore owner trusts that the certificates + * belongs to the subject (owner) of the certificate.

+ *
+ * + *

Entries in a key store are referred to by their "alias": a simple + * unique string. + * + *

The structure and persistentence of the key store is not + * specified. Any method could be used to protect sensitive + * (private or secret) keys. Smart cards or integrated + * cryptographic engines could be used or the keystore could + * be simply stored in a file.

+ * + * @see java.security.cert.Certificate + * @see Key + */ +public class KeyStore +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for key stores. */ + private static final String KEY_STORE = "KeyStore"; + + private KeyStoreSpi keyStoreSpi; + private Provider provider; + private String type; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + Creates an instance of KeyStore + + @param keyStoreSpi A KeyStore engine to use + @param provider A provider to use + @param type The type of KeyStore + */ + protected KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type) + { + this.keyStoreSpi = keyStoreSpi; + this.provider = provider; + this.type = type; + } + + /** + * Returns an instance of a KeyStore representing the specified + * type, from the first provider that implements it. + * + * @param type the type of keystore to create. + * @return a KeyStore repesenting the desired type. + * @throws KeyStoreException if the designated type of is not implemented by + * any provider, or the implementation could not be instantiated. + * @throws IllegalArgumentException if type is + * null or is an empty string. + */ + public static KeyStore getInstance(String type) throws KeyStoreException + { + Provider[] p = Security.getProviders(); + KeyStoreException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(type, p[i]); + } + catch (KeyStoreException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new KeyStoreException(type); + } + + /** + * Returns an instance of a KeyStore representing the specified + * type, from the named provider. + * + * @param type the type of keystore to create. + * @param provider the name of the provider to use. + * @return a KeyStore repesenting the desired type. + * @throws KeyStoreException if the designated type is not implemented by the + * given provider. + * @throws NoSuchProviderException if the provider is not found. + * @throws IllegalArgumentException if either type or + * provider is null or empty. + */ + public static KeyStore getInstance(String type, String provider) + throws KeyStoreException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(type, p); + } + + /** + * Returns an instance of a KeyStore representing the specified + * type, from the specified provider. + * + * @param type the type of keystore to create. + * @param provider the provider to use. + * @return a KeyStore repesenting the desired type. + * @throws KeyStoreException if the designated type is not implemented by the + * given provider. + * @throws IllegalArgumentException if either type or + * provider is null, or if + * type is an empty string. + * @since 1.4 + */ + public static KeyStore getInstance(String type, Provider provider) + throws KeyStoreException + { + Throwable cause; + try + { + Object spi = Engine.getInstance(KEY_STORE, type, provider); + return new KeyStore((KeyStoreSpi) spi, provider, type); + } + catch (NoSuchAlgorithmException x) + { + cause = x; + } + catch (InvocationTargetException x) + { + cause = x.getCause() != null ? x.getCause() : x; + } + catch (ClassCastException x) + { + cause = x; + } + KeyStoreException x = new KeyStoreException(type); + x.initCause(cause); + throw x; + } + + /** + * Returns the default KeyStore type. This method looks up the + * type in <JAVA_HOME>/lib/security/java.security with the + * property "keystore.type" or if that fails then "gkr" . + */ + public static final String getDefaultType() + { + // Security reads every property in java.security so it + // will return this property if it exists. + String tmp = Security.getProperty("keystore.type"); + + if (tmp == null) + tmp = "gkr"; + + return tmp; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + Gets the provider that the class is from. + + @return the provider of this class + */ + public final Provider getProvider() + { + return provider; + } + + /** + Returns the type of the KeyStore supported + + @return A string with the type of KeyStore + */ + public final String getType() + { + return type; + } + + /** + Returns the key associated with given alias using the + supplied password. + + @param alias an alias for the key to get + @param password password to access key with + + @return the requested key, or null otherwise + + @throws NoSuchAlgorithmException if there is no algorithm + for recovering the key + @throws UnrecoverableKeyException key cannot be reocovered + (wrong password). + */ + public final Key getKey(String alias, char[]password) + throws KeyStoreException, NoSuchAlgorithmException, + UnrecoverableKeyException + { + return keyStoreSpi.engineGetKey(alias, password); + } + + /** + Gets a Certificate chain for the specified alias. + + @param alias the alias name + + @return a chain of Certificates ( ordered from the user's + certificate to the Certificate Authority's ) or + null if the alias does not exist or there is no + certificate chain for the alias ( the alias refers + to a trusted certificate entry or there is no entry). + */ + public final java.security.cert. + Certificate[] getCertificateChain(String alias) throws KeyStoreException + { + return keyStoreSpi.engineGetCertificateChain(alias); + } + + /** + Gets a Certificate for the specified alias. + + If there is a trusted certificate entry then that is returned. + it there is a key entry with a certificate chain then the + first certificate is return or else null. + + @param alias the alias name + + @return a Certificate or null if the alias does not exist + or there is no certificate for the alias + */ + public final java.security.cert.Certificate getCertificate(String alias) + throws KeyStoreException + { + return keyStoreSpi.engineGetCertificate(alias); + } + + /** + Gets entry creation date for the specified alias. + + @param alias the alias name + + @returns the entry creation date or null + */ + public final Date getCreationDate(String alias) throws KeyStoreException + { + return keyStoreSpi.engineGetCreationDate(alias); + } + + /** + Assign the key to the alias in the keystore, protecting it + with the given password. It will overwrite an existing + entry and if the key is a PrivateKey, also add the + certificate chain representing the corresponding public key. + + @param alias the alias name + @param key the key to add + @password the password to protect with + @param chain the certificate chain for the corresponding + public key + + @throws KeyStoreException if it fails + */ + public final void setKeyEntry(String alias, Key key, char[]password, + java.security.cert. + Certificate[]chain) throws KeyStoreException + { + keyStoreSpi.engineSetKeyEntry(alias, key, password, chain); + } + + /** + Assign the key to the alias in the keystore. It will overwrite + an existing entry and if the key is a PrivateKey, also + add the certificate chain representing the corresponding + public key. + + @param alias the alias name + @param key the key to add + @param chain the certificate chain for the corresponding + public key + + @throws KeyStoreException if it fails + */ + public final void setKeyEntry(String alias, byte[]key, + java.security.cert. + Certificate[]chain) throws KeyStoreException + { + keyStoreSpi.engineSetKeyEntry(alias, key, chain); + } + + /** + Assign the certificate to the alias in the keystore. It + will overwrite an existing entry. + + @param alias the alias name + @param cert the certificate to add + + @throws KeyStoreException if it fails + */ + public final void setCertificateEntry(String alias, + java.security.cert. + Certificate cert) throws + KeyStoreException + { + keyStoreSpi.engineSetCertificateEntry(alias, cert); + } + + /** + Deletes the entry for the specified entry. + + @param alias the alias name + + @throws KeyStoreException if it fails + */ + public final void deleteEntry(String alias) throws KeyStoreException + { + keyStoreSpi.engineDeleteEntry(alias); + } + + /** + Generates a list of all the aliases in the keystore. + + @return an Enumeration of the aliases + */ + public final Enumeration aliases() throws KeyStoreException + { + return keyStoreSpi.engineAliases(); + } + + /** + Determines if the keystore contains the specified alias. + + @param alias the alias name + + @return true if it contains the alias, false otherwise + */ + public final boolean containsAlias(String alias) throws KeyStoreException + { + return keyStoreSpi.engineContainsAlias(alias); + } + + /** + Returns the number of entries in the keystore. + + @returns the number of keystore entries. + */ + public final int size() throws KeyStoreException + { + return keyStoreSpi.engineSize(); + } + + /** + Determines if the keystore contains a key entry for + the specified alias. + + @param alias the alias name + + @return true if it is a key entry, false otherwise + */ + public final boolean isKeyEntry(String alias) throws KeyStoreException + { + return keyStoreSpi.engineIsKeyEntry(alias); + } + + + /** + Determines if the keystore contains a certificate entry for + the specified alias. + + @param alias the alias name + + @return true if it is a certificate entry, false otherwise + */ + public final boolean isCertificateEntry(String alias) + throws KeyStoreException + { + return keyStoreSpi.engineIsCertificateEntry(alias); + } + + /** + Determines if the keystore contains the specified certificate + entry and returns the alias. + + It checks every entry and for a key entry checks only the + first certificate in the chain. + + @param cert Certificate to look for + + @return alias of first matching certificate, null if it + does not exist. + */ + public final String getCertificateAlias(java.security.cert.Certificate cert) + throws KeyStoreException + { + return keyStoreSpi.engineGetCertificateAlias(cert); + } + + /** + Stores the keystore in the specified output stream and it + uses the specified key it keep it secure. + + @param stream the output stream to save the keystore to + @param password the password to protect the keystore integrity with + + @throws IOException if an I/O error occurs. + @throws NoSuchAlgorithmException the data integrity algorithm + used cannot be found. + @throws CertificateException if any certificates could not be + stored in the output stream. + */ + public final void store(OutputStream stream, char[]password) + throws KeyStoreException, IOException, NoSuchAlgorithmException, + CertificateException + { + keyStoreSpi.engineStore(stream, password); + } + + /** + Loads the keystore from the specified input stream and it + uses the specified password to check for integrity if supplied. + + @param stream the input stream to load the keystore from + @param password the password to check the keystore integrity with + + @throws IOException if an I/O error occurs. + @throws NoSuchAlgorithmException the data integrity algorithm + used cannot be found. + @throws CertificateException if any certificates could not be + stored in the output stream. + */ + public final void load(InputStream stream, char[]password) + throws IOException, NoSuchAlgorithmException, CertificateException + { + keyStoreSpi.engineLoad(stream, password); + } + +} diff --git a/libjava/classpath/java/security/KeyStoreException.java b/libjava/classpath/java/security/KeyStoreException.java new file mode 100644 index 000000000..62f906e6e --- /dev/null +++ b/libjava/classpath/java/security/KeyStoreException.java @@ -0,0 +1,92 @@ +/* KeyStoreException.java -- Indicates a problem with the key store + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Indicates a problem with the key store. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.2 + * @status updated to 1.4 + */ +public class KeyStoreException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = -1119353179322377262L; + + /** + * Create a new instance detailed error message. + */ + public KeyStoreException() + { + } + + /** + * Create a new instance with a detailed error message. + * + * @param msg the descriptive error message + */ + public KeyStoreException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public KeyStoreException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public KeyStoreException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/KeyStoreSpi.java b/libjava/classpath/java/security/KeyStoreSpi.java new file mode 100644 index 000000000..b44bd84a8 --- /dev/null +++ b/libjava/classpath/java/security/KeyStoreSpi.java @@ -0,0 +1,275 @@ +/* KeyStoreSpi.java --- Key Store Service Provider Interface + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.cert.CertificateException; +import java.util.Date; +import java.util.Enumeration; + +/** + * KeyStoreSpi is the Service Provider Interface (SPI) for the + * KeyStore class. This is the interface for providers to + * supply to implement a keystore for a particular keystore + * type. + * + * @since 1.2 + * @author Mark Benvenuto + */ +public abstract class KeyStoreSpi +{ + /** + * Constructs a new KeyStoreSpi + */ + public KeyStoreSpi() + { + } + + /** + * Returns the key associated with given alias using the + * supplied password. + * + * @param alias an alias for the key to get + * @param password password to access key with + * + * @return the requested key, or null otherwise + * + * @throws NoSuchAlgorithmException if there is no algorithm + * for recovering the key + * @throws UnrecoverableKeyException key cannot be reocovered + * (wrong password). + */ + public abstract Key engineGetKey(String alias, char[]password) + throws NoSuchAlgorithmException, UnrecoverableKeyException; + + /** + * Gets a Certificate chain for the specified alias. + * + * @param alias the alias name + * + * @return a chain of Certificates ( ordered from the user's + * certificate to the Certificate Authority's ) or + * null if the alias does not exist or there is no + * certificate chain for the alias ( the alias refers + * to a trusted certificate entry or there is no entry). + */ + public abstract java.security.cert. + Certificate[] engineGetCertificateChain(String alias); + + + /** + * Gets a Certificate for the specified alias. + * + * If there is a trusted certificate entry then that is returned. + * it there is a key entry with a certificate chain then the + * first certificate is return or else null. + * + * @param alias the alias name + * + * @return a Certificate or null if the alias does not exist + * or there is no certificate for the alias + */ + public abstract java.security.cert. + Certificate engineGetCertificate(String alias); + + /** + * Gets entry creation date for the specified alias. + * + * @param alias the alias name + * + * @returns the entry creation date or null + */ + public abstract Date engineGetCreationDate(String alias); + + /** + * Assign the key to the alias in the keystore, protecting it + * with the given password. It will overwrite an existing + * entry and if the key is a PrivateKey, also add the + * certificate chain representing the corresponding public key. + * + * @param alias the alias name + * @param key the key to add + * @password the password to protect with + * @param chain the certificate chain for the corresponding + * public key + * + * @throws KeyStoreException if it fails + */ + public abstract void engineSetKeyEntry(String alias, Key key, + char[]password, + java.security.cert. + Certificate[]chain) throws + KeyStoreException; + + /** + * Assign the key to the alias in the keystore. It will overwrite + * an existing entry and if the key is a PrivateKey, also + * add the certificate chain representing the corresponding + * public key. + * + * @param alias the alias name + * @param key the key to add + * @param chain the certificate chain for the corresponding + * public key + * + * @throws KeyStoreException if it fails + */ + public abstract void engineSetKeyEntry(String alias, byte[]key, + java.security.cert. + Certificate[]chain) throws + KeyStoreException; + + + /** + * Assign the certificate to the alias in the keystore. It + * will overwrite an existing entry. + * + * @param alias the alias name + * @param cert the certificate to add + * + * @throws KeyStoreException if it fails + */ + public abstract void engineSetCertificateEntry(String alias, + java.security.cert. + Certificate cert) throws + KeyStoreException; + + /** + * Deletes the entry for the specified entry. + * + * @param alias the alias name + * + * @throws KeyStoreException if it fails + */ + public abstract void engineDeleteEntry(String alias) + throws KeyStoreException; + + /** + * Generates a list of all the aliases in the keystore. + * + * @return an Enumeration of the aliases + */ + public abstract Enumeration engineAliases(); + + /** + * Determines if the keystore contains the specified alias. + * + * @param alias the alias name + * + * @return true if it contains the alias, false otherwise + */ + public abstract boolean engineContainsAlias(String alias); + + /** + * Returns the number of entries in the keystore. + * + * @returns the number of keystore entries. + */ + public abstract int engineSize(); + + /** + * Determines if the keystore contains a key entry for + * the specified alias. + * + * @param alias the alias name + * + * @return true if it is a key entry, false otherwise + */ + public abstract boolean engineIsKeyEntry(String alias); + + /** + * Determines if the keystore contains a certificate entry for + * the specified alias. + * + * @param alias the alias name + * + * @return true if it is a certificate entry, false otherwise + */ + public abstract boolean engineIsCertificateEntry(String alias); + + /** + * Determines if the keystore contains the specified certificate + * entry and returns the alias. + * + * It checks every entry and for a key entry checks only the + * first certificate in the chain. + * + * @param cert Certificate to look for + * + * @return alias of first matching certificate, null if it + * does not exist. + */ + public abstract String engineGetCertificateAlias(java.security.cert. + Certificate cert); + + /** + * Stores the keystore in the specified output stream and it + * uses the specified key it keep it secure. + * + * @param stream the output stream to save the keystore to + * @param password the password to protect the keystore integrity with + * + * @throws IOException if an I/O error occurs. + * @throws NoSuchAlgorithmException the data integrity algorithm + * used cannot be found. + * @throws CertificateException if any certificates could not be + * stored in the output stream. + */ + public abstract void engineStore(OutputStream stream, char[]password) + throws IOException, NoSuchAlgorithmException, CertificateException; + + + /** + * Loads the keystore from the specified input stream and it + * uses the specified password to check for integrity if supplied. + * + * @param stream the input stream to load the keystore from + * @param password the password to check the keystore integrity with + * + * @throws IOException if an I/O error occurs. + * @throws NoSuchAlgorithmException the data integrity algorithm + * used cannot be found. + * @throws CertificateException if any certificates could not be + * stored in the output stream. + */ + public abstract void engineLoad(InputStream stream, char[]password) + throws IOException, NoSuchAlgorithmException, CertificateException; +} diff --git a/libjava/classpath/java/security/MessageDigest.java b/libjava/classpath/java/security/MessageDigest.java new file mode 100644 index 000000000..a4eeab447 --- /dev/null +++ b/libjava/classpath/java/security/MessageDigest.java @@ -0,0 +1,382 @@ +/* MessageDigest.java --- The message digest interface. + Copyright (C) 1999, 2002, 2003, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; +import java.nio.ByteBuffer; + +import java.lang.reflect.InvocationTargetException; + +/** + * Message digests are secure one-way hash functions that take arbitrary-sized + * data and output a fixed-length hash value. + * + * @see MessageDigestSpi + * @since JDK 1.1 + */ +public abstract class MessageDigest extends MessageDigestSpi +{ + /** The service name for message digests. */ + private static final String MESSAGE_DIGEST = "MessageDigest"; + + private String algorithm; + Provider provider; + private byte[] lastDigest; + + /** + * Constructs a new instance of MessageDigest representing the + * specified algorithm. + * + * @param algorithm + * the name of the digest algorithm to use. + */ + protected MessageDigest(String algorithm) + { + this.algorithm = algorithm; + provider = null; + } + + /** + * Returns a new instance of MessageDigest representing the + * specified algorithm. + * + * @param algorithm the name of the digest algorithm to use. + * @return a new instance representing the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static MessageDigest getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns a new instance of MessageDigest representing the + * specified algorithm from a named provider. + * + * @param algorithm the name of the digest algorithm to use. + * @param provider the name of the provider to use. + * @return a new instance representing the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws NoSuchProviderException if the named provider was not found. + * @throws IllegalArgumentException if either algorithm or + * provider is null or empty. + */ + public static MessageDigest getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns a new instance of MessageDigest representing the + * specified algorithm from a designated {@link Provider}. + * + * @param algorithm the name of the digest algorithm to use. + * @param provider the {@link Provider} to use. + * @return a new instance representing the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by + * {@link Provider}. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + * @since 1.4 + * @see Provider + */ + public static MessageDigest getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("MessageDigest for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] "); + Object o; + try + { + o = Engine.getInstance(MESSAGE_DIGEST, algorithm, provider); + } + catch (InvocationTargetException x) + { + Throwable cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + sb.append("could not be created"); + NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString()); + y.initCause(cause); + throw y; + } + MessageDigest result; + if (o instanceof MessageDigestSpi) + result = new DummyMessageDigest((MessageDigestSpi) o, algorithm); + else if (o instanceof MessageDigest) + { + result = (MessageDigest) o; + result.algorithm = algorithm; + } + else + { + sb.append("is of an unexpected Type: ").append(o.getClass().getName()); + throw new NoSuchAlgorithmException(sb.toString()); + } + result.provider = provider; + return result; + } + + /** + * Returns the {@link Provider} of this instance. + * + * @return the {@link Provider} of this instance. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Updates the digest with the byte. + * + * @param input byte to update the digest with. + */ + public void update(byte input) + { + engineUpdate(input); + } + + /** + * Updates the digest with the bytes from the array starting from the + * specified offset and using the specified length of bytes. + * + * @param input + * bytes to update the digest with. + * @param offset + * the offset to start at. + * @param len + * length of the data to update with. + */ + public void update(byte[] input, int offset, int len) + { + engineUpdate(input, offset, len); + } + + /** + * Updates the digest with the bytes of an array. + * + * @param input bytes to update the digest with. + */ + public void update(byte[] input) + { + engineUpdate(input, 0, input.length); + } + + /** + * Updates the digest with the remaining bytes of a buffer. + * + * @param input The input byte buffer. + * @since 1.5 + */ + public final void update (ByteBuffer input) + { + engineUpdate (input); + } + + /** + * Computes the final digest of the stored data. + * + * @return a byte array representing the message digest. + */ + public byte[] digest() + { + return lastDigest = engineDigest(); + } + + /** + * Computes the final digest of the stored bytes and returns the result. + * + * @param buf + * an array of bytes to store the result in. + * @param offset + * an offset to start storing the result at. + * @param len + * the length of the buffer. + * @return Returns the length of the buffer. + */ + public int digest(byte[] buf, int offset, int len) throws DigestException + { + return engineDigest(buf, offset, len); + } + + /** + * Computes a final update using the input array of bytes, then computes a + * final digest and returns it. It calls {@link #update(byte[])} and then + * {@link #digest(byte[])}. + * + * @param input + * an array of bytes to perform final update with. + * @return a byte array representing the message digest. + */ + public byte[] digest(byte[] input) + { + update(input); + return digest(); + } + + /** + * Returns a string representation of this instance. + * + * @return a string representation of this instance. + */ + public String toString() + { + return (getClass()).getName() + " Message Digest <" + digestToString() + ">"; + } + + /** + * Does a simple byte comparison of the two digests. + * + * @param digesta + * first digest to compare. + * @param digestb + * second digest to compare. + * @return true if both are equal, false + * otherwise. + */ + public static boolean isEqual(byte[] digesta, byte[] digestb) + { + if (digesta.length != digestb.length) + return false; + + for (int i = digesta.length - 1; i >= 0; --i) + if (digesta[i] != digestb[i]) + return false; + + return true; + } + + /** Resets this instance. */ + public void reset() + { + engineReset(); + } + + /** + * Returns the name of message digest algorithm. + * + * @return the name of message digest algorithm. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns the length of the message digest. The default is zero which means + * that the concrete implementation does not implement this method. + * + * @return length of the message digest. + * @since 1.2 + */ + public final int getDigestLength() + { + return engineGetDigestLength(); + } + + /** + * Returns a clone of this instance if cloning is supported. If it does not + * then a {@link CloneNotSupportedException} is thrown. Cloning depends on + * whether the subclass {@link MessageDigestSpi} implements {@link Cloneable} + * which contains the actual implementation of the appropriate algorithm. + * + * @return a clone of this instance. + * @throws CloneNotSupportedException + * the implementation does not support cloning. + */ + public Object clone() throws CloneNotSupportedException + { + return super.clone(); + } + + private String digestToString() + { + byte[] digest = lastDigest; + + if (digest == null) + return "incomplete"; + + CPStringBuilder buf = new CPStringBuilder(); + int len = digest.length; + for (int i = 0; i < len; ++i) + { + byte b = digest[i]; + byte high = (byte) ((b & 0xff) >>> 4); + byte low = (byte) (b & 0xf); + + buf.append(high > 9 ? ('a' - 10) + high : '0' + high); + buf.append(low > 9 ? ('a' - 10) + low : '0' + low); + } + + return buf.toString(); + } +} diff --git a/libjava/classpath/java/security/MessageDigestSpi.java b/libjava/classpath/java/security/MessageDigestSpi.java new file mode 100644 index 000000000..63cc96047 --- /dev/null +++ b/libjava/classpath/java/security/MessageDigestSpi.java @@ -0,0 +1,174 @@ +/* MessageDigestSpi.java --- The message digest service provider interface. + Copyright (C) 1999, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.nio.ByteBuffer; + +/** + This is the Service Provider Interface (SPI) for MessageDigest + class in java.security. It provides the back end functionality + for the MessageDigest class so that it can compute message + hashes. The default hashes are SHA-1 and MD5. A message hash + takes data of arbitrary length and produces a unique number + representing it. + + Cryptography service providers who want to implement their + own message digest hashes need only to subclass this class. + + The implementation of a Cloneable interface is left to up to + the programmer of a subclass. + + @version 0.0 + + @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public abstract class MessageDigestSpi +{ + /** + Default constructor of the MessageDigestSpi class + */ + public MessageDigestSpi() + { + } + + /** + Returns the length of the digest. It may be overridden by the + provider to return the length of the digest. Default is to + return 0. It is concrete for backwards compatibility with JDK1.1 + message digest classes. + + @return Length of Digest in Bytes + + @since 1.2 + */ + protected int engineGetDigestLength() + { + return 0; + } + + /** + Updates the digest with the specified byte. + + @param input the byte to update digest with + */ + protected abstract void engineUpdate(byte input); + + + /** + Updates the digest with the specified bytes starting with the + offset and proceeding for the specified length. + + @param input the byte array to update digest with + @param offset the offset of the byte to start with + @param len the number of the bytes to update with + */ + protected abstract void engineUpdate(byte[]input, int offset, int len); + + /** + * Updates this digest with the remaining bytes of a byte buffer. + * + * @param input The input buffer. + * @since 1.5 + */ + protected void engineUpdate (ByteBuffer input) + { + byte[] buf = new byte[1024]; + while (input.hasRemaining()) + { + int n = Math.min(input.remaining(), buf.length); + input.get (buf, 0, n); + engineUpdate (buf, 0, n); + } + } + + /** + Computes the final digest of the stored bytes and returns + them. It performs any necessary padding. The message digest + should reset sensitive data after performing the digest. + + @return An array of bytes containing the digest + */ + protected abstract byte[] engineDigest(); + + /** + Computes the final digest of the stored bytes and returns + them. It performs any necessary padding. The message digest + should reset sensitive data after performing the digest. This + method is left concrete for backwards compatibility with JDK1.1 + message digest classes. + + @param buf An array of bytes to store the digest + @param offset An offset to start storing the digest at + @param len The length of the buffer + @return Returns the length of the buffer + + @since 1.2 + */ + protected int engineDigest(byte[]buf, int offset, int len) + throws DigestException + { + if (engineGetDigestLength() > len) + throw new DigestException("Buffer is too small."); + + byte[] tmp = engineDigest(); + if (tmp.length > len) + throw new DigestException("Buffer is too small"); + + System.arraycopy(tmp, 0, buf, offset, tmp.length); + return tmp.length; + } + + /** + Resets the digest engine. Reinitializes internal variables + and clears sensitive data. + */ + protected abstract void engineReset(); + + /** + Returns a clone of this class. + + If cloning is not supported, then by default the class throws a + CloneNotSupportedException. The MessageDigestSpi provider + implementation has to overload this class in order to be + cloneable. + */ + public Object clone() throws CloneNotSupportedException + { + return super.clone(); + } +} diff --git a/libjava/classpath/java/security/NoSuchAlgorithmException.java b/libjava/classpath/java/security/NoSuchAlgorithmException.java new file mode 100644 index 000000000..518f2f726 --- /dev/null +++ b/libjava/classpath/java/security/NoSuchAlgorithmException.java @@ -0,0 +1,92 @@ +/* NoSuchAlgorithmException.java -- an algorithm was not available + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when the requested security algorithm is + * not available + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class NoSuchAlgorithmException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -7443947487218346562L; + + /** + * Create a new instance with no descriptive error message. + */ + public NoSuchAlgorithmException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public NoSuchAlgorithmException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public NoSuchAlgorithmException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public NoSuchAlgorithmException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/NoSuchProviderException.java b/libjava/classpath/java/security/NoSuchProviderException.java new file mode 100644 index 000000000..bd26df5ef --- /dev/null +++ b/libjava/classpath/java/security/NoSuchProviderException.java @@ -0,0 +1,70 @@ +/* NoSuchProviderException.java -- thrown when a provider is not found + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when the requested security provider is + * not available. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class NoSuchProviderException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 8488111756688534474L; + + /** + * Create a new instance with no descriptive error message. + */ + public NoSuchProviderException() + { + } + + /** + * Create a new instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public NoSuchProviderException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/Permission.java b/libjava/classpath/java/security/Permission.java new file mode 100644 index 000000000..cf6399b16 --- /dev/null +++ b/libjava/classpath/java/security/Permission.java @@ -0,0 +1,202 @@ +/* Permission.java -- The superclass for all permission objects + Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import java.io.Serializable; + +/** + * This class is the abstract superclass of all classes that implement + * the concept of a permission. A permission consists of a permission name + * and optionally a list of actions that relate to the permission. The + * actual meaning of the name of the permission is defined only in the + * context of a subclass. It may name a resource to which access permissions + * are granted (for example, the name of a file) or it might represent + * something else entirely. Similarly, the action list only has meaning + * within the context of a subclass. Some permission names may have no + * actions associated with them. That is, you either have the permission + * or you don't. + * + *

The most important method in this class is implies. This + * checks whether if one has this permission, then the specified + * permission is also implied. As a conceptual example, consider the + * permissions "Read All Files" and "Read File foo". The permission + * "Read All Files" implies that the caller has permission to read the + * file foo. + * + *

Permission's must be immutable - do not change their + * state after creation. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Permissions + * @see PermissionCollection + * @since 1.1 + * @status updated to 1.4 + */ +public abstract class Permission implements Guard, Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -5636570222231596674L; + + /** + * This is the name assigned to this permission object. + * + * @serial the name of the permission + */ + private String name; + + /** + * Create an instance with the specified name. + * + * @param name the permission name + */ + public Permission(String name) + { + this.name = name; + } + + /** + * This method implements the Guard interface for this class. + * It calls the checkPermission method in + * SecurityManager with this Permission as its + * argument. This method returns silently if the security check succeeds + * or throws an exception if it fails. + * + * @param obj the Object being guarded - ignored by this class + * @throws SecurityException if the security check fails + * @see GuardedObject + * @see SecurityManager#checkPermission(Permission) + */ + public void checkGuard(Object obj) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(this); + } + + /** + * This method tests whether this Permission implies that the + * specified Permission is also granted. + * + * @param perm the Permission to test against + * @return true if perm is implied by this + */ + public abstract boolean implies(Permission perm); + + /** + * Check to see if this object equals obj. Use implies, rather + * than equals, when making access control decisions. + * + * @param obj the object to compare to + */ + public abstract boolean equals(Object obj); + + /** + * This method returns a hash code for this Permission. It + * must satisfy the contract of Object.hashCode: it must be + * the same for all objects that equals considers to be the same. + * + * @return a hash value + */ + public abstract int hashCode(); + + /** + * Get the name of this Permission. + * + * @return the name + */ + public final String getName() + { + return name; + } + + /** + * This method returns the list of actions for this Permission + * as a String. The string should be in canonical order, for + * example, both new FilePermission(f, "write,read") and + * new FilePermission(f, "read,write") have the action list + * "read,write". + * + * @return the action list for this Permission + */ + public abstract String getActions(); + + /** + * This method returns an empty PermissionCollection object + * that can store permissions of this type, or null if no + * such collection is defined. Subclasses must override this to provide + * an appropriate collection when one is needed to accurately calculate + * implies. + * + * @return a new PermissionCollection + */ + public PermissionCollection newPermissionCollection() + { + return null; + } + + /** + * This method returns a String representation of this + * Permission object. This is in the format: + * '(' + getClass().getName() + ' ' + getName() + ' ' + getActions + * + ')'. + * + * @return this object as a String + */ + public String toString() + { + CPStringBuilder string = new CPStringBuilder(); + + string = string.append('('); + string = string.append(getClass().getName()); + string = string.append(' '); + string = string.append(getName()); + + if (!(getActions().equals(""))) + { + string = string.append(' '); + string = string.append(getActions()); + } + + string = string.append(')'); + return string.toString(); + } +} // class Permission diff --git a/libjava/classpath/java/security/PermissionCollection.java b/libjava/classpath/java/security/PermissionCollection.java new file mode 100644 index 000000000..ef87cc7e1 --- /dev/null +++ b/libjava/classpath/java/security/PermissionCollection.java @@ -0,0 +1,169 @@ +/* PermissionCollection.java -- A collection of permission objects + Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import java.io.Serializable; +import java.util.Enumeration; + +/** + * This class models a group of Java permissions. It has convenient + * methods for determining whether or not a given permission is implied + * by any of the permissions in this collection. + * + *

Some care must be taken in storing permissions. First, a collection of + * the appropriate type must be created. This is done by calling the + * newPermissionCollection method on an object of the + * permission class you wish to add to the collection. If this method + * returns null, any type of PermissionCollection + * can be used to store permissions of that type. However, if a + * PermissionCollection collection object is returned, that + * type must be used. + * + *

A PermissionCollection returned by the + * newPermissionCollection method in a subclass of + * Permission is a homogeneous collection. It only will + * hold permissions of one specified type - instances of the class that + * created it. Not all PermissionCollection subclasses + * have to hold permissions of only one type however. For example, + * the Permissions class holds permissions of many types. + * + *

Since the newPermissionCollection in Permission + * itself returns null, by default a permission can be stored + * in any type of collection unless it overrides that method to create its + * own collection type. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @see Permission + * @see Permissions + * @since 1.1 + * @status updated to 1.4 + */ +public abstract class PermissionCollection implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -6727011328946861783L; + + /** + * Indicates whether or not this collection is read only. + * + * @serial if the collection is read-only + */ + private boolean readOnly; + + /** + * Create a new collection. + */ + public PermissionCollection() + { + } + + /** + * This method adds a new Permission object to the collection. + * + * @param perm the Permission to add + * + * @throws SecurityException if the collection is marked read only + * @throws IllegalArgumentException if perm is of the wrong type + */ + public abstract void add(Permission perm); + + /** + * This method tests whether the specified Permission object is + * implied by this collection of Permission objects. + * + * @param perm the Permission object to test + * @return true if the collection implies perm + */ + public abstract boolean implies(Permission perm); + + /** + * This method returns an Enumeration of all the objects in + * this collection. + * + * @return an Enumeration of this collection's objects + */ + public abstract Enumeration elements(); + + /** + * This method sets this PermissionCollection object to be + * read only. No further permissions can be added to it after calling this + * method. + */ + public void setReadOnly() + { + readOnly = true; + } + + /** + * This method tests whether or not this PermissionCollection + * object is read only. + * + * @return true if this collection is read only + */ + public boolean isReadOnly() + { + return readOnly; + } + + /** + * This method returns a String representation of this + * collection. It is formed by: + * 

+   * super.toString()" (\n"
+   *   // enumerate all permissions, one per line
+   * ")\n"
+   *
+ * + * @return a String representing this object + */ + public String toString() + { + CPStringBuilder sb = new CPStringBuilder(super.toString()); + + sb.append(" (\n"); + Enumeration e = elements(); + while (e.hasMoreElements()) + sb.append(' ').append(e.nextElement()).append('\n'); + return sb.append(")\n").toString(); + } +} // class PermissionCollection diff --git a/libjava/classpath/java/security/Permissions.java b/libjava/classpath/java/security/Permissions.java new file mode 100644 index 000000000..d814064e0 --- /dev/null +++ b/libjava/classpath/java/security/Permissions.java @@ -0,0 +1,254 @@ +/* Permissions.java -- a collection of permission collections + Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import java.io.Serializable; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.NoSuchElementException; + +/** + * This class is a heterogeneous collection of permissions. It is + * organized as a collection of PermissionCollection's stored + * in a hashtable. Each individual PermissionCollection + * contains permissions of a single type. If a specific type of + * Permission does not provide a collection type to use + * via its newPermissionCollection method, then a default + * collection type which stores its permissions in a hash table will be + * used. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @since 1.1 + */ +public final class Permissions extends PermissionCollection + implements Serializable +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 4858622370623524688L; + + /** + * Holds instances of AllPermission. + * + * @serial the permission collection for AllPermission + */ + private PermissionCollection allPermission; + + // Package-private to avoid a trampoline. + /** + * This is the Hashtable that contains our collections. + * + * @serial maps Class to PermissionCollection + */ + final Hashtable perms = new Hashtable(); + + /** + * This method initializes a new instance of Permissions. + */ + public Permissions() + { + } + + /** + * This method adds a new Permission to this collection. It + * will be stored in a PermissionCollection of the appropriate + * type, as determined by calling newPermissionCollection on + * the specified permission (if an appropriate collection does not already + * exist). If this object does not specify a particular type of collection, + * a default collection, which stores in permissions in a hash table, will + * be used. + * + * @param perm the Permission to add + * @throws SecurityException if this collection is marked as read only + */ + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException("PermissionCollection is read only"); + if (perm instanceof AllPermission) + { + if (allPermission == null) + { + allPermission = perm.newPermissionCollection(); + allPermission.add(perm); + perms.put(perm.getClass(), allPermission); + } + } + else + { + PermissionCollection pc + = (PermissionCollection) perms.get(perm.getClass()); + if (pc == null) + { + pc = perm.newPermissionCollection(); + if (pc == null) + pc = new PermissionsHash(); + perms.put(perm.getClass(), pc); + } + pc.add(perm); + } + } + + /** + * This method tests whether or not the specified Permission + * is implied by this PermissionCollection. + * + * @param perm the Permission to test + * @return true if the specified permission is implied by this + */ + public boolean implies(Permission perm) + { + if (allPermission != null) + return true; + PermissionCollection pc + = (PermissionCollection) perms.get(perm.getClass()); + return pc == null ? false : pc.implies(perm); + } + + /** + * This method returns an Enumeration which contains a + * list of all Permission objects contained in this + * collection. + * + * @return an Enumeration of this collection's elements + */ + public Enumeration elements() + { + return new Enumeration() + { + Enumeration main_enum = perms.elements(); + Enumeration sub_enum; + + public boolean hasMoreElements() + { + if (sub_enum == null) + { + if (main_enum == null) + return false; + if (! main_enum.hasMoreElements()) + { + main_enum = null; + return false; + } + PermissionCollection pc = + (PermissionCollection) main_enum.nextElement(); + sub_enum = pc.elements(); + } + if (! sub_enum.hasMoreElements()) + { + sub_enum = null; + return hasMoreElements(); + } + return true; + } + + public Object nextElement() + { + if (! hasMoreElements()) + throw new NoSuchElementException(); + return sub_enum.nextElement(); + } + }; + } + + /** + * Implements the permission collection for all permissions without one of + * their own, and obeys serialization of JDK. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ + private static final class PermissionsHash extends PermissionCollection + { + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -8491988220802933440L; + + /** + * Hashtable where we store permissions. + * + * @serial the stored permissions, both as key and value + */ + private final Hashtable perms = new Hashtable(); + + /** + * Add a permission. We don't need to check for read-only, as this + * collection is never exposed outside of Permissions, which has already + * done that check. + * + * @param perm the permission to add + */ + public void add(Permission perm) + { + perms.put(perm, perm); + } + + /** + * Returns true if perm is in the collection. + * + * @param perm the permission to check + * @return true if it is implied + */ + // FIXME: Should this method be synchronized? + public boolean implies(Permission perm) + { + Enumeration elements = elements(); + + while (elements.hasMoreElements()) + { + Permission p = (Permission)elements.nextElement(); + if (p.implies(perm)) + return true; + } + return false; + } + + /** + * Return the elements. + * + * @return the elements + */ + public Enumeration elements() + { + return perms.elements(); + } + } // class PermissionsHash +} // class Permissions diff --git a/libjava/classpath/java/security/Policy.java b/libjava/classpath/java/security/Policy.java new file mode 100644 index 000000000..118626ea1 --- /dev/null +++ b/libjava/classpath/java/security/Policy.java @@ -0,0 +1,297 @@ +/* Policy.java --- Policy Manager Class + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.util.Collections; +import java.util.Enumeration; +import java.util.LinkedHashMap; +import java.util.Map; + +/** + * Policy is an abstract class for managing the system security + * policy for the Java application environment. It specifies which permissions + * are available for code from various sources. The security policy is + * represented through a subclass of Policy. + * + *

Only one Policy is in effect at any time. A + * {@link ProtectionDomain} initializes itself with information from this class + * on the set of permssions to grant.

+ * + *

The location for the actual Policy could be anywhere in any + * form because it depends on the Policy implementation. The default system is + * in a flat ASCII file or it could be in a database.

+ * + *

The current installed Policy can be accessed with + * {@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code + * has the correct permissions.

+ * + *

The {@link #refresh()} method causes the Policy instance to + * refresh/reload its configuration. The method used to refresh depends on the + * Policy implementation.

+ * + *

When a protection domain initializes its permissions, it uses code like + * the following:

+ * + * + * policy = Policy.getPolicy(); + * PermissionCollection perms = policy.getPermissions(myCodeSource); + * + * + *

The protection domain passes the Policy handler a + * {@link CodeSource} instance which contains the codebase URL and a public key. + * The Policy implementation then returns the proper set of + * permissions for that {@link CodeSource}.

+ * + *

The default Policy implementation can be changed by setting + * the "policy.provider" security provider in the "java.security" file to the + * correct Policy implementation class.

+ * + * @author Mark Benvenuto + * @see CodeSource + * @see PermissionCollection + * @see SecureClassLoader + * @since 1.2 + */ +public abstract class Policy +{ + private static Policy currentPolicy; + + /** Map of ProtectionDomains to PermissionCollections for this instance. */ + private Map pd2pc = null; + + /** Constructs a new Policy object. */ + public Policy() + { + } + + /** + * Returns the currently installed Policy handler. The value + * should not be cached as it can be changed any time by + * {@link #setPolicy(Policy)}. + * + * @return the current Policy. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public static Policy getPolicy() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(new SecurityPermission("getPolicy")); + + return getCurrentPolicy(); + } + + /** + * Sets the Policy handler to a new value. + * + * @param policy + * the new Policy to use. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public static void setPolicy(Policy policy) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(new SecurityPermission("setPolicy")); + + setup(policy); + currentPolicy = policy; + } + + private static void setup(final Policy policy) + { + if (policy.pd2pc == null) + policy.pd2pc = Collections.synchronizedMap(new LinkedHashMap()); + + ProtectionDomain pd = policy.getClass().getProtectionDomain(); + if (pd.getCodeSource() != null) + { + PermissionCollection pc = null; + if (currentPolicy != null) + pc = currentPolicy.getPermissions(pd); + + if (pc == null) // assume it has all + { + pc = new Permissions(); + pc.add(new AllPermission()); + } + + policy.pd2pc.put(pd, pc); // add the mapping pd -> pc + } + } + + /** + * Ensures/forces loading of the configured policy provider, while bypassing + * the {@link SecurityManager} checks for "getPolicy" security + * permission. Needed by {@link ProtectionDomain}. + */ + static Policy getCurrentPolicy() + { + // FIXME: The class name of the Policy provider should really be sourced + // from the "java.security" configuration file. For now, just hard-code + // a stub implementation. + if (currentPolicy == null) + { + String pp = System.getProperty ("policy.provider"); + if (pp != null) + try + { + currentPolicy = (Policy) Class.forName(pp).newInstance(); + } + catch (Exception e) + { + // Ignored. + } + + if (currentPolicy == null) + currentPolicy = new gnu.java.security.provider.DefaultPolicy(); + } + return currentPolicy; + } + + /** + * Tests if currentPolicy is not null, + * thus allowing clients to not force loading of any policy + * provider; needed by {@link ProtectionDomain}. + */ + static boolean isLoaded() + { + return currentPolicy != null; + } + + /** + * Returns the set of Permissions allowed for a given {@link CodeSource}. + * + * @param codesource + * the {@link CodeSource} for which, the caller needs to find the + * set of granted permissions. + * @return a set of permissions for {@link CodeSource} specified by the + * current Policy. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public abstract PermissionCollection getPermissions(CodeSource codesource); + + /** + * Returns the set of Permissions allowed for a given {@link ProtectionDomain}. + * + * @param domain + * the {@link ProtectionDomain} for which, the caller needs to find + * the set of granted permissions. + * @return a set of permissions for {@link ProtectionDomain} specified by the + * current Policy.. + * @since 1.4 + * @see ProtectionDomain + * @see SecureClassLoader + */ + public PermissionCollection getPermissions(ProtectionDomain domain) + { + if (domain == null) + return new Permissions(); + + if (pd2pc == null) + setup(this); + + PermissionCollection result = (PermissionCollection) pd2pc.get(domain); + if (result != null) + { + Permissions realResult = new Permissions(); + for (Enumeration e = result.elements(); e.hasMoreElements(); ) + realResult.add((Permission) e.nextElement()); + + return realResult; + } + + result = getPermissions(domain.getCodeSource()); + if (result == null) + result = new Permissions(); + + PermissionCollection pc = domain.getPermissions(); + if (pc != null) + for (Enumeration e = pc.elements(); e.hasMoreElements(); ) + result.add((Permission) e.nextElement()); + + return result; + } + + /** + * Checks if the designated {@link Permission} is granted to a designated + * {@link ProtectionDomain}. + * + * @param domain + * the {@link ProtectionDomain} to test. + * @param permission + * the {@link Permission} to check. + * @return true if permission is implied by a + * permission granted to this {@link ProtectionDomain}. Returns + * false otherwise. + * @since 1.4 + * @see ProtectionDomain + */ + public boolean implies(ProtectionDomain domain, Permission permission) + { + if (pd2pc == null) + setup(this); + + PermissionCollection pc = (PermissionCollection) pd2pc.get(domain); + if (pc != null) + return pc.implies(permission); + + boolean result = false; + pc = getPermissions(domain); + if (pc != null) + { + result = pc.implies(permission); + pd2pc.put(domain, pc); + } + + return result; + } + + /** + * Causes this Policy instance to refresh / reload its + * configuration. The method used to refresh depends on the concrete + * implementation. + */ + public abstract void refresh(); +} diff --git a/libjava/classpath/java/security/Principal.java b/libjava/classpath/java/security/Principal.java new file mode 100644 index 000000000..6d9de6ccd --- /dev/null +++ b/libjava/classpath/java/security/Principal.java @@ -0,0 +1,85 @@ +/* Principal.java -- A security entity + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +/** + * This interface models an entity (such as a user or a certificate authority) + * for the purposes of applying the Java security model. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see X509Certificate + * @since 1.1 + * @status updated to 1.4 + */ +public interface Principal +{ + /** + * This method tests another Principal object for equality + * with this one. + * + * @param obj the Object to test for equality + * @return true if the specified Principal is equal + */ + boolean equals(Object obj); + + /** + * This method returns a String representation of this + * Principal. + * + * @return this Principal represented as a String + */ + String toString(); + + /** + * This method returns a hash code value for this Principal. + * Remember the contract of hashCode - two objects which compare as + * equals() must have the same hashCode(). + * + * @return a hash value + */ + int hashCode(); + + /** + * This method returns a String that names this + * Principal. + * + * @return the name of this Principal + */ + String getName(); +} // interface Principal diff --git a/libjava/classpath/java/security/PrivateKey.java b/libjava/classpath/java/security/PrivateKey.java new file mode 100644 index 000000000..70607c134 --- /dev/null +++ b/libjava/classpath/java/security/PrivateKey.java @@ -0,0 +1,62 @@ +/* PrivateKey.java -- tagging interface for all private keys + Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +/** + * This interface specified no methods. In simply provides a common + * super-interface for all algorithm specific private key values. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Key + * @see PublicKey + * @see Certificate + * @see Signature#initVerify(PublicKey) + * @see DSAPrivateKey + * @see RSAPrivateKey + * @see RSAPrivateCrtKey + * @since 1.1 + * @status updated to 1.4 + */ +public interface PrivateKey extends Key +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 6034044314589513430L; +} // interface PrivateKey diff --git a/libjava/classpath/java/security/PrivilegedAction.java b/libjava/classpath/java/security/PrivilegedAction.java new file mode 100644 index 000000000..1a51eaade --- /dev/null +++ b/libjava/classpath/java/security/PrivilegedAction.java @@ -0,0 +1,64 @@ +/* PrivilegedAction.java -- Perform a privileged action + Copyright (C) 1998, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This interface specifes a single run method that + * executes a privileged operation. This method is called by + * AccessController.doPrivileged() after that method + * activiates the required privileges. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see AccessController + * @see PrivilegedExceptionAction + * @since 1.1 + * @status updated to 1.5 + */ +public interface PrivilegedAction +{ + /** + * This method performs an operation that requires higher privileges to + * perform. It is called when a section of code invokes + * AccessController.doPrivileged(). + * + * @return obj An implementation dependent return value + * @see AccessController#doPrivileged(PrivilegedAction) + * @see AccessController#doPrivileged(PrivilegedAction, AccessControlContext) + */ + T run(); +} // interface PrivilegedAction diff --git a/libjava/classpath/java/security/PrivilegedActionException.java b/libjava/classpath/java/security/PrivilegedActionException.java new file mode 100644 index 000000000..3f08c8130 --- /dev/null +++ b/libjava/classpath/java/security/PrivilegedActionException.java @@ -0,0 +1,109 @@ +/* PrivilegedActionException.java -- wrap an exception in a privileged action + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when an exception is thrown during a + * privileged action being performed with the + * AccessController.doPrivileged() method. It wraps the + * actual exception thrown in the privileged code. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @author Eric Blake (ebb9@email.byu.edu) + * @see PrivilegedExceptionAction + * @see AccessController#doPrivileged(PrivilegedExceptionAction) + * @see AccessController#doPrivileged(PrivilegedExceptionAction, AccessControlContext) + * @status updated to 1.4 + */ +public class PrivilegedActionException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 4724086851538908602L; + + /** + * This is the actual exception that occurred. + * + * @serial the wrapped exception + */ + private Exception exception; + + /** + * Create a new instance that wraps the specified Exception. + * + * @param e the Exception to wrap + */ + public PrivilegedActionException(Exception e) + { + super(e); + exception = e; + } + + /** + * Get the underlying Exception that caused this one. This + * is a legacy method, the preferred way is {@link #getCause()}. + * + * @return the cause + */ + public Exception getException() + { + return exception; + } + + /** + * Gets the cause of this exception. + * + * @return the cause + * @since 1.4 + */ + public Throwable getCause() + { + return exception; + } + + /** + * Convert this to a String. + * + * @return the string representation + */ + public String toString() + { + return super.toString(); + } +} diff --git a/libjava/classpath/java/security/PrivilegedExceptionAction.java b/libjava/classpath/java/security/PrivilegedExceptionAction.java new file mode 100644 index 000000000..351438e0b --- /dev/null +++ b/libjava/classpath/java/security/PrivilegedExceptionAction.java @@ -0,0 +1,65 @@ +/* PrivilegedExceptionAction.java -- Perform a privileged operation + Copyright (C) 1998, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This interface defines a method that is called by + * AccessController.doPrivileged() in order to perform a + * privileged operation with higher privileges enabled. This interface + * differs from PrivilegedAction in that the run + * method in this interface may throw a checked exception. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.1 + * @status updated to 1.5 + */ +public interface PrivilegedExceptionAction +{ + /** + * This method performs an operation that requires higher privileges to + * successfully complete. It is called when a section of code invokes + * AccessController.doPrivileged(). + * + * @return obj An implementation defined return value + * @throws Exception An implementation specific exception + * @see AccessController#doPrivileged(PrivilegedExceptionAction) + * @see AccessController#doPrivileged(PrivilegedExceptionAction, + * AccessControlContext) + */ + T run() throws Exception; +} // interface PrivilegedExceptionAction diff --git a/libjava/classpath/java/security/ProtectionDomain.java b/libjava/classpath/java/security/ProtectionDomain.java new file mode 100644 index 000000000..d5d657d61 --- /dev/null +++ b/libjava/classpath/java/security/ProtectionDomain.java @@ -0,0 +1,252 @@ +/* ProtectionDomain.java -- A security domain + Copyright (C) 1998, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.classpath.SystemProperties; + +import gnu.java.lang.CPStringBuilder; + +/** + * This class represents a group of classes, along with their granted + * permissions. The classes are identified by a {@link CodeSource}. Thus, any + * class loaded from the specified {@link CodeSource} is treated as part of + * this domain. The set of permissions is represented by an instance of + * {@link PermissionCollection}. + * + *

Every class in the system will belong to one and only one + * ProtectionDomain.

+ * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @version 0.0 + */ +public class ProtectionDomain +{ + /** This is the CodeSource for this protection domain. */ + private CodeSource code_source; + + /** This is the set of permissions granted to this domain. */ + private PermissionCollection perms; + + /** The {@link ClassLoader} associated with this domain. */ + private ClassLoader classloader; + + /** The array of Principals associated with this domain.. */ + private Principal[] principals; + + /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */ + private boolean staticBinding; + + /** + * Initializes a new instance of ProtectionDomain representing + * the specified {@link CodeSource} and set of permissions. No permissions + * can be added later to the {@link PermissionCollection} and this contructor + * will call the setReadOnly method on the specified set of + * permissions. + * + * @param codesource + * The {@link CodeSource} for this domain. + * @param permissions + * The set of permissions for this domain. + * @see PermissionCollection#setReadOnly() + */ + public ProtectionDomain(CodeSource codesource, PermissionCollection permissions) + { + this(codesource, permissions, null, null, true); + } + + /** + * This method initializes a new instance of ProtectionDomain + * given its {@link CodeSource}, granted permissions, associated + * {@link ClassLoader} and {@link Principal}s. + * + *

Similar to the previous constructor, if the designated set of + * permissions is not null, the setReadOnly method + * is called on that set.

+ * + * @param codesource + * The {@link CodeSource} for this domain. + * @param permissions + * The permission set for this domain. + * @param classloader + * the ClassLoader associated with this domain. + * @param principals + * the array of {@link Principal}s associated with this domain. + * @since 1.4 + * @see PermissionCollection#setReadOnly() + */ + public ProtectionDomain(CodeSource codesource, + PermissionCollection permissions, + ClassLoader classloader, Principal[] principals) + { + this(codesource, permissions, classloader, principals, false); + } + + private ProtectionDomain(CodeSource codesource, + PermissionCollection permissions, + ClassLoader classloader, Principal[] principals, + boolean staticBinding) + { + super(); + + code_source = codesource; + if (permissions != null) + { + perms = permissions; + perms.setReadOnly(); + } + + this.classloader = classloader; + this.principals = + (principals != null ? (Principal[]) principals.clone() : new Principal[0]); + this.staticBinding = staticBinding; + } + + /** + * Returns the {@link CodeSource} of this domain. + * + * @return the {@link CodeSource} of this domain. + * @since 1.2 + */ + public final CodeSource getCodeSource() + { + return code_source; + } + + /** + * Returns the {@link ClassLoader} of this domain. + * + * @return the {@link ClassLoader} of this domain. + * @since 1.4 + */ + public final ClassLoader getClassLoader() + { + return this.classloader; + } + + /** + * Returns a clone of the {@link Principal}s of this domain. + * + * @return a clone of the {@link Principal}s of this domain. + * @since 1.4 + */ + public final Principal[] getPrincipals() + { + return (Principal[]) principals.clone(); + } + + /** + * Returns the {@link PermissionCollection} of this domain. + * + * @return The {@link PermissionCollection} of this domain. + */ + public final PermissionCollection getPermissions() + { + return perms; + } + + /** + * Tests whether or not the specified {@link Permission} is implied by the + * set of permissions granted to this domain. + * + * @param permission + * the {@link Permission} to test. + * @return true if the specified {@link Permission} is implied + * for this domain, false otherwise. + */ + public boolean implies(Permission permission) + { + if (staticBinding) + return (perms == null ? false : perms.implies(permission)); + // Else dynamically bound. Do we have it? + // NOTE: this will force loading of Policy.currentPolicy + return Policy.getCurrentPolicy().implies(this, permission); + } + + /** + * Returns a string representation of this object. It will include the + * {@link CodeSource} and set of permissions associated with this domain. + * + * @return A string representation of this object. + */ + public String toString() + { + String linesep = SystemProperties.getProperty("line.separator"); + CPStringBuilder sb = new CPStringBuilder("ProtectionDomain (").append(linesep); + + if (code_source == null) + sb.append("CodeSource:null"); + else + sb.append(code_source); + + sb.append(linesep); + if (classloader == null) + sb.append("ClassLoader:null"); + else + sb.append(classloader); + + sb.append(linesep); + sb.append("Principals:"); + if (principals != null && principals.length > 0) + { + sb.append("["); + Principal pal; + for (int i = 0; i < principals.length; i++) + { + pal = principals[i]; + sb.append("'").append(pal.getName()) + .append("' of type ").append(pal.getClass().getName()); + if (i < principals.length-1) + sb.append(", "); + } + sb.append("]"); + } + else + sb.append("none"); + + sb.append(linesep); + if (!staticBinding) // include all but dont force loading Policy.currentPolicy + if (Policy.isLoaded()) + sb.append(Policy.getCurrentPolicy().getPermissions(this)); + else // fallback on this one's permissions + sb.append(perms); + else + sb.append(perms); + + return sb.append(linesep).append(")").append(linesep).toString(); + } +} diff --git a/libjava/classpath/java/security/Provider.java b/libjava/classpath/java/security/Provider.java new file mode 100644 index 000000000..b1d6d9ce2 --- /dev/null +++ b/libjava/classpath/java/security/Provider.java @@ -0,0 +1,218 @@ +/* Provider.java -- Security provider information + Copyright (C) 1998, 1999, 2000, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.io.Serializable; +import java.util.Properties; + +/** + * This class represents a Java security architecture service provider. The + * services provided by a such a provider can range from security algorithms to + * key generation. + *

+ * Providers are installed by name and version number. See the static + * initializer of the {@link java.security.Security} class for the default + * security providers installed by this class library. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public abstract class Provider + extends Properties + implements Serializable +{ + private static final long serialVersionUID = -4298000515446427739L; + + /** + * This is a textual description of the provider + */ + private String info; + + /** + * This is the name of the provider + */ + private String name; + + /** + * This is the version number of the provider + */ + private double version; + + /** + * This method initializes a new instance of Provider to have + * the specified name, version, and description information. + * + * @param name The name to assign to this Provider. + * @param version The version number for this Provider. + * @param info A textual description of this provider. + */ + protected Provider(String name, double version, String info) + { + this.name = name; + this.version = version; + this.info = info; + } + + /** + * This method returns the name assigned to this Provider. + * + * @return The Provider's name. + */ + public String getName() + { + return (name); + } + + /** + * This method retunrs the version number of this Provider. + * + * @return The Provider's version number. + */ + public double getVersion() + { + return (version); + } + + /** + * This method returns a textual description of the Provider. + * + * @return A description of the Provider. + */ + public String getInfo() + { + return (info); + } + + /** + * Maps a key property to a designated value. + *

+ * If there is an installed {@link SecurityManager} object in the underlying + * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is + * called with the string "putProviderProperty." + name, where + * name is this provider's name. For the default implementation + * this translates into a {@link SecurityManager#checkPermission(Permission)} + * for a SecurityPermission("putProviderProperty." + name). + * + * @param key The property key. + * @param value The property value. + * @return The previous value of the specified property (key), + * or null if it did not have one. + * @throws SecurityException If a security manager is installed and its + * {@link SecurityManager#checkSecurityAccess(String)} method + * disallows adding properties at run-time. + * @since Classpath 0.4+cvs, JDK 1.2 + * @see java.lang.Object#equals(Object) + * @see java.util.Hashtable#get(Object) + */ + public Object put(Object key, Object value) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("putProviderProperty." + this.name); + return super.put(toCanonicalKey(key), value); + } + + // overrides same in java.util.Hashtable + public Object get(Object key) + { + return super.get(toCanonicalKey(key)); + } + + /** + * This method removes the specified key entry (and its associated value) + * from the property mapping collection. + *

+ * If there is an installed {@link SecurityManager} object in the underlying + * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is + * called with the string "removeProviderProperty." + name, where + * name is this provider's name. For the default implementation + * this translates into a {@link SecurityManager#checkPermission(Permission)} + * for a SecurityPermission("removeProviderProperty." + name). + * + * @param key The key to remove + * @return The previous value for this key, or null if no + * previous value. + */ + public Object remove(Object key) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("removeProviderProperty." + this.name); + return super.remove(toCanonicalKey(key)); + } + + /** + * This method clears the entire property collection such that it no longer + * contains the properties used to look up the services provided by + * this Provider. + *

+ * If there is an installed {@link SecurityManager} object in the underlying + * VM, its {@link SecurityManager#checkSecurityAccess(String)} method is + * called with the string "clearProviderProperties." + name, + * where name is this provider's name. For the default + * implementation this translates into a + * {@link SecurityManager#checkPermission(Permission)} for a + * SecurityPermission("clearProviderProperties." + name). + */ + public void clear() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("clearProviderProperties." + this.name); + super.clear(); + } + + /** + * This method returns a String representation of this + * object. This will include the Provider name and + * version number. + * + * @return A String representation of this object. + */ + public String toString() + { + return (getClass().getName() + ": name=" + getName() + " version=" + + version); + } + + private Object toCanonicalKey(Object key) + { + if (key.getClass().isAssignableFrom(String.class)) // is it ours? + return ((String) key).toUpperCase(); // use default locale + return key; + } +} diff --git a/libjava/classpath/java/security/ProviderException.java b/libjava/classpath/java/security/ProviderException.java new file mode 100644 index 000000000..a2b469a6a --- /dev/null +++ b/libjava/classpath/java/security/ProviderException.java @@ -0,0 +1,92 @@ +/* ProviderException.java -- Generic security provider runtime exception + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception indicates that a runtime problem was encounterd with + * a security provider. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class ProviderException extends RuntimeException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5256023526693665674L; + + /** + * Create an instance with no descriptive error message. + */ + public ProviderException() + { + } + + /** + * Create an instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public ProviderException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public ProviderException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public ProviderException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/PublicKey.java b/libjava/classpath/java/security/PublicKey.java new file mode 100644 index 000000000..9bf145840 --- /dev/null +++ b/libjava/classpath/java/security/PublicKey.java @@ -0,0 +1,60 @@ +/* PublicKey.java -- tagging interface for all public keys + Copyright (C) 1998, 2001, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This interface specified no methods. In simply provides a common + * super-interface for all algorithm specific public key values. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Key + * @see PrivateKey + * @see Certificate + * @see Signature#initVerify(PublicKey) + * @see DSAPublicKey + * @see RSAPublicKey + * @since 1.1 + * @status updated to 1.4 + */ +public interface PublicKey extends Key +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 7187392471159151072L; +} // interface PublicKey diff --git a/libjava/classpath/java/security/SecureClassLoader.java b/libjava/classpath/java/security/SecureClassLoader.java new file mode 100644 index 000000000..1480b7116 --- /dev/null +++ b/libjava/classpath/java/security/SecureClassLoader.java @@ -0,0 +1,148 @@ +/* SecureClassLoader.java --- A Secure Class Loader + Copyright (C) 1999, 2004, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.nio.ByteBuffer; +import java.util.HashMap; + +/** + * A Secure Class Loader for loading classes with additional + * support for specifying code source and permissions when + * they are retrieved by the system policy handler. + * + * @since 1.2 + * + * @author Mark Benvenuto + */ +public class SecureClassLoader extends ClassLoader +{ + private final HashMap protectionDomainCache + = new HashMap(); + + protected SecureClassLoader(ClassLoader parent) + { + super(parent); + } + + protected SecureClassLoader() + { + } + + /** + * Creates a class using an array of bytes and a + * CodeSource. + * + * @param name the name to give the class. null if unknown. + * @param b the data representing the classfile, in classfile format. + * @param off the offset into the data where the classfile starts. + * @param len the length of the classfile data in the array. + * @param cs the CodeSource for the class or null when unknown. + * + * @return the class that was defined and optional CodeSource. + * + * @exception ClassFormatError if the byte array is not in proper classfile format. + */ + protected final Class defineClass(String name, byte[] b, int off, int len, + CodeSource cs) + { + return super.defineClass(name, b, off, len, getProtectionDomain(cs)); + } + + /** + * Creates a class using an ByteBuffer and a + * CodeSource. + * + * @param name the name to give the class. null if unknown. + * @param b the data representing the classfile, in classfile format. + * @param cs the CodeSource for the class or null when unknown. + * + * @return the class that was defined and optional CodeSource. + * + * @exception ClassFormatError if the byte array is not in proper classfile format. + * + * @since 1.5 + */ + protected final Class defineClass(String name, ByteBuffer b, CodeSource cs) + { + return super.defineClass(name, b, getProtectionDomain(cs)); + } + + /* Lookup or create a protection domain for the CodeSource, + * if CodeSource is null it will return null. */ + private ProtectionDomain getProtectionDomain(CodeSource cs) + { + ProtectionDomain protectionDomain = null; + if (cs != null) + { + synchronized (protectionDomainCache) + { + protectionDomain = protectionDomainCache.get(cs); + } + + if (protectionDomain == null) + { + protectionDomain + = new ProtectionDomain(cs, getPermissions(cs), this, null); + synchronized (protectionDomainCache) + { + ProtectionDomain domain = protectionDomainCache.get(cs); + if (domain == null) + protectionDomainCache.put(cs, protectionDomain); + else + protectionDomain = domain; + } + } + } + return protectionDomain; + } + + /** + * Returns a PermissionCollection for the specified CodeSource. + * The default implementation invokes + * java.security.Policy.getPermissions. + * + * This method is called by defineClass that takes a CodeSource + * argument to build a proper ProtectionDomain for the class + * being defined. + */ + protected PermissionCollection getPermissions(CodeSource cs) + { + Policy policy = Policy.getCurrentPolicy(); + return policy.getPermissions(cs); + } +} diff --git a/libjava/classpath/java/security/SecureRandom.java b/libjava/classpath/java/security/SecureRandom.java new file mode 100644 index 000000000..abf4ff308 --- /dev/null +++ b/libjava/classpath/java/security/SecureRandom.java @@ -0,0 +1,420 @@ +/* SecureRandom.java --- Secure Random class implementation + Copyright (C) 1999, 2001, 2002, 2003, 2005, 2006 + Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import gnu.classpath.SystemProperties; +import gnu.java.lang.CPStringBuilder; +import gnu.java.security.Engine; +import gnu.java.security.action.GetSecurityPropertyAction; +import gnu.java.security.jce.prng.SecureRandomAdapter; +import gnu.java.security.jce.prng.Sha160RandomSpi; + +import java.io.IOException; +import java.io.InputStream; +import java.lang.reflect.InvocationTargetException; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.Enumeration; +import java.util.Random; +import java.util.logging.Level; +import java.util.logging.Logger; + +/** + * An interface to a cryptographically secure pseudo-random number + * generator (PRNG). Random (or at least unguessable) numbers are used + * in all areas of security and cryptography, from the generation of + * keys and initialization vectors to the generation of random padding + * bytes. + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + * @author Casey Marshall + */ +public class SecureRandom extends Random +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for PRNGs. */ + private static final String SECURE_RANDOM = "SecureRandom"; + + private static final long serialVersionUID = 4940670005562187L; + + //Serialized Field + long counter = 0; //Serialized + Provider provider = null; + byte[] randomBytes = null; //Always null + int randomBytesUsed = 0; + SecureRandomSpi secureRandomSpi = null; + byte[] state = null; + private String algorithm; + + private boolean isSeeded = false; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + Default constructor for SecureRandom. It constructs a + new SecureRandom by instantating the first SecureRandom + algorithm in the default security provier. + + It is not seeded and should be seeded using setSeed or else + on the first call to getnextBytes it will force a seed. + + It is maintained for backwards compatibility and programs + should use {@link #getInstance(java.lang.String)}. + */ + public SecureRandom() + { + Provider[] p = Security.getProviders(); + + //Format of Key: SecureRandom.algname + String key; + + String classname = null; + int i; + Enumeration e; + for (i = 0; i < p.length; i++) + { + e = p[i].propertyNames(); + while (e.hasMoreElements()) + { + key = (String) e.nextElement(); + if (key.startsWith("SECURERANDOM.")) + { + if ((classname = p[i].getProperty(key)) != null) + { + try + { + secureRandomSpi = (SecureRandomSpi) Class. + forName(classname).newInstance(); + provider = p[i]; + algorithm = key.substring(13); // Minus SecureRandom. + return; + } + catch (ThreadDeath death) + { + throw death; + } + catch (Throwable t) + { + // Ignore. + } + } + } + } + } + + // Nothing found. Fall back to SHA1PRNG + secureRandomSpi = new Sha160RandomSpi(); + algorithm = "Sha160"; + } + + /** + A constructor for SecureRandom. It constructs a new + SecureRandom by instantating the first SecureRandom algorithm + in the default security provier. + + It is seeded with the passed function and is useful if the user + has access to hardware random device (like a radiation detector). + + It is maintained for backwards compatibility and programs + should use getInstance. + + @param seed Seed bytes for class + */ + public SecureRandom(byte[] seed) + { + this(); + setSeed(seed); + } + + /** + A constructor for SecureRandom. It constructs a new + SecureRandom using the specified SecureRandomSpi from + the specified security provier. + + @param secureRandomSpi A SecureRandomSpi class + @param provider A Provider class + */ + protected SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider) + { + this(secureRandomSpi, provider, "unknown"); + } + + /** + * Private constructor called from the getInstance() method. + */ + private SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider, + String algorithm) + { + this.secureRandomSpi = secureRandomSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** + * Returns an instance of a SecureRandom from the first provider + * that implements it. + * + * @param algorithm The algorithm name. + * @return A new SecureRandom implementing the given algorithm. + * @throws NoSuchAlgorithmException If no installed provider implements the + * given algorithm. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static SecureRandom getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of a SecureRandom for the specified + * algorithm from the named provider. + * + * @param algorithm The algorithm name. + * @param provider The provider name. + * @return A new SecureRandom implementing the chosen + * algorithm. + * @throws NoSuchAlgorithmException If the named provider does not implement + * the algorithm, or if the implementation cannot be instantiated. + * @throws NoSuchProviderException If no provider named provider + * is currently installed. + * @throws IllegalArgumentException if either algorithm or + * provider is null or empty. + */ + public static SecureRandom getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of a SecureRandom for the specified + * algorithm from the given provider. + * + * @param algorithm The SecureRandom algorithm to create. + * @param provider The provider to use. + * @throws NoSuchAlgorithmException If the algorithm cannot be found, or if + * the class cannot be instantiated. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + */ + public static SecureRandom getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("SecureRandom for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(SECURE_RANDOM, algorithm, provider); + return new SecureRandom((SecureRandomSpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + Returns the provider being used by the current SecureRandom class. + + @return The provider from which this SecureRandom was attained + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the algorithm name used or "unknown" when the algorithm + * used couldn't be determined (as when constructed by the protected + * 2 argument constructor). + * + * @since 1.5 + */ + public String getAlgorithm() + { + return algorithm; + } + + /** + Seeds the SecureRandom. The class is re-seeded for each call and + each seed builds on the previous seed so as not to weaken security. + + @param seed seed bytes to seed with + */ + public void setSeed(byte[] seed) + { + secureRandomSpi.engineSetSeed(seed); + isSeeded = true; + } + + /** + Seeds the SecureRandom. The class is re-seeded for each call and + each seed builds on the previous seed so as not to weaken security. + + @param seed 8 seed bytes to seed with + */ + public void setSeed(long seed) + { + // This particular setSeed will be called by Random.Random(), via + // our own constructor, before secureRandomSpi is initialized. In + // this case we can't call a method on secureRandomSpi, and we + // definitely don't want to throw a NullPointerException. + // Therefore we test. + if (secureRandomSpi != null) + { + byte[] tmp = { (byte) (0xff & (seed >> 56)), + (byte) (0xff & (seed >> 48)), + (byte) (0xff & (seed >> 40)), + (byte) (0xff & (seed >> 32)), + (byte) (0xff & (seed >> 24)), + (byte) (0xff & (seed >> 16)), + (byte) (0xff & (seed >> 8)), + (byte) (0xff & seed) + }; + secureRandomSpi.engineSetSeed(tmp); + isSeeded = true; + } + } + + /** + Generates a user specified number of bytes. This function + is the basis for all the random functions. + + @param bytes array to store generated bytes in + */ + public void nextBytes(byte[] bytes) + { + if (!isSeeded) + setSeed(getSeed(32)); + randomBytesUsed += bytes.length; + counter++; + secureRandomSpi.engineNextBytes(bytes); + } + + /** + Generates an integer containing the user specified + number of random bits. It is right justified and padded + with zeros. + + @param numBits number of random bits to get, 0 <= numBits <= 32; + + @return the random bits + */ + protected final int next(int numBits) + { + if (numBits == 0) + return 0; + + byte[] tmp = new byte[(numBits + 7) / 8]; + this.nextBytes(tmp); + int ret = 0; + for (int i = 0; i < tmp.length; i++) + ret |= (tmp[i] & 0xFF) << (8 * i); + + long mask = (1L << numBits) - 1; + return (int) (ret & mask); + } + + /** + Returns the given number of seed bytes. This method is + maintained only for backwards capability. + + @param numBytes number of seed bytes to get + + @return an array containing the seed bytes + */ + public static byte[] getSeed(int numBytes) + { + return SecureRandomAdapter.getSeed(numBytes); + } + + /** + Returns the specified number of seed bytes. + + @param numBytes number of seed bytes to get + + @return an array containing the seed bytes + */ + public byte[] generateSeed(int numBytes) + { + return secureRandomSpi.engineGenerateSeed(numBytes); + } + +} diff --git a/libjava/classpath/java/security/SecureRandomSpi.java b/libjava/classpath/java/security/SecureRandomSpi.java new file mode 100644 index 000000000..08488ced7 --- /dev/null +++ b/libjava/classpath/java/security/SecureRandomSpi.java @@ -0,0 +1,85 @@ +/* SecureRandomSpi.java --- Secure Random Service Provider Interface + Copyright (C) 1999, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; +import java.io.Serializable; + +/** + SecureRandomSpi is the Service Provider Interface for SecureRandom + providers. It provides an interface for providers to the + SecureRandom engine to write their own pseudo-random number + generator. + + @since JDK 1.2 + + @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public abstract class SecureRandomSpi implements Serializable +{ + private static final long serialVersionUID = -2991854161009191830L; + + /** + Default Constructor for SecureRandomSpi + */ + public SecureRandomSpi() + { + } + + /** + Updates the seed for SecureRandomSpi but does not reset seed. + It does to this so repeated called never decrease randomness. + */ + protected abstract void engineSetSeed(byte[] seed); + + /** + Gets a user specified number of bytes depending on the length + of the array? + + @param bytes array to fill with random bytes + */ + protected abstract void engineNextBytes(byte[] bytes); + + /** + Gets a user specified number of bytes specified by the + parameter. + + @param numBytes number of random bytes to generate + + @return an array full of random bytes + */ + protected abstract byte[] engineGenerateSeed(int numBytes); +} diff --git a/libjava/classpath/java/security/Security.java b/libjava/classpath/java/security/Security.java new file mode 100644 index 000000000..6cd98b0fb --- /dev/null +++ b/libjava/classpath/java/security/Security.java @@ -0,0 +1,711 @@ +/* Security.java --- Java base security class implementation + Copyright (C) 1999, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.classpath.SystemProperties; + +import gnu.classpath.Configuration; +import gnu.classpath.VMStackWalker; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.Collections; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.Map; +import java.util.Properties; +import java.util.Set; +import java.util.Vector; + +/** + * This class centralizes all security properties and common security methods. + * One of its primary uses is to manage security providers. + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public final class Security +{ + private static final String ALG_ALIAS = "Alg.Alias."; + + private static Vector providers = new Vector(); + private static Properties secprops = new Properties(); + + static + { + String base = SystemProperties.getProperty("gnu.classpath.home.url"); + String vendor = SystemProperties.getProperty("gnu.classpath.vm.shortname"); + + // Try VM specific security file + boolean loaded = loadProviders (base, vendor); + + // Append classpath standard provider if possible + if (!loadProviders (base, "classpath") + && !loaded + && providers.size() == 0) + { + if (Configuration.DEBUG) + { + /* No providers found and both security files failed to + * load properly. Give a warning in case of DEBUG is + * enabled. Could be done with java.util.logging later. + */ + System.err.println + ("WARNING: could not properly read security provider files:"); + System.err.println + (" " + base + "/security/" + vendor + + ".security"); + System.err.println + (" " + base + "/security/" + "classpath" + + ".security"); + System.err.println + (" Falling back to standard GNU security provider"); + } + // Note that this matches our classpath.security file. + providers.addElement (new gnu.java.security.provider.Gnu()); + providers.addElement(new gnu.javax.crypto.jce.GnuCrypto()); + providers.addElement(new gnu.javax.crypto.jce.GnuSasl()); + providers.addElement(new gnu.javax.net.ssl.provider.Jessie()); + providers.addElement(new gnu.javax.security.auth.callback.GnuCallbacks()); + } + } + // This class can't be instantiated. + private Security() + { + } + + /** + * Tries to load the vender specific security providers from the given base + * URL. Returns true if the resource could be read and completely parsed + * successfully, false otherwise. + */ + private static boolean loadProviders(String baseUrl, String vendor) + { + if (baseUrl == null || vendor == null) + return false; + + boolean result = true; + String secfilestr = baseUrl + "/security/" + vendor + ".security"; + try + { + InputStream fin = new URL(secfilestr).openStream(); + secprops.load(fin); + + int i = 1; + String name; + while ((name = secprops.getProperty("security.provider." + i)) != null) + { + Exception exception = null; + try + { + ClassLoader sys = ClassLoader.getSystemClassLoader(); + providers.addElement(Class.forName(name, true, sys).newInstance()); + } + catch (ClassNotFoundException x) + { + exception = x; + } + catch (InstantiationException x) + { + exception = x; + } + catch (IllegalAccessException x) + { + exception = x; + } + + if (exception != null) + { + System.err.println ("WARNING: Error loading security provider " + + name + ": " + exception); + result = false; + } + i++; + } + } + catch (IOException ignored) + { + result = false; + } + + return result; + } + + /** + * Returns the value associated to a designated property name for a given + * algorithm. + * + * @param algName + * the algorithm name. + * @param propName + * the name of the property to return. + * @return the value of the specified property or null if none + * found. + * @deprecated Use the provider-based and algorithm-independent + * {@link AlgorithmParameters} and {@link KeyFactory} engine + * classes instead. + */ + public static String getAlgorithmProperty(String algName, String propName) + { + if (algName == null || propName == null) + return null; + + String property = String.valueOf(propName) + "." + String.valueOf(algName); + Provider p; + for (Iterator i = providers.iterator(); i.hasNext(); ) + { + p = (Provider) i.next(); + for (Iterator j = p.keySet().iterator(); j.hasNext(); ) + { + String key = (String) j.next(); + if (key.equalsIgnoreCase(property)) + return p.getProperty(key); + } + } + return null; + } + + /** + * Inserts a new designated {@link Provider} at a designated (1-based) + * position in the current list of installed {@link Provider}s, + * + * @param provider + * the new {@link Provider} to add. + * @param position + * the position (starting from 1) of where to install + * provider. + * @return the actual position, in the list of installed Providers. Returns + * -1 if provider was laready in the + * list. The actual position may be different than the desired + * position. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #getProvider(String) + * @see #removeProvider(String) + * @see SecurityPermission + */ + public static int insertProviderAt(Provider provider, int position) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("insertProvider." + provider.getName()); + + position--; + int max = providers.size (); + for (int i = 0; i < max; i++) + { + if (((Provider) providers.elementAt(i)).getName().equals(provider.getName())) + return -1; + } + + if (position < 0) + position = 0; + if (position > max) + position = max; + + providers.insertElementAt(provider, position); + + return position + 1; + } + + /** + * Appends the designated new {@link Provider} to the current list of + * installed {@link Provider}s. + * + * @param provider + * the new {@link Provider} to append. + * @return the position (starting from 1) of provider in the + * current list of {@link Provider}s, or -1 if + * provider was already there. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #getProvider(String) + * @see #removeProvider(String) + * @see SecurityPermission + */ + public static int addProvider(Provider provider) + { + return insertProviderAt (provider, providers.size () + 1); + } + + /** + * Removes an already installed {@link Provider}, given its name, from the + * current list of installed {@link Provider}s. + * + * @param name + * the name of an already installed {@link Provider} to remove. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #getProvider(String) + * @see #addProvider(Provider) + */ + public static void removeProvider(String name) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("removeProvider." + name); + + int max = providers.size (); + for (int i = 0; i < max; i++) + { + if (((Provider) providers.elementAt(i)).getName().equals(name)) + { + providers.remove(i); + break; + } + } + } + + /** + * Returns the current list of installed {@link Provider}s as an array + * ordered according to their installation preference order. + * + * @return an array of all the installed providers. + */ + public static Provider[] getProviders() + { + Provider[] array = new Provider[providers.size ()]; + providers.copyInto (array); + return array; + } + + /** + * Returns an already installed {@link Provider} given its name. + * + * @param name + * the name of an already installed {@link Provider}. + * @return the {@link Provider} known by name. Returns + * null if the current list of {@link Provider}s does + * not include one named name. + * @see #removeProvider(String) + * @see #addProvider(Provider) + */ + public static Provider getProvider(String name) + { + if (name == null) + return null; + else + { + name = name.trim(); + if (name.length() == 0) + return null; + } + Provider p; + int max = providers.size (); + for (int i = 0; i < max; i++) + { + p = (Provider) providers.elementAt(i); + if (p.getName().equals(name)) + return p; + } + return null; + } + + /** + * Returns the value associated with a Security propery. + * + * @param key + * the key of the property to fetch. + * @return the value of the Security property associated with + * key. Returns null if no such property + * was found. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #setProperty(String, String) + * @see SecurityPermission + */ + public static String getProperty(String key) + { + // XXX To prevent infinite recursion when the SecurityManager calls us, + // don't do a security check if the caller is trusted (by virtue of having + // been loaded by the bootstrap class loader). + SecurityManager sm = System.getSecurityManager(); + if (sm != null && VMStackWalker.getCallingClassLoader() != null) + sm.checkSecurityAccess("getProperty." + key); + + return secprops.getProperty(key); + } + + /** + * Sets or changes a designated Security property to a designated value. + * + * @param key + * the name of the property to set. + * @param datum + * the new value of the property. + * @throws SecurityException + * if a {@link SecurityManager} is installed and it disallows this + * operation. + * @see #getProperty(String) + * @see SecurityPermission + */ + public static void setProperty(String key, String datum) + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setProperty." + key); + + if (datum == null) + secprops.remove(key); + else + secprops.put(key, datum); + } + + /** + * For a given service (e.g. Signature, MessageDigest, etc...) this + * method returns the {@link Set} of all available algorithm names (instances + * of {@link String}, from all currently installed {@link Provider}s. + * + * @param serviceName + * the case-insensitive name of a service (e.g. Signature, + * MessageDigest, etc). + * @return a {@link Set} of {@link String}s containing the names of all + * algorithm names provided by all of the currently installed + * {@link Provider}s. + * @since 1.4 + */ + public static Set getAlgorithms(String serviceName) + { + HashSet result = new HashSet(); + if (serviceName == null || serviceName.length() == 0) + return result; + + serviceName = serviceName.trim(); + if (serviceName.length() == 0) + return result; + + serviceName = serviceName.toUpperCase()+"."; + Provider[] providers = getProviders(); + int ndx; + for (int i = 0; i < providers.length; i++) + for (Enumeration e = providers[i].propertyNames(); e.hasMoreElements(); ) + { + String service = ((String) e.nextElement()).trim(); + if (service.toUpperCase().startsWith(serviceName)) + { + service = service.substring(serviceName.length()).trim(); + ndx = service.indexOf(' '); // get rid of attributes + if (ndx != -1) + service = service.substring(0, ndx); + result.add(service); + } + } + return Collections.unmodifiableSet(result); + } + + /** + * Returns an array of currently installed {@link Provider}s, ordered + * according to their installation preference order, which satisfy a given + * selection criterion. + * + *

This implementation recognizes a selection criterion written in + * one of two following forms:

+ * + *
    + *
  • <crypto_service>.<algorithm_or_type>: Where + * crypto_service is a case-insensitive string, similar to what has + * been described in the {@link #getAlgorithms(String)} method, and + * algorithm_or_type is a known case-insensitive name of an + * Algorithm, or one of its aliases. + * + *

    For example, "CertificateFactory.X.509" would return all the installed + * {@link Provider}s which provide a CertificateFactory + * implementation of X.509.

    • + * + *
  • <crypto_service>.<algorithm_or_type> <attribute_name>:<value>: + * Where crypto_service is a case-insensitive string, similar to what + * has been described in the {@link #getAlgorithms(String)} method, + * algorithm_or_type is a case-insensitive known name of an Algorithm + * or one of its aliases, attribute_name is a case-insensitive + * property name with no whitespace characters, and no dots, in-between, and + * value is a {@link String} with no whitespace characters in-between. + * + *

    For example, "Signature.Sha1WithDSS KeySize:1024" would return all the + * installed {@link Provider}s which declared their ability to provide + * Signature services, using the Sha1WithDSS algorithm with + * key sizes of 1024.

    • + *
+ * + * @param filter + * the selection criterion for selecting among the installed + * {@link Provider}s. + * @return all the installed {@link Provider}s which satisfy the selection + * criterion. Returns null if no installed + * {@link Provider}s were found which satisfy the selection + * criterion. Returns ALL installed {@link Provider}s if + * filter is null or is an empty string. + * @throws InvalidParameterException + * if an exception occurs while parsing the filter. + * @see #getProviders(Map) + */ + public static Provider[] getProviders(String filter) + { + if (providers == null || providers.isEmpty()) + return null; + + if (filter == null || filter.length() == 0) + return getProviders(); + + HashMap map = new HashMap(1); + int i = filter.indexOf(':'); + if (i == -1) // . + map.put(filter, ""); + else // . : + map.put(filter.substring(0, i), filter.substring(i+1)); + + return getProviders(map); + } + + /** + * Returns an array of currently installed {@link Provider}s which satisfy a + * set of selection criteria. + * + *

The selection criteria are defined in a {@link Map} where each + * element specifies a selection querry. The Keys in this + * {@link Map} must be in one of the two following forms:

+ * + *
    + *
  • <crypto_service>.<algorithm_or_type>: Where + * crypto_service is a case-insensitive string, similar to what has + * been described in the {@link #getAlgorithms(String)} method, and + * algorithm_or_type is a case-insensitive known name of an + * Algorithm, or one of its aliases. The value of the entry in the + * {@link Map} for such a Key MUST be the empty string. + * {@link Provider}s which provide an implementation for the designated + * service algorithm are included in the result.
    • + * + *
  • <crypto_service>.<algorithm_or_type> <attribute_name>: + * Where crypto_service is a case-insensitive string, similar to what + * has been described in the {@link #getAlgorithms(String)} method, + * algorithm_or_type is a case-insensitive known name of an Algorithm + * or one of its aliases, and attribute_name is a case-insensitive + * property name with no whitespace characters, and no dots, in-between. The + * value of the entry in this {@link Map} for such a Key MUST + * NOT be null or an empty string. {@link Provider}s which + * declare the designated attribute_name and value for the + * designated service algorithm are included in the result.
    • + *
+ * + * @param filter + * a {@link Map} of selection querries. + * @return all currently installed {@link Provider}s which satisfy ALL the + * selection criteria defined in filter. + * Returns ALL installed {@link Provider}s if filter + * is null or empty. + * @throws InvalidParameterException + * if an exception is encountered while parsing the syntax of the + * {@link Map}'s keys. + * @see #getProviders(String) + */ + public static Provider[] getProviders(Map filter) + { + if (providers == null || providers.isEmpty()) + return null; + + if (filter == null) + return getProviders(); + + Set querries = filter.keySet(); + if (querries == null || querries.isEmpty()) + return getProviders(); + + LinkedHashSet result = new LinkedHashSet(providers); // assume all + int dot, ws; + String querry, service, algorithm, attribute, value; + LinkedHashSet serviceProviders = new LinkedHashSet(); // preserve insertion order + for (Iterator i = querries.iterator(); i.hasNext(); ) + { + querry = (String) i.next(); + if (querry == null) // all providers + continue; + + querry = querry.trim(); + if (querry.length() == 0) // all providers + continue; + + dot = querry.indexOf('.'); + if (dot == -1) // syntax error + throw new InvalidParameterException( + "missing dot in '" + String.valueOf(querry)+"'"); + + value = filter.get(querry); + // deconstruct querry into [service, algorithm, attribute] + if (value == null || value.trim().length() == 0) // . + { + value = null; + attribute = null; + service = querry.substring(0, dot).trim(); + algorithm = querry.substring(dot+1).trim(); + } + else // . + { + ws = querry.indexOf(' '); + if (ws == -1) + throw new InvalidParameterException( + "value (" + String.valueOf(value) + + ") is not empty, but querry (" + String.valueOf(querry) + + ") is missing at least one space character"); + value = value.trim(); + attribute = querry.substring(ws+1).trim(); + // was the dot in the attribute? + if (attribute.indexOf('.') != -1) + throw new InvalidParameterException( + "attribute_name (" + String.valueOf(attribute) + + ") in querry (" + String.valueOf(querry) + ") contains a dot"); + + querry = querry.substring(0, ws).trim(); + service = querry.substring(0, dot).trim(); + algorithm = querry.substring(dot+1).trim(); + } + + // service and algorithm must not be empty + if (service.length() == 0) + throw new InvalidParameterException( + " in querry (" + String.valueOf(querry) + + ") is empty"); + + if (algorithm.length() == 0) + throw new InvalidParameterException( + " in querry (" + String.valueOf(querry) + + ") is empty"); + + selectProviders(service, algorithm, attribute, value, result, serviceProviders); + result.retainAll(serviceProviders); // eval next retaining found providers + if (result.isEmpty()) // no point continuing + break; + } + + if (result.isEmpty()) + return null; + + return (Provider[]) result.toArray(new Provider[result.size()]); + } + + private static void selectProviders(String svc, String algo, String attr, + String val, LinkedHashSet providerSet, + LinkedHashSet result) + { + result.clear(); // ensure we start with an empty result set + for (Iterator i = providerSet.iterator(); i.hasNext(); ) + { + Provider p = (Provider) i.next(); + if (provides(p, svc, algo, attr, val)) + result.add(p); + } + } + + private static boolean provides(Provider p, String svc, String algo, + String attr, String val) + { + Iterator it; + String serviceDotAlgorithm = null; + String key = null; + String realVal; + boolean found = false; + // if . is in the set then so is . + // but it may be stored under an alias . resolve + outer: for (int r = 0; r < 3; r++) // guard against circularity + { + serviceDotAlgorithm = (svc+"."+String.valueOf(algo)).trim(); + for (it = p.keySet().iterator(); it.hasNext(); ) + { + key = (String) it.next(); + if (key.equalsIgnoreCase(serviceDotAlgorithm)) // eureka + { + found = true; + break outer; + } + // it may be there but as an alias + if (key.equalsIgnoreCase(ALG_ALIAS + serviceDotAlgorithm)) + { + algo = p.getProperty(key); + continue outer; + } + // else continue inner + } + } + + if (!found) + return false; + + // found a candidate for the querry. do we have an attr to match? + if (val == null) // . querry + return true; + + // . ; find the key entry that match + String realAttr; + int limit = serviceDotAlgorithm.length() + 1; + for (it = p.keySet().iterator(); it.hasNext(); ) + { + key = (String) it.next(); + if (key.length() <= limit) + continue; + + if (key.substring(0, limit).equalsIgnoreCase(serviceDotAlgorithm+" ")) + { + realAttr = key.substring(limit).trim(); + if (! realAttr.equalsIgnoreCase(attr)) + continue; + + // eveything matches so far. do the value + realVal = p.getProperty(key); + if (realVal == null) + return false; + + realVal = realVal.trim(); + // is it a string value? + if (val.equalsIgnoreCase(realVal)) + return true; + + // assume value is a number. cehck for greater-than-or-equal + return (Integer.parseInt(val) >= Integer.parseInt(realVal)); + } + } + + return false; + } +} diff --git a/libjava/classpath/java/security/SecurityPermission.java b/libjava/classpath/java/security/SecurityPermission.java new file mode 100644 index 000000000..6aba18f34 --- /dev/null +++ b/libjava/classpath/java/security/SecurityPermission.java @@ -0,0 +1,178 @@ +/* SecurityPermission.java -- Class for named security permissions + Copyright (C) 1998, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This class provides a mechanism for specified named permissions + * related to the Java security framework. These permissions have no + * associated actions list. They are either granted or not granted. + * + *

The list of valid permission names is:
+ * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + * + *
Permission NamePermission AllowsRisks + *
createAccessControlContextAllows creation of an AccessControlContextThe new control context can have a rogue DomainCombiner, leading + * to a privacy leak
getDomainCombinerGet a DomainCombiner from an AccessControlContextAccess to a DomainCombiner can lead to a privacy leak
getPolicyAllows retrieval of the system security policyMalicious code can use information from the policy to better plan + * an attack
setPolicyAllows the security policy to be changedMalicious code can give itself any permission it wants
getProperty.keyRetrieve the property specified by the keyMalicious code can use information from the property to better plan + * an attack
setProperty.keyAllows changing of the value of all properties implied by keyMalicious code can insert rogue classes to steal keys or recreate + * the security policy with whatever permissions it desires
insertProvider.keyAllows the named provider to be addedMalicious code can insert rogue providers that steal data
removeProvider.keyAllows the named provider to be removedA missing provider can cripple code that relies on it
setSystemScopeAllows the system identity scope to be setMalicious code can add certificates not available in the original + * identity scope, to gain more permissions
setIdentityPublicKeyAllows the public key of an Identity to be setMalicious code can install its own key to gain permissions not + * allowed by the original identity scope
SetIdentityInfoAllows the description of an Identity to be setMalicious code can spoof users into trusting a fake identity
addIdentityCertificateAllows a certificate to be set for the public key of an identityThe public key can become trusted to a wider audience than originally + * intended
removeIdentityCertificateAllows removal of a certificate from an identity's public keyThe public key can become less trusted than it should be
printIdentityView the name of the identity and scope, and whether they are + * trustedThe scope may include a filename, which provides an entry point for + * further security breaches
clearProviderProperties.keyAllows the properties of the named provider to be clearedThis can disable parts of the program which depend on finding the + * provider
putProviderProperty.keyAllows the properties of the named provider to be changedMalicious code can replace the implementation of a provider
removeProviderProperty.keyAllows the properties of the named provider to be deletedThis can disable parts of the program which depend on finding the + * provider
getSignerPrivateKeyAllows the retrieval of the private key for a signerAnyone that can access the private key can claim to be the + * Signer
setSignerKeyPairAllows the public and private key of a Signer to be changedThe replacement might be a weaker encryption, or the attacker + * can use knowledge of the replaced key to decrypt an entire + * communication session
+ * + *

There is some degree of security risk in granting any of these + * permissions. Some of them can completely compromise system security. + * Please exercise extreme caution in granting these permissions. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Permission + * @see SecurityManager + * @since 1.1 + * @status updated to 1.4 + */ +public final class SecurityPermission extends BasicPermission +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5236109936224050470L; + + /** + * Create a new instance with the specified name. + * + * @param name the name to assign to this permission + */ + public SecurityPermission(String name) + { + super(name); + } + + /** + * Create a new instance with the specified name. As SecurityPermission + * carries no actions, the second parameter is ignored. + * + * @param name the name to assign to this permission + * @param actions ignored + */ + public SecurityPermission(String name, String actions) + { + super(name); + } +} // class SecurityPermission diff --git a/libjava/classpath/java/security/Signature.java b/libjava/classpath/java/security/Signature.java new file mode 100644 index 000000000..d7186395f --- /dev/null +++ b/libjava/classpath/java/security/Signature.java @@ -0,0 +1,593 @@ +/* Signature.java --- Signature Class + Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.nio.ByteBuffer; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.security.spec.AlgorithmParameterSpec; + +/** + * Signature is used to provide an interface to digital signature + * algorithms. Digital signatures provide authentication and data integrity of + * digital data. + * + *

The GNU provider provides the NIST standard DSA which uses DSA and SHA-1. + * It can be specified by SHA/DSA, SHA-1/DSA or its OID. If the RSA signature + * algorithm is provided then it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The + * algorithm must be specified because there is no default.

+ * + *

Signature provides implementation-independent algorithms which are + * requested by the user through the getInstance() methods. It can + * be requested by specifying just the algorithm name or by specifying both the + * algorithm name and provider name.

+ * + *

The three phases of using Signature are:

+ * + *
    + *
  1. Initializing: + *
      + *
    • It must be initialized with a private key for signing.
      • + *
    • It must be initialized with a public key for verifying.
      • + * + * + *
    • Updating: + *

      Update the bytes for signing or verifying with calls to update.

      + *
      • + * + *
    • Signing or Verify the signature on the currently stored bytes by + * calling sign or verify.
      • + *
+ * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + */ +public abstract class Signature extends SignatureSpi +{ + /** Service name for signatures. */ + private static final String SIGNATURE = "Signature"; + + /** + * Possible state value which signifies that this instance has not yet been + * initialized. + */ + protected static final int UNINITIALIZED = 0; + + /** + * Possible state value which signifies that this instance has been + * initialized for signing purposes. + */ + protected static final int SIGN = 2; + + /** + * Possible state value which signifies that this instance has been + * initialized for verification purposes. + */ + protected static final int VERIFY = 3; + + /** Current sate of this instance. */ + protected int state = UNINITIALIZED; + + private String algorithm; + Provider provider; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Constructs a new Signature instance for a designated digital + * signature algorithm. + * + * @param algorithm + * the algorithm to use. + */ + protected Signature(String algorithm) + { + this.algorithm = algorithm; + state = UNINITIALIZED; + } + + /** + * Returns an instance of Signature representing the specified + * signature. + * + * @param algorithm the algorithm to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by any + * provider. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static Signature getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of Signature representing the specified + * signature from the named provider. + * + * @param algorithm the algorithm to use. + * @param provider the name of the provider to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchProviderException if the named provider was not found. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * named provider. + * @throws IllegalArgumentException if either algorithm or + * provider is null or empty. + */ + public static Signature getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + provider = provider.trim(); + if (provider.length() == 0) + throw new IllegalArgumentException("provider MUST NOT be empty"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of Signature representing the specified + * signature from the specified {@link Provider}. + * + * @param algorithm the algorithm to use. + * @param provider the {@link Provider} to use. + * @return a new instance repesenting the desired algorithm. + * @throws NoSuchAlgorithmException if the algorithm is not implemented by the + * {@link Provider}. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + */ + public static Signature getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("Signature algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] "); + Object o; + try + { + o = Engine.getInstance(SIGNATURE, algorithm, provider); + } + catch (InvocationTargetException x) + { + Throwable cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + sb.append("could not be created"); + NoSuchAlgorithmException y = new NoSuchAlgorithmException(sb.toString()); + y.initCause(cause); + throw y; + } + Signature result; + if (o instanceof SignatureSpi) + result = new DummySignature((SignatureSpi) o, algorithm); + else if (o instanceof Signature) + { + result = (Signature) o; + result.algorithm = algorithm; + } + else + { + sb.append("is of an unexpected Type: ").append(o.getClass().getName()); + throw new NoSuchAlgorithmException(sb.toString()); + } + result.provider = provider; + return result; + } + + /** + * Returns the {@link Provider} of this instance. + * + * @return the {@link Provider} of this instance. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initializes this instance with the public key for verification purposes. + * + * @param publicKey + * the public key to verify with. + * @throws InvalidKeyException + * if the key is invalid. + */ + public final void initVerify(PublicKey publicKey) throws InvalidKeyException + { + state = VERIFY; + engineInitVerify(publicKey); + } + + /** + * Verify a signature with a designated {@link Certificate}. This is a FIPS + * 140-1 compatible method since it verifies a signature with a certificate. + * + *

If the {@link Certificate} is an X.509 one, has a KeyUsage + * parameter and that parameter indicates this key is not to be used for + * signing then an exception is thrown.

+ * + * @param certificate + * a {@link Certificate} containing a public key to verify with. + * @throws InvalidKeyException if the key is invalid. + */ + public final void initVerify(Certificate certificate) + throws InvalidKeyException + { + state = VERIFY; + if (certificate.getType().equals("X509")) + { + X509Certificate cert = (X509Certificate) certificate; + boolean[]array = cert.getKeyUsage(); + if (array != null && array[0] == false) + throw new InvalidKeyException( + "KeyUsage of this Certificate indicates it cannot be used for digital signing"); + } + this.initVerify(certificate.getPublicKey()); + } + + /** + * Initializes this class with the private key for signing purposes. + * + * @param privateKey + * the private key to sign with. + * @throws InvalidKeyException + * if the key is invalid. + */ + public final void initSign(PrivateKey privateKey) throws InvalidKeyException + { + state = SIGN; + engineInitSign(privateKey); + } + + /** + * Initializes this class with the private key and source of randomness for + * signing purposes. + * + * @param privateKey + * the private key to sign with. + * @param random + * the {@link SecureRandom} to use. + * @throws InvalidKeyException + * if the key is invalid. + */ + public final void initSign(PrivateKey privateKey, SecureRandom random) + throws InvalidKeyException + { + state = SIGN; + engineInitSign(privateKey, random); + } + + /** + * Returns the signature bytes of all the data fed to this instance. The + * format of the output depends on the underlying signature algorithm. + * + * @return the signature bytes. + * @throws SignatureException + * if the engine is not properly initialized. + */ + public final byte[] sign() throws SignatureException + { + if (state == SIGN) + return engineSign(); + else + throw new SignatureException(); + } + + /** + * Generates signature bytes of all the data fed to this instance and stores + * it in the designated array. The format of the result depends on the + * underlying signature algorithm. + * + *

After calling this method, the instance is reset to its initial state + * and can then be used to generate additional signatures.

+ * + *

IMPLEMENTATION NOTE: Neither this method nor the GNU provider + * will return partial digests. If len is less than the + * signature length, this method will throw a {@link SignatureException}. If + * it is greater than or equal then it is ignored.

+ * + * @param outbuf + * array of bytes of where to store the resulting signature bytes. + * @param offset + * the offset to start at in the array. + * @param len + * the number of the bytes to use in the array. + * @return the real number of bytes used. + * @throws SignatureException + * if the engine is not properly initialized. + * @since 1.2 + */ + public final int sign(byte[] outbuf, int offset, int len) + throws SignatureException + { + if (state == SIGN) + return engineSign(outbuf, offset, len); + else + throw new SignatureException(); + } + + /** + * Verifies a designated signature. + * + * @param signature + * the signature bytes to verify. + * @return true if verified, false otherwise. + * @throws SignatureException + * if the engine is not properly initialized or the signature does + * not check. + */ + public final boolean verify(byte[]signature) throws SignatureException + { + if (state == VERIFY) + return engineVerify(signature); + else + throw new SignatureException(); + } + + /** + * Verifies a designated signature. + * + * @param signature + * the signature bytes to verify. + * @param offset + * the offset to start at in the array. + * @param length + * the number of the bytes to use from the array. + * @return true if verified, false otherwise. + * @throws IllegalArgumentException + * if the signature byte array is null, + * or the offset or length is less + * than 0, or the sum of the offset + * and length is greater than the length of the + * signature byte array. + * @throws SignatureException + * if the engine is not properly initialized or the signature does + * not check. + */ + public final boolean verify(byte[] signature, int offset, int length) + throws SignatureException + { + if (state != VERIFY) + throw new SignatureException("illegal state"); + + if (signature == null) + throw new IllegalArgumentException("signature is null"); + if (offset < 0) + throw new IllegalArgumentException("offset is less than 0"); + if (length < 0) + throw new IllegalArgumentException("length is less than 0"); + if (offset + length < signature.length) + throw new IllegalArgumentException("range is out of bounds"); + + return engineVerify(signature, offset, length); + } + + /** + * Updates the data to be signed or verified with the specified byte. + * + * @param b + * the byte to update with. + * @throws SignatureException + * if the engine is not properly initialized. + */ + public final void update(byte b) throws SignatureException + { + if (state != UNINITIALIZED) + engineUpdate(b); + else + throw new SignatureException(); + } + + /** + * Updates the data to be signed or verified with the specified bytes. + * + * @param data + * the array of bytes to use. + * @throws SignatureException + * if the engine is not properly initialized. + */ + public final void update(byte[]data) throws SignatureException + { + if (state != UNINITIALIZED) + engineUpdate(data, 0, data.length); + else + throw new SignatureException(); + } + + /** + * Updates the data to be signed or verified with the specified bytes. + * + * @param data + * an array of bytes to use. + * @param off + * the offset to start at in the array. + * @param len + * the number of bytes to use from the array. + * @throws SignatureException + * if the engine is not properly initialized. + */ + public final void update(byte[]data, int off, int len) + throws SignatureException + { + if (state != UNINITIALIZED) + engineUpdate(data, off, len); + else + throw new SignatureException(); + } + + /** + * Update this signature with the {@link java.nio.Buffer#remaining()} + * bytes of the input buffer. + * + * @param input The input buffer. + * @throws SignatureException If this instance was not properly + * initialized. + */ + public final void update(ByteBuffer input) throws SignatureException + { + if (state != UNINITIALIZED) + engineUpdate(input); + else + throw new SignatureException("not initialized"); + } + + /** + * Returns the name of the algorithm currently used. The names of algorithms + * are usually SHA/DSA or SHA/RSA. + * + * @return name of algorithm. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns a rstring representation of this instance. + * + * @return a rstring representation of this instance. + */ + public String toString() + { + return (algorithm + " Signature"); + } + + /** + * Sets the specified algorithm parameter to the specified value. + * + * @param param + * the parameter name. + * @param value + * the parameter value. + * @throws InvalidParameterException + * if the parameter is invalid, the parameter is already set and + * can not be changed, a security exception occured, etc. + * @deprecated use the other setParameter + */ + public final void setParameter(String param, Object value) + throws InvalidParameterException + { + engineSetParameter(param, value); + } + + /** + * Sets the signature engine with the specified {@link AlgorithmParameterSpec}. + * + *

By default, and unless overriden by the concrete SPI, this method always + * throws an {@link UnsupportedOperationException}.

+ * + * @param params + * the parameters to use for intializing this instance. + * @throws InvalidParameterException + * if the parameter is invalid, the parameter is already set and + * cannot be changed, a security exception occured, etc. + */ + public final void setParameter(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException + { + engineSetParameter(params); + } + + /** + * Return the parameters of the algorithm used in this instance as an + * {@link AlgorithmParameters}. + * + * @return the parameters used with this instance, or null if + * this instance does not use any parameters. + */ + public final AlgorithmParameters getParameters() + { + return engineGetParameters(); + } + + /** + * Returns the value for the specified algorithm parameter. + * + * @param param + * the parameter name. + * @return the parameter value. + * @throws InvalidParameterException + * if the parameter is invalid. + * @deprecated use the other getParameter + */ + public final Object getParameter(String param) + throws InvalidParameterException + { + return engineGetParameter(param); + } + + /** + * Returns a clone of this instance. + * + * @return a clone of this instace. + * @throws CloneNotSupportedException + * if the implementation does not support cloning. + */ + public Object clone() throws CloneNotSupportedException + { + return super.clone(); + } +} diff --git a/libjava/classpath/java/security/SignatureException.java b/libjava/classpath/java/security/SignatureException.java new file mode 100644 index 000000000..b097bacfc --- /dev/null +++ b/libjava/classpath/java/security/SignatureException.java @@ -0,0 +1,92 @@ +/* SignatureException.java -- Generic error in signature + Copyright (C) 1998, 2002, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when a problem is encountered with a + * digital signature. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class SignatureException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 7509989324975124438L; + + /** + * Create an instance with no descriptive error message. + */ + public SignatureException() + { + } + + /** + * Create an instance with a descriptive error message. + * + * @param msg the message + */ + public SignatureException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public SignatureException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public SignatureException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/SignatureSpi.java b/libjava/classpath/java/security/SignatureSpi.java new file mode 100644 index 000000000..1ed078c0b --- /dev/null +++ b/libjava/classpath/java/security/SignatureSpi.java @@ -0,0 +1,316 @@ +/* SignatureSpi.java --- Signature Service Provider Interface + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.nio.ByteBuffer; +import java.security.spec.AlgorithmParameterSpec; + +/** + * SignatureSpi defines the Service Provider Interface (SPI) for + * the {@link Signature} class. The signature class provides an interface to a + * digital signature algorithm. Digital signatures are used for authentication + * and integrity of data. + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + * @since 1.2 + * @see Signature + */ +public abstract class SignatureSpi +{ + /** Source of randomness. */ + protected SecureRandom appRandom; + + /** + * Creates a new instance of SignatureSpi. + */ + public SignatureSpi() + { + appRandom = null; + } + + /** + * Initializes this instance with the public key for verification purposes. + * + * @param publicKey + * the public key to verify with. + * @throws InvalidKeyException + * if the key is invalid. + */ + protected abstract void engineInitVerify(PublicKey publicKey) + throws InvalidKeyException; + + /** + * Initializes this instance with the private key for signing purposes. + * + * @param privateKey + * the private key to sign with. + * @throws InvalidKeyException + * if the key is invalid. + */ + protected abstract void engineInitSign(PrivateKey privateKey) + throws InvalidKeyException; + + /** + * Initializes this instance with the private key and source of randomness for + * signing purposes. + * + *

This method cannot be abstract for backward compatibility reasons.

+ * + * @param privateKey + * the private key to sign with. + * @param random + * the {@link SecureRandom} to use. + * @throws InvalidKeyException + * if the key is invalid. + * @since 1.2 + */ + protected void engineInitSign(PrivateKey privateKey, SecureRandom random) + throws InvalidKeyException + { + appRandom = random; + engineInitSign(privateKey); + } + + /** + * Updates the data to be signed or verified with the specified byte. + * + * @param b + * byte to update with. + * @throws SignatureException + * if the engine is not properly initialized. + */ + protected abstract void engineUpdate(byte b) throws SignatureException; + + /** + * Updates the data to be signed or verified with the specified bytes. + * + * @param b + * the array of bytes to use. + * @param off + * the offset to start at in the array. + * @param len + * the number of the bytes to use from the array. + * @throws SignatureException + * if the engine is not properly initialized. + */ + protected abstract void engineUpdate(byte[] b, int off, int len) + throws SignatureException; + + /** + * Update this signature with the {@link java.nio.Buffer#remaining()} + * bytes of the given buffer. + * + * @param input The input buffer. + * @throws IllegalStateException if the engine is not properly initialized. + */ + protected void engineUpdate(ByteBuffer input) + { + byte[] buf = new byte[4096]; + while (input.hasRemaining()) + { + int l = Math.min(input.remaining(), buf.length); + input.get(buf, 0, l); + try + { + engineUpdate(buf, 0, l); + } + catch (SignatureException se) + { + throw new IllegalStateException(se); + } + } + } + + /** + * Returns the signature bytes of all the data fed to this instance. The + * format of the output depends on the underlying signature algorithm. + * + * @return the signature bytes. + * @throws SignatureException + * if the engine is not properly initialized. + */ + protected abstract byte[] engineSign() throws SignatureException; + + /** + * Generates signature bytes of all the data fed to this instance and stores + * the result in the designated array. The format of the output depends on + * the underlying signature algorithm. + * + *

This method cannot be abstract for backward compatibility reasons. + * After calling this method, the signature is reset to its initial state and + * can be used to generate additional signatures.

+ * + *

IMPLEMENTATION NOTE:: Neither this method nor the GNU provider + * will return partial digests. If len is less than the + * signature length, this method will throw a {@link SignatureException}. If + * it is greater than or equal then it is ignored.

+ * + * @param outbuf + * the array of bytes to store the result in. + * @param offset + * the offset to start at in the array. + * @param len + * the number of the bytes to use in the array. + * @return the real number of bytes used. + * @throws SignatureException + * if the engine is not properly initialized. + * @since 1.2 + */ + protected int engineSign(byte[] outbuf, int offset, int len) + throws SignatureException + { + byte[] tmp = engineSign(); + if (tmp.length > len) + throw new SignatureException("Invalid Length"); + + System.arraycopy(outbuf, offset, tmp, 0, tmp.length); + return tmp.length; + } + + /** + * Verifies a designated signature. + * + * @param sigBytes + * the signature bytes to verify. + * @return true if verified, false otherwise. + * @throws SignatureException + * if the engine is not properly initialized or if it is the wrong + * signature. + */ + protected abstract boolean engineVerify(byte[] sigBytes) + throws SignatureException; + + /** + * Convenience method which calls the method with the same name and one + * argument after copying the designated bytes into a temporary byte array. + * Subclasses may override this method for performance reasons. + * + * @param sigBytes + * the array of bytes to use. + * @param offset + * the offset to start from in the array of bytes. + * @param length + * the number of bytes to use, starting at offset. + * @return true if verified, false otherwise. + * @throws SignatureException + * if the engine is not properly initialized. + */ + protected boolean engineVerify(byte[] sigBytes, int offset, int length) + throws SignatureException + { + byte[] tmp = new byte[length]; + System.arraycopy(sigBytes, offset, tmp, 0, length); + return engineVerify(tmp); + } + + /** + * Sets the specified algorithm parameter to the specified value. + * + * @param param + * the parameter name. + * @param value + * the parameter value. + * @throws InvalidParameterException + * if the parameter invalid, the parameter is already set and + * cannot be changed, a security exception occured, etc. + * @deprecated use the other setParameter. + */ + protected abstract void engineSetParameter(String param, Object value) + throws InvalidParameterException; + + /** + * Sets the signature engine with the specified {@link AlgorithmParameterSpec}. + * + *

This method cannot be abstract for backward compatibility reasons. By + * default it always throws {@link UnsupportedOperationException} unless + * overridden.

+ * + * @param params + * the parameters. + * @throws InvalidParameterException + * if the parameter is invalid, the parameter is already set and + * cannot be changed, a security exception occured, etc. + */ + protected void engineSetParameter(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException + { + throw new UnsupportedOperationException(); + } + + /** + * The default implementaion of this method always throws a + * {@link UnsupportedOperationException}. It MUST be overridden by concrete + * implementations to return the appropriate {@link AlgorithmParameters} for + * this signature engine (or null when that engine does not use + * any parameters. + * + * @return the parameters used with this signature engine, or + * null if it does not use any parameters. + * @throws UnsupportedOperationException + * always. + */ + protected AlgorithmParameters engineGetParameters() + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the value for the specified algorithm parameter. + * + * @param param + * the parameter name. + * @return the parameter value. + * @throws InvalidParameterException + * if the parameter is invalid. + * @deprecated use the other getParameter + */ + protected abstract Object engineGetParameter(String param) + throws InvalidParameterException; + + /** + * Returns a clone of this instance. + * + * @return a clone of this instance. + * @throws CloneNotSupportedException + * if the implementation does not support cloning. + */ + public Object clone() throws CloneNotSupportedException + { + return super.clone(); + } +} diff --git a/libjava/classpath/java/security/SignedObject.java b/libjava/classpath/java/security/SignedObject.java new file mode 100644 index 000000000..79f551cce --- /dev/null +++ b/libjava/classpath/java/security/SignedObject.java @@ -0,0 +1,203 @@ +/* SignedObject.java --- Signed Object Class + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.ObjectInput; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; + +/** + * SignedObject is used for storing runtime objects whose + * integrity cannot be compromised without being detected. + * + *

SignedObject contains a {@link Serializable} object which is + * yet to be signed and a digital signature of that object.

+ * + *

The signed copy is a "deep copy" (in serialized form) of an original + * object. Any changes to that original instance are not reflected in the + * enclosed copy inside this SignedObject.

+ * + *

Several things to note are that, first there is no need to initialize the + * signature engine as this class will handle that automatically. Second, + * verification will only succeed if the public key corresponds to the private + * key used to generate the digital signature inside this + * SignedObject.

+ * + *

For fexibility, the signature engine can be specified in the constructor + * or the verify() method. Programmers wishing to verify + * SignedObjects should be aware of the {@link Signature} engine + * they use. A malicious or flawed {@link Signature} implementation may always + * return true on verification thus circumventing the intended secrity check + * provided by the SignedObject.

+ * + *

The GNU security provider offers an implementation of the standard NIST + * DSA which uses "DSA" and "SHA-1". It can be specified by "SHA/DSA", + * "SHA-1/DSA" or its OID. If the RSA signature algorithm is provided then it + * could be "MD2/RSA". "MD5/RSA", or "SHA-1/RSA". The algorithm must be + * specified because there is no default.

+ * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + * @since 1.2 + * @see Signature + */ +public final class SignedObject implements Serializable +{ + private static final long serialVersionUID = 720502720485447167L; + + /** @serial */ + private byte[] content; + /** @serial */ + private byte[] signature; + /** @serial */ + private String thealgorithm; + + /** + * Constructs a new instance of SignedObject from a + * {@link Serializable} object. The object is signed with a designated + * private key and a signature engine. + * + * @param object + * the object to sign. + * @param signingKey + * the key to use. + * @param signingEngine + * the signature engine to use. + * @throws IOException + * if a serialization error occurred. + * @throws InvalidKeyException + * if the key is invalid. + * @throws SignatureException + * if a signing error occurs. + */ + public SignedObject(Serializable object, PrivateKey signingKey, + Signature signingEngine) + throws IOException, InvalidKeyException, SignatureException + { + thealgorithm = signingEngine.getAlgorithm(); + + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); + ObjectOutputStream p = new ObjectOutputStream(ostream); + p.writeObject(object); + p.flush(); + p.close(); + + content = ostream.toByteArray(); + + signingEngine.initSign(signingKey); + signingEngine.update(content); + signature = signingEngine.sign(); + } + + /** + * Returns the encapsulated object. The object is de-serialized before being + * returned. + * + * @return the encapsulated object. + * @throws IOException + * if a de-serialization error occurs. + * @throws ClassNotFoundException + * if the encapsulated object's class was not found. + */ + public Object getObject() throws IOException, ClassNotFoundException + { + ByteArrayInputStream bais = new ByteArrayInputStream(content); + ObjectInput oi = new ObjectInputStream(bais); + Object obj = oi.readObject(); + oi.close(); + bais.close(); + + return obj; + } + + /** + * Returns the signature bytes of the encapsulated object. + * + * @return the signature bytes of the encapsulated object. + */ + public byte[] getSignature() + { + return (byte[]) signature.clone(); + + } + + /** + * Returns the name of the signature algorithm. + * + * @return the name of the signature algorithm. + */ + public String getAlgorithm() + { + return thealgorithm; + } + + /** + * Verifies the encapsulated digital signature by checking that it was + * generated by the owner of a designated public key. + * + * @param verificationKey + * the public key to use. + * @param verificationEngine + * the signature engine to use. + * @return true if signature is correct, false + * otherwise. + * @throws InvalidKeyException + * if the key is invalid. + * @throws SignatureException + * if verification fails. + */ + public boolean verify(PublicKey verificationKey, Signature verificationEngine) + throws InvalidKeyException, SignatureException + { + verificationEngine.initVerify(verificationKey); + verificationEngine.update(content); + return verificationEngine.verify(signature); + } + + /** Called to restore the state of the SignedObject from a stream. */ + private void readObject(ObjectInputStream s) + throws IOException, ClassNotFoundException + { + s.defaultReadObject(); + content = (byte[]) content.clone(); + signature = (byte[]) signature.clone(); + } +} diff --git a/libjava/classpath/java/security/Signer.java b/libjava/classpath/java/security/Signer.java new file mode 100644 index 000000000..18259c863 --- /dev/null +++ b/libjava/classpath/java/security/Signer.java @@ -0,0 +1,148 @@ +/* Signer.java --- Signer Class + Copyright (C) 1999, 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * Signer is a subclass of {@link Identity}. It is used to store a + * digital signature key with an Identity. + * + * @author Mark Benvenuto (ivymccough@worldnet.att.net) + * @deprecated Replaced by java.security.KeyStore, the + * java.security.cert package, and java.security.Principal. + */ +public abstract class Signer extends Identity +{ + private static final long serialVersionUID = -1763464102261361480L; + private PrivateKey privateKey = null; + + /** Trivial constructor for serialization purposes. */ + protected Signer() + { + } + + /** + * Constructs a new instance of Signer with the specified + * identity name. + * + * @param name + * the name of the identity to use. + */ + public Signer(String name) + { + super(name); + } + + /** + * Constructs a new instance of Signer with the specified + * identity name and {@link IdentityScope}. + * + * @param name + * the name of the the identity to use. + * @param scope + * the {@link IdentityScope} to use. + * @throws KeyManagementException + * if a duplicate identity name exists within + * scope. + */ + public Signer(String name, IdentityScope scope) throws KeyManagementException + { + super(name, scope); + } + + /** + * Returns the private key of this Signer. + * + * @returns the private key of this Signer. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public PrivateKey getPrivateKey() + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("getSignerPrivateKey"); + + return privateKey; + } + + /** + * Specifies the {@link KeyPair} associated with this Signer. + * + * @param pair + * the {@link KeyPair} to use. + * @throws InvalidParameterException + * if the key-pair is invalid. + * @throws KeyException + * if any another key-related error occurs. + * @throws SecurityException + * if a {@link SecurityManager} is installed which disallows this + * operation. + */ + public final void setKeyPair(KeyPair pair) + throws InvalidParameterException, KeyException + { + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSecurityAccess("setSignerKeyPair"); + + try + { + if (pair.getPublic() != null) + setPublicKey(pair.getPublic()); + else + throw new InvalidParameterException(); + + } + catch (KeyManagementException kme) + { + throw new KeyException(); + } + + if (pair.getPrivate() != null) + privateKey = pair.getPrivate(); + else + throw new InvalidParameterException(); + } + + /** @returns a string representing this Signer. */ + public String toString() + { + return (getName() + ": " + privateKey); + } +} diff --git a/libjava/classpath/java/security/UnrecoverableKeyException.java b/libjava/classpath/java/security/UnrecoverableKeyException.java new file mode 100644 index 000000000..6759c3c7b --- /dev/null +++ b/libjava/classpath/java/security/UnrecoverableKeyException.java @@ -0,0 +1,71 @@ +/* UnrecoverableKeyException.java -- Cannot recover a key from the key store + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security; + +/** + * This exception is thrown when a key cannot be recovered from the key + * store. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @since 1.2 + * @status updated to 1.4 + */ +public class UnrecoverableKeyException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 7275063078190151277L; + + /** + * Create an instance with no descriptive error message. + */ + public UnrecoverableKeyException() + { + } + + /** + * Create an instance with a descriptive error message. + * + * @param msg the descriptive error message + */ + public UnrecoverableKeyException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/UnresolvedPermission.java b/libjava/classpath/java/security/UnresolvedPermission.java new file mode 100644 index 000000000..449454aaf --- /dev/null +++ b/libjava/classpath/java/security/UnresolvedPermission.java @@ -0,0 +1,345 @@ +/* UnresolvedPermission.java -- Placeholder for unresolved permissions + Copyright (C) 1998, 2001, 2002, 2004, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security; + +// All uses of Certificate in this file refer to the one in the listed +// package, not this one. +import java.security.cert.Certificate; +import java.util.Arrays; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.NoSuchElementException; +import java.util.Vector; + +/** + * This class is used to hold instances of all permissions that cannot + * be resolved to available permission classes when the security + * Policy object is instantiated. This may happen when the + * necessary security class has not yet been downloaded from the network. + * + *

Instances of this class are re-resolved when + * AccessController check is done. At that time, a scan is + * made of all existing UnresolvedPermission objects and they + * are converted to objects of the appropriate permission type if the class + * for that type is then available. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Permission + * @see Permissions + * @see PermissionCollection + * @see Policy + * @since 1.1 + * @status updated to 1.4 + */ +public final class UnresolvedPermission extends Permission +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -4821973115467008846L; + + /** + * The list of actions associated with this permission object. + * + * @serial the permission actions + */ + private final String actions; + + /** + * The list of Certificates associated with this object. + */ + private final transient Certificate[] certs; + + /** + * The name of the class this object should be resolved to. + * + * @serial the fully-qualified classname of the resolved type + */ + // Package visible for use by UnresolvedPermissionCollection. + final String type; + + /** + * The name of the permission. + * + * @serial the permission name + */ + private final String name; + + /** + * Create a new instance with all the information necessary to resolve it + * to an instance of the proper class at a future time. + * + * @param type the fully-qualified name of the class of this permission + * @param name the name of this permission + * @param actions the action list for this permission + * @param certs the list of certificates that sign this permission + */ + public UnresolvedPermission(String type, String name, String actions, + Certificate[] certs) + { + super(name); + this.name = name; + this.type = type; + this.actions = actions; + this.certs = certs; + } + + /** + * This method returns false always to indicate that this + * permission does not imply the specified permission. An + * UnresolvedPermission never grants any permissions. + * + * @param perm the Permission object to test + * @return false; until a permission is resolved, it implies nothing + */ + public boolean implies(Permission perm) + { + return false; + } + + /** + * This method tests this permission for equality against the specified + * Object. This will be true if and only if the following + * conditions are met:

    + *
  • The specified Object is an UnresolvedPermission
    • + *
  • The specified permission has the same type (i.e., desired class name) + * as this permission.
    • + *
  • The specified permission has the same name as this one.
    • + *
  • The specified permissoin has the same action list as this one.
    • + *
  • The specified permission has the same certificate list as this + * one.
    • + *
+ * + * @param obj the Object to test for equality + * @return true if the specified object is equal to this one + */ + public boolean equals(Object obj) + { + if (! (obj instanceof UnresolvedPermission)) + return (false); + UnresolvedPermission up = (UnresolvedPermission) obj; + return up.name.equals(name) && up.actions.equals(actions) + && up.type.equals(type) && Arrays.equals(up.certs, certs); + } + + /** + * Returns a hash code value for this object. Following the lead of + * Permission, this returns the hashcode of the permission name. + * + * @return A hash value + */ + public int hashCode() + { + return name.hashCode(); + } + + /** + * This method returns the list of actions associated with this + * permission. + * + * @return the action list + */ + public String getActions() + { + return actions; + } + + /** + * This method returns a String representation of this + * class. The format is: '(unresolved "ClassName "name" "actions")' + * + * @return String representation of this object + */ + public String toString() + { + return "(unresolved " + type + ' ' + name + ' ' + actions + ')'; + } + + /** + * This class returns a PermissionCollection object that can + * be used to store instances of UnresolvedPermission. + * + * @return a new PermissionCollection + */ + public PermissionCollection newPermissionCollection() + { + return new UnresolvedPermissionCollection(); + } + + /** + * Return the name of the class of the unresolved permission. + * @since 1.5 + */ + public String getUnresolvedType() + { + return type; + } + + /** + * Return the name of the unresolved permission. + * @since 1.5 + */ + public String getUnresolvedName() + { + return name; + } + + /** + * Return the actions of the unresolved permission, or null + * if there are no actions. + * @since 1.5 + */ + public String getUnresolvedActions() + { + return actions; + } + + /** + * Return the certificates of the unresolved permission. + * If there are no certificates, null is returned. Otherwise, + * a new array is returned. + * @since 1.5 + */ + public Certificate[] getUnresolvedCerts() + { + if (certs == null) + return null; + return (Certificate[]) certs.clone(); + } +} // class UnresolvedPermission + +/** + * Implements the permission collection for unresolved permissions, and + * obeys serialization of JDK. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ +class UnresolvedPermissionCollection extends PermissionCollection +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -7176153071733132400L; + + // Package-private to avoid a trampoline. + /** + * Hashtable where we store permissions. + * + * @serial map of typename to a Vector of permissions (you'd think Sun + * would document this better!) + */ + final Hashtable permissions = new Hashtable(); + + /** + * Add a permission. + * + * @param perm the permission to add + * @throws IllegalArgumentException if perm is not an UnresolvedPermission + * @throws SecurityException if the collection is read-only + */ + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException(); + if (! (perm instanceof UnresolvedPermission)) + throw new IllegalArgumentException(); + UnresolvedPermission up = (UnresolvedPermission) perm; + Vector v = (Vector) permissions.get(up.type); + if (v == null) + { + v = new Vector(); + permissions.put(up.type, v); + } + v.add(up); + } + + /** + * Returns true if perm is implied by the collection. + * + * @param perm the permission to check + * @return false; unresolved permissions imply nothing + */ + public boolean implies(Permission perm) + { + return false; + } + + /** + * Return the elements. + * + * @return the elements + */ + public Enumeration elements() + { + return new Enumeration() + { + Enumeration main_enum = permissions.elements(); + Enumeration sub_enum; + + public boolean hasMoreElements() + { + if (sub_enum == null) + { + if (main_enum == null) + return false; + if (! main_enum.hasMoreElements()) + { + main_enum = null; + return false; + } + Vector v = (Vector) main_enum.nextElement(); + sub_enum = v.elements(); + } + if (! sub_enum.hasMoreElements()) + { + sub_enum = null; + return hasMoreElements(); + } + return true; + } + + public Object nextElement() + { + if (! hasMoreElements()) + throw new NoSuchElementException(); + return sub_enum.nextElement(); + } + }; + } +} // class UnresolvedPermissionCollection diff --git a/libjava/classpath/java/security/acl/Acl.java b/libjava/classpath/java/security/acl/Acl.java new file mode 100644 index 000000000..10a59fdf5 --- /dev/null +++ b/libjava/classpath/java/security/acl/Acl.java @@ -0,0 +1,153 @@ +/* Acl.java -- An access control list + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +import java.security.Principal; +import java.util.Enumeration; + +/** + * A Java access control list (ACL) is a group of individual ACL entries. + * These entries consist of a Principal and a list of + * permissions this Principal is either granted or denied. + * A given Principal can have at most one positive ACL entry + * (i.e., one that grants permissions) and one negative ACL entry (i.e., one + * that denies permissions). If a given permission is both granted and + * denied, the ACL treats it as if it were never granted or denied. If + * both a Principal and a Group to which the + * Principal belongs have an ACL entry, the permissions for + * the individual Principal take precedence over the + * permissions of the Group if there is a conflict. + *

+ * Additionally, the ACL interface extends the Owner interface + * and so an ACL has owners. Actions which modify the ACL are restricted + * to owners. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface Acl extends Owner +{ + + /** + * This method returns the name of this ACL. + * + * @return The name of this ACL + */ + String getName(); + + /** + * This method sets the name of the ACL + * + * @param caller The Principal requesting the action. + * @param name The new name for this ACL. + * + * @exception NotOwnerException If the caller is not an owner of this ACL. + */ + void setName(Principal caller, String name) + throws NotOwnerException; + + /** + * This method adds the specified entry to the ACL + * + * @param caller The Principal requesting the addition + * @param entry The ACL entry to add + * + * @return true if the entry was added, false + * if there is already an entry of the same type for the + * Principal. + * + * @exception NotOwnerException If the caller is not an owner of this ACL. + */ + boolean addEntry(Principal caller, AclEntry entry) + throws NotOwnerException; + + /** + * This method delets the specified entry from the ACL + * + * @param caller The Principal requesting the deletion. + * @param entry The ACL entry to delete + * + * @return true if the entry was deleted, or false + * if this entry was not part of the ACL to begin with + * + * @exception NotOwnerException If the caller is not an owner of this ACL. + */ + boolean removeEntry(Principal caller, AclEntry entry) + throws NotOwnerException; + + /** + * This method returns a list of all the entries in the ACL as an + * Enumeration. + * + * @return An enumeration of the ACL entries + */ + Enumeration entries(); + + /** + * This method tests whether or not the specified Principal + * has the specified Permission + * + * @param user The Principal to test + * @param perm The Permission to test for + * + * @return true if the user has been granted the permission, + * false otherwise + */ + boolean checkPermission(Principal user, Permission perm); + + /** + * This method returns a list of Permission's that are granted + * to a particular Principal. This includes any permissions + * that are granted to Group's to which the Principal + * belongs unless they are overridden by a negative ACL. This permission + * list is returned as an Enumeration. + * + * @param user The Principal to retrieve permissions for. + * + * @return A list of permissions for the Principal. + */ + Enumeration getPermissions(Principal user); + + /** + * This method returns the ACL as a String + * + * @return A String representation of this ACL + */ + String toString(); +} diff --git a/libjava/classpath/java/security/acl/AclEntry.java b/libjava/classpath/java/security/acl/AclEntry.java new file mode 100644 index 000000000..47154b285 --- /dev/null +++ b/libjava/classpath/java/security/acl/AclEntry.java @@ -0,0 +1,143 @@ +/* AclEntry.java -- An entry in an ACL list. + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +import java.security.Principal; +import java.util.Enumeration; + +/** + * This interface models an entry in an access control list (ACL). Java + * ACL's consist of a list of entries, where each consists of a + * Principal and a list of Permission's which + * have been granted to that Principal. An ACL can also + * be negative, which indicates that the list of + * Permission's is a list of permissions that are not + * granted to the Principal. A Principal can + * have at most one regular (or positive) ACL entry and one negative + * ACL entry. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface AclEntry extends Cloneable +{ + /** + * This method returns the Principal associated with this + * ACL entry. + * + * @return The Principal for this ACL entry + */ + Principal getPrincipal(); + + /** + * This method sets ths Principal associated with this + * ACL entry. This operation will only succeed if there is not already + * a Principal assigned. + * + * @param user The Principal for this ACL entry + * + * @return true if the Principal was successfully set or false if this entry already has a Principal. + */ + boolean setPrincipal(Principal user); + + /** + * This method sets this ACL entry to be a negative entry, indicating + * that it contains a list of permissions that are not granted + * to the entry's Principal. Note that there is no way to + * undo this operation. + */ + void setNegativePermissions(); + + /** + * This method tests whether or not this ACL entry is a negative entry or not. + * + * @return true if this ACL entry is negative, false otherwise + */ + boolean isNegative(); + + /** + * This method adds the specified permission to this ACL entry. + * + * @param permission The Permission to add + * + * @return true if the permission was added or false if it was already set for this entry + */ + boolean addPermission(Permission permission); + + /** + * This method deletes the specified permission to this ACL entry. + * + * @param perm The Permission to delete from this ACL entry. + * + * @return true if the permission was successfully deleted or false if the permission was not part of this ACL to begin with + */ + boolean removePermission(Permission perm); + + /** + * This method tests whether or not the specified permission is associated + * with this ACL entry. + * + * @param permission The Permission to test + * + * @return true if this permission is associated with this entry or false otherwise + */ + boolean checkPermission(Permission permission); + + /** + * This method returns a list of all Permission objects + * associated with this ACL entry as an Enumeration. + * + * @return A list of permissions for this ACL entry + */ + Enumeration permissions(); + + /** + * This method returns this object as a String. + * + * @return A String representation of this object + */ + String toString(); + + /** + * This method returns a clone of this ACL entry + * + * @return A clone of this ACL entry + */ + Object clone(); +} diff --git a/libjava/classpath/java/security/acl/AclNotFoundException.java b/libjava/classpath/java/security/acl/AclNotFoundException.java new file mode 100644 index 000000000..9a16d9c50 --- /dev/null +++ b/libjava/classpath/java/security/acl/AclNotFoundException.java @@ -0,0 +1,60 @@ +/* AclNotFoundException.java -- thrown when an ACL is not found + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +/** + * This exception is thrown when a requested access control list (ACL) is + * not found. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class AclNotFoundException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5684295034092681791L; + + /** + * Initializes a new instance of this class with no descriptive message + */ + public AclNotFoundException() + { + } +} diff --git a/libjava/classpath/java/security/acl/Group.java b/libjava/classpath/java/security/acl/Group.java new file mode 100644 index 000000000..a0df75526 --- /dev/null +++ b/libjava/classpath/java/security/acl/Group.java @@ -0,0 +1,90 @@ +/* Group.java -- Represents a group of Principals + Copyright (C) 1998, 2001 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +import java.security.Principal; +import java.util.Enumeration; + +/** + * This interface represents a group of Principals. Note that + * since this interface extends Principal, a Group + * can be used where ever a Principal is requested. This + * includes arguments to the methods in this interface. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface Group extends Principal +{ + /** + * This method adds a new Principal to this group. + * + * @param user The new Principal to add + * + * @return true if the user was successfully added or false if the user is already a member + */ + boolean addMember(Principal user); + + /** + * This method deletes a member from the group. + * + * @param user The Principal to delete + * + * @return true if the user was successfully deleted or false if the user is not a member of the group + */ + boolean removeMember(Principal user); + + /** + * This method tests whether or not a given Principal is a + * member of this group. + * + * @param member The Principal to test for membership + * + * @return true if the user is member, false otherwise + */ + boolean isMember(Principal member); + + /** + * This method returns a list of all members of the group as an + * Enumeration. + * + * @return The list of all members of the group + */ + Enumeration members(); +} diff --git a/libjava/classpath/java/security/acl/LastOwnerException.java b/libjava/classpath/java/security/acl/LastOwnerException.java new file mode 100644 index 000000000..952724459 --- /dev/null +++ b/libjava/classpath/java/security/acl/LastOwnerException.java @@ -0,0 +1,62 @@ +/* LastOwnerException.java -- User attempted to delete last ACL owner + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +/** + * This exception is thrown when an attempt is made to delete the last owner + * of an access control list (ACL) + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Owner#deleteOwner(java.security.Principal, java.security.Principal) + * @status updated to 1.4 + */ +public class LastOwnerException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -5141997548211140359L; + + /** + * Initialize a new instance of LastOwnerException that does + * not have a log message. + */ + public LastOwnerException() + { + } +} diff --git a/libjava/classpath/java/security/acl/NotOwnerException.java b/libjava/classpath/java/security/acl/NotOwnerException.java new file mode 100644 index 000000000..bea94763e --- /dev/null +++ b/libjava/classpath/java/security/acl/NotOwnerException.java @@ -0,0 +1,62 @@ +/* NotOwnerException.java -- Attempt to modify an unowned ACL + Copyright (C) 1998, 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +/** + * This exception is thrown whenever an operation is attempted that requires + * the caller to be the owner of the access control list (ACL) when the caller + * is in fact not the owner of the ACL. + * + * @author Aaron M. Renn (arenn@urbanophile.com) + * @status updated to 1.4 + */ +public class NotOwnerException extends Exception +{ + /** + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = -5555597911163362399L; + + /** + * Initializes a new instance of NotOwnerException that does + * not have a descriptive message. + */ + public NotOwnerException() + { + } +} diff --git a/libjava/classpath/java/security/acl/Owner.java b/libjava/classpath/java/security/acl/Owner.java new file mode 100644 index 000000000..c671cd362 --- /dev/null +++ b/libjava/classpath/java/security/acl/Owner.java @@ -0,0 +1,95 @@ +/* Owner.java -- ACL owner + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +import java.security.Principal; + +/** + * This interface provides a mechanism for maintaining a list of owners + * of an access control list (ACL). Since a Principal must + * be an owner in order to modify the owner list, a mechanism must be + * provided to specify the initial owner of the ACL. The proper way to do + * this is for the implementing class to specify the initial owner in + * the contructor for that class. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface Owner +{ + /** + * This method adds an owner to the access control list (ACL). Only a + * Principal who is already an owner can perform this operation. + * + * @param caller The Principal who is requesting that an owner be added + * @param owner The Principal to add as a new owner + * + * @param true if the new owner was successfully added or false if the specified new owner is already an owner + * + * @exception NotOwnerException If the caller is not already an owner of this ACL + */ + boolean addOwner(Principal caller, Principal owner) + throws NotOwnerException; + + /** + * This method delets an owner from the access control list (ACL). Only a + * Principal who is an owner can perform this operation. An + * owner can delete itself from the list. If there is only one + * owner remaining on this list, any attempt to delete it will throw an + * exception. + * + * @param caller The Principal who is requesting that an owner be deleted + * @param owner The Principal to delete as an owner + * + * @param true if the new owner was successfully deleted or false if the specified owner is not currently an owner + * + * @exception NotOwnerException If the caller is not already an owner of this ACL + * @exception LastOwnerException If completing the operation would delete the last ACL owner + */ + boolean deleteOwner(Principal caller, Principal owner) + throws NotOwnerException, LastOwnerException; + + /** + * This method tests whether or not a given Principal is an + * owner of this access control list (ACL). + * + * @return true if the Principal is an owner, false otherwise + */ + boolean isOwner(Principal owner); +} diff --git a/libjava/classpath/java/security/acl/Permission.java b/libjava/classpath/java/security/acl/Permission.java new file mode 100644 index 000000000..e5ba29138 --- /dev/null +++ b/libjava/classpath/java/security/acl/Permission.java @@ -0,0 +1,67 @@ +/* Permission.java -- Information about an ACL permission + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.acl; + +/** + * This interface provides information about a permission that can be + * granted. Note that this is not the same as the class + * java.security.Permission. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface Permission +{ + /** + * This method tests whether or not a specified Permission + * (passed as an Object) is the same as this permission. + * + * @param perm The permission to check for equality + * + * @return true if the specified permission is the same as this one, false otherwise + */ + boolean equals (Object perm); + + /** + * This method returns this Permission as a String. + * + * @return A String representing this permission. + */ + String toString(); +} diff --git a/libjava/classpath/java/security/acl/package.html b/libjava/classpath/java/security/acl/package.html new file mode 100644 index 000000000..19facf190 --- /dev/null +++ b/libjava/classpath/java/security/acl/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - java.security.acl + + +

+ + + diff --git a/libjava/classpath/java/security/cert/CRL.java b/libjava/classpath/java/security/cert/CRL.java new file mode 100644 index 000000000..1eaa70fa9 --- /dev/null +++ b/libjava/classpath/java/security/cert/CRL.java @@ -0,0 +1,98 @@ +/* CRL.java --- Certificate Revocation List + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + Certificate Revocation List class for managing CRLs that + have different formats but the same general use. They + all serve as lists of revoked certificates and can + be queried for a given certificate. + + Specialized CRLs extend this class. + + @author Mark Benvenuto + + @since JDK 1.2 +*/ +public abstract class CRL +{ + + private String type; + + /** + Creates a new CRL for the specified type. An example + is "X.509". + + @param type the standard name for the CRL type. + */ + protected CRL(String type) + { + this.type = type; + } + + /** + Returns the CRL type. + + @return a string representing the CRL type + */ + public final String getType() + { + return type; + } + + /** + Returns a string representing the CRL. + + @return a string representing the CRL. + */ + public abstract String toString(); + + /** + Determines whether or not the specified Certificate + is revoked. + + @param cert A certificate to check if it is revoked + + @return true if the certificate is revoked, + false otherwise. + */ + public abstract boolean isRevoked(Certificate cert); + + +} diff --git a/libjava/classpath/java/security/cert/CRLException.java b/libjava/classpath/java/security/cert/CRLException.java new file mode 100644 index 000000000..10171c418 --- /dev/null +++ b/libjava/classpath/java/security/cert/CRLException.java @@ -0,0 +1,95 @@ +/* CRLException.java -- Certificate Revocation List Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.GeneralSecurityException; + +/** + * Exception for a Certificate Revocation List. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.5 +*/ +public class CRLException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = -6694728944094197147L; + + /** + * Constructs an CRLExceptionwithout a message string. + */ + public CRLException() + { + } + + /** + * Constructs an CRLException with a message string. + * + * @param msg a message to display with exception + */ + public CRLException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public CRLException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public CRLException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/cert/CRLSelector.java b/libjava/classpath/java/security/cert/CRLSelector.java new file mode 100644 index 000000000..6cd657c7f --- /dev/null +++ b/libjava/classpath/java/security/cert/CRLSelector.java @@ -0,0 +1,69 @@ +/* CRLSelector.java -- matches CRLs against criteria. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * A generic interface to classes that match certificate revocation + * lists (CRLs) to some given criteria. Implementations of this + * interface are useful for finding {@link CRL} objects in a {@link + * CertStore}. + * + * @see CertStore + * @see CertSelector + * @see X509CRLSelector + */ +public interface CRLSelector extends Cloneable +{ + + /** + * Returns a clone of this instance. + * + * @return The clone. + */ + Object clone(); + + /** + * Match a given certificate revocation list to this selector's + * criteria, returning true if it matches, false otherwise. + * + * @param crl The certificate revocation list to test. + * @return The boolean result of this test. + */ + boolean match(CRL crl); +} diff --git a/libjava/classpath/java/security/cert/CertPath.java b/libjava/classpath/java/security/cert/CertPath.java new file mode 100644 index 000000000..7211647a4 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPath.java @@ -0,0 +1,254 @@ +/* CertPath.java -- a sequence of certificates + Copyright (C) 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import java.io.ByteArrayInputStream; +import java.io.NotSerializableException; +import java.io.ObjectStreamException; +import java.io.Serializable; +import java.util.Iterator; +import java.util.List; + +/** + * This class represents an immutable sequence, or path, of security + * certificates. The path type must match the type of each certificate in the + * path, or in other words, for all instances of cert in a certpath object, + * cert.getType().equals(certpath.getType()) will return true. + * + *

Since this class is immutable, it is thread-safe. During serialization, + * the path is consolidated into a {@link CertPathRep}, which preserves the + * data regardless of the underlying implementation of the path. + * + * @author Eric Blake (ebb9@email.byu.edu) + * @since 1.4 + * @status updated to 1.4 + */ +public abstract class CertPath implements Serializable +{ + /** + * The serialized representation of a path. + * + * @author Eric Blake (ebb9@email.byu.edu) + */ + protected static class CertPathRep implements Serializable + { + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = 3015633072427920915L; + + /** + * The certificate type. + * + * @serial the type of the certificate path + */ + private final String type; + + /** + * The encoded form of the path. + * + * @serial the encoded form + */ + private final byte[] data; + + /** + * Create the new serial representation. + * + * @param type the path type + * @param data the encoded path data + */ + protected CertPathRep(String type, byte[] data) + { + this.type = type; + this.data = data; + } + + /** + * Decode the data into an actual {@link CertPath} upon deserialization. + * + * @return the replacement object + * @throws ObjectStreamException if replacement fails + */ + protected Object readResolve() throws ObjectStreamException + { + try + { + return CertificateFactory.getInstance(type) + .generateCertPath(new ByteArrayInputStream(data)); + } + catch (CertificateException e) + { + throw (ObjectStreamException) + new NotSerializableException("java.security.cert.CertPath: " + + type).initCause(e); + } + } + } // class CertPathRep + + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = 6068470306649138683L; + + /** + * The path type. + * + * @serial the type of all certificates in this path + */ + private final String type; + + /** + * Create a certificate path with the given type. Most code should use + * {@link CertificateFactory} to create CertPaths. + * + * @param type the type of the path + */ + protected CertPath(String type) + { + this.type = type; + } + + /** + * Get the (non-null) type of all certificates in the path. + * + * @return the path certificate type + */ + public String getType() + { + return type; + } + + /** + * Get an immutable iterator over the path encodings (all String names), + * starting with the default encoding. The iterator will throw an + * UnsupportedOperationException if an attempt is made to + * remove items from the list. + * + * @return the iterator of supported encodings in the path + */ + public abstract Iterator getEncodings(); + + /** + * Compares this path to another for semantic equality. To be equal, both + * must be instances of CertPath, with the same type, and identical + * certificate lists. Overriding classes must not change this behavior. + * + * @param o the object to compare to + * @return true if the two are equal + */ + public boolean equals(Object o) + { + if (! (o instanceof CertPath)) + return false; + CertPath cp = (CertPath) o; + return type.equals(cp.type) + && getCertificates().equals(cp.getCertificates()); + } + + /** + * Returns the hashcode of this certificate path. This is defined as:
+ * 31 * getType().hashCode() + getCertificates().hashCode(). + * + * @return the hashcode + */ + public int hashCode() + { + return 31 * type.hashCode() + getCertificates().hashCode(); + } + + public String toString() + { + List l = getCertificates(); + int size = l.size(); + int i = 0; + CPStringBuilder result = new CPStringBuilder(type); + result.append(" Cert Path: length = ").append(size).append(".\n[\n"); + while (--size >= 0) + result.append(l.get(i++)).append('\n'); + return result.append("\n]").toString(); + } + + /** + * Returns the encoded form of this path, via the default encoding. + * + * @return the encoded form + * @throws CertificateEncodingException if encoding fails + */ + public abstract byte[] getEncoded() throws CertificateEncodingException; + + /** + * Returns the encoded form of this path, via the specified encoding. + * + * @param encoding the encoding to use + * @return the encoded form + * @throws CertificateEncodingException if encoding fails or does not exist + */ + public abstract byte[] getEncoded(String encoding) + throws CertificateEncodingException; + + /** + * Returns the immutable, thread-safe list of certificates in this path. + * + * @return the list of certificates, non-null but possibly empty + */ + public abstract List getCertificates(); + + /** + * Serializes the path in its encoded form, to ensure reserialization with + * the appropriate factory object without worrying about list implementation. + * The result will always be an instance of {@link CertPathRep}. + * + * @return the replacement object + * @throws ObjectStreamException if the replacement creation fails + */ + protected Object writeReplace() throws ObjectStreamException + { + try + { + return new CertPathRep(type, getEncoded()); + } + catch (CertificateEncodingException e) + { + throw (ObjectStreamException) + new NotSerializableException("java.security.cert.CertPath: " + + type).initCause(e); + } + } +} // class CertPath diff --git a/libjava/classpath/java/security/cert/CertPathBuilder.java b/libjava/classpath/java/security/cert/CertPathBuilder.java new file mode 100644 index 000000000..47bae6db8 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathBuilder.java @@ -0,0 +1,251 @@ +/* CertPathBuilder.java -- bulids CertPath objects from Certificates. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.Security; + +/** + * This class builds certificate paths (also called certificate chains), + * which can be used to establish trust for a particular certificate by + * building a path from a trusted certificate (a trust anchor) to the + * untrusted certificate. + * + * @see CertPath + */ +public class CertPathBuilder +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertPathBuilder. */ + private static final String CERT_PATH_BUILDER = "CertPathBuilder"; + + /** The underlying implementation. */ + private CertPathBuilderSpi cpbSpi; + + /** The provider of this implementation. */ + private Provider provider; + + /** The name of this implementation. */ + private String algorithm; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathBuilder. + * + * @param cpbSpi The underlying implementation. + * @param provider The provider of the implementation. + * @param algorithm This implementation's name. + */ + protected CertPathBuilder(CertPathBuilderSpi cpbSpi, Provider provider, + String algorithm) + { + this.cpbSpi = cpbSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Get the default cert path builder type. + * + *

This value can be set at run-time by the security property + * "certpathbuilder.type". If this property is not set, + * then the value returned is "PKIX". + * + * @return The default CertPathBuilder algorithm. + */ + public static final String getDefaultType() + { + String type = Security.getProperty("certpathbuilder.type"); + if (type == null) + type = "PKIX"; + return type; + } + + /** + * Returns an instance of a named CertPathBuilder from the + * first provider that implements it. + * + * @param algorithm The name of the CertPathBuilder to create. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider implements the + * named algorithm. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static CertPathBuilder getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of a named CertPathBuilder from a named + * provider. + * + * @param algorithm The name of the CertPathBuilder to create. + * @param provider The name of the provider to use. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider implements the + * named algorithm. + * @throws NoSuchProviderException If the named provider does not exist. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + */ + public static CertPathBuilder getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of a named CertPathBuilder from the + * specified provider. + * + * @param algorithm The name of the CertPathBuilder to create. + * @param provider The provider to use. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider implements the + * named algorithm. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + */ + public static CertPathBuilder getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("CertPathBuilder for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(CERT_PATH_BUILDER, algorithm, provider); + return new CertPathBuilder((CertPathBuilderSpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Return the name of this CertPathBuilder algorithm. + * + * @return The algorithm name. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Return the provider of this instance's implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Builds a certificate path. The {@link CertPathParameters} parameter + * passed to this method is implementation-specific, but in general + * should contain some number of certificates and some number of + * trusted certificates (or "trust anchors"). + * + * @param params The parameters. + * @retrun The certificate path result. + * @throws CertPathBuilderException If the certificate path cannot be + * built. + * @throws InvalidAlgorithmParameterException If the implementation + * rejects the specified parameters. + */ + public final CertPathBuilderResult build(CertPathParameters params) + throws CertPathBuilderException, InvalidAlgorithmParameterException + { + return cpbSpi.engineBuild(params); + } +} diff --git a/libjava/classpath/java/security/cert/CertPathBuilderException.java b/libjava/classpath/java/security/cert/CertPathBuilderException.java new file mode 100644 index 000000000..985151010 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathBuilderException.java @@ -0,0 +1,159 @@ +/* CertPathBuilderException.java -- wraps an exception during certificate + path building + Copyright (C) 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.PrintStream; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; + +/** + * Indicates a problem while using a CertPathBuilder, wrapping + * the lower exception. This class is not thread-safe. + * + * @author Eric Blake (ebb9@email.byu.edu) + * @see CertPathBuilder + * @since 1.4 + * @status updated to 1.4 +*/ +public class CertPathBuilderException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = 5316471420178794402L; + + /** + * Create an exception without a message. The cause may be initialized. + */ + public CertPathBuilderException() + { + } + + /** + * Create an exception with a message. The cause may be initialized. + * + * @param msg a message to display with exception + */ + public CertPathBuilderException(String msg) + { + super(msg); + } + + /** + * Create an exception with a cause. The message will be + * cause == null ? null : cause.toString(). + * + * @param cause the cause + */ + public CertPathBuilderException(Throwable cause) + { + this(cause == null ? null : cause.toString(), cause); + } + + /** + * Create an exception with a cause and a message. + * + * @param msg the message + * @param cause the cause + */ + public CertPathBuilderException(String msg, Throwable cause) + { + super(msg); + initCause(cause); + } + + /** + * Get the detail message. + * + * @return the detail message + */ + public String getMessage() + { + return super.getMessage(); + } + + /** + * Get the cause, null if unknown. + * + * @return the cause + */ + public Throwable getCause() + { + return super.getCause(); + } + + /** + * Convert this to a string, including its cause. + * + * @return the string conversion + */ + public String toString() + { + return super.toString(); + } + + /** + * Print the stack trace to System.err. + */ + public void printStackTrace() + { + super.printStackTrace(); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintStream stream) + { + super.printStackTrace(stream); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintWriter stream) + { + super.printStackTrace(stream); + } +} diff --git a/libjava/classpath/java/security/cert/CertPathBuilderResult.java b/libjava/classpath/java/security/cert/CertPathBuilderResult.java new file mode 100644 index 000000000..edae88f64 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathBuilderResult.java @@ -0,0 +1,63 @@ +/* CertPathBuilderResult -- results from building cert paths. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * A standard interface for the result of building a certificate path. + * All implementations of this class must provide a way to get the + * certificate path, but may also define additional methods for + * returning other result data generated by the certificate path + * builder. + */ +public interface CertPathBuilderResult extends Cloneable { + + /** + * Creates a copy of this builder result. + * + * @return The copy. + */ + Object clone(); + + /** + * Get the certificate path that was built. + * + * @retrn The certificate path. + */ + CertPath getCertPath(); +} diff --git a/libjava/classpath/java/security/cert/CertPathBuilderSpi.java b/libjava/classpath/java/security/cert/CertPathBuilderSpi.java new file mode 100644 index 000000000..afc7fc073 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathBuilderSpi.java @@ -0,0 +1,74 @@ +/* CertPathBuilderSpi -- CertPathBuilder service provider interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.cert; + +/** + * The {@link CertPathBuilder} Service Provider Interface + * (SPI). + * + * @see CertPathBuilder + */ +public abstract class CertPathBuilderSpi { + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathBuilderSpi. + */ + public CertPathBuilderSpi() { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Creates a certificate path from the specified parameters. + * + * @param params The parameters to use. + * @return The certificate path result. + * @throws CertPathBuilderException If the certificate path cannot be + * built. + * @throws java.security.InvalidAlgorithmParameterException If the + * implementation rejects the specified parameters. + */ + public abstract CertPathBuilderResult engineBuild(CertPathParameters params) + throws CertPathBuilderException, + java.security.InvalidAlgorithmParameterException; +} diff --git a/libjava/classpath/java/security/cert/CertPathParameters.java b/libjava/classpath/java/security/cert/CertPathParameters.java new file mode 100644 index 000000000..62a5cb6a6 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathParameters.java @@ -0,0 +1,58 @@ +/* CertPathParameters.java -- parameters for CertPathBuilder. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.cert; + +/** + * Parameters for generating and validating certificate paths. This + * class does not define any methods (except a required cloneable + * interface) and is provided only to provide type safety for + * implementations. Concrete implementations implement this interface + * in accord with thier own needs. + * + * @see CertPathBuilder + * @see CertPathValidator + */ +public interface CertPathParameters extends Cloneable { + + /** + * Makes a copy of this CertPathParameters instance. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/classpath/java/security/cert/CertPathValidator.java b/libjava/classpath/java/security/cert/CertPathValidator.java new file mode 100644 index 000000000..8bd7b58e8 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathValidator.java @@ -0,0 +1,264 @@ +/* CertPathValidator -- validates certificate paths. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.AccessController; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; + +/** + * Generic interface to classes that validate certificate paths. + * + *

Using this class is similar to all the provider-based security + * classes; the method of interest, {@link + * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}, + * which takes provider-specific implementations of {@link + * CertPathParameters}, and return provider-specific implementations of + * {@link CertPathValidatorResult}. + * + * @since JDK 1.4 + * @see CertPath + */ +public class CertPathValidator { + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertPathValidator. */ + private static final String CERT_PATH_VALIDATOR = "CertPathValidator"; + + /** The underlying implementation. */ + private final CertPathValidatorSpi validatorSpi; + + /** The provider of this implementation. */ + private final Provider provider; + + /** The algorithm's name. */ + private final String algorithm; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertPathValidator. + * + * @param validatorSpi The underlying implementation. + * @param provider The provider of the implementation. + * @param algorithm The algorithm name. + */ + protected CertPathValidator(CertPathValidatorSpi validatorSpi, + Provider provider, String algorithm) + { + this.validatorSpi = validatorSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Returns the default validator type. + * + *

This value may be set at run-time via the security property + * "certpathvalidator.type", or the value "PKIX" if this property is + * not set. + * + * @return The default validator type. + */ + public static synchronized String getDefaultType() { + String type = (String) AccessController.doPrivileged( + new PrivilegedAction() + { + public Object run() + { + return Security.getProperty("certpathvalidator.type"); + } + } + ); + if (type == null) + type = "PKIX"; + return type; + } + + /** + * Returns an instance of the given validator from the first provider that + * implements it. + * + * @param algorithm The name of the algorithm to get. + * @return The new instance. + * @throws NoSuchAlgorithmException If no installed provider implements the + * requested algorithm. + * @throws IllegalArgumentException if algorithm is + * null or is an empty string. + */ + public static CertPathValidator getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of the given validator from the named provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The name of the provider from which to get the + * implementation. + * @return The new instance. + * @throws NoSuchAlgorithmException If the named provider does not implement + * the algorithm. + * @throws NoSuchProviderException If no provider named provider is + * installed. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + */ + public static CertPathValidator getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of the given validator from the given provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The provider from which to get the implementation. + * @return The new instance. + * @throws NoSuchAlgorithmException If the provider does not implement the + * algorithm. + * @throws IllegalArgumentException if either algorithm or + * provider is null, or if + * algorithm is an empty string. + */ + public static CertPathValidator getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("CertPathValidator for algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider); + return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Return the name of this validator. + * + * @return This validator's name. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Return the provider of this implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Attempt to validate a certificate path. + * + * @param certPath The path to validate. + * @param params The algorithm-specific parameters. + * @return The result of this validation attempt. + * @throws CertPathValidatorException If the certificate path cannot + * be validated. + * @throws InvalidAlgorithmParameterException If this implementation + * rejects the specified parameters. + */ + public final CertPathValidatorResult validate(CertPath certPath, + CertPathParameters params) + throws CertPathValidatorException, InvalidAlgorithmParameterException + { + return validatorSpi.engineValidate(certPath, params); + } +} diff --git a/libjava/classpath/java/security/cert/CertPathValidatorException.java b/libjava/classpath/java/security/cert/CertPathValidatorException.java new file mode 100644 index 000000000..f3195be29 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathValidatorException.java @@ -0,0 +1,226 @@ +/* CertPathValidatorException.java -- wraps an exception during validation + of a CertPath + Copyright (C) 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.PrintStream; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; + +/** + * Indicates a problem while validating a certification path. In addition, + * it can store the path an index in that path that caused the problem. This + * class is not thread-safe. + * + * @author Eric Blake (ebb9@email.byu.edu) + * @see CertPathValidator + * @since 1.4 + * @status updated to 1.4 +*/ +public class CertPathValidatorException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = -3083180014971893139L; + + /** + * The index of the certificate path that failed, or -1. + * + * @serial the failed index + */ + private final int index; + + /** + * The CertPath that failed. + * + * @serial the object being validated at time of failure + */ + private final CertPath certPath; + + /** + * Create an exception without a message. The cause may be initialized. The + * index is set to -1 and the failed CertPath object to null. + */ + public CertPathValidatorException() + { + this((String) null); + } + + /** + * Create an exception with a message. The cause may be initialized. The + * index is set to -1 and the failed CertPath object to null. + * + * @param msg a message to display with exception + */ + public CertPathValidatorException(String msg) + { + super(msg); + index = -1; + certPath = null; + } + + /** + * Create an exception with a cause. The message will be + * cause == null ? null : cause.toString(). The index is set + * to -1 and the failed CertPath object to null. + * + * @param cause the cause + */ + public CertPathValidatorException(Throwable cause) + { + this(cause == null ? null : cause.toString(), cause, null, -1); + } + + /** + * Create an exception with a cause and a message. The index is set to -1 + * and the failed CertPath object to null. + * + * @param msg the message + * @param cause the cause + */ + public CertPathValidatorException(String msg, Throwable cause) + { + this(msg, cause, null, -1); + } + + /** + * Create an exception with a cause, message, failed object, and index of + * failure in that CertPath. + * + * @param msg the message + * @param cause the cause + * @param certPath the path that was being validated, or null + * @param index the index of the path, or -1 + * @throws IndexOutOfBoundsException if index is < -1 or + * > certPath.getCertificates().size() + * @throws IllegalArgumentException if certPath is null but index != -1 + */ + public CertPathValidatorException(String msg, Throwable cause, + CertPath certPath, int index) + { + super(msg); + initCause(cause); + if (index < -1 || (certPath != null + && index >= certPath.getCertificates().size())) + throw new IndexOutOfBoundsException(); + if ((certPath == null) != (index == -1)) + throw new IllegalArgumentException(); + this.certPath = certPath; + this.index = index; + } + + /** + * Get the detail message. + * + * @return the detail message + */ + public String getMessage() + { + return super.getMessage(); + } + + /** + * Get the certificate path that had the failure, or null. + * + * @return the culprit path + */ + public CertPath getCertPath() + { + return certPath; + } + + /** + * Get the index that failed, or -1. + * + * @return the colprit index + */ + public int getIndex() + { + return index; + } + + /** + * Get the cause, null if unknown. + * + * @return the cause + */ + public Throwable getCause() + { + return super.getCause(); + } + + /** + * Convert this to a string, including its cause. + * + * @return the string conversion + */ + public String toString() + { + return super.toString(); + } + + /** + * Print the stack trace to System.err. + */ + public void printStackTrace() + { + super.printStackTrace(); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintStream stream) + { + super.printStackTrace(stream); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintWriter stream) + { + super.printStackTrace(stream); + } +} diff --git a/libjava/classpath/java/security/cert/CertPathValidatorResult.java b/libjava/classpath/java/security/cert/CertPathValidatorResult.java new file mode 100644 index 000000000..0ccd1be78 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathValidatorResult.java @@ -0,0 +1,63 @@ +/* CertPathValidatorResult -- result of validating certificate paths + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Interface to the result of calling {@link + * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}. + * + *

This interface defines no methods other than the required + * {@link java.lang.Cloneable} interface, and is intended to group and + * provide type safety for validator results. Providers that implement + * a certificate path validator must also provide an implementation of + * this interface, possibly defining additional methods. + * + * @since JDK 1.4 + * @see CertPathValidator + */ +public interface CertPathValidatorResult extends Cloneable +{ + + /** + * Returns a copy of this validator result. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/classpath/java/security/cert/CertPathValidatorSpi.java b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java new file mode 100644 index 000000000..d4531e716 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertPathValidatorSpi.java @@ -0,0 +1,81 @@ +/* CertPathValidatorSpi -- cert path validator service provider interface + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; + +/** + * The service provider interface (SPI) for the {@link + * CertPathValidator} class. Providers implementing certificate path + * validators must subclass this class and implement its abstract + * methods. + */ +public abstract class CertPathValidatorSpi +{ + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Default constructor. + */ + public CertPathValidatorSpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Attempt to validate a certificate path. + * + * @param certPath The path to validate. + * @param params The algorithm-specific parameters. + * @return The result of this validation attempt. + * @throws CertPathValidatorException If the certificate path cannot + * be validated. + * @throws InvalidAlgorithmParameterException If this implementation + * rejects the specified parameters. + */ + public abstract CertPathValidatorResult + engineValidate(CertPath certPath, CertPathParameters params) + throws CertPathValidatorException, + InvalidAlgorithmParameterException; +} diff --git a/libjava/classpath/java/security/cert/CertSelector.java b/libjava/classpath/java/security/cert/CertSelector.java new file mode 100644 index 000000000..4a2e7d921 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertSelector.java @@ -0,0 +1,58 @@ +/* CertSelector.java -- certificate selector interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +public interface CertSelector extends Cloneable +{ + + /** + * Returns a copy of this CertSelector. + * + * @return The copy. + */ + Object clone(); + + /** + * Match a certificate according to this selector's criteria. + * + * @param cert The certificate to match. + * @return true if the certificate matches thin criteria. + */ + boolean match(Certificate cert); +} diff --git a/libjava/classpath/java/security/cert/CertStore.java b/libjava/classpath/java/security/cert/CertStore.java new file mode 100644 index 000000000..630e96762 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertStore.java @@ -0,0 +1,305 @@ +/* CertStore -- stores and retrieves certificates. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; +import java.util.Collection; + +/** + * A CertStore is a read-only repository for certificates and + * certificate revocation lists. + * + * @since 1.4 + */ +public class CertStore +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** Service name for CertStore. */ + private static final String CERT_STORE = "CertStore"; + + /** The underlying implementation. */ + private CertStoreSpi storeSpi; + + /** This implementation's provider. */ + private Provider provider; + + /** The name of this key store type. */ + private String type; + + /** The parameters used to initialize this instance, if any. */ + private CertStoreParameters params; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Create a new CertStore. + * + * @param storeSpi The underlying implementation. + * @param provider The provider of this implementation. + * @param type The type of CertStore this class represents. + * @param params The parameters used to initialize this instance, if any. + */ + protected CertStore(CertStoreSpi storeSpi, Provider provider, String type, + CertStoreParameters params) + { + this.storeSpi = storeSpi; + this.provider = provider; + this.type = type; + this.params = params; + } + + // Class methods. + // ------------------------------------------------------------------------ + + /** + * Returns the default certificate store type. + * + *

This value can be set at run-time via the security property + * "certstore.type"; if not specified than the default type will be + * "LDAP". + * + * @return The default CertStore type. + */ + public static final synchronized String getDefaultType() + { + String type = null; + type = (String) java.security.AccessController.doPrivileged( + new PrivilegedAction() { + public Object run() { + return Security.getProperty("certstore.type"); + } + } + ); + if (type == null) + type = "LDAP"; + return type; + } + + /** + * Returns an instance of the given certificate store type from the first + * installed provider. + * + * @param type The type of CertStore to create. + * @param params The parameters to initialize this cert store with. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects the + * specified parameters. + * @throws NoSuchAlgorithmException If no installed provider implements the + * specified CertStore. + * @throws IllegalArgumentException if type is + * null or is an empty string. + */ + public static CertStore getInstance(String type, CertStoreParameters params) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(type, params, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(type); + } + + /** + * Returns an instance of the given certificate store type from a named + * provider. + * + * @param type The type of CertStore to create. + * @param params The parameters to initialize this cert store with. + * @param provider The name of the provider to use. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects the + * specified parameters. + * @throws NoSuchAlgorithmException If the specified provider does not + * implement the specified CertStore. + * @throws NoSuchProviderException If no provider named provider is + * installed. + * @throws IllegalArgumentException if either type or + * provider is null, or if + * type is an empty string. + */ + public static CertStore getInstance(String type, CertStoreParameters params, + String provider) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, + NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(type, params, p); + } + + /** + * Returns an instance of the given certificate store type from a given + * provider. + * + * @param type The type of CertStore to create. + * @param params The parameters to initialize this cert store with. + * @param provider The provider to use. + * @return The new instance. + * @throws InvalidAlgorithmParameterException If the instance rejects + * the specified parameters. + * @throws NoSuchAlgorithmException If the specified provider does not + * implement the specified CertStore. + * @throws IllegalArgumentException if either type or + * provider is null, or if + * type is an empty string. + */ + public static CertStore getInstance(String type, CertStoreParameters params, + Provider provider) + throws InvalidAlgorithmParameterException, NoSuchAlgorithmException + { + CPStringBuilder sb = new CPStringBuilder("CertStore of type [") + .append(type).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object[] args = new Object[] { params }; + Object spi = Engine.getInstance(CERT_STORE, type, provider, args); + return new CertStore((CertStoreSpi) spi, provider, type, params); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Return the type of certificate store this instance represents. + * + * @return The CertStore type. + */ + public final String getType() + { + return type; + } + + /** + * Return the provider of this implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Get the parameters this instance was created with, if any. The + * parameters will be cloned before they are returned. + * + * @return The parameters, or null. + */ + public final CertStoreParameters getCertStoreParameters() + { + return params != null ? (CertStoreParameters) params.clone() : null; + } + + /** + * Get a collection of certificates from this CertStore, optionally + * filtered by the specified CertSelector. The Collection returned may + * be empty, but will never be null. + * + *

Implementations may not allow a null argument, even if no + * filtering is desired. + * + * @param selector The certificate selector. + * @return The collection of certificates. + * @throws CertStoreException If the certificates cannot be retrieved. + */ + public final Collection getCertificates(CertSelector selector) + throws CertStoreException + { + return storeSpi.engineGetCertificates(selector); + } + + /** + * Get a collection of certificate revocation lists from this CertStore, + * optionally filtered by the specified CRLSelector. The Collection + * returned may be empty, but will never be null. + * + *

Implementations may not allow a null argument, even if no + * filtering is desired. + * + * @param selector The certificate selector. + * @return The collection of certificate revocation lists. + * @throws CertStoreException If the CRLs cannot be retrieved. + */ + public final Collection getCRLs(CRLSelector selector) + throws CertStoreException + { + return storeSpi.engineGetCRLs(selector); + } +} diff --git a/libjava/classpath/java/security/cert/CertStoreException.java b/libjava/classpath/java/security/cert/CertStoreException.java new file mode 100644 index 000000000..a4d8b7a46 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertStoreException.java @@ -0,0 +1,159 @@ +/* CertStoreException.java -- wraps an exception during certificate storage + Copyright (C) 2002, 2005 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.PrintStream; +import java.io.PrintWriter; +import java.security.GeneralSecurityException; + +/** + * Indicates a problem while retrieving certificates and CRLs from + * CertStore, wrapping the lower exception. This class is not + * thread-safe. + * + * @author Eric Blake (ebb9@email.byu.edu) + * @see CertStore + * @since 1.4 + * @status updated to 1.4 +*/ +public class CertStoreException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.4+. + */ + private static final long serialVersionUID = 2395296107471573245L; + + /** + * Create an exception without a message. The cause may be initialized. + */ + public CertStoreException() + { + } + + /** + * Create an exception with a message. The cause may be initialized. + * + * @param msg a message to display with exception + */ + public CertStoreException(String msg) + { + super(msg); + } + + /** + * Create an exception with a cause. The message will be + * cause == null ? null : cause.toString(). + * + * @param cause the cause + */ + public CertStoreException(Throwable cause) + { + this(cause == null ? null : cause.toString(), cause); + } + + /** + * Create an exception with a cause and a message. + * + * @param msg the message + * @param cause the cause + */ + public CertStoreException(String msg, Throwable cause) + { + super(msg); + initCause(cause); + } + + /** + * Get the detail message. + * + * @return the detail message + */ + public String getMessage() + { + return super.getMessage(); + } + + /** + * Get the cause, null if unknown. + * + * @return the cause + */ + public Throwable getCause() + { + return super.getCause(); + } + + /** + * Convert this to a string, including its cause. + * + * @return the string conversion + */ + public String toString() + { + return super.toString(); + } + + /** + * Print the stack trace to System.err. + */ + public void printStackTrace() + { + super.printStackTrace(); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintStream stream) + { + super.printStackTrace(stream); + } + + /** + * Print the stack trace to a stream. + * + * @param stream the stream + */ + public void printStackTrace(PrintWriter stream) + { + super.printStackTrace(stream); + } +} diff --git a/libjava/classpath/java/security/cert/CertStoreParameters.java b/libjava/classpath/java/security/cert/CertStoreParameters.java new file mode 100644 index 000000000..71bcd6109 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertStoreParameters.java @@ -0,0 +1,60 @@ +/* CertStoreParameters -- interface to CertStore parameters. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Parameters used when creating instances of {@link CertStore}. This + * class does not define any methods (except a required cloneable + * interface) and is provided only to provide type safety for + * implementations. Concrete implementations implement this interface + * in accord with thier own needs. + * + * @see LDAPCertStoreParameters + * @see CollectionCertStoreParameters + */ +public interface CertStoreParameters extends Cloneable +{ + + /** + * Create a copy of these parameters. + * + * @return The copy. + */ + Object clone(); +} diff --git a/libjava/classpath/java/security/cert/CertStoreSpi.java b/libjava/classpath/java/security/cert/CertStoreSpi.java new file mode 100644 index 000000000..a47978a22 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertStoreSpi.java @@ -0,0 +1,103 @@ +/* CertStoreSpi -- certificate store service provider interface. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.util.Collection; + +/** + * The service provider interface (SPI) for the {@link + * CertStore} class. + * + *

Providers wishing to implement a CertStore must subclass this + * class, implementing all the abstract methods. Providers may also + * implement the {@link CertStoreParameters} interface, if they require + * parameters. + * + * @since 1.4 + * @see CertStore + * @see CollectionCertStoreParameters + * @see LDAPCertStoreParameters + */ +public abstract class CertStoreSpi +{ + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CertStoreSpi. + * + * @param params The parameters to initialize this instance with, or + * null if no parameters are required. + * @throws InvalidAlgorithmParameterException If the specified + * parameters are inappropriate for this class. + */ + public CertStoreSpi(CertStoreParameters params) + throws InvalidAlgorithmParameterException + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Get the certificates from this store, filtering them through the + * specified CertSelector. + * + * @param selector The CertSelector to filter certificates. + * @return A (non-null) collection of certificates. + * @throws CertStoreException If the certificates cannot be retrieved. + */ + public abstract Collection engineGetCertificates(CertSelector selector) + throws CertStoreException; + + /** + * Get the certificate revocation list from this store, filtering them + * through the specified CRLSelector. + * + * @param selector The CRLSelector to filter certificate revocation + * lists. + * @return A (non-null) collection of certificate revocation list. + * @throws CertStoreException If the CRLs cannot be retrieved. + */ + public abstract Collection engineGetCRLs(CRLSelector selector) + throws CertStoreException; +} diff --git a/libjava/classpath/java/security/cert/Certificate.java b/libjava/classpath/java/security/cert/Certificate.java new file mode 100644 index 000000000..be1713cbf --- /dev/null +++ b/libjava/classpath/java/security/cert/Certificate.java @@ -0,0 +1,306 @@ +/* Certificate.java --- Certificate class + Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.ByteArrayInputStream; +import java.io.InvalidObjectException; +import java.io.ObjectStreamException; +import java.io.Serializable; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.SignatureException; + +/** + * The Certificate class is an abstract class used to manage + * identity certificates. An identity certificate is a + * combination of a principal and a public key which is + * certified by another principal. This is the puprose of + * Certificate Authorities (CA). + * + *

This class is used to manage different types of certificates + * but have important common puposes. Different types of + * certificates like X.509 and OpenPGP share general certificate + * functions (like encoding and verifying) and information like + * public keys. + * + *

X.509, OpenPGP, and SDSI can be implemented by subclassing this + * class even though they differ in storage methods and information + * stored. + * + * @see CertificateFactory + * @see X509Certificate + * @since JDK 1.2 + * @author Mark Benvenuto + * @author Casey Marshall + */ +public abstract class Certificate implements Serializable +{ + private static final long serialVersionUID = -3585440601605666277L; + + private String type; + + /** + Constructs a new certificate of the specified type. An example + is "X.509". + + @param type a valid standard name for a certificate. + */ + protected Certificate(String type) + { + this.type = type; + } + + /** + Returns the Certificate type. + + @return a string representing the Certificate type + */ + public final String getType() + { + return type; + } + + /** + Compares this Certificate to other. It checks if the + object if instanceOf Certificate and then checks if + the encoded form matches. + + @param other An Object to test for equality + + @return true if equal, false otherwise + */ + public boolean equals(Object other) + { + if( other instanceof Certificate ) { + try { + Certificate x = (Certificate) other; + if( getEncoded().length != x.getEncoded().length ) + return false; + + byte[] b1 = getEncoded(); + byte[] b2 = x.getEncoded(); + + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; + + } catch( CertificateEncodingException cee ) { + return false; + } + return true; + } + return false; + } + + /** + Returns a hash code for this Certificate in its encoded + form. + + @return A hash code of this class + */ + public int hashCode() + { + return super.hashCode(); + } + + /** + Gets the DER ASN.1 encoded format for this Certificate. + It assumes each certificate has only one encoding format. + Ex: X.509 is encoded as ASN.1 DER + + @return byte array containg encoded form + + @throws CertificateEncodingException if an error occurs + */ + public abstract byte[] getEncoded() throws CertificateEncodingException; + + /** + Verifies that this Certificate was properly signed with the + PublicKey that corresponds to its private key. + + @param key PublicKey to verify with + + @throws CertificateException encoding error + @throws NoSuchAlgorithmException unsupported algorithm + @throws InvalidKeyException incorrect key + @throws NoSuchProviderException no provider + @throws SignatureException signature error + */ + public abstract void verify(PublicKey key) + throws CertificateException, + NoSuchAlgorithmException, + InvalidKeyException, + NoSuchProviderException, + SignatureException; + + /** + Verifies that this Certificate was properly signed with the + PublicKey that corresponds to its private key and uses + the signature engine provided by the provider. + + @param key PublicKey to verify with + @param sigProvider Provider to use for signature algorithm + + @throws CertificateException encoding error + @throws NoSuchAlgorithmException unsupported algorithm + @throws InvalidKeyException incorrect key + @throws NoSuchProviderException incorrect provider + @throws SignatureException signature error + */ + public abstract void verify(PublicKey key, + String sigProvider) + throws CertificateException, + NoSuchAlgorithmException, + InvalidKeyException, + NoSuchProviderException, + SignatureException; + + /** + Returns a string representing the Certificate. + + @return a string representing the Certificate. + */ + public abstract String toString(); + + + /** + Returns the public key stored in the Certificate. + + @return The public key + */ + public abstract PublicKey getPublicKey(); + + // Protected methods. + // ------------------------------------------------------------------------ + + /** + * Returns a replacement for this certificate to be serialized. This + * method returns the equivalent to the following for this class: + * + *

+ * 
new CertificateRep(getType(), getEncoded());
+ *
+ * + *

This thusly replaces the certificate with its name and its + * encoded form, which can be deserialized later with the {@link + * CertificateFactory} implementation for this certificate's type. + * + * @return The replacement object to be serialized. + * @throws ObjectStreamException If the replacement could not be + * created. + */ + protected Object writeReplace() throws ObjectStreamException + { + try + { + return new CertificateRep(getType(), getEncoded()); + } + catch (CertificateEncodingException cee) + { + throw new InvalidObjectException(cee.toString()); + } + } + + // Inner class. + // ------------------------------------------------------------------------ + + /** + Certificate.CertificateRep is an inner class used to provide an alternate + storage mechanism for serialized Certificates. + */ + protected static class CertificateRep implements java.io.Serializable + { + + /** From JDK1.4. */ + private static final long serialVersionUID = -8563758940495660020L; + + /** The certificate type, e.g. "X.509". */ + private String type; + + /** The encoded certificate data. */ + private byte[] data; + + /** + * Create an alternative representation of this certificate. The + * (type, data) pair is typically the certificate's + * type as returned by {@link Certificate#getType()} (i.e. the + * canonical name of the certificate type) and the encoded form as + * returned by {@link Certificate#getEncoded()}. + * + *

For example, X.509 certificates would create an instance of + * this class with the parameters "X.509" and the ASN.1 + * representation of the certificate, encoded as DER bytes. + * + * @param type The certificate type. + * @param data The encoded certificate data. + */ + protected CertificateRep(String type, byte[] data) + { + this.type = type; + this.data = data; + } + + /** + * Deserialize this certificate replacement into the appropriate + * certificate object. That is, this method attempts to create a + * {@link CertificateFactory} for this certificate's type, then + * attempts to parse the encoded data with that factory, returning + * the resulting certificate. + * + * @return The deserialized certificate. + * @throws ObjectStreamException If there is no appropriate + * certificate factory for the given type, or if the encoded form + * cannot be parsed. + */ + protected Object readResolve() throws ObjectStreamException + { + try + { + CertificateFactory fact = CertificateFactory.getInstance(type); + return fact.generateCertificate(new ByteArrayInputStream(data)); + } + catch (Exception e) + { + throw new InvalidObjectException(e.toString()); + } + } + } +} diff --git a/libjava/classpath/java/security/cert/CertificateEncodingException.java b/libjava/classpath/java/security/cert/CertificateEncodingException.java new file mode 100644 index 000000000..3f871691d --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateEncodingException.java @@ -0,0 +1,93 @@ +/* CertificateEncodingException.java -- Certificate Encoding Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Exception for a Certificate Encoding. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.5 + */ +public class CertificateEncodingException extends CertificateException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 6219492851589449162L; + + /** + * Constructs an exception without a message string. + */ + public CertificateEncodingException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg A message to display with exception + */ + public CertificateEncodingException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public CertificateEncodingException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public CertificateEncodingException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateException.java b/libjava/classpath/java/security/cert/CertificateException.java new file mode 100644 index 000000000..8a6f383bb --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateException.java @@ -0,0 +1,96 @@ +/* CertificateException.java -- Certificate Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.GeneralSecurityException; + +/** + * Exception for a Certificate. + * + * @author Mark Benvenuto + * @see Certificate + * @since 1.2 + * @status updated to 1.5 + */ +public class CertificateException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 3192535253797119798L; + + /** + * Constructs an exception without a message string. + */ + public CertificateException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg a message to display with exception + */ + public CertificateException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public CertificateException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public CertificateException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateExpiredException.java b/libjava/classpath/java/security/cert/CertificateExpiredException.java new file mode 100644 index 000000000..5b37142b5 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateExpiredException.java @@ -0,0 +1,71 @@ +/* CertificateExpiredException.java --- Certificate Expired Exception + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Exception for a Certificate Expiring. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.4 + */ +public class CertificateExpiredException extends CertificateException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 9071001339691533771L; + + /** + * Constructs an exception without a message string. + */ + public CertificateExpiredException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg a message to display with exception + */ + public CertificateExpiredException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateFactory.java b/libjava/classpath/java/security/cert/CertificateFactory.java new file mode 100644 index 000000000..4fd5b3965 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateFactory.java @@ -0,0 +1,355 @@ +/* CertificateFactory.java -- Certificate Factory Class + Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.security.Engine; + +import java.io.InputStream; +import java.lang.reflect.InvocationTargetException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.Security; +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +/** + * This class implements the CertificateFactory class interface used to + * generate certificates, certificate revocation lists (CRLs), and certificate + * paths objects from their encoded forms. + * + * @author Mark Benvenuto + * @author Casey Marshall + * @since 1.2 + * @status Fully compatible with JDK 1.4. + */ +public class CertificateFactory +{ + + /** The service name for certificate factories. */ + private static final String CERTIFICATE_FACTORY = "CertificateFactory"; + + private CertificateFactorySpi certFacSpi; + private Provider provider; + private String type; + + /** + * Creates an instance of CertificateFactory. + * + * @param certFacSpi The underlying CertificateFactory engine. + * @param provider The provider of this implementation. + * @param type The type of Certificate this factory creates. + */ + protected CertificateFactory(CertificateFactorySpi certFacSpi, + Provider provider, String type) + { + this.certFacSpi = certFacSpi; + this.provider = provider; + this.type = type; + } + + /** + * Returns an instance of a CertificateFactory representing the + * specified certificate factory type. + * + * @param type The type of certificate factory to create. + * @return A CertificateFactory of the desired type. + * @throws CertificateException If the type of certificate factory is not + * implemented by any installed provider. + * @throws IllegalArgumentException if type is + * null or is an empty string. + */ + public static final CertificateFactory getInstance(String type) + throws CertificateException + { + Provider[] p = Security.getProviders(); + CertificateException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(type, p[i]); + } + catch (CertificateException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new CertificateException(type); + } + + /** + * Returns an instance of a CertificateFactory representing the + * specified certificate factory type from the named provider. + * + * @param type The type of certificate factory to create. + * @param provider The name of the provider to use. + * @return A CertificateFactory for the desired type. + * @throws CertificateException If the type of certificate is not implemented + * by the named provider. + * @throws NoSuchProviderException If the named provider is not installed. + * @throws IllegalArgumentException if either type or + * provider is null, or if + * type is an empty string. + */ + public static final CertificateFactory getInstance(String type, + String provider) + throws CertificateException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(type, p); + } + + /** + * Returns an instance of a CertificateFactory representing the + * specified certificate factory type from the designated provider. + * + * @param type The type of certificate factory to create. + * @param provider The provider from which to get the implementation. + * @return A CertificateFactory for the desired type. + * @throws CertificateException If the type of certificate is not implemented + * by the provider. + * @throws IllegalArgumentException if either type or + * provider is null, or if + * type is an empty string. + */ + public static final CertificateFactory getInstance(String type, + Provider provider) + throws CertificateException + { + Throwable cause; + try + { + Object spi = Engine.getInstance(CERTIFICATE_FACTORY, type, provider); + return new CertificateFactory((CertificateFactorySpi) spi, provider, type); + } + catch (ClassCastException x) + { + cause = x; + } + catch (InvocationTargetException x) + { + cause = x.getCause() != null ? x.getCause() : x; + } + catch (NoSuchAlgorithmException x) + { + cause = x; + } + CertificateException x = new CertificateException(type); + x.initCause(cause); + throw x; + } + + /** + * Gets the provider of this implementation. + * + * @return The provider of this implementation. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the type of the certificate this factory creates. + * + * @return A string with the type of certificate + */ + public final String getType() + { + return type; + } + + /** + * Generates a Certificate from the encoded data read + * from an InputStream. + * + *

The input stream must contain only one certificate. + * + *

If there exists a specialized certificate class for the + * certificate format handled by the certificate factory + * then the return Ceritificate should be a typecast of it. + * Ex: A X.509 CertificateFactory should return X509Certificate. + * + *

For X.509 certificates, the certificate in inStream must be + * DER encoded and supplied in binary or printable (Base64) + * encoding. If the certificate is in Base64 encoding, it must be + * bounded by -----BEGINCERTIFICATE-----, and + * -----END CERTIFICATE-----. + * + * @param inStream An input stream containing the certificate data. + * @return A certificate initialized from the decoded InputStream data. + * @throws CertificateException If an error occurs decoding the + * certificate. + */ + public final Certificate generateCertificate(InputStream inStream) + throws CertificateException + { + return certFacSpi.engineGenerateCertificate(inStream); + } + + /** + * Returns a collection of certificates that were read from the + * input stream. It may be empty, have only one, or have + * multiple certificates. + * + * For a X.509 certificate factory, the stream may contain a + * single DER encoded certificate or a PKCS#7 certificate + * chain. This is a PKCS#7 SignedData object with the + * most significant field being certificates. If no + * CRLs are present, then an empty collection is returned. + * + * @param inStream An input stream containing the certificate data. + * @return A collection of certificates initialized from the decoded + * InputStream data. + * @throws CertificateException If an error occurs decoding the + * certificates. + */ + public final Collection generateCertificates(InputStream inStream) + throws CertificateException + { + return certFacSpi.engineGenerateCertificates(inStream); + } + + /** + * Generates a CRL based on the encoded data read + * from the InputStream. + * + *

The input stream must contain only one CRL. + * + *

If there exists a specialized CRL class for the + * CRL format handled by the certificate factory + * then the return CRL should be a typecast of it. + * Ex: A X.509 CertificateFactory should return X509CRL. + * + * @param inStream An input stream containing the CRL data. + * @return A CRL initialized from the decoded InputStream data. + * @throws CRLException If an error occurs decoding the CRL. + */ + public final CRL generateCRL(InputStream inStream) + throws CRLException + { + return certFacSpi.engineGenerateCRL(inStream); + } + + /** + *

Generates CRLs based on the encoded data read + * from the InputStream. + * + *

For a X.509 certificate factory, the stream may contain a + * single DER encoded CRL or a PKCS#7 CRL set. This is a + * PKCS#7 SignedData object with the most significant + * field being crls. If no CRLs are present, then an + * empty collection is returned. + * + * @param inStream an input stream containing the CRLs. + * @return a collection of CRLs initialized from the decoded + * InputStream data. + * @throws CRLException If an error occurs decoding the CRLs. + */ + public final Collection generateCRLs(InputStream inStream) + throws CRLException + { + return certFacSpi.engineGenerateCRLs( inStream ); + } + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream. The default encoding of this factory is used. + * + * @param inStream The InputStream containing the CertPath data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public final CertPath generateCertPath(InputStream inStream) + throws CertificateException + { + return certFacSpi.engineGenerateCertPath(inStream); + } + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream, using the specified encoding. + * + * @param inStream The InputStream containing the CertPath data. + * @param encoding The encoding of the InputStream data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public final CertPath generateCertPath(InputStream inStream, String encoding) + throws CertificateException + { + return certFacSpi.engineGenerateCertPath(inStream, encoding); + } + + /** + * Generate a {@link CertPath} and initialize it with the certificates + * in the {@link java.util.List} argument. + * + * @param certificates The list of certificates with which to create + * the CertPath. + * @return A CertPath initialized from the certificates. + * @throws CertificateException If an error occurs generating the + * CertPath. + */ + public final CertPath generateCertPath(List certificates) + throws CertificateException + { + return certFacSpi.engineGenerateCertPath(certificates); + } + + /** + * Returns an Iterator of CertPath encodings supported by this + * factory, with the default encoding first. The returned Iterator + * cannot be modified. + * + * @return The Iterator of supported encodings. + */ + public final Iterator getCertPathEncodings() + { + return certFacSpi.engineGetCertPathEncodings(); + } +} // class CertificateFactory diff --git a/libjava/classpath/java/security/cert/CertificateFactorySpi.java b/libjava/classpath/java/security/cert/CertificateFactorySpi.java new file mode 100644 index 000000000..2c9ca5d38 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateFactorySpi.java @@ -0,0 +1,224 @@ +/* CertificateFactorySpi.java --- Certificate Factory Class + Copyright (C) 1999,2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.io.InputStream; + +import java.util.Collection; +import java.util.Iterator; +import java.util.List; + +/** + CertificateFactorySpi is the abstract class Service Provider + Interface (SPI) for the CertificateFactory class. A provider + must implement all the abstract methods if they wish to + supply a certificate factory for a particular certificate + type. Ex: X.509 + + Certificate factories are used to generate certificates and + certificate revocation lists (CRL) from their encoding. + + @since 1.2 + + @author Mark Benvenuto + */ +public abstract class CertificateFactorySpi +{ + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Constructs a new CertificateFactorySpi + */ + public CertificateFactorySpi() + {} + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + Generates a Certificate based on the encoded data read + from the InputStream. + + The input stream must contain only one certificate. + + If there exists a specialized certificate class for the + certificate format handled by the certificate factory + then the return Ceritificate should be a typecast of it. + Ex: A X.509 CertificateFactory should return X509Certificate. + + For X.509 certificates, the certificate in inStream must be + DER encoded and supplied in binary or printable (Base64) + encoding. If the certificate is in Base64 encoding, it must be + bounded by -----BEGIN CERTIFICATE-----, and + -----END CERTIFICATE-----. + + @param inStream an input stream containing the certificate data + + @return a certificate initialized with InputStream data. + + @throws CertificateException Certificate parsing error + */ + public abstract Certificate engineGenerateCertificate(InputStream inStream) + throws CertificateException; + + /** + Returns a collection of certificates that were read from the + input stream. It may be empty, have only one, or have + multiple certificates. + + For a X.509 certificate factory, the stream may contain a + single DER encoded certificate or a PKCS#7 certificate + chain. This is a PKCS#7 SignedData object with the + most significant field being certificates. If no + CRLs are present, then an empty collection is returned. + + @param inStream an input stream containing the certificates + + @return a collection of certificates initialized with + the InputStream data. + + @throws CertificateException Certificate parsing error + */ + public abstract Collection engineGenerateCertificates(InputStream inStream) + throws CertificateException; + + /** + Generates a CRL based on the encoded data read + from the InputStream. + + The input stream must contain only one CRL. + + If there exists a specialized CRL class for the + CRL format handled by the certificate factory + then the return CRL should be a typecast of it. + Ex: A X.509 CertificateFactory should return X509CRL. + + @param inStream an input stream containing the CRL data + + @return a CRL initialized with InputStream data. + + @throws CRLException CRL parsing error + */ + public abstract CRL engineGenerateCRL(InputStream inStream) + throws CRLException; + + /** + Generates CRLs based on the encoded data read + from the InputStream. + + For a X.509 certificate factory, the stream may contain a + single DER encoded CRL or a PKCS#7 CRL set. This is a + PKCS#7 SignedData object with the most significant + field being crls. If no CRLs are present, then an + empty collection is returned. + + @param inStream an input stream containing the CRLs + + @return a collection of CRLs initialized with + the InputStream data. + + @throws CRLException CRL parsing error + */ + public abstract Collection engineGenerateCRLs(InputStream inStream) + throws CRLException; + + // 1.4 instance methods. + // ------------------------------------------------------------------------ + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream. The default encoding of this factory is used. + * + * @param inStream The InputStream containing the CertPath data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public CertPath engineGenerateCertPath(InputStream inStream) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Generate a {@link CertPath} and initialize it with data parsed from + * the input stream, using the specified encoding. + * + * @param inStream The InputStream containing the CertPath data. + * @param encoding The encoding of the InputStream data. + * @return A CertPath initialized from the input stream data. + * @throws CertificateException If an error occurs decoding the + * CertPath. + */ + public CertPath engineGenerateCertPath(InputStream inStream, String encoding) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Generate a {@link CertPath} and initialize it with the certificates + * in the {@link java.util.List} argument. + * + * @param certificates The list of certificates with which to create + * the CertPath. + * @return A CertPath initialized from the certificates. + * @throws CertificateException If an error occurs generating the + * CertPath. + */ + public CertPath engineGenerateCertPath(List certificates) + throws CertificateException + { + throw new UnsupportedOperationException("not implemented"); + } + + /** + * Returns an Iterator of CertPath encodings supported by this + * factory, with the default encoding first. The returned Iterator + * cannot be modified. + * + * @return The Iterator of supported encodings. + */ + public Iterator engineGetCertPathEncodings() + { + throw new UnsupportedOperationException("not implemented"); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateNotYetValidException.java b/libjava/classpath/java/security/cert/CertificateNotYetValidException.java new file mode 100644 index 000000000..dfb4b4837 --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateNotYetValidException.java @@ -0,0 +1,71 @@ +/* CertificateNotYetValidException.java -- Certificate Not Yet Valid Exception + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Exception for a Certificate that is not yet valid. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.4 +*/ +public class CertificateNotYetValidException extends CertificateException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 4355919900041064702L; + + /** + * Constructs an exception without a message string. + */ + public CertificateNotYetValidException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg A message to display with exception + */ + public CertificateNotYetValidException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/cert/CertificateParsingException.java b/libjava/classpath/java/security/cert/CertificateParsingException.java new file mode 100644 index 000000000..5a930f41b --- /dev/null +++ b/libjava/classpath/java/security/cert/CertificateParsingException.java @@ -0,0 +1,93 @@ +/* CertificateParsingException.java -- Certificate Parsing Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Exception for parsing a DER-encoded Certificate. + * + * @author Mark Benvenuto + * @since 1.2 + * @status updated to 1.5 +*/ +public class CertificateParsingException extends CertificateException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = -7989222416793322029L; + + /** + * Constructs an exception without a message string. + */ + public CertificateParsingException() + { + } + + /** + * Constructs an exception with a message string. + * + * @param msg a message to display with exception + */ + public CertificateParsingException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public CertificateParsingException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public CertificateParsingException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java new file mode 100644 index 000000000..389874854 --- /dev/null +++ b/libjava/classpath/java/security/cert/CollectionCertStoreParameters.java @@ -0,0 +1,122 @@ +/* CollectionCertStoreParameters -- collection-based cert store parameters + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; + +/** + * An implementation of {@link CertStoreParameters} with a simple, + * in-memory {@link Collection} of certificates and certificate + * revocation list. + * + *

Note that this class is not thread-safe, and its underlying + * collection may be changed at any time. + * + * @see CertStore + * @since 1.4 + */ +public class CollectionCertStoreParameters implements CertStoreParameters +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** The underlying collection. */ + private final Collection collection; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Creates a new CollectionCertStoreParameters with an empty, + * immutable collection. + */ + public CollectionCertStoreParameters() + { + this(Collections.EMPTY_LIST); + } + + /** + * Create a new CollectionCertStoreParameters with the specified + * collection. The argument is not copied, and subsequent changes to + * the collection will change this class's collection. + * + * @param collection The collection. + * @throws NullPointerException If collection is null. + */ + public CollectionCertStoreParameters(Collection collection) + { + if (collection == null) + throw new NullPointerException(); + this.collection = collection; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public Object clone() + { + return new CollectionCertStoreParameters(new ArrayList(collection)); + } + + /** + * Return the underlying collection. The collection is not copied + * before being returned, so callers may update the collection that is + * returned. + * + * @return The collection. + */ + public Collection getCollection() + { + return collection; + } + + /** + * Return a string representation of these parameters. + * + * @return The string representation of these parameters. + */ + public String toString() + { + return "CollectionCertStoreParameters: [ collection: " + + collection + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java new file mode 100644 index 000000000..f2dff764a --- /dev/null +++ b/libjava/classpath/java/security/cert/LDAPCertStoreParameters.java @@ -0,0 +1,140 @@ +/* LDAPCertStoreParameters.java -- LDAP CertStore parameters. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +/** + * Parameters for CertStores that are retrieved via the lightweight + * directory access protocol (LDAP). + * + * @see CertStore + */ +public class LDAPCertStoreParameters implements CertStoreParameters +{ + + // Constants and fields. + // ------------------------------------------------------------------------ + + /** The default LDAP port. */ + private static final int LDAP_PORT = 389; + + /** The server name. */ + private final String serverName; + + /** The LDAP port. */ + private final int port; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new LDAPCertStoreParameters object, with a servername of + * "localhost" and a port of 389. + */ + public LDAPCertStoreParameters() + { + this("localhost", LDAP_PORT); + } + + /** + * Create a new LDAPCertStoreParameters object, with a specified + * server name and a port of 389. + * + * @param serverName The LDAP server name. + * @throws NullPointerException If serverName is null. + */ + public LDAPCertStoreParameters(String serverName) + { + this(serverName, LDAP_PORT); + } + + /** + * Create a new LDAPCertStoreParameters object, with a specified + * server name and port. + * + * @param serverName The LDAP server name. + * @param port The LDAP port. + * @throws NullPointerException If serverName is null. + */ + public LDAPCertStoreParameters(String serverName, int port) + { + if (serverName == null) + throw new NullPointerException(); + this.serverName = serverName; + this.port = port; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + public Object clone() + { + return new LDAPCertStoreParameters(serverName, port); + } + + /** + * Return the server name. + * + * @return The server name. + */ + public String getServerName() + { + return serverName; + } + + /** + * Return the port. + * + * @return the port. + */ + public int getPort() + { + return port; + } + + /** + * Return a string representation of these parameters. + * + * @return The string representation of these parameters. + */ + public String toString() + { + return "LDAPCertStoreParameters: [ serverName: " + serverName + + "; port: " + port + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/PKIXBuilderParameters.java b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java new file mode 100644 index 000000000..3a29b5218 --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXBuilderParameters.java @@ -0,0 +1,149 @@ +/* PKIXBuilderParameters.java -- parameters for PKIX cert path builders + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +import java.util.Set; + +/** + * Parameters for building certificate paths using the PKIX algorithm. + * + * @see CertPathBuilder + * @since 1.4 + */ +public class PKIXBuilderParameters extends PKIXParameters +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The maximum path length. */ + private int maxPathLength; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new PKIXBuilderParameters object, populating the trusted + * certificates set with all X.509 certificates found in the given key + * store. All certificates found in the key store are assumed to be + * trusted by this constructor. + * + * @param keystore The key store. + * @param targetConstraints The target certificate constraints. + * @throws KeyStoreException If the certificates cannot be retrieved + * from the key store. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the key store. + * @throws NullPointerException If keystore is null. + */ + public PKIXBuilderParameters(KeyStore keystore, + CertSelector targetConstraints) + throws KeyStoreException, InvalidAlgorithmParameterException + { + super(keystore); + setTargetCertConstraints(targetConstraints); + maxPathLength = 5; + } + + /** + * Create a new PKIXBuilderParameters object, populating the trusted + * certificates set with the elements of the given set, each of which + * must be a {@link TrustAnchor}. + * + * @param trustAnchors The set of trust anchors. + * @param targetConstraints The target certificate constraints. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If trustAnchors is null. + * @throws ClassCastException If every element in trustAnchors + * is not a {@link TrustAnchor}. + */ + public PKIXBuilderParameters(Set trustAnchors, + CertSelector targetConstraints) + throws InvalidAlgorithmParameterException + { + super(trustAnchors); + setTargetCertConstraints(targetConstraints); + maxPathLength = 5; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the maximum length of certificate paths to build. + * + *

If this value is 0 it is taken to mean that the certificate path + * should contain only one certificate. A value of -1 means that the + * certificate path length is unconstrained. The default value is 5. + * + * @return The maximum path length. + */ + public int getMaxPathLength() + { + return maxPathLength; + } + + /** + * Sets the maximum length of certificate paths to build. + * + * @param maxPathLength The new path length. + * @throws IllegalArgumentException If maxPathLength is less + * than -1. + */ + public void setMaxPathLength(int maxPathLength) + { + if (maxPathLength < -1) + throw new IllegalArgumentException(); + this.maxPathLength = maxPathLength; + } + + public String toString() + { + CPStringBuilder buf = new CPStringBuilder(super.toString()); + buf.insert(buf.length() - 2, "; Max Path Length=" + maxPathLength); + return buf.toString(); + } +} diff --git a/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java new file mode 100644 index 000000000..52984b543 --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXCertPathBuilderResult.java @@ -0,0 +1,104 @@ +/* PKIXCertPathBuilderResult.java -- PKIX cert path bulider result + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.lang.CPStringBuilder; + +/** + * The result of calling the {@link + * CertPathBuilder#build(java.security.cert.CertPathParameters)} method + * of PKIX {@link CertPathBuilder}s. + * + * @see CertPathBuilder + * @see CertPathBuilderResult + */ +public class PKIXCertPathBuilderResult extends PKIXCertPathValidatorResult + implements CertPathBuilderResult +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The certificate path. */ + private CertPath certPath; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new PKIXCertPathBuilderResult. + * + * @param certPath The certificate path. + * @param trustAnchor The trust anchor. + * @param policyTree The root node of the policy tree. + * @param subjectPublicKey The public key. + * @throws NullPointerException If certPath, trustAnchor or + * subjectPublicKey is null. + */ + public PKIXCertPathBuilderResult(CertPath certPath, + TrustAnchor trustAnchor, + PolicyNode policyTree, + java.security.PublicKey subjectPublicKey) + { + super(trustAnchor, policyTree, subjectPublicKey); + if (certPath == null) + throw new NullPointerException(); + this.certPath = certPath; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the certificate path that was built. + * + * @return The certificate path that was built. + */ + public CertPath getCertPath() + { + return certPath; + } + + public String toString() + { + CPStringBuilder buf = new CPStringBuilder(super.toString()); + buf.insert(buf.length() - 2, "; CertPath=" + certPath); + return buf.toString(); + } +} diff --git a/libjava/classpath/java/security/cert/PKIXCertPathChecker.java b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java new file mode 100644 index 000000000..0bedf401a --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXCertPathChecker.java @@ -0,0 +1,134 @@ +/* PKIXCertPathChecker.java -- checks X.509 certificate paths. + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.Collection; +import java.util.Set; + +/** + * A validator for X.509 certificates when approving certificate chains. + * + *

Concrete subclasses can be passed to the {@link + * PKIXParameters#setCertPathCheckers(java.util.List)} and {@link + * PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker)} + * methods, which are then used to set up PKIX certificate chain + * builders or validators. These classes then call the {@link + * #check(java.security.cert.Certificate,java.util.Collection)} method + * of this class, performing whatever checks on the certificate, + * throwing an exception if any check fails. + * + *

Subclasses of this must be able to perform their checks in the + * backward direction -- from the most-trusted certificate to the target + * -- and may optionally support forward checking -- from the target to + * the most-trusted certificate. + * + * @see PKIXParameters + * @since 1.4 + */ +public abstract class PKIXCertPathChecker implements Cloneable +{ + + // Constructor. + // ------------------------------------------------------------------------ + + /** Default constructor. */ + protected PKIXCertPathChecker() + { + super(); + } + + // Cloneable interface. + // ------------------------------------------------------------------------ + + public Object clone() + { + try + { + return super.clone(); + } + catch (CloneNotSupportedException cnse) + { + throw new InternalError(cnse.getMessage()); + } + } + + // Abstract methods. + // ------------------------------------------------------------------------ + + /** + * Initialize this PKIXCertPathChecker. If subclasses support forward + * checking, a value of true can be passed to this method, and + * certificates can be validated from the target certificate to the + * most-trusted certifcate. + * + * @param forward The direction of this PKIXCertPathChecker. + * @throws CertPathValidatorException If forward is true and + * this class does not support forward checking. + */ + public abstract void init(boolean forward) throws CertPathValidatorException; + + /** + * Returns whether or not this class supports forward checking. + * + * @return Whether or not this class supports forward checking. + */ + public abstract boolean isForwardCheckingSupported(); + + /** + * Returns an immutable set of X.509 extension object identifiers (OIDs) + * supported by this PKIXCertPathChecker. + * + * @return An immutable set of Strings of the supported X.509 OIDs, or + * null if no extensions are supported. + */ + public abstract Set getSupportedExtensions(); + + /** + * Checks a certificate, removing any critical extensions that are + * resolved in this check. + * + * @param cert The certificate to check. + * @param unresolvedCritExts The (mutable) collection of as-of-yet + * unresolved critical extensions, as OID strings. + * @throws CertPathValidatorException If this certificate fails this + * check. + */ + public abstract void check(Certificate cert, Collection unresolvedCritExts) + throws CertPathValidatorException; +} diff --git a/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java new file mode 100644 index 000000000..17b5c86f8 --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXCertPathValidatorResult.java @@ -0,0 +1,142 @@ +/* PKIXCertPathValidatorResult.java -- PKIX cert path builder result + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.PublicKey; + +/** + * Results returned by the {@link + * CertPathValidator#validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)} + * method for PKIX {@link CertPathValidator}s. + * + * @see CertPathValidator + */ +public class PKIXCertPathValidatorResult implements CertPathValidatorResult +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The trust anchor. */ + private final TrustAnchor trustAnchor; + + /** The root node of the policy tree. */ + private final PolicyNode policyTree; + + /** The subject's public key. */ + private final PublicKey subjectPublicKey; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Creates a new PKIXCertPathValidatorResult. + * + * @param trustAnchor The trust anchor. + * @param policyTree The root node of the policy tree. + * @param subjectPublicKey The public key. + * @throws NullPointerException If either trustAnchor or + * subjectPublicKey is null. + */ + public PKIXCertPathValidatorResult(TrustAnchor trustAnchor, + PolicyNode policyTree, + PublicKey subjectPublicKey) + { + if (trustAnchor == null || subjectPublicKey == null) + throw new NullPointerException(); + this.trustAnchor = trustAnchor; + this.policyTree = policyTree; + this.subjectPublicKey = subjectPublicKey; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the trust anchor. + * + * @return The trust anchor. + */ + public TrustAnchor getTrustAnchor() + { + return trustAnchor; + } + + /** + * Returns the root node of the policy tree. + * + * @return The root node of the policy tree. + */ + public PolicyNode getPolicyTree() + { + return policyTree; + } + + /** + * Returns the subject public key. + * + * @return The subject public key. + */ + public PublicKey getPublicKey() + { + return subjectPublicKey; + } + + /** + * Returns a copy of this object. + * + * @return The copy. + */ + public Object clone() + { + return new PKIXCertPathValidatorResult(trustAnchor, policyTree, + subjectPublicKey); + } + + /** + * Returns a printable string representation of this result. + * + * @return A printable string representation of this result. + */ + public String toString() + { + return "[ Trust Anchor=" + trustAnchor + "; Policy Tree=" + + policyTree + "; Subject Public Key=" + subjectPublicKey + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/PKIXParameters.java b/libjava/classpath/java/security/cert/PKIXParameters.java new file mode 100644 index 000000000..bbb75571f --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXParameters.java @@ -0,0 +1,547 @@ +/* PKIXParameters.java -- parameters for the PKIX cert path algorithm + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +/** + * Parameters for verifying certificate paths using the PKIX + * (Public-Key Infrastructure (X.509)) algorithm. + * + * @see CertPathBuilder + * @since 1.4 + */ +public class PKIXParameters implements CertPathParameters +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The trusted certificates. */ + private final Set trustAnchors; + + /** The set of initial policy identifiers. */ + private final Set initPolicies; + + /** The list of certificate stores. */ + private final List certStores; + + /** The list of path checkers. */ + private final List pathCheckers; + + /** The revocation enabled flag. */ + private boolean revocationEnabled; + + /** The explicit policy required flag. */ + private boolean exPolicyRequired; + + /** The policy mapping inhibited flag. */ + private boolean policyMappingInhibited; + + /** The any policy inhibited flag. */ + private boolean anyPolicyInhibited; + + /** The policy qualifiers rejected flag. */ + private boolean policyQualRejected; + + /** The target validation date. */ + private Date date; + + /** The signature algorithm provider. */ + private String sigProvider; + + /** The target constraints. */ + private CertSelector targetConstraints; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new PKIXParameters object, populating the trusted + * certificates set with all certificates found in the given key + * store. All certificates found in the key store are assumed to be + * trusted by this constructor. + * + * @param keystore The key store. + * @throws KeyStoreException If the certificates cannot be retrieved + * from the key store. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the key store. + * @throws NullPointerException If keystore is null. + */ + public PKIXParameters(KeyStore keystore) + throws KeyStoreException, InvalidAlgorithmParameterException + { + this(); + for (Enumeration e = keystore.aliases(); e.hasMoreElements(); ) + { + String alias = (String) e.nextElement(); + if (!keystore.isCertificateEntry(alias)) + continue; + Certificate cert = keystore.getCertificate(alias); + if (cert instanceof X509Certificate) + trustAnchors.add(new TrustAnchor((X509Certificate) cert, null)); + } + if (trustAnchors.isEmpty()) + throw new InvalidAlgorithmParameterException("no certs in the key store"); + } + + /** + * Create a new PKIXParameters object, populating the trusted + * certificates set with the elements of the given set, each of which + * must be a {@link TrustAnchor}. + * + * @param trustAnchors The set of trust anchors. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If trustAnchors is null. + * @throws ClassCastException If every element in trustAnchors + * is not a {@link TrustAnchor}. + */ + public PKIXParameters(Set trustAnchors) + throws InvalidAlgorithmParameterException + { + this(); + setTrustAnchors(trustAnchors); + } + + /** + * Default constructor. + */ + private PKIXParameters() + { + trustAnchors = new HashSet(); + initPolicies = new HashSet(); + certStores = new LinkedList(); + pathCheckers = new LinkedList(); + revocationEnabled = true; + exPolicyRequired = false; + policyMappingInhibited = false; + anyPolicyInhibited = false; + policyQualRejected = true; + } + + /** + * Copying constructor for cloning. + * + * @param that The instance being cloned. + */ + private PKIXParameters(PKIXParameters that) + { + this(); + this.trustAnchors.addAll(that.trustAnchors); + this.initPolicies.addAll(that.initPolicies); + this.certStores.addAll(that.certStores); + this.pathCheckers.addAll(that.pathCheckers); + this.revocationEnabled = that.revocationEnabled; + this.exPolicyRequired = that.exPolicyRequired; + this.policyMappingInhibited = that.policyMappingInhibited; + this.anyPolicyInhibited = that.anyPolicyInhibited; + this.policyQualRejected = that.policyQualRejected; + this.date = that.date; + this.sigProvider = that.sigProvider; + this.targetConstraints = that.targetConstraints != null + ? (CertSelector) that.targetConstraints.clone() : null; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns an immutable set of trust anchors. The set returned will + * never be null and will never be empty. + * + * @return A (never null, never empty) immutable set of trust anchors. + */ + public Set getTrustAnchors() + { + return Collections.unmodifiableSet(trustAnchors); + } + + /** + * Sets the trust anchors of this class, replacing the current trust + * anchors with those in the given set. The supplied set is copied to + * prevent modification. + * + * @param trustAnchors The new set of trust anchors. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If trustAnchors is null. + * @throws ClassCastException If every element in trustAnchors + * is not a {@link TrustAnchor}. + */ + public void setTrustAnchors(Set trustAnchors) + throws InvalidAlgorithmParameterException + { + if (trustAnchors.isEmpty()) + throw new InvalidAlgorithmParameterException("no trust anchors"); + this.trustAnchors.clear(); + for (Iterator i = trustAnchors.iterator(); i.hasNext(); ) + { + this.trustAnchors.add((TrustAnchor) i.next()); + } + } + + /** + * Returns the set of initial policy identifiers (as OID strings). If + * any policy is accepted, this method returns the empty set. + * + * @return An immutable set of initial policy OID strings, or the + * empty set if any policy is acceptable. + */ + public Set getInitialPolicies() + { + return Collections.unmodifiableSet(initPolicies); + } + + /** + * Sets the initial policy identifiers (as OID strings). If the + * argument is null or the empty set, then any policy identifier will + * be accepted. + * + * @param initPolicies The new set of policy strings, or null. + * @throws ClassCastException If any element in initPolicies is + * not a string. + */ + public void setInitialPolicies(Set initPolicies) + { + this.initPolicies.clear(); + if (initPolicies == null) + return; + for (Iterator i = initPolicies.iterator(); i.hasNext(); ) + { + this.initPolicies.add((String) i.next()); + } + } + + /** + * Add a {@link CertStore} to the list of cert stores. + * + * @param store The CertStore to add. + */ + public void addCertStore(CertStore store) + { + if (store != null) + certStores.add(store); + } + + /** + * Returns an immutable list of cert stores. This method never returns + * null. + * + * @return The list of cert stores. + */ + public List getCertStores() + { + return Collections.unmodifiableList(certStores); + } + + /** + * Set the cert stores. If the argument is null the list of cert + * stores will be empty. + * + * @param certStores The cert stores. + */ + public void setCertStores(List certStores) + { + this.certStores.clear(); + if (certStores == null) + return; + for (Iterator i = certStores.iterator(); i.hasNext(); ) + { + this.certStores.add((CertStore) i.next()); + } + } + + /** + * Returns the value of the revocation enabled flag. The default + * value for this flag is true. + * + * @return The revocation enabled flag. + */ + public boolean isRevocationEnabled() + { + return revocationEnabled; + } + + /** + * Sets the value of the revocation enabled flag. + * + * @param value The new value. + */ + public void setRevocationEnabled(boolean value) + { + revocationEnabled = value; + } + + /** + * Returns the value of the explicit policy required flag. The + * default value of this flag is false. + * + * @return The explicit policy required flag. + */ + public boolean isExplicitPolicyRequired() + { + return exPolicyRequired; + } + + /** + * Sets the value of the explicit policy required flag. + * + * @param value The new value. + */ + public void setExplicitPolicyRequired(boolean value) + { + exPolicyRequired = value; + } + + /** + * Returns the value of the policy mapping inhibited flag. The + * default value of this flag is false. + * + * @return The policy mapping inhibited flag. + */ + public boolean isPolicyMappingInhibited() + { + return policyMappingInhibited; + } + + /** + * Sets the value of the policy mapping inhibited flag. + * + * @param value The new value. + */ + public void setPolicyMappingInhibited(boolean value) + { + policyMappingInhibited = value; + } + + /** + * Returns the value of the any policy inhibited flag. The + * default value of this flag is false. + * + * @return The any policy inhibited flag. + */ + public boolean isAnyPolicyInhibited() + { + return anyPolicyInhibited; + } + + /** + * Sets the value of the any policy inhibited flag. + * + * @param value The new value. + */ + public void setAnyPolicyInhibited(boolean value) + { + anyPolicyInhibited = value; + } + + /** + * Returns the value of the policy qualifiers enabled flag. The + * default value of this flag is true. + * + * @return The policy qualifiers enabled flag. + */ + public boolean getPolicyQualifiersRejected() + { + return policyQualRejected; + } + + /** + * Sets the value of the policy qualifiers enabled flag. + * + * @param value The new value. + */ + public void setPolicyQualifiersRejected(boolean value) + { + policyQualRejected = value; + } + + /** + * Returns the date for which the certificate path should be + * validated, or null if the current time should be used. The date + * object is copied to prevent subsequent modification. + * + * @return The date, or null if not set. + */ + public Date getDate() + { + return date != null ? (Date) date.clone() : null; + } + + /** + * Sets the date for which the certificate path should be validated, + * or null if the current time should be used. + * + * @param date The new date, or null. + */ + public void setDate(Date date) + { + if (date != null) + this.date = (Date) date.clone(); + else + this.date = null; + } + + /** + * Add a certificate path checker. + * + * @param checker The certificate path checker to add. + */ + public void addCertPathChecker(PKIXCertPathChecker checker) + { + if (checker != null) + pathCheckers.add(checker); + } + + /** + * Returns an immutable list of all certificate path checkers. + * + * @return An immutable list of all certificate path checkers. + */ + public List getCertPathCheckers() + { + return Collections.unmodifiableList(pathCheckers); + } + + /** + * Sets the certificate path checkers. If the argument is null, the + * list of checkers will merely be cleared. + * + * @param pathCheckers The new list of certificate path checkers. + * @throws ClassCastException If any element of pathCheckers is + * not a {@link PKIXCertPathChecker}. + */ + public void setCertPathCheckers(List pathCheckers) + { + this.pathCheckers.clear(); + if (pathCheckers == null) + return; + for (Iterator i = pathCheckers.iterator(); i.hasNext(); ) + { + this.pathCheckers.add((PKIXCertPathChecker) i.next()); + } + } + + /** + * Returns the signature algorithm provider, or null if not set. + * + * @return The signature algorithm provider, or null if not set. + */ + public String getSigProvider() + { + return sigProvider; + } + + /** + * Sets the signature algorithm provider, or null if there is no + * preferred provider. + * + * @param sigProvider The signature provider name. + */ + public void setSigProvider(String sigProvider) + { + this.sigProvider = sigProvider; + } + + /** + * Returns the constraints placed on the target certificate, or null + * if there are none. The target constraints are copied to prevent + * subsequent modification. + * + * @return The target constraints, or null. + */ + public CertSelector getTargetCertConstraints() + { + return targetConstraints != null + ? (CertSelector) targetConstraints.clone() : null; + } + + /** + * Sets the constraints placed on the target certificate. + * + * @param targetConstraints The target constraints. + */ + public void setTargetCertConstraints(CertSelector targetConstraints) + { + this.targetConstraints = targetConstraints != null + ? (CertSelector) targetConstraints.clone() : null; + } + + /** + * Returns a copy of these parameters. + * + * @return The copy. + */ + public Object clone() + { + return new PKIXParameters(this); + } + + /** + * Returns a printable representation of these parameters. + * + * @return A printable representation of these parameters. + */ + public String toString() { + return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs=" + + (initPolicies != null ? initPolicies.toString() : "any") + + "; Validity Date=" + date + "; Signature Provider=" + + sigProvider + "; Default Revocation Enabled=" + revocationEnabled + + "; Explicit Policy Required=" + exPolicyRequired + + "; Policy Mapping Inhibited=" + policyMappingInhibited + + "; Any Policy Inhibited=" + anyPolicyInhibited + + "; Policy Qualifiers Rejected=" + policyQualRejected + + "; Target Cert Contstraints=" + targetConstraints + + "; Certification Path Checkers=" + pathCheckers + + "; CertStores=" + certStores + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/PolicyNode.java b/libjava/classpath/java/security/cert/PolicyNode.java new file mode 100644 index 000000000..5da78c188 --- /dev/null +++ b/libjava/classpath/java/security/cert/PolicyNode.java @@ -0,0 +1,108 @@ +/* PolicyNode.java -- a single node in a policy tree + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.util.Iterator; +import java.util.Set; + +/** + * @since 1.4 + */ +public interface PolicyNode +{ + + /** + * Get the iterator of the child nodes of this node. The returned + * iterator is (naturally) unmodifiable. + * + * @return An iterator over the child nodes. + */ + Iterator getChildren(); + + /** + * Get the depth of this node within the tree, starting at 0 for the + * root node. + * + * @return The depth of this node. + */ + int getDepth(); + + /** + * Returns a set of policies (string OIDs) that will satisfy this + * node's policy. The root node should always return the singleton set + * with the element "any-policy". + * + * @return The set of expected policies. + */ + Set getExpectedPolicies(); + + /** + * Returns the parent node of this node, or null if this is the root + * node. + * + * @return The parent node, or null. + */ + PolicyNode getParent(); + + /** + * Returns a set of {@link PolicyQualifierInfo} objects that qualify + * the valid policy of this node. The root node should always return + * the empty set. + * + * @return The set of {@link PolicyQualifierInfo} objects. + */ + Set getPolicyQualifiers(); + + /** + * Get the policy OID this node represents. The root node should return + * the special value "any-policy". + * + * @return The policy of this node. + */ + String getValidPolicy(); + + /** + * Return the criticality flag of this policy node. Nodes who return + * true for this method should be considered critical. The root node + * is never critical. + * + * @return The criticality flag. + */ + boolean isCritical(); +} diff --git a/libjava/classpath/java/security/cert/PolicyQualifierInfo.java b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java new file mode 100644 index 000000000..b53faa935 --- /dev/null +++ b/libjava/classpath/java/security/cert/PolicyQualifierInfo.java @@ -0,0 +1,169 @@ +/* PolicyQualifierInfo.java -- policy qualifier info object. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.io.ASN1ParsingException; +import gnu.java.security.OID; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +/** + * The PolicyQualifierInfo X.509 certificate extension. + * PolicyQualifierInfo objects are represented by the ASN.1 structure: + * + * 

+ * PolicyQualifierInfo ::= SEQUENCE {
+ *    policyQualifierId   PolicyQualifierId,
+ *    qualifier           ANY DEFINED BY policyQualifierId
+ * }
+ *
+ * PolicyQualifierId ::= OBJECT IDENTIFIER
+ *
+ * + * @since 1.4 + * @specnote this class was final in 1.4, but beginning with 1.5 is not + */ +public class PolicyQualifierInfo +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The policyQualifierId field. */ + private OID oid; + + /** The DER encoded form of this object. */ + private byte[] encoded; + + /** The DER encoded form of the qualifier field. */ + private DERValue qualifier; + + // Constructor. + // ------------------------------------------------------------------------ + + /** + * Create a new PolicyQualifierInfo object from the DER encoded form + * passed in the byte array. The argument is copied. + * + *

The ASN.1 form of PolicyQualifierInfo is: +

+PolicyQualifierInfo ::= SEQUENCE {
+   policyQualifierId     PolicyQualifierId,
+   qualifier             ANY DEFINED BY policyQualifierId
+}
+
+PolicyQualifierId ::= OBJECT IDENTIFIER
+
+ * + * @param encoded The DER encoded form. + * @throws IOException If the structure cannot be parsed from the + * encoded bytes. + */ + public PolicyQualifierInfo(byte[] encoded) throws IOException + { + if (encoded == null) + throw new IOException("null bytes"); + this.encoded = (byte[]) encoded.clone(); + DERReader in = new DERReader(new ByteArrayInputStream(this.encoded)); + DERValue qualInfo = in.read(); + if (!qualInfo.isConstructed()) + throw new ASN1ParsingException("malformed PolicyQualifierInfo"); + DERValue val = in.read(); + if (!(val.getValue() instanceof OID)) + throw new ASN1ParsingException("value read not an OBJECT IDENTIFIER"); + oid = (OID) val.getValue(); + if (val.getEncodedLength() < val.getLength()) + qualifier = in.read(); + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the policyQualifierId field of this structure, + * as a dotted-decimal representation of the object identifier. + * + * @return This structure's OID field. + */ + public final String getPolicyQualifierId() + { + return oid.toString(); + } + + /** + * Returns the DER encoded form of this object; the contents of the + * returned byte array are equivalent to those that were passed to the + * constructor. The byte array is cloned every time this method is + * called. + * + * @return The encoded form. + */ + public final byte[] getEncoded() + { + return (byte[]) encoded.clone(); + } + + /** + * Get the qualifier field of this object, as a DER + * encoded byte array. The byte array returned is cloned every time + * this method is called. + * + * @return The encoded qualifier. + */ + public final byte[] getPolicyQualifier() + { + if (qualifier == null) + return new byte[0]; + return qualifier.getEncoded(); + } + + /** + * Returns a printable string representation of this object. + * + * @return The string representation. + */ + public String toString() + { + return "PolicyQualifierInfo { policyQualifierId ::= " + oid + + ", qualifier ::= " + qualifier + " }"; + } +} diff --git a/libjava/classpath/java/security/cert/TrustAnchor.java b/libjava/classpath/java/security/cert/TrustAnchor.java new file mode 100644 index 000000000..2110ed518 --- /dev/null +++ b/libjava/classpath/java/security/cert/TrustAnchor.java @@ -0,0 +1,185 @@ +/* TrustAnchor.java -- an ultimately-trusted certificate. + Copyright (C) 2003, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.java.security.x509.X500DistinguishedName; + +import java.security.PublicKey; + +/** + * An ultimately-trusted certificate to serve as the root of a + * certificate chain. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class TrustAnchor +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The certificate authority's distinguished name. */ + private final X500DistinguishedName caName; + + /** The certficate authority's public key. */ + private final PublicKey caKey; + + /** The certficate authority's certificate. */ + private final X509Certificate trustedCert; + + /** The encoded name constraints bytes. */ + private final byte[] nameConstraints; + + // Constnuctors. + // ------------------------------------------------------------------------ + + /** + * Create a new trust anchor from a certificate and (optional) name + * constraints. + * + *

If the nameConstraints argument in non-null, it will be + * copied to prevent modification. + * + * @param trustedCert The trusted certificate. + * @param nameConstraints The encoded nameConstraints. + */ + public TrustAnchor(X509Certificate trustedCert, byte[] nameConstraints) + { + if (trustedCert == null) + throw new NullPointerException(); + this.trustedCert = trustedCert; + caName = null; + caKey = null; + if (nameConstraints != null) + this.nameConstraints = (byte[]) nameConstraints.clone(); + else + this.nameConstraints = null; + } + + /** + * Create a new trust anchor from a certificate authority's + * distinguished name, public key, and (optional) name constraints. + * + *

If the nameConstraints argument in non-null, it will be + * copied to prevent modification. + * + * @params caName The CA's distinguished name. + * @params caKey The CA's public key. + * @params nameConstraints The encoded nameConstraints. + */ + public TrustAnchor(String caName, PublicKey caKey, byte[] nameConstraints) + { + if (caName == null || caKey == null) + throw new NullPointerException(); + if (caName.length() == 0) + throw new IllegalArgumentException(); + trustedCert = null; + this.caName = new X500DistinguishedName(caName); + this.caKey = caKey; + if (nameConstraints != null) + this.nameConstraints = (byte[]) nameConstraints.clone(); + else + this.nameConstraints = null; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Return the trusted certificate, or null if none was specified. + * + * @return The trusted certificate. + */ + public final X509Certificate getTrustedCert() + { + return trustedCert; + } + + /** + * Return the certificate authority's distinguished name, or null if + * none was specified. + * + * @return The CA's distinguished name. + */ + public final String getCAName() + { + if (caName != null) + return caName.toString(); + return null; + } + + /** + * Return the certificate authority's public key, or null if none was + * specified. + * + * @return The CA's public key. + */ + public final PublicKey getCAPublicKey() + { + return caKey; + } + + /** + * Return the encoded name constraints, or null if none was specified. + * + *

The name constraints byte array is copied when this method is + * called to prevent modification. + * + * @return The encoded name constraints. + */ + public final byte[] getNameConstraints() + { + if (nameConstraints == null) + return null; + return (byte[]) nameConstraints.clone(); + } + + /** + * Return a printable representation of this trust anchor. + * + * @return The printable representation. + */ + public String toString() + { + if (trustedCert == null) + return "[ Trusted CA Public Key=" + caKey + ", Trusted CA Issuer Name=" + + caName.toString() + " ]"; + return "[ Trusted CA Certificate=" + trustedCert + " ]"; + } +} diff --git a/libjava/classpath/java/security/cert/X509CRL.java b/libjava/classpath/java/security/cert/X509CRL.java new file mode 100644 index 000000000..895ba33e7 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509CRL.java @@ -0,0 +1,397 @@ +/* X509CRL.java --- X.509 Certificate Revocation List + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.PublicKey; +import java.security.SignatureException; +import java.util.Date; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +/** + The X509CRL class is the abstract class used to manage + X.509 Certificate Revocation Lists. The CRL is a list of + time stamped entries which indicate which lists have been + revoked. The list is signed by a Certificate Authority (CA) + and made publically available in a repository. + + Each revoked certificate in the CRL is identified by its + certificate serial number. When a piece of code uses a + certificate, the certificates validity is checked by + validating its signature and determing that it is not + only a recently acquired CRL. The recently aquired CRL + is depends on the local policy in affect. The CA issues + a new CRL periodically and entries are removed as the + certificate expiration date is reached + + + A description of the X.509 v2 CRL follows below from rfc2459. + + "The X.509 v2 CRL syntax is as follows. For signature calculation, + the data that is to be signed is ASN.1 DER encoded. ASN.1 DER + encoding is a tag, length, value encoding system for each element. + + CertificateList ::= SEQUENCE { + tbsCertList TBSCertList, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING } + + TBSCertList ::= SEQUENCE { + version Version OPTIONAL, + -- if present, shall be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, shall be v2 + } OPTIONAL, + crlExtensions [0] EXPLICIT Extensions OPTIONAL + -- if present, shall be v2 + }" + + @author Mark Benvenuto + + @since 1.2 +*/ +public abstract class X509CRL extends CRL implements X509Extension +{ + + /** + Constructs a new X509CRL. + */ + protected X509CRL() + { + super("X.509"); + } + + /** + Compares this X509CRL to other. It checks if the + object if instanceOf X509CRL and then checks if + the encoded form matches. + + @param other An Object to test for equality + + @return true if equal, false otherwise + */ + public boolean equals(Object other) + { + if( other instanceof X509CRL ) { + try { + X509CRL x = (X509CRL) other; + if( getEncoded().length != x.getEncoded().length ) + return false; + + byte[] b1 = getEncoded(); + byte[] b2 = x.getEncoded(); + + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; + + } catch( CRLException crle ) { + return false; + } + return true; + } + return false; + } + + /** + Returns a hash code for this X509CRL in its encoded + form. + + @return A hash code of this class + */ + public int hashCode() + { + return super.hashCode(); + } + + /** + Gets the DER ASN.1 encoded format for this X.509 CRL. + + @return byte array containg encoded form + + @throws CRLException if an error occurs + */ + public abstract byte[] getEncoded() throws CRLException; + + /** + Verifies that this CRL was properly signed with the + PublicKey that corresponds to its private key. + + @param key PublicKey to verify with + + @throws CRLException encoding error + @throws NoSuchAlgorithmException unsupported algorithm + @throws InvalidKeyException incorrect key + @throws NoSuchProviderException no provider + @throws SignatureException signature error + */ + public abstract void verify(PublicKey key) + throws CRLException, + NoSuchAlgorithmException, + InvalidKeyException, + NoSuchProviderException, + SignatureException; + + /** + Verifies that this CRL was properly signed with the + PublicKey that corresponds to its private key and uses + the signature engine provided by the provider. + + @param key PublicKey to verify with + @param sigProvider Provider to use for signature algorithm + + @throws CRLException encoding error + @throws NoSuchAlgorithmException unsupported algorithm + @throws InvalidKeyException incorrect key + @throws NoSuchProviderException incorrect provider + @throws SignatureException signature error + */ + public abstract void verify(PublicKey key, + String sigProvider) + throws CRLException, + NoSuchAlgorithmException, + InvalidKeyException, + NoSuchProviderException, + SignatureException; + + /** + Gets the version of this CRL. + + The ASN.1 encoding is: + + version Version OPTIONAL, + -- if present, shall be v2 + + Version ::= INTEGER { v1(0), v2(1), v3(2) } + + Consult rfc2459 for more information. + + @return the version number, Ex: 1 or 2 + */ + public abstract int getVersion(); + + /** + Returns the issuer (issuer distinguished name) of the CRL. + The issuer is the entity who signed and issued the + Certificate Revocation List. + + The ASN.1 DER encoding is: + + issuer Name, + + Name ::= CHOICE { + RDNSequence } + + RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + + RelativeDistinguishedName ::= + SET OF AttributeTypeAndValue + + AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue } + + AttributeType ::= OBJECT IDENTIFIER + + AttributeValue ::= ANY DEFINED BY AttributeType + + DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1.. MAX)), + bmpString BMPString (SIZE (1..MAX)) } + + Consult rfc2459 for more information. + + @return the issuer in the Principal class + */ + public abstract Principal getIssuerDN(); + + /** + Returns the thisUpdate date of the CRL. + + The ASN.1 DER encoding is: + + thisUpdate Time, + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Consult rfc2459 for more information. + + @return the thisUpdate date + */ + public abstract Date getThisUpdate(); + + /* + Gets the nextUpdate field + + The ASN.1 DER encoding is: + + nextUpdate Time OPTIONAL, + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Consult rfc2459 for more information. + + @return the nextUpdate date + */ + public abstract Date getNextUpdate(); + + /** + Gets the requeste dX509Entry for the specified + certificate serial number. + + @return a X509CRLEntry representing the X.509 CRL entry + */ + public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber); + + /** + Returns a Set of revoked certificates. + + @return a set of revoked certificates. + */ + public abstract Set getRevokedCertificates(); + + /** + Returns the DER ASN.1 encoded tbsCertList which is + the basic information of the list and associated certificates + in the encoded state. See top for more information. + + The ASN.1 DER encoding is: + + tbsCertList TBSCertList, + + Consult rfc2459 for more information. + + @return byte array representing tbsCertList + */ + public abstract byte[] getTBSCertList() throws CRLException; + + + /** + Returns the signature for the CRL. + + The ASN.1 DER encoding is: + + signatureValue BIT STRING + + Consult rfc2459 for more information. + */ + public abstract byte[] getSignature(); + + /** + Returns the signature algorithm used to sign the CRL. + An examples is "SHA-1/DSA". + + The ASN.1 DER encoding is: + + signatureAlgorithm AlgorithmIdentifier, + + AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL } + + Consult rfc2459 for more information. + + The algorithm name is determined from the OID. + + @return a string with the signature algorithm name + */ + public abstract String getSigAlgName(); + + /** + Returns the OID for the signature algorithm used. + Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\ + + The ASN.1 DER encoding for the example is: + + id-dsa-with-sha1 ID ::= { + iso(1) member-body(2) us(840) x9-57 (10040) + x9cm(4) 3 } + + Consult rfc2459 for more information. + + @return a string containing the OID. + */ + public abstract String getSigAlgOID(); + + /** + Returns the AlgorithmParameters in the encoded form + for the signature algorithm used. + + If access to the parameters is need, create an + instance of AlgorithmParameters. + + @return byte array containing algorithm parameters, null + if no parameters are present in CRL + */ + public abstract byte[] getSigAlgParams(); + + // 1.4 instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the X.500 distinguished name of this CRL's issuer. + * + * @return The issuer's X.500 distinguished name. + * @since JDK 1.4 + */ + public X500Principal getIssuerX500Principal() + { + throw new UnsupportedOperationException(); + } +} diff --git a/libjava/classpath/java/security/cert/X509CRLEntry.java b/libjava/classpath/java/security/cert/X509CRLEntry.java new file mode 100644 index 000000000..ac5ef4714 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509CRLEntry.java @@ -0,0 +1,169 @@ +/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.math.BigInteger; +import java.util.Date; + +/** + Abstract class for entries in the CRL (Certificate Revocation + List). The ASN.1 definition for revokedCertificates is + + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, shall be v2 + } OPTIONAL, + + CertificateSerialNumber ::= INTEGER + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + + Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING } + + For more information consult rfc2459. + + @author Mark Benvenuto + + @since JDK 1.2 +*/ +public abstract class X509CRLEntry implements X509Extension +{ + + /** + Creates a new X509CRLEntry + */ + public X509CRLEntry() + {} + + /** + Compares this X509CRLEntry to other. It checks if the + object if instanceOf X509CRLEntry and then checks if + the encoded form( the inner SEQUENCE) matches. + + @param other An Object to test for equality + + @return true if equal, false otherwise + */ + public boolean equals(Object other) + { + if( other instanceof X509CRLEntry ) { + try { + X509CRLEntry xe = (X509CRLEntry) other; + if( getEncoded().length != xe.getEncoded().length ) + return false; + + byte[] b1 = getEncoded(); + byte[] b2 = xe.getEncoded(); + + for( int i = 0; i < b1.length; i++ ) + if( b1[i] != b2[i] ) + return false; + + } catch( CRLException crle ) { + return false; + } + return true; + } + return false; + } + + /** + Returns a hash code for this X509CRLEntry in its encoded + form. + + @return A hash code of this class + */ + public int hashCode() + { + return super.hashCode(); + } + + /** + Gets the DER ASN.1 encoded format for this CRL Entry, + the inner SEQUENCE. + + @return byte array containg encoded form + + @throws CRLException if an error occurs + */ + public abstract byte[] getEncoded() throws CRLException; + + /** + Gets the serial number for userCertificate in + this X509CRLEntry. + + @return the serial number for this X509CRLEntry. + */ + public abstract BigInteger getSerialNumber(); + + + /** + Gets the revocation date in revocationDate for + this X509CRLEntry. + + @return the revocation date for this X509CRLEntry. + */ + public abstract Date getRevocationDate(); + + + /** + Checks if this X509CRLEntry has extensions. + + @return true if it has extensions, false otherwise + */ + public abstract boolean hasExtensions(); + + + /** + Returns a string that represents this X509CRLEntry. + + @return a string representing this X509CRLEntry. + */ + public abstract String toString(); + +} diff --git a/libjava/classpath/java/security/cert/X509CRLSelector.java b/libjava/classpath/java/security/cert/X509CRLSelector.java new file mode 100644 index 000000000..d412a1ae3 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509CRLSelector.java @@ -0,0 +1,442 @@ +/* X509CRLSelector.java -- selects X.509 CRLs by criteria. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.classpath.SystemProperties; +import gnu.java.lang.CPStringBuilder; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; + +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; + +import javax.security.auth.x500.X500Principal; + +/** + * A class for matching X.509 certificate revocation lists by criteria. + * + *

Use of this class requires extensive knowledge of the Internet + * Engineering Task Force's Public Key Infrastructure (X.509). The primary + * document describing this standard is RFC 3280: Internet X.509 + * Public Key Infrastructure Certificate and Certificate Revocation List + * (CRL) Profile. + * + *

Note that this class is not thread-safe. If multiple threads will + * use or modify this class then they need to synchronize on the object. + * + * @author Casey Marshall (csm@gnu.org) + * @since 1.4 + */ +public class X509CRLSelector implements CRLSelector, Cloneable +{ + + // Fields. + // ------------------------------------------------------------------------- + + private static final String CRL_NUMBER_ID = "2.5.29.20"; + + private List issuerNames; + private BigInteger maxCrlNumber; + private BigInteger minCrlNumber; + private Date date; + private X509Certificate cert; + + // Constructor. + // ------------------------------------------------------------------------- + + /** + * Creates a new CRL selector with no criteria enabled; i.e., every CRL + * will be matched. + */ + public X509CRLSelector() + { + } + + // Instance methods. + // ------------------------------------------------------------------------- + + /** + * Add an issuer name to the set of issuer names criteria, as the DER + * encoded form. + * + * @param name The name to add, as DER bytes. + * @throws IOException If the argument is not a valid DER-encoding. + */ + public void addIssuerName(byte[] name) throws IOException + { + X500Principal p = null; + try + { + p = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name"); + ioe.initCause(iae); + throw ioe; + } + if (issuerNames == null) + issuerNames = new LinkedList(); + issuerNames.add(p); + } + + /** + * Add an issuer name to the set of issuer names criteria, as a + * String representation. + * + * @param name The name to add. + * @throws IOException If the argument is not a valid name. + */ + public void addIssuerName(String name) throws IOException + { + X500Principal p = null; + try + { + p = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name: " + name); + ioe.initCause(iae); + throw ioe; + } + if (issuerNames == null) + issuerNames = new LinkedList(); + issuerNames.add(p); + } + + /** + * Sets the issuer names criterion. Pass null to clear this + * value. CRLs matched by this selector must have an issuer name in this + * set. + * + * @param names The issuer names. + * @throws IOException If any of the elements in the collection is not + * a valid name. + */ + public void setIssuerNames(Collection names) throws IOException + { + if (names == null) + { + issuerNames = null; + return; + } + List l = new ArrayList(names.size()); + for (Iterator it = names.iterator(); it.hasNext(); ) + { + Object o = it.next(); + if (o instanceof X500Principal) + l.add(o); + else if (o instanceof String) + { + try + { + l.add(new X500Principal((String) o)); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name: " + o); + ioe.initCause(iae); + throw ioe; + } + } + else if (o instanceof byte[]) + { + try + { + l.add(new X500Principal((byte[]) o)); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name"); + ioe.initCause(iae); + throw ioe; + } + } + else if (o instanceof InputStream) + { + try + { + l.add(new X500Principal((InputStream) o)); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed name"); + ioe.initCause(iae); + throw ioe; + } + } + else + throw new IOException("not a valid name: " + + (o != null ? o.getClass().getName() : "null")); + + } + issuerNames = l; + } + + /** + * Returns the set of issuer names that are matched by this selector, + * or null if this criteria is not set. The returned + * collection is not modifiable. + * + * @return The set of issuer names. + */ + public Collection getIssuerNames() + { + if (issuerNames != null) + return Collections.unmodifiableList(issuerNames); + else + return null; + } + + /** + * Returns the maximum value of the CRLNumber extension present in + * CRLs matched by this selector, or null if this + * criteria is not set. + * + * @return The maximum CRL number. + */ + public BigInteger getMaxCRL() + { + return maxCrlNumber; + } + + /** + * Returns the minimum value of the CRLNumber extension present in + * CRLs matched by this selector, or null if this + * criteria is not set. + * + * @return The minimum CRL number. + */ + public BigInteger getMinCRL() + { + return minCrlNumber; + } + + /** + * Sets the maximum value of the CRLNumber extension present in CRLs + * matched by this selector. Specify null to clear this + * criterion. + * + * @param maxCrlNumber The maximum CRL number. + */ + public void setMaxCRLNumber(BigInteger maxCrlNumber) + { + this.maxCrlNumber = maxCrlNumber; + } + + /** + * Sets the minimum value of the CRLNumber extension present in CRLs + * matched by this selector. Specify null to clear this + * criterion. + * + * @param minCrlNumber The minimum CRL number. + */ + public void setMinCRLNumber(BigInteger minCrlNumber) + { + this.minCrlNumber = minCrlNumber; + } + + /** + * Returns the date when this CRL must be valid; that is, the date + * must be after the thisUpdate date, but before the nextUpdate date. + * Returns null if this criterion is not set. + * + * @return The date. + */ + public Date getDateAndTime() + { + return date != null ? (Date) date.clone() : null; + } + + /** + * Sets the date at which this CRL must be valid. Specify + * null to clear this criterion. + * + * @param date The date. + */ + public void setDateAndTime(Date date) + { + this.date = date != null ? (Date) date.clone() : null; + } + + /** + * Returns the certificate being checked, or null if this + * value is not set. + * + * @return The certificate. + */ + public X509Certificate getCertificateChecking() + { + return cert; + } + + /** + * Sets the certificate being checked. This is not a criterion, but + * info used by certificate store implementations to aid in searching. + * + * @param cert The certificate. + */ + public void setCertificateChecking(X509Certificate cert) + { + this.cert = cert; + } + + /** + * Returns a string representation of this selector. The string will + * only describe the enabled criteria, so if none are enabled this will + * return a string that contains little else besides the class name. + * + * @return The string. + */ + public String toString() + { + CPStringBuilder str = new CPStringBuilder(X509CRLSelector.class.getName()); + String nl = SystemProperties.getProperty("line.separator"); + String eol = ";" + nl; + + str.append(" {").append(nl); + if (issuerNames != null) + str.append(" issuer names = ").append(issuerNames).append(eol); + if (maxCrlNumber != null) + str.append(" max CRL = ").append(maxCrlNumber).append(eol); + if (minCrlNumber != null) + str.append(" min CRL = ").append(minCrlNumber).append(eol); + if (date != null) + str.append(" date = ").append(date).append(eol); + if (cert != null) + str.append(" certificate = ").append(cert).append(eol); + str.append("}").append(nl); + return str.toString(); + } + + /** + * Checks a CRL against the criteria of this selector, returning + * true if the given CRL matches all the criteria. + * + * @param _crl The CRL being checked. + * @return True if the CRL matches, false otherwise. + */ + public boolean match(CRL _crl) + { + if (!(_crl instanceof X509CRL)) + return false; + X509CRL crl = (X509CRL) _crl; + if (issuerNames != null) + { + if (!issuerNames.contains(crl.getIssuerX500Principal())) + return false; + } + BigInteger crlNumber = null; + if (maxCrlNumber != null) + { + byte[] b = crl.getExtensionValue(CRL_NUMBER_ID); + if (b == null) + return false; + try + { + DERValue val = DERReader.read(b); + if (!(val.getValue() instanceof BigInteger)) + return false; + crlNumber = (BigInteger) val.getValue(); + } + catch (IOException ioe) + { + return false; + } + if (maxCrlNumber.compareTo(crlNumber) < 0) + return false; + } + if (minCrlNumber != null) + { + if (crlNumber == null) + { + byte[] b = crl.getExtensionValue(CRL_NUMBER_ID); + if (b == null) + return false; + try + { + DERValue val = DERReader.read(b); + if (!(val.getValue() instanceof BigInteger)) + return false; + crlNumber = (BigInteger) val.getValue(); + } + catch (IOException ioe) + { + return false; + } + } + if (minCrlNumber.compareTo(crlNumber) > 0) + return false; + } + if (date != null) + { + if (date.compareTo(crl.getThisUpdate()) < 0 || + date.compareTo(crl.getNextUpdate()) > 0) + return false; + } + return true; + } + + /** + * Returns a copy of this object. + * + * @return The copy. + */ + public Object clone() + { + try + { + return super.clone(); + } + catch (CloneNotSupportedException shouldNotHappen) + { + throw new Error(shouldNotHappen); + } + } +} diff --git a/libjava/classpath/java/security/cert/X509CertSelector.java b/libjava/classpath/java/security/cert/X509CertSelector.java new file mode 100644 index 000000000..8c1230afb --- /dev/null +++ b/libjava/classpath/java/security/cert/X509CertSelector.java @@ -0,0 +1,1319 @@ +/* X509CertSelector.java -- selects X.509 certificates by criteria. + Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import gnu.classpath.SystemProperties; +import gnu.java.lang.CPStringBuilder; +import gnu.java.security.OID; +import gnu.java.security.x509.GnuPKIExtension; +import gnu.java.security.x509.ext.CertificatePolicies; +import gnu.java.security.x509.ext.Extension; +import gnu.java.security.x509.ext.GeneralName; +import gnu.java.security.x509.ext.GeneralSubtree; +import gnu.java.security.x509.ext.NameConstraints; +import gnu.java.security.x509.ext.GeneralName.Kind; + +import java.io.IOException; +import java.math.BigInteger; +import java.net.InetAddress; +import java.security.KeyFactory; +import java.security.PublicKey; +import java.security.spec.X509EncodedKeySpec; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Date; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +/** + * A concrete implementation of {@link CertSelector} for X.509 certificates, + * which allows a number of criteria to be set when accepting certificates, + * from validity dates, to issuer and subject distinguished names, to some + * of the various X.509 extensions. + * + *

Use of this class requires extensive knowledge of the Internet + * Engineering Task Force's Public Key Infrastructure (X.509). The primary + * document describing this standard is RFC 3280: Internet X.509 + * Public Key Infrastructure Certificate and Certificate Revocation List + * (CRL) Profile. + * + *

Note that this class is not thread-safe. If multiple threads will + * use or modify this class then they need to synchronize on the object. + * + * @author Casey Marshall (csm@gnu.org) + * @since 1.4 + */ +public class X509CertSelector implements CertSelector, Cloneable +{ + + // Constants and fields. + // ------------------------------------------------------------------------- + + private static final String AUTH_KEY_ID = "2.5.29.35"; + private static final String SUBJECT_KEY_ID = "2.5.29.14"; + private static final String NAME_CONSTRAINTS_ID = "2.5.29.30"; + + private static boolean checkOid(int[] oid) + { + return (oid != null && oid.length > 2 && + (oid[0] >= 0 && oid[0] <= 2) && (oid[1] >= 0 && oid[1] <= 39)); + } + + private static GeneralName makeName(int id, String name) throws IOException + { + byte[] nameBytes = null; + GeneralName.Kind kind = GeneralName.Kind.forTag(id); + switch (Kind.forTag(id)) + { + case dNSName: + case rfc822Name: + case uniformResourceIdentifier: + nameBytes = name.getBytes("ASCII"); + break; + + case iPAddress: + InetAddress addr = InetAddress.getByName(name); + nameBytes = addr.getAddress(); + break; + + case registeredId: + OID oid = new OID(name); + nameBytes = oid.getDER(); + break; + + case directoryName: + X500Principal xname = new X500Principal(name); + nameBytes = xname.getEncoded(); + break; + + case ediPartyName: + case x400Address: + case otherName: + throw new IOException("cannot decode string representation of " + + kind); + } + return new GeneralName(kind, nameBytes); + } + + private int basicConstraints; + private X509Certificate cert; + private BigInteger serialNo; + private X500Principal issuer; + private X500Principal subject; + private byte[] subjectKeyId; + private byte[] authKeyId; + private boolean[] keyUsage; + private Date certValid; + private OID sigId; + private PublicKey subjectKey; + private X509EncodedKeySpec subjectKeySpec; + private Set keyPurposeSet; + private List altNames; + private boolean matchAllNames; + private byte[] nameConstraints; + private Set policy; + private List pathToNames; + + /** + * Creates a new X.509 certificate selector. The new selector will be + * empty, and will accept any certificate (provided that it is an + * {@link X509Certificate}). + */ + public X509CertSelector() + { + basicConstraints = -1; + } + + /** + * Add a name to match in the NameConstraints extension. The argument is + * the DER-encoded bytes of a GeneralName structure. + * + * See the method {@link #addSubjectAlternativeName(int, byte[])} for the + * format of the GeneralName structure. + * + * @param id The name identifier. Must be between 0 and 8. + * @param name The DER-encoded bytes of the name to match. + * @throws IOException If the name DER is malformed. + */ + public void addPathToName(int id, byte[] name) throws IOException + { + GeneralName generalName = new GeneralName(GeneralName.Kind.forTag(id), name); + if (pathToNames == null) + pathToNames = new LinkedList(); + pathToNames.add(generalName); + } + + /** + * Add a name to match in the NameConstraints extension. This method will + * only recognize certain types of name that have convenient string + * encodings. For robustness, you should use the {@link + * #addPathToName(int, byte[])} method whenever possible. + * + * @param id The name identifier. Must be between 0 and 8. + * @param name The name. + * @throws IOException If the name cannot be decoded. + */ + public void addPathToName(int id, String name) throws IOException + { + GeneralName generalName = makeName(id, name); + if (pathToNames == null) + pathToNames = new LinkedList(); + pathToNames.add(generalName); + } + + /** + * Add a name, as DER-encoded bytes, to the subject alternative names + * criterion. + * + * The name is a GeneralName structure, which has the ASN.1 format: + * + * 

+  GeneralName ::= CHOICE {
+    otherName                       [0]     OtherName,
+    rfc822Name                      [1]     IA5String,
+    dNSName                         [2]     IA5String,
+    x400Address                     [3]     ORAddress,
+    directoryName                   [4]     Name,
+    ediPartyName                    [5]     EDIPartyName,
+    uniformResourceIdentifier       [6]     IA5String,
+    iPAddress                       [7]     OCTET STRING,
+    registeredID                    [8]     OBJECT IDENTIFIER }
+
+ * + * @param id The type of name this is. + * @param name The DER-encoded name. + * @throws IOException If the name is not a valid DER sequence. + */ + public void addSubjectAlternativeName(int id, byte[] name) + throws IOException + { + GeneralName generalName = new GeneralName(GeneralName.Kind.forTag(id), name); + if (altNames == null) + altNames = new LinkedList(); + altNames.add(generalName); + } + + /** + * Add a name to the subject alternative names criterion. This method will + * only recognize certain types of name that have convenient string + * encodings. For robustness, you should use the {@link + * #addSubjectAlternativeName(int, byte[])} method whenever possible. + * + * This method can only decode certain name kinds of names as strings. + * + * @param id The type of name this is. Must be in the range [0,8]. + * @param name The name. + * @throws IOException If the id is out of range, or if the name + * is null. + */ + public void addSubjectAlternativeName(int id, String name) + throws IOException + { + GeneralName generalName = makeName(id, name); + if (altNames == null) + altNames = new LinkedList(); + altNames.add(generalName); + } + + public Object clone() + { + try + { + return super.clone(); + } + catch (CloneNotSupportedException shouldNotHappen) + { + throw new Error(shouldNotHappen); + } + } + + /** + * Returns the authority key identifier criterion, or null if + * this value was not set. Note that the byte array is cloned to prevent + * modification. + * + * @return The authority key identifier. + */ + public byte[] getAuthorityKeyIdentifier() + { + if (authKeyId != null) + return (byte[]) authKeyId.clone(); + else + return null; + } + + /** + * Returns the basic constraints criterion, or -1 if this value is not set. + * + * @return The basic constraints. + */ + public int getBasicConstraints() + { + return basicConstraints; + } + + /** + * Returns the certificate criterion, or null if this value + * was not set. + * + * @return The certificate. + */ + public X509Certificate getCertificate() + { + return cert; + } + + /** + * Returns the date at which certificates must be valid, or null + * if this criterion was not set. + * + * @return The target certificate valitity date. + */ + public Date getCertificateValid() + { + if (certValid != null) + return (Date) certValid.clone(); + else + return null; + } + + /** + * Returns the set of extended key purpose IDs, as an unmodifiable set + * of OID strings. Returns null if this criterion is not + * set. + * + * @return The set of key purpose OIDs (strings). + */ + public Set getExtendedKeyUsage() + { + if (keyPurposeSet != null) + return Collections.unmodifiableSet(keyPurposeSet); + else + return null; + } + + /** + * Returns the issuer criterion as a sequence of DER bytes, or + * null if this value was not set. + * + * @return The issuer. + */ + public byte[] getIssuerAsBytes() throws IOException + { + if (issuer != null) + return issuer.getEncoded(); + else + return null; + } + + /** + * Returns the issuer criterion as a string, or null if this + * value was not set. + * + * @return The issuer. + */ + public String getIssuerAsString() + { + if (issuer != null) + return issuer.getName(); + else + return null; + } + + /** + * Returns the public key usage criterion, or null if this + * value is not set. Note that the array is cloned to prevent modification. + * + * @return The public key usage. + */ + public boolean[] getKeyUsage() + { + if (keyUsage != null) + return (boolean[]) keyUsage.clone(); + else + return null; + } + + /** + * Returns whether or not all specified alternative names must match. + * If false, a certificate is considered a match if one of the + * specified alternative names matches. + * + * @return true if all names must match. + */ + public boolean getMatchAllSubjectAltNames() + { + return matchAllNames; + } + + /** + * Returns the name constraints criterion, or null if this + * value is not set. Note that the byte array is cloned to prevent + * modification. + * + * @return The name constraints. + */ + public byte[] getNameConstraints() + { + if (nameConstraints != null) + return (byte[]) nameConstraints.clone(); + else + return null; + } + + public Collection> getPathToNames() + { + if (pathToNames != null) + { + List> names = new ArrayList>(pathToNames.size()); + for (GeneralName name : pathToNames) + { + List n = new ArrayList(2); + n.add(name.kind().tag()); + n.add(name.name()); + names.add(n); + } + + return names; + } + return null; + } + + /** + * Returns the certificate policy extension that will be matched by this + * selector, or null if the certificate policy will not be matched. + * + * @return The policy to be matched, or null. + */ + public Set getPolicy() + { + Set p = this.policy; + if (p != null) + { + Set strings = new HashSet(p.size()); + for (OID o : p) + { + strings.add(o.toString()); + } + return strings; + } + return null; + } + + /** + * This method, and its related X.509 certificate extension — the + * private key usage period — is not supported under the Internet + * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this + * method is not supported either. + * + *

Do not use this method. It is not deprecated, as it is not deprecated + * in the Java standard, but it is basically a no-operation and simply + * returns null. + * + * @return Null. + */ + public Date getPrivateKeyValid() + { + return null; + } + + /** + * Returns the serial number criterion, or null if this + * value was not set. + * + * @return The serial number. + */ + public BigInteger getSerialNumber() + { + return serialNo; + } + + /** + * Get the subject alternative names criterion. The collection returned + * is a collection of pairs: the first element is an {@link Integer} + * containing the name type, and the second is a byte array containing + * the DER-encoded name bytes. + * + * @return The subject alternative names criterion. Returns null if this + * criterion is not set. + */ + public Collection> getSubjectAlternativeNames() + { + if (altNames != null) + { + List> names = new ArrayList>(altNames.size()); + for (GeneralName name : altNames) + { + List n = new ArrayList(2); + n.add(name.kind().tag()); + n.add(name.name()); + names.add(n); + } + return names; + } + return null; + } + + /** + * Returns the subject criterion as a sequence of DER bytes, or + * null if this value is not set. + * + * @return The subject. + */ + public byte[] getSubjectAsBytes() throws IOException + { + if (subject != null) + return subject.getEncoded(); + else + return null; + } + + /** + * Returns the subject criterion as a string, of null if + * this value was not set. + * + * @return The subject. + */ + public String getSubjectAsString() + { + if (subject != null) + return subject.getName(); + else + return null; + } + + /** + * Returns the subject key identifier criterion, or null if + * this value was not set. Note that the byte array is cloned to prevent + * modification. + * + * @return The subject key identifier. + */ + public byte[] getSubjectKeyIdentifier() + { + if (subjectKeyId != null) + return (byte[]) subjectKeyId.clone(); + else + return null; + } + + /** + * Returns the subject public key criterion, or null if this + * value is not set. + * + * @return The subject public key. + */ + public PublicKey getSubjectPublicKey() + { + return subjectKey; + } + + /** + * Returns the public key algorithm ID that matching certificates must have, + * or null if this criterion was not set. + * + * @return The public key algorithm ID. + */ + public String getSubjectPublicKeyAlgID() + { + return String.valueOf(sigId); + } + + /** + * Match a certificate. This method will check the given certificate + * against all the enabled criteria of this selector, and will return + * true if the given certificate matches. + * + * @param certificate The certificate to check. + * @return true if the certificate matches all criteria. + */ + public boolean match(Certificate certificate) + { + if (!(certificate instanceof X509Certificate)) + return false; + X509Certificate cert = (X509Certificate) certificate; + if (this.cert != null) + { + try + { + byte[] e1 = this.cert.getEncoded(); + byte[] e2 = cert.getEncoded(); + if (!Arrays.equals(e1, e2)) + return false; + } + catch (CertificateEncodingException cee) + { + return false; + } + } + if (serialNo != null) + { + if (!serialNo.equals(cert.getSerialNumber())) + return false; + } + if (certValid != null) + { + try + { + cert.checkValidity(certValid); + } + catch (CertificateException ce) + { + return false; + } + } + if (issuer != null) + { + if (!issuer.equals(cert.getIssuerX500Principal())) + return false; + } + if (subject != null) + { + if (!subject.equals(cert.getSubjectX500Principal())) + return false; + } + if (sigId != null) + { + if (!sigId.toString().equals(cert.getSigAlgOID())) + return false; + } + if (subjectKeyId != null) + { + byte[] b = cert.getExtensionValue(SUBJECT_KEY_ID); + if (!Arrays.equals(b, subjectKeyId)) + return false; + } + if (authKeyId != null) + { + byte[] b = cert.getExtensionValue(AUTH_KEY_ID); + if (!Arrays.equals(b, authKeyId)) + return false; + } + if (keyUsage != null) + { + boolean[] b = cert.getKeyUsage(); + if (!Arrays.equals(b, keyUsage)) + return false; + } + if (basicConstraints >= 0) + { + if (cert.getBasicConstraints() != basicConstraints) + return false; + } + if (keyPurposeSet != null) + { + List kp = null; + try + { + kp = cert.getExtendedKeyUsage(); + } + catch (CertificateParsingException cpe) + { + return false; + } + if (kp == null) + return false; + for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); ) + { + if (!kp.contains(it.next())) + return false; + } + } + if (altNames != null) + { + Collection> an = null; + try + { + an = cert.getSubjectAlternativeNames(); + } + catch (CertificateParsingException cpe) + { + return false; + } + if (an == null) + return false; + int match = 0; + for (GeneralName name : altNames) + { + for (List list : an) + { + try + { + Integer id = (Integer) list.get(0); + Object val = list.get(1); + GeneralName n = null; + if (val instanceof String) + n = makeName(id, (String) val); + else if (val instanceof byte[]) + { + n = new GeneralName(GeneralName.Kind.forTag(id), + (byte[]) val); + } + else + continue; + if (name.equals(n)) + match++; + } + catch (Exception e) + { + continue; + } + } + if (match == 0 || (matchAllNames && match < altNames.size())) + return false; + } + } + if (nameConstraints != null) + { + byte[] nc = cert.getExtensionValue(NAME_CONSTRAINTS_ID); + if (!Arrays.equals(nameConstraints, nc)) + return false; + } + + if (policy != null) + { + CertificatePolicies policies = null; + if (cert instanceof GnuPKIExtension) + { + policies = (CertificatePolicies) + ((GnuPKIExtension) cert).getExtension(CertificatePolicies.ID).getValue(); + } + else + { + byte[] policiesDer = + cert.getExtensionValue(CertificatePolicies.ID.toString()); + try + { + policies = new CertificatePolicies(policiesDer); + } + catch (IOException ioe) + { + // ignored + } + } + + if (policies == null) + return false; + if (!policies.getPolicies().containsAll(policy)) + return false; + } + + if (pathToNames != null) + { + NameConstraints nc = null; + if (cert instanceof GnuPKIExtension) + { + Extension e = + ((GnuPKIExtension) cert).getExtension(NameConstraints.ID); + if (e != null) + nc = (NameConstraints) e.getValue(); + } + else + { + byte[] b = cert.getExtensionValue(NameConstraints.ID.toString()); + if (b != null) + { + try + { + nc = new NameConstraints(b); + } + catch (IOException ioe) + { + } + } + } + + if (nc == null) + return false; + + int match = 0; + for (GeneralName name : pathToNames) + { + for (GeneralSubtree subtree : nc.permittedSubtrees()) + { + if (name.equals(subtree.base())) + match++; + } + } + if (match == 0 || (matchAllNames && match < pathToNames.size())) + return false; + } + + return true; + } + + /** + * Sets the authority key identifier criterion, or null to clear + * this criterion. Note that the byte array is cloned to prevent modification. + * + * @param authKeyId The authority key identifier. + */ + public void setAuthorityKeyIdentifier(byte[] authKeyId) + { + this.authKeyId = authKeyId != null ? (byte[]) authKeyId.clone() : null; + } + + /** + * Sets the basic constraints criterion. Specify -1 to clear this parameter. + * + * @param basicConstraints The new basic constraints value. + */ + public void setBasicConstraints(int basicConstraints) + { + if (basicConstraints < -1) + basicConstraints = -1; + this.basicConstraints = basicConstraints; + } + + /** + * Sets the certificate criterion. If set, only certificates that are + * equal to the certificate passed here will be accepted. + * + * @param cert The certificate. + */ + public void setCertificate(X509Certificate cert) + { + this.cert = cert; + } + + /** + * Sets the date at which certificates must be valid. Specify + * null to clear this criterion. + * + * @param certValid The certificate validity date. + */ + public void setCertificateValid(Date certValid) + { + this.certValid = certValid != null ? (Date) certValid.clone() : null; + } + + /** + * Sets the extended key usage criterion, as a set of OID strings. Specify + * null to clear this value. + * + * @param keyPurposeSet The set of key purpose OIDs. + * @throws IOException If any element of the set is not a valid OID string. + */ + public void setExtendedKeyUsage(Set keyPurposeSet) throws IOException + { + if (keyPurposeSet == null) + { + this.keyPurposeSet = null; + return; + } + Set s = new HashSet(); + for (Iterator it = keyPurposeSet.iterator(); it.hasNext(); ) + { + Object o = it.next(); + if (!(o instanceof String)) + throw new IOException("not a string: " + o); + try + { + OID oid = new OID((String) o); + int[] comp = oid.getIDs(); + if (!checkOid(comp)) + throw new IOException("malformed OID: " + o); + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed OID: " + o); + ioe.initCause(iae); + throw ioe; + } + } + this.keyPurposeSet = s; + } + + /** + * Sets the issuer, specified as the DER encoding of the issuer's + * distinguished name. Only certificates issued by this issuer will + * be accepted. + * + * @param name The DER encoding of the issuer's distinguished name. + * @throws IOException If the given name is incorrectly formatted. + */ + public void setIssuer(byte[] name) throws IOException + { + if (name != null) + { + try + { + issuer = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + throw new IOException(iae.getMessage()); + } + } + else + issuer = null; + } + + /** + * Sets the issuer, specified as a string representation of the issuer's + * distinguished name. Only certificates issued by this issuer will + * be accepted. + * + * @param name The string representation of the issuer's distinguished name. + * @throws IOException If the given name is incorrectly formatted. + */ + public void setIssuer(String name) throws IOException + { + if (name != null) + { + try + { + issuer = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + throw new IOException(iae.getMessage()); + } + } + else + issuer = null; + } + + /** + * Sets the public key usage criterion. Specify null to clear + * this value. + * + * @param keyUsage The public key usage. + */ + public void setKeyUsage(boolean[] keyUsage) + { + this.keyUsage = keyUsage != null ? (boolean[]) keyUsage.clone() : null; + } + + /** + * Sets whether or not all subject alternative names must be matched. + * If false, then a certificate will be considered a match if one + * alternative name matches. + * + * @param matchAllNames Whether or not all alternative names must be + * matched. + */ + public void setMatchAllSubjectAltNames(boolean matchAllNames) + { + this.matchAllNames = matchAllNames; + } + + /** + * Sets the name constraints criterion; specify null to + * clear this criterion. Note that if non-null, the argument will be + * cloned to prevent modification. + * + * @param nameConstraints The new name constraints. + * @throws IOException If the argument is not a valid DER-encoded + * name constraints. + */ + public void setNameConstraints(byte[] nameConstraints) + throws IOException + { + // Check if the input is well-formed... + new NameConstraints(nameConstraints); + + // But we just compare raw byte arrays. + this.nameConstraints = nameConstraints != null + ? (byte[]) nameConstraints.clone() : null; + } + + /** + * Sets the pathToNames criterion. The argument is a collection of + * pairs, the first element of which is an {@link Integer} giving + * the ID of the name, and the second element is either a {@link String} + * or a byte array. + * + * See {@link #addPathToName(int, byte[])} and {@link #addPathToName(int, String)} + * for how these arguments are handled. + * + * @param names The names. + * @throws IOException If any argument is malformed. + */ + public void setPathToNames(Collection> names) throws IOException + { + if (names == null || names.size() == 0) + { + pathToNames = null; + } + else + { + pathToNames = new ArrayList(names.size()); + for (List name : names) + { + Integer id = (Integer) name.get(0); + Object name2 = name.get(1); + if (name2 instanceof String) + addPathToName(id, (String) name2); + else if (name2 instanceof byte[]) + addPathToName(id, (byte[]) name2); + else + throw new IOException("invalid name type: " + + name2.getClass().getName()); + } + } + } + + /** + * Sets the certificate policy to match, or null if this criterion should + * not be checked. Each element if the set must be a dotted-decimal form + * of certificate policy object identifier. + * + * @param policy The policy to match. + * @throws IOException If some element of the policy is not a valid + * policy extenison OID. + */ + public void setPolicy(Set policy) throws IOException + { + if (policy != null) + { + HashSet p = new HashSet(policy.size()); + for (String s : policy) + { + try + { + OID oid = new OID(s); + int[] i = oid.getIDs(); + if (!checkOid(i)) + throw new IOException("invalid OID"); + p.add(oid); + } + catch (IOException ioe) + { + throw ioe; + } + catch (Exception x) + { + IOException ioe = new IOException("invalid OID"); + ioe.initCause(x); + throw ioe; + } + } + this.policy = p; + } + else + this.policy = null; + } + + /** + * This method, and its related X.509 certificate extension — the + * private key usage period — is not supported under the Internet + * PKI for X.509 certificates (PKIX), described in RFC 3280. As such, this + * method is not supported either. + * + *

Do not use this method. It is not deprecated, as it is not deprecated + * in the Java standard, but it is basically a no-operation. + * + * @param UNUSED Is silently ignored. + */ + public void setPrivateKeyValid(Date UNUSED) + { + } + + /** + * Sets the serial number of the desired certificate. Only certificates that + * contain this serial number are accepted. + * + * @param serialNo The serial number. + */ + public void setSerialNumber(BigInteger serialNo) + { + this.serialNo = serialNo; + } + + /** + * Sets the subject, specified as the DER encoding of the subject's + * distinguished name. Only certificates with the given subject will + * be accepted. + * + * @param name The DER encoding of the subject's distinguished name. + * @throws IOException If the given name is incorrectly formatted. + */ + public void setSubject(byte[] name) throws IOException + { + if (name != null) + { + try + { + subject = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + throw new IOException(iae.getMessage()); + } + } + else + subject = null; + } + + /** + * Sets the subject, specified as a string representation of the + * subject's distinguished name. Only certificates with the given + * subject will be accepted. + * + * @param name The string representation of the subject's distinguished name. + * @throws IOException If the given name is incorrectly formatted. + */ + public void setSubject(String name) throws IOException + { + if (name != null) + { + try + { + subject = new X500Principal(name); + } + catch (IllegalArgumentException iae) + { + throw new IOException(iae.getMessage()); + } + } + else + subject = null; + } + + /** + * Sets the subject alternative names critertion. Each element of the + * argument must be a {@link java.util.List} that contains exactly two + * elements: the first an {@link Integer}, representing the type of + * name, and the second either a {@link String} or a byte array, + * representing the name itself. + * + * @param altNames The alternative names. + * @throws IOException If any element of the argument is invalid. + */ + public void setSubjectAlternativeNames(Collection> altNames) + throws IOException + { + if (altNames == null || altNames.isEmpty()) + { + this.altNames = null; + return; + } + List l = new ArrayList(altNames.size()); + for (List list : altNames) + { + Integer id = (Integer) list.get(0); + Object value = list.get(1); + GeneralName name = null; + if (value instanceof String) + name = makeName(id, (String) value); + else if (value instanceof byte[]) + name = new GeneralName(GeneralName.Kind.forTag(id), (byte[]) value); + else + throw new IOException("invalid name type: " + value.getClass().getName()); + l.add(name); + } + this.altNames = l; + } + + /** + * Sets the subject key identifier criterion, or null to clear + * this criterion. Note that the byte array is cloned to prevent modification. + * + * @param subjectKeyId The subject key identifier. + */ + public void setSubjectKeyIdentifier(byte[] subjectKeyId) + { + this.subjectKeyId = subjectKeyId != null ? (byte[]) subjectKeyId.clone() : + null; + } + + /** + * Sets the subject public key criterion as a DER-encoded key. Specify + * null to clear this value. + * + * @param key The DER-encoded key bytes. + * @throws IOException If the argument is not a valid DER-encoded key. + */ + public void setSubjectPublicKey(byte[] key) throws IOException + { + if (key == null) + { + subjectKey = null; + subjectKeySpec = null; + return; + } + try + { + subjectKeySpec = new X509EncodedKeySpec(key); + KeyFactory enc = KeyFactory.getInstance("X.509"); + subjectKey = enc.generatePublic(subjectKeySpec); + } + catch (Exception x) + { + subjectKey = null; + subjectKeySpec = null; + IOException ioe = new IOException(x.getMessage()); + ioe.initCause(x); + throw ioe; + } + } + + /** + * Sets the subject public key criterion as an opaque representation. + * Specify null to clear this criterion. + * + * @param key The public key. + */ + public void setSubjectPublicKey(PublicKey key) + { + this.subjectKey = key; + if (key == null) + { + subjectKeySpec = null; + return; + } + try + { + KeyFactory enc = KeyFactory.getInstance("X.509"); + subjectKeySpec = (X509EncodedKeySpec) + enc.getKeySpec(key, X509EncodedKeySpec.class); + } + catch (Exception x) + { + subjectKey = null; + subjectKeySpec = null; + } + } + + /** + * Sets the public key algorithm ID that matching certificates must have. + * Specify null to clear this criterion. + * + * @param sigId The public key ID. + * @throws IOException If the specified ID is not a valid object identifier. + */ + public void setSubjectPublicKeyAlgID(String sigId) throws IOException + { + if (sigId != null) + { + try + { + OID oid = new OID(sigId); + int[] comp = oid.getIDs(); + if (!checkOid(comp)) + throw new IOException("malformed OID: " + sigId); + this.sigId = oid; + } + catch (IllegalArgumentException iae) + { + IOException ioe = new IOException("malformed OID: " + sigId); + ioe.initCause(iae); + throw ioe; + } + } + else + this.sigId = null; + } + + public String toString() + { + CPStringBuilder str = new CPStringBuilder(X509CertSelector.class.getName()); + String nl = SystemProperties.getProperty("line.separator"); + String eol = ";" + nl; + str.append(" {").append(nl); + if (cert != null) + str.append(" certificate = ").append(cert).append(eol); + if (basicConstraints >= 0) + str.append(" basic constraints = ").append(basicConstraints).append(eol); + if (serialNo != null) + str.append(" serial number = ").append(serialNo).append(eol); + if (certValid != null) + str.append(" valid date = ").append(certValid).append(eol); + if (issuer != null) + str.append(" issuer = ").append(issuer).append(eol); + if (subject != null) + str.append(" subject = ").append(subject).append(eol); + if (sigId != null) + str.append(" signature OID = ").append(sigId).append(eol); + if (subjectKey != null) + str.append(" subject public key = ").append(subjectKey).append(eol); + if (subjectKeyId != null) + { + str.append(" subject key ID = "); + for (int i = 0; i < subjectKeyId.length; i++) + { + str.append(Character.forDigit((subjectKeyId[i] & 0xF0) >>> 8, 16)); + str.append(Character.forDigit((subjectKeyId[i] & 0x0F), 16)); + if (i < subjectKeyId.length - 1) + str.append(':'); + } + str.append(eol); + } + if (authKeyId != null) + { + str.append(" authority key ID = "); + for (int i = 0; i < authKeyId.length; i++) + { + str.append(Character.forDigit((authKeyId[i] & 0xF0) >>> 8, 16)); + str.append(Character.forDigit((authKeyId[i] & 0x0F), 16)); + if (i < authKeyId.length - 1) + str.append(':'); + } + str.append(eol); + } + if (keyUsage != null) + { + str.append(" key usage = "); + for (int i = 0; i < keyUsage.length; i++) + str.append(keyUsage[i] ? '1' : '0'); + str.append(eol); + } + if (keyPurposeSet != null) + str.append(" key purpose = ").append(keyPurposeSet).append(eol); + if (altNames != null) + str.append(" alternative names = ").append(altNames).append(eol); + if (nameConstraints != null) + str.append(" name constraints = ").append(eol); + if (policy != null) + str.append(" policy = ").append(policy).append(eol); + if (pathToNames != null) + str.append(" pathToNames = ").append(pathToNames).append(eol); + str.append("}").append(nl); + return str.toString(); + } +} diff --git a/libjava/classpath/java/security/cert/X509Certificate.java b/libjava/classpath/java/security/cert/X509Certificate.java new file mode 100644 index 000000000..ab9e1be37 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509Certificate.java @@ -0,0 +1,589 @@ +/* X509Certificate.java --- X.509 Certificate class + Copyright (C) 1999,2003, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.math.BigInteger; +import java.security.Principal; +import java.util.Date; +import java.util.List; + +/** + * X509Certificate is the abstract class for X.509 certificates. + * This provides a stanard class interface for accessing all + * the attributes of X.509 certificates. + * + *

In June 1996, the basic X.509 v3 format was finished by + * ISO/IEC and ANSI X.9. The ASN.1 DER format is below: + * + * 

+ * Certificate  ::=  SEQUENCE  {
+ *   tbsCertificate       TBSCertificate,
+ *   signatureAlgorithm   AlgorithmIdentifier,
+ *   signatureValue       BIT STRING  }
+ *
+ * + *

These certificates are widely used in various Internet + * protocols to support authentication. It is used in + * Privacy Enhanced Mail (PEM), Transport Layer Security (TLS), + * Secure Sockets Layer (SSL), code signing for trusted software + * distribution, and Secure Electronic Transactions (SET). + * + *

The certificates are managed and vouched for by + * Certificate Authorities (CAs). CAs are companies or + * groups that create certificates by placing the data in the + * X.509 certificate format and signing it with their private + * key. CAs serve as trusted third parties by certifying that + * the person or group specified in the certificate is who + * they say they are. + * + *

The ASN.1 defintion for tbsCertificate is + * + * 

+ * TBSCertificate  ::=  SEQUENCE  {
+ *   version         [0]  EXPLICIT Version DEFAULT v1,
+ *   serialNumber         CertificateSerialNumber,
+ *   signature            AlgorithmIdentifier,
+ *   issuer               Name,
+ *   validity             Validity,
+ *   subject              Name,
+ *   subjectPublicKeyInfo SubjectPublicKeyInfo,
+ *   issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+ *                        -- If present, version shall be v2 or v3
+ *   subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+ *                        -- If present, version shall be v2 or v3
+ *   extensions      [3]  EXPLICIT Extensions OPTIONAL
+ *                        -- If present, version shall be v3
+ * }
+ *
+ * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+ *
+ * CertificateSerialNumber  ::=  INTEGER
+ *
+ * Validity ::= SEQUENCE {
+ *   notBefore      Time,
+ *   notAfter       Time }
+ *
+ * Time ::= CHOICE {
+ *   utcTime        UTCTime,
+ *   generalTime    GeneralizedTime }
+ *
+ * UniqueIdentifier  ::=  BIT STRING
+ *
+ * SubjectPublicKeyInfo  ::=  SEQUENCE  {
+ *   algorithm            AlgorithmIdentifier,
+ *   subjectPublicKey     BIT STRING  }
+ *
+ * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+ *
+ * Extension  ::=  SEQUENCE  {
+ *   extnID      OBJECT IDENTIFIER,
+ *   critical    BOOLEAN DEFAULT FALSE,
+ *   extnValue   OCTET STRING  }
+ *
+ * + * Certificates are created with the CertificateFactory. + * + *

References: + * + *

    + *
  1. Olivier Dubuisson, Philippe Fouquart (Translator) ASN.1 - + * Communication between heterogeneous systems, (C) September 2000, + * Morgan Kaufmann Publishers, ISBN 0-12-6333361-0. Available on-line at + * http://www.oss.com/asn1/dubuisson.html
    2. + *
  2. R. Housley et al, RFC + * 3280: Internet X.509 Public Key Infrastructure Certificate and CRL + * Profile.
    3. + *
+ * + * @since 1.2 + * @author Mark Benvenuto + * @author Casey Marshall (rsdio@metastatic.org) + */ +public abstract class X509Certificate + extends Certificate + implements X509Extension +{ + private static final long serialVersionUID = -2491127588187038216L; + + /** + * Constructs a new certificate of the specified type. + */ + protected X509Certificate() + { + super( "X.509" ); + } + + /** + Checks the validity of the X.509 certificate. It is valid + if the current date and time are within the period specified + by the certificate. + + The ASN.1 DER encoding is: + + validity Validity, + + Validity ::= SEQUENCE { + notBefore Time, + notAfter Time } + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Consult rfc2459 for more information. + + @throws CertificateExpiredException if the certificate expired + @throws CertificateNotYetValidException if the certificate is + not yet valid + */ + public abstract void checkValidity() + throws CertificateExpiredException, + CertificateNotYetValidException; + + /** + Checks the validity of the X.509 certificate for the + specified time and date. It is valid if the specified + date and time are within the period specified by + the certificate. + + @throws CertificateExpiredException if the certificate expired + based on the date + @throws CertificateNotYetValidException if the certificate is + not yet valid based on the date + */ + public abstract void checkValidity(Date date) + throws CertificateExpiredException, + CertificateNotYetValidException; + + /** + Returns the version of this certificate. + + The ASN.1 DER encoding is: + + version [0] EXPLICIT Version DEFAULT v1, + + Version ::= INTEGER { v1(0), v2(1), v3(2) } + + Consult rfc2459 for more information. + + @return version number of certificate + */ + public abstract int getVersion(); + + /** + Gets the serial number for serial Number in + this Certifcate. It must be a unique number + unique other serial numbers from the granting CA. + + The ASN.1 DER encoding is: + + serialNumber CertificateSerialNumber, + + CertificateSerialNumber ::= INTEGER + + Consult rfc2459 for more information. + + @return the serial number for this X509CRLEntry. + */ + public abstract BigInteger getSerialNumber(); + + /** + Returns the issuer (issuer distinguished name) of the + Certificate. The issuer is the entity who signed + and issued the Certificate. + + The ASN.1 DER encoding is: + + issuer Name, + + Name ::= CHOICE { + RDNSequence } + + RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + + RelativeDistinguishedName ::= + SET OF AttributeTypeAndValue + + AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue } + + AttributeType ::= OBJECT IDENTIFIER + + AttributeValue ::= ANY DEFINED BY AttributeType + + DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1.. MAX)), + bmpString BMPString (SIZE (1..MAX)) } + + Consult rfc2459 for more information. + + @return the issuer in the Principal class + */ + public abstract Principal getIssuerDN(); + + /** + Returns the subject (subject distinguished name) of the + Certificate. The subject is the entity who the Certificate + identifies. + + The ASN.1 DER encoding is: + + subject Name, + + Consult rfc2459 for more information. + + @return the issuer in the Principal class + */ + public abstract Principal getSubjectDN(); + + /** + Returns the date that this certificate is not to be used + before, notBefore. + + The ASN.1 DER encoding is: + + validity Validity, + + Validity ::= SEQUENCE { + notBefore Time, + notAfter Time } + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Consult rfc2459 for more information. + + @return the date notBefore + */ + public abstract Date getNotBefore(); + + /** + Returns the date that this certificate is not to be used + after, notAfter. + + @return the date notAfter + */ + public abstract Date getNotAfter(); + + + /** + Returns the tbsCertificate from the certificate. + + @return the DER encoded tbsCertificate + + @throws CertificateEncodingException if encoding error occurred + */ + public abstract byte[] getTBSCertificate() throws CertificateEncodingException; + + /** + Returns the signature in its raw DER encoded format. + + The ASN.1 DER encoding is: + + signatureValue BIT STRING + + Consult rfc2459 for more information. + + @return byte array representing signature + */ + public abstract byte[] getSignature(); + + /** + Returns the signature algorithm used to sign the CRL. + An examples is "SHA-1/DSA". + + The ASN.1 DER encoding is: + + signatureAlgorithm AlgorithmIdentifier, + + AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL } + + Consult rfc2459 for more information. + + The algorithm name is determined from the OID. + + @return a string with the signature algorithm name + */ + public abstract String getSigAlgName(); + + + /** + Returns the OID for the signature algorithm used. + Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\ + + The ASN.1 DER encoding for the example is: + + id-dsa-with-sha1 ID ::= { + iso(1) member-body(2) us(840) x9-57 (10040) + x9cm(4) 3 } + + Consult rfc2459 for more information. + + @return a string containing the OID. + */ + public abstract String getSigAlgOID(); + + + /** + Returns the AlgorithmParameters in the encoded form + for the signature algorithm used. + + If access to the parameters is need, create an + instance of AlgorithmParameters. + + @return byte array containing algorithm parameters, null + if no parameters are present in certificate + */ + public abstract byte[] getSigAlgParams(); + + + /** + Returns the issuer unique ID for this certificate. + + The ASN.1 DER encoding is: + + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version shall be v2 or v3 + + UniqueIdentifier ::= BIT STRING + + Consult rfc2459 for more information. + + @return bit representation of issuerUniqueID + */ + public abstract boolean[] getIssuerUniqueID(); + + /** + Returns the subject unique ID for this certificate. + + The ASN.1 DER encoding is: + + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version shall be v2 or v3 + + UniqueIdentifier ::= BIT STRING + + Consult rfc2459 for more information. + + @return bit representation of subjectUniqueID + */ + public abstract boolean[] getSubjectUniqueID(); + + /** + Returns a boolean array representing the KeyUsage + extension for the certificate. The KeyUsage (OID = 2.5.29.15) + defines the purpose of the key in the certificate. + + The ASN.1 DER encoding is: + + id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } + + KeyUsage ::= BIT STRING { + digitalSignature (0), + nonRepudiation (1), + keyEncipherment (2), + dataEncipherment (3), + keyAgreement (4), + keyCertSign (5), + cRLSign (6), + encipherOnly (7), + decipherOnly (8) } + + Consult rfc2459 for more information. + + @return bit representation of KeyUsage + */ + public abstract boolean[] getKeyUsage(); + + /** + Returns the certificate constraints path length from the + critical BasicConstraints extension, (OID = 2.5.29.19). + + The basic constraints extensions is used to determine if + the subject of the certificate is a Certificate Authority (CA) + and how deep the certification path may exist. The + pathLenConstraint only takes affect if cA + is set to true. "A value of zero indicates that only an + end-entity certificate may follow in the path." (rfc2459) + + The ASN.1 DER encoding is: + + id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } + + BasicConstraints ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER (0..MAX) OPTIONAL } + + Consult rfc2459 for more information. + + @return the length of the path constraint if BasicConstraints + is present and cA is TRUE. Otherwise returns -1. + */ + public abstract int getBasicConstraints(); + + // 1.4 instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns the ExtendedKeyUsage extension of this + * certificate, or null if there is no extension present. The returned + * value is a {@link java.util.List} strings representing the object + * identifiers of the extended key usages. This extension has the OID + * 2.5.29.37. + * + *

The ASN.1 definition for this extension is: + * + * 

+   * ExtendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+   *
+   * KeyPurposeId ::= OBJECT IDENTIFIER
+   *
+ * + * @return The list of extension OIDs, or null if there are none + * present in this certificate. + * @throws CertificateParsingException If this extension cannot be + * parsed from its encoded form. + */ + public java.util.List getExtendedKeyUsage() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the alternative names for this certificate's subject (the + * owner), or null if there are none. + * + *

This is an X.509 extension with OID 2.5.29.17 and is defined by + * the ASN.1 construction: + * + * 

+   * SubjectAltNames ::= GeneralNames
+   *
+   * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+   *
+   * GeneralName ::= CHOICE {
+   *   otherName                 [0]   OtherName,
+   *   rfc822Name                [1]   IA5String,
+   *   dNSName                   [2]   IA5String,
+   *   x400Address               [3]   ORAddress,
+   *   directoryName             [4]   Name,
+   *   ediPartyName              [5]   EDIPartyName,
+   *   uniformResourceIdentifier [6]   IA5String,
+   *   iPAddress                 [7]   OCTET STRING,
+   *   registeredID              [8]   OBJECT IDENTIFIER
+   * }
+   *
+ * + *

The returned collection contains one or more two-element Lists, + * with the first object being an Integer representing the choice + * above (with value 0 through 8) and the second being an (a) String + * if the GeneralName is a rfc822Name, dNSName, + * uniformResourceIdentifier, iPAddress, or registeredID, or (b) a + * byte array of the DER encoded form for any others. + * + * @return The collection of alternative names, or null if there are + * none. + * @throws CertificateParsingException If the encoded extension cannot + * be parsed. + * @since JDK 1.4 + */ + public java.util.Collection> getSubjectAlternativeNames() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the alternative names for this certificate's issuer, or + * null if there are none. + * + *

This is an X.509 extension with OID 2.5.29.18, and is defined by + * the ASN.1 construction: + * + * 

+   * IssuerAltNames ::= GeneralNames
+   *
+ * + *

The GeneralNames construct and the form of the + * returned collection are the same as with {@link + * #getSubjectAlternativeNames()}. + * + * @return The collection of alternative names, or null if there are + * none. + * @throws CertificateParsingException If the encoded extension cannot + * be parsed. + * @since JDK 1.4 + */ + public java.util.Collection> getIssuerAlternativeNames() + throws CertificateParsingException + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the X.500 distinguished name of this certificate's subject. + * + * @return The subject's X.500 distinguished name. + * @since JDK 1.4 + */ + public javax.security.auth.x500.X500Principal getSubjectX500Principal() + { + throw new UnsupportedOperationException(); + } + + /** + * Returns the X.500 distinguished name of this certificate's issuer. + * + * @return The issuer's X.500 distinguished name. + * @since JDK 1.4 + */ + public javax.security.auth.x500.X500Principal getIssuerX500Principal() + { + throw new UnsupportedOperationException(); + } +} diff --git a/libjava/classpath/java/security/cert/X509Extension.java b/libjava/classpath/java/security/cert/X509Extension.java new file mode 100644 index 000000000..a0c24f429 --- /dev/null +++ b/libjava/classpath/java/security/cert/X509Extension.java @@ -0,0 +1,113 @@ +/* X509Extension.java --- X.509 Extension + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; +import java.util.Set; + +/** + Public interface for the X.509 Extension. + + This is used for X.509 v3 Certificates and CRL v2 (Certificate + Revocation Lists) for managing attributes assoicated with + Certificates, for managing the hierarchy of certificates, + and for managing the distribution of CRL. This extension + format is used to define private extensions. + + Each extensions for a certificate or CRL must be marked + either critical or non-critical. If the certificate/CRL + system encounters a critical extension not recognized then + it must reject the certificate. A non-critical extension + may be just ignored if not recognized. + + + The ASN.1 definition for this class is: + + Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + + Extension ::= SEQUENCE { + extnId OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING + -- contains a DER encoding of a value + -- of the type registered for use with + -- the extnId object identifier value + } + + @author Mark Benvenuto + + @since 1.2 +*/ +public interface X509Extension +{ + + /** + Returns true if the certificate contains a critical extension + that is not supported. + + @return true if has unsupported extension, false otherwise + */ + boolean hasUnsupportedCriticalExtension(); + + /** + Returns a set of the CRITICAL extension OIDs from the + certificate/CRL that the object implementing this interface + manages. + + @return A Set containing the OIDs. If there are no CRITICAL + extensions or extensions at all this returns null. + */ + Set getCriticalExtensionOIDs(); + + /** + Returns a set of the NON-CRITICAL extension OIDs from the + certificate/CRL that the object implementing this interface + manages. + + @return A Set containing the OIDs. If there are no NON-CRITICAL + extensions or extensions at all this returns null. + */ + Set getNonCriticalExtensionOIDs(); + + /** + Returns the DER encoded OCTET string for the specified + extension value identified by a OID. The OID is a string + of number separated by periods. Ex: 12.23.45.67 + */ + byte[] getExtensionValue(String oid); + +} diff --git a/libjava/classpath/java/security/cert/package.html b/libjava/classpath/java/security/cert/package.html new file mode 100644 index 000000000..14b12d16c --- /dev/null +++ b/libjava/classpath/java/security/cert/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - java.security.cert + + +

+ + + diff --git a/libjava/classpath/java/security/interfaces/DSAKey.java b/libjava/classpath/java/security/interfaces/DSAKey.java new file mode 100644 index 000000000..c6e819eb0 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAKey.java @@ -0,0 +1,56 @@ +/* DSAKey.java -- Interface for Digital Signature Algorithm key + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +/** + * This interface is implemented by a class to return the parameters + * of a Digital Signature Algorithm (DSA) public or private key. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAKey +{ + /** + * This method returns non-secret parameters of the DSA key + * + * @return The DSA parameters + */ + DSAParams getParams(); +} diff --git a/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java b/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java new file mode 100644 index 000000000..e657c54b4 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAKeyPairGenerator.java @@ -0,0 +1,85 @@ +/* DSAKeyPairGenerator.java -- Initialize a DSA key generator + Copyright (C) 1998, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.security.InvalidParameterException; +import java.security.SecureRandom; + +/** + * This interface contains methods for intializing a Digital Signature + * Algorithm key generation engine. The initialize methods may be called + * any number of times. If no explicity initialization call is made, then + * the engine defaults to generating 1024-bit keys using pre-calculated + * base, prime, and subprime values. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAKeyPairGenerator +{ + /** + * Initializes the key generator with the specified DSA parameters and + * random bit source + * + * @param params The DSA parameters to use + * @param random The random bit source to use + * + * @exception InvalidParameterException If the parameters passed are not valid + */ + void initialize (DSAParams params, SecureRandom random) + throws InvalidParameterException; + + /** + * Initializes the key generator to a give modulus. If the genParams + * value is true then new base, prime, and subprime values + * will be generated for the given modulus. If not, the pre-calculated + * values will be used. If no pre-calculated values exist for the specified + * modulus, an exception will be thrown. It is guaranteed that there will + * always be pre-calculated values for all modulus values between 512 and + * 1024 bits inclusives. + * + * @param modlen The modulus length + * @param genParams true to generate new DSA parameters, false otherwise + * @param random The random bit source to use + * + * @exception InvalidParameterException If a parameter is invalid + */ + void initialize (int modlen, boolean genParams, SecureRandom random) + throws InvalidParameterException; +} diff --git a/libjava/classpath/java/security/interfaces/DSAParams.java b/libjava/classpath/java/security/interfaces/DSAParams.java new file mode 100644 index 000000000..42baeeb95 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAParams.java @@ -0,0 +1,72 @@ +/* DSAParams.java -- Digital Signature Algorithm parameter access + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; + +/** + * This interface allows the Digital Signature Algorithm (DSA) parameters + * to be queried. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAParams +{ + /** + * Returns the base, or 'g' value + * + * @return The DSA base value + */ + BigInteger getG(); + + /** + * Returns the prime, or 'p' value + * + * @return The DSA prime value + */ + BigInteger getP(); + + /** + * Returns the subprime, or 'q' value + * + * @return The DSA subprime value + */ + BigInteger getQ(); +} diff --git a/libjava/classpath/java/security/interfaces/DSAPrivateKey.java b/libjava/classpath/java/security/interfaces/DSAPrivateKey.java new file mode 100644 index 000000000..d79b34b90 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAPrivateKey.java @@ -0,0 +1,61 @@ +/* DSAPublicKey.java -- A Digital Signature Algorithm private key + Copyright (C) 1998, 2000, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.PrivateKey; + +/** + * This interface models a Digital Signature Algorithm (DSA) private key + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAPrivateKey extends DSAKey, PrivateKey +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 7776497482533790279L; + + /** + * This method returns the value of the DSA private key + */ + BigInteger getX(); +} diff --git a/libjava/classpath/java/security/interfaces/DSAPublicKey.java b/libjava/classpath/java/security/interfaces/DSAPublicKey.java new file mode 100644 index 000000000..d73e189f6 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/DSAPublicKey.java @@ -0,0 +1,61 @@ +/* DSAPublicKey.java -- A Digital Signature Algorithm public key + Copyright (C) 1998, 2000, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.PublicKey; + +/** + * This interface models a Digital Signature Algorithm (DSA) public key + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface DSAPublicKey extends DSAKey, PublicKey +{ + /** + * The version identifier used for serialization. + */ + long serialVersionUID = 1234526332779022332L; + + /** + * This method returns the value of the DSA public key + */ + BigInteger getY(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAKey.java b/libjava/classpath/java/security/interfaces/RSAKey.java new file mode 100644 index 000000000..485fa81e0 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAKey.java @@ -0,0 +1,57 @@ +/* RSAKey.java --- A generic RSA Key interface + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; + +/** + A generic RSA Key interface for public and private keys + + @since JDK 1.3 + + @author Mark Benvenuto + */ +public interface RSAKey +{ + /** + Generates a modulus. + + @returns a modulus + */ + BigInteger getModulus(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java b/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java new file mode 100644 index 000000000..da7d7479d --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java @@ -0,0 +1,112 @@ +/* RSAMultiPrimePrivateCrtKey.java -- + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.spec.RSAOtherPrimeInfo; + +/** + * The interface to an RSA multi-prime private key, as defined in the PKCS#1 + * v2.1, using the Chinese Remainder Theorem (CRT) information values. + * + * @since 1.4 + * @see java.security.spec.RSAPrivateKeySpec + * @see java.security.spec.RSAMultiPrimePrivateCrtKeySpec + * @see RSAPrivateKey + * @see RSAPrivateCrtKey + */ +public interface RSAMultiPrimePrivateCrtKey extends RSAPrivateKey +{ + // Constants + // -------------------------------------------------------------------------- + + long serialVersionUID = 618058533534628008L; + + // Methods + // -------------------------------------------------------------------------- + + /** + * Returns the public exponent. + * + * @return the public exponent. + */ + BigInteger getPublicExponent(); + + /** + * Returns the prime p. + * + * @return the prime p. + */ + BigInteger getPrimeP(); + + /** + * Returns the prime q. + * + * @return the prime q. + */ + BigInteger getPrimeQ(); + + /** + * Returns the prime's exponent p. + * + * @return the prime's exponent p. + */ + BigInteger getPrimeExponentP(); + + /** + * Returns the prime's exponent q. + * + * @return the prime's exponent q. + */ + BigInteger getPrimeExponentQ(); + + /** + * Returns the CRT Coefficient. + * + * @return the CRT Coefficient. + */ + BigInteger getCrtCoefficient(); + + /** + * Returns the OtherPrimeInfo triplet MPIs or null if + * there are only two known prime factors (p and q). + * + * @return the OtherPrimeInfo INTEGERs. + */ + RSAOtherPrimeInfo[] getOtherPrimeInfo(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java b/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java new file mode 100644 index 000000000..96a1496cf --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAPrivateCrtKey.java @@ -0,0 +1,95 @@ +/* RSAPrivateCrtKey.java -- An RSA private key in CRT format + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; + +/** + * This interface provides access to information about an RSA private + * key in Chinese Remainder Theorem (CRT) format. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface RSAPrivateCrtKey extends RSAPrivateKey +{ + long serialVersionUID = -5682214253527700368L; + + /** + * Returns the public exponent for this key + * + * @return The public exponent for this key + */ + BigInteger getPublicExponent(); + + /** + * Returns the primeP value + * + * @return The primeP value + */ + BigInteger getPrimeP(); + + /** + * Returns the primeQ value + * + * @return The primeQ value + */ + BigInteger getPrimeQ(); + + /** + * Returns the primeExponentP + * + * @return The primeExponentP + */ + BigInteger getPrimeExponentP(); + + /** + * Returns the primeExponentQ + * + * @return The primeExponentQ + */ + BigInteger getPrimeExponentQ(); + + /** + * Returns the CRT coefficient + * + * @return The CRT coefficient + */ + BigInteger getCrtCoefficient(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAPrivateKey.java b/libjava/classpath/java/security/interfaces/RSAPrivateKey.java new file mode 100644 index 000000000..514987625 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAPrivateKey.java @@ -0,0 +1,60 @@ +/* RSAPrivateKey.java -- An RSA private key + Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.PrivateKey; + +/** + * This interface provides access to information about an RSA private key. + * + * @version 0.1 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface RSAPrivateKey extends PrivateKey, RSAKey +{ + long serialVersionUID = 5187144804936595022L; + + /** + * Returns the private exponent value for this key + * + * @return The private exponent value for this key + */ + BigInteger getPrivateExponent(); +} diff --git a/libjava/classpath/java/security/interfaces/RSAPublicKey.java b/libjava/classpath/java/security/interfaces/RSAPublicKey.java new file mode 100644 index 000000000..5fb569d1d --- /dev/null +++ b/libjava/classpath/java/security/interfaces/RSAPublicKey.java @@ -0,0 +1,60 @@ +/* RSAPublicKey.java -- An RSA public key + Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.interfaces; + +import java.math.BigInteger; +import java.security.PublicKey; + +/** + * This interface provides access to information about an RSA public key. + * + * @version 0.1 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public interface RSAPublicKey extends PublicKey, RSAKey +{ + long serialVersionUID = -8727434096241101194L; + + /** + * Returns the public exponent value for this key + * + * @return The public exponent value for this key + */ + BigInteger getPublicExponent(); +} diff --git a/libjava/classpath/java/security/interfaces/package.html b/libjava/classpath/java/security/interfaces/package.html new file mode 100644 index 000000000..aab0d6375 --- /dev/null +++ b/libjava/classpath/java/security/interfaces/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - java.security.interfaces + + +

+ + + diff --git a/libjava/classpath/java/security/package.html b/libjava/classpath/java/security/package.html new file mode 100644 index 000000000..328b7044b --- /dev/null +++ b/libjava/classpath/java/security/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - java.security + + +

+ + + diff --git a/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java b/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java new file mode 100644 index 000000000..bc877e312 --- /dev/null +++ b/libjava/classpath/java/security/spec/AlgorithmParameterSpec.java @@ -0,0 +1,52 @@ +/* AlgorithmParameterSpec.java --- Algorithm Parameter Spec Interface + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + A transparent interface for Algorithm Parameter Specifications. + It contains no member functions. It is used to group + algorithm parameter classes. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public interface AlgorithmParameterSpec +{ +} diff --git a/libjava/classpath/java/security/spec/DSAParameterSpec.java b/libjava/classpath/java/security/spec/DSAParameterSpec.java new file mode 100644 index 000000000..f7f673110 --- /dev/null +++ b/libjava/classpath/java/security/spec/DSAParameterSpec.java @@ -0,0 +1,101 @@ +/* DSAParameterSpec.java --- DSA Parameter Specificaton class + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +import java.math.BigInteger; +import java.security.interfaces.DSAParams; + +/** + * DSA Parameter class Specification. Used to maintain the DSA + * Parameters. + * + * @since 1.2 + * + * @author Mark Benvenuto +*/ +public class DSAParameterSpec implements AlgorithmParameterSpec, DSAParams +{ + private BigInteger p = null; + private BigInteger q = null; + private BigInteger g = null; + + /** + * Constructs a new DSAParameterSpec with the specified p, q, and g. + * + * @param p the prime + * @param q the sub-prime + * @param g the base + */ + public DSAParameterSpec(BigInteger p, BigInteger q, BigInteger g) + { + this.p = p; + this.q = q; + this.g = g; + } + + /** + * Returns p for the DSA algorithm. + * + * @return Returns the requested BigInteger + */ + public BigInteger getP() + { + return this.p; + } + + /** + * Returns p for the DSA algorithm. + * + * @return Returns the requested BigInteger + */ + public BigInteger getQ() + { + return this.q; + } + + /** + * Returns g for the DSA algorithm. + * + * @return Returns the requested BigInteger + */ + public BigInteger getG() + { + return this.g; + } +} diff --git a/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java b/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java new file mode 100644 index 000000000..19af107e6 --- /dev/null +++ b/libjava/classpath/java/security/spec/DSAPrivateKeySpec.java @@ -0,0 +1,113 @@ +/* DSAPrivateKeySpec.java --- DSA Private Key Specificaton class + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + DSA Private Key class Specification. Used to maintain the DSA + Private Keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class DSAPrivateKeySpec implements KeySpec +{ + private BigInteger x = null; + private BigInteger p = null; + private BigInteger q = null; + private BigInteger g = null; + + /** + Constructs a new DSAPrivateKeySpec with the specified x, p, q, and g. + + @param x the private key + @param p the prime + @param q the sub-prime + @param g the base + */ + public DSAPrivateKeySpec(BigInteger x, BigInteger p, BigInteger q, BigInteger g) + { + this.x = x; + this.p = p; + this.q = q; + this.g = g; + } + + /** + Returns private key x for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getX() + { + return this.x; + } + + /** + Returns p for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getP() + { + return this.p; + } + + /** + Returns p for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getQ() + { + return this.q; + } + + /** + Returns g for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getG() + { + return this.g; + } + +} diff --git a/libjava/classpath/java/security/spec/DSAPublicKeySpec.java b/libjava/classpath/java/security/spec/DSAPublicKeySpec.java new file mode 100644 index 000000000..751844bcc --- /dev/null +++ b/libjava/classpath/java/security/spec/DSAPublicKeySpec.java @@ -0,0 +1,113 @@ +/* DSAPublicKeySpec.java --- DSA Public Key Specificaton class + Copyright (C) 1999, 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + DSA Public Key class Specification. Used to maintain the DSA + Public Keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class DSAPublicKeySpec implements KeySpec +{ + private BigInteger y = null; + private BigInteger p = null; + private BigInteger q = null; + private BigInteger g = null; + + /** + Constructs a new DSAPublicKeySpec with the specified y, p, q, and g. + + @param y the public key + @param p the prime + @param q the sub-prime + @param g the base + */ + public DSAPublicKeySpec(BigInteger y, BigInteger p, BigInteger q, BigInteger g) + { + this.y = y; + this.p = p; + this.q = q; + this.g = g; + } + + /** + Returns public key y for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getY() + { + return this.y; + } + + /** + Returns p for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getP() + { + return this.p; + } + + /** + Returns p for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getQ() + { + return this.q; + } + + /** + Returns g for the DSA algorithm. + + @return Returns the requested BigInteger + */ + public BigInteger getG() + { + return this.g; + } + +} diff --git a/libjava/classpath/java/security/spec/EncodedKeySpec.java b/libjava/classpath/java/security/spec/EncodedKeySpec.java new file mode 100644 index 000000000..93e158385 --- /dev/null +++ b/libjava/classpath/java/security/spec/EncodedKeySpec.java @@ -0,0 +1,85 @@ +/* EncodedKeySpec.java --- Encoded Key Specificaton class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + Encoded Key Specification class which is used to store + byte encoded keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public abstract class EncodedKeySpec implements KeySpec +{ + + private byte[] encodedKey; + + /** + Constructs a new EncodedKeySpec with the specified encoded key. + + @param encodedKey A key to store + */ + public EncodedKeySpec(byte[] encodedKey) + { + this.encodedKey = encodedKey; + } + + /** + Gets the encoded key in byte format. + + @returns the encoded key + */ + public byte[] getEncoded() + { + return this.encodedKey; + } + + /** + Returns the name of the key format used. + + This name is the format such as "PKCS#8" or "X.509" which + if it matches a Key class name of the same type can be + transformed using the apporiate KeyFactory. + + @return a string representing the name + */ + public abstract String getFormat(); + +} diff --git a/libjava/classpath/java/security/spec/InvalidKeySpecException.java b/libjava/classpath/java/security/spec/InvalidKeySpecException.java new file mode 100644 index 000000000..bbbbcc6d7 --- /dev/null +++ b/libjava/classpath/java/security/spec/InvalidKeySpecException.java @@ -0,0 +1,96 @@ +/* InvalidKeySpecException.java -- invalid KeySpec Exception + Copyright (C) 1999, 2002, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +import java.security.GeneralSecurityException; + +/** + * Exception for an invalid key specification. + * + * @author Mark Benvenuto + * @see KeySpec + * @since 1.2 + * @status updated to 1.5 + */ +public class InvalidKeySpecException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = 3546139293998810778L; + + /** + * Constructs an InvalidKeySpecException without a message string. + */ + public InvalidKeySpecException() + { + } + + /** + * Constructs an InvalidKeySpecException with a message string. + * + * @param msg a message to display with exception + */ + public InvalidKeySpecException(String msg) + { + super(msg); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param s the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public InvalidKeySpecException(String s, Throwable cause) + { + super(s, cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public InvalidKeySpecException(Throwable cause) + { + super(cause); + } +} diff --git a/libjava/classpath/java/security/spec/InvalidParameterSpecException.java b/libjava/classpath/java/security/spec/InvalidParameterSpecException.java new file mode 100644 index 000000000..ff34565f1 --- /dev/null +++ b/libjava/classpath/java/security/spec/InvalidParameterSpecException.java @@ -0,0 +1,76 @@ +/* InvalidParameterSpecException.java --- invalid ParameterSpec Exception + Copyright (C) 1999, 2002 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +import java.security.GeneralSecurityException; + +/** + * Exception for an invalid algorithm specification. + * + * @author Mark Benvenuto + * @see AlogorithmParameters + * @see AlogorithmParameterSpec + * @see DSAParameterSpec + * @since 1.2 + * @status updated to 1.4 +*/ +public class InvalidParameterSpecException extends GeneralSecurityException +{ + /** + * Compatible with JDK 1.2+. + */ + private static final long serialVersionUID = -970468769593399342L; + + /** + * Constructs an InvalidParameterSpecException without a message string. + */ + public InvalidParameterSpecException() + { + } + + /** + * Constructs an InvalidParameterSpecException with a message string. + * + * @param msg a message to display with exception + */ + public InvalidParameterSpecException(String msg) + { + super(msg); + } +} diff --git a/libjava/classpath/java/security/spec/KeySpec.java b/libjava/classpath/java/security/spec/KeySpec.java new file mode 100644 index 000000000..13c7dad42 --- /dev/null +++ b/libjava/classpath/java/security/spec/KeySpec.java @@ -0,0 +1,52 @@ +/* KeySpec.java --- Key Specification interface + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + A transparent interface for Key Specifications. + It contains no member functions. It is used to group + key classes. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public interface KeySpec +{ +} diff --git a/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java b/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java new file mode 100644 index 000000000..53b68de47 --- /dev/null +++ b/libjava/classpath/java/security/spec/PKCS8EncodedKeySpec.java @@ -0,0 +1,81 @@ +/* PKCS8EncodedKeySpec.java --- PKCS8 Encoded Key Specificaton class + Copyright (C) 1999, 2001 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + PKCS8 Encoded Key Specification class which is used to store + "PKCS#8" byte encoded keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class PKCS8EncodedKeySpec extends EncodedKeySpec +{ + /** + Constructs a new PKCS8EncodedKeySpec with the specified encoded key. + + @param encodedKey A key to store, assumed to be "PKCS#8" + */ + public PKCS8EncodedKeySpec(byte[] encodedKey) + { + super( encodedKey ); + } + + /** + Gets the encoded key in byte format. + + @returns the encoded key +*/ + public byte[] getEncoded() + { + return super.getEncoded(); + } + + /** + Returns the name of the key format used which is "PKCS#8" + + @return a string representing the name +*/ + public final String getFormat() + { + return "PKCS#8"; + } + +} diff --git a/libjava/classpath/java/security/spec/PSSParameterSpec.java b/libjava/classpath/java/security/spec/PSSParameterSpec.java new file mode 100644 index 000000000..92a6c9edd --- /dev/null +++ b/libjava/classpath/java/security/spec/PSSParameterSpec.java @@ -0,0 +1,87 @@ +/* PSSParameterSpec.java -- + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.spec; + +/** + * An implementation of {@link AlgorithmParameterSpec} for the RSA PSS encoding + * scheme. + * + * @since 1.4 + * @see AlgorithmParameterSpec + * @see java.security.Signature + */ +public class PSSParameterSpec implements AlgorithmParameterSpec +{ + // Constants and fields + // -------------------------------------------------------------------------- + + private int saltLen; + + // Constructor(s) + // -------------------------------------------------------------------------- + + /** + * Construct a new instance of PSSParameterSpec given a salt + * length. + * + * @param saltLen + * the length in bits of the salt. + * @throws IllegalArgumentException + * if saltLen is less than 0. + */ + public PSSParameterSpec(int saltLen) + { + super(); + + if (saltLen < 0) + throw new IllegalArgumentException(); + this.saltLen = saltLen; + } + + // Class methods + // -------------------------------------------------------------------------- + + // Instance methods + // -------------------------------------------------------------------------- + + /** @return the length (in bits) of the salt. */ + public int getSaltLength() + { + return this.saltLen; + } +} diff --git a/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java b/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java new file mode 100644 index 000000000..5a1dafe2a --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAKeyGenParameterSpec.java @@ -0,0 +1,97 @@ +/* RSAKeyGenParameterSpec.java --- RSA Key Generator Parameter Spec Class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + This class generates a set of RSA Key parameters used in the generation + of RSA keys. + + @since JDK 1.3 + + @author Mark Benvenuto +*/ +public class RSAKeyGenParameterSpec implements AlgorithmParameterSpec +{ + private int keysize; + private BigInteger publicExponent; + + /** + Public Exponent F0 = 3 + */ + public static final BigInteger F0 = BigInteger.valueOf(3); + + /** + Public Exponent F4 = 3 + */ + public static final BigInteger F4 = BigInteger.valueOf(65537L); + + /** + Create a new RSAKeyGenParameterSpec to store the RSA key's keysize + and public exponent + + @param keysize Modulus size of key in bits + @param publicExponent - the exponent + */ + public RSAKeyGenParameterSpec(int keysize, BigInteger publicExponent) + { + this.keysize = keysize; + this.publicExponent = publicExponent; + } + + /** + Return the size of the key. + + @return the size of the key. + */ + public int getKeysize() + { + return keysize; + } + + /** + Return the public exponent. + + @return the public exponent. + */ + public BigInteger getPublicExponent() + { + return publicExponent; + } +} diff --git a/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java b/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java new file mode 100644 index 000000000..09b8438df --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java @@ -0,0 +1,223 @@ +/* PSSParameterSpec.java -- + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.spec; + +import java.math.BigInteger; + +/** + * This class represents an RSA multi-prime private key, as defined in the + * PKCS#1 v2.1, using the Chinese Remainder Theorem (CRT) information + * values. + * + * @since 1.4 + * @see java.security.Key + * @see java.security.KeyFactory + * @see KeySpec + * @see PKCS8EncodedKeySpec + * @see RSAPrivateKeySpec + * @see RSAPublicKeySpec + * @see RSAOtherPrimeInfo + */ +public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec +{ + // Constants and fields + // -------------------------------------------------------------------------- + + private BigInteger publicExponent; + private BigInteger primeP; + private BigInteger primeQ; + private BigInteger primeExponentP; + private BigInteger primeExponentQ; + private BigInteger crtCoefficient; + private RSAOtherPrimeInfo[] otherPrimeInfo; + + // Constructor(s) + // -------------------------------------------------------------------------- + + /** + * Constructs a new instance of RSAMultiPrimePrivateCrtKeySpec + * given the various PKCS#1 v2.1 parameters. + * + *

Note that otherPrimeInfo is cloned when constructing this + * object.

+ * + * @param modulus + * the modulus n. + * @param publicExponent + * the public exponent e. + * @param privateExponent + * the private exponent d. + * @param primeP + * the prime factor p of n. + * @param primeQ + * the prime factor q of n. + * @param primeExponentP + * this is d mod (p-1). + * @param primeExponentQ + * this is d mod (q-1). + * @param crtCoefficient + * the Chinese Remainder Theorem coefficient q-1 mod p. + * @param otherPrimeInfo + * triplets of the rest of primes, null can be + * specified if there are only two prime factors (p and q). + * @throws NullPointerException + * if any of the parameters is null. + * @throws IllegalArgumentException + * if an empty otherPrimeInfo is specified. + */ + public RSAMultiPrimePrivateCrtKeySpec(BigInteger modulus, + BigInteger publicExponent, + BigInteger privateExponent, + BigInteger primeP, + BigInteger primeQ, + BigInteger primeExponentP, + BigInteger primeExponentQ, + BigInteger crtCoefficient, + RSAOtherPrimeInfo[] otherPrimeInfo) + { + super(modulus, privateExponent); + + if (modulus == null) + throw new NullPointerException("modulus"); + if (publicExponent == null) + throw new NullPointerException("publicExponent"); + if (privateExponent == null) + throw new NullPointerException("privateExponent"); + if (primeP == null) + throw new NullPointerException("primeP"); + if (primeQ == null) + throw new NullPointerException("primeQ"); + if (primeExponentP == null) + throw new NullPointerException("primeExponentP"); + if (primeExponentQ == null) + throw new NullPointerException("primeExponentQ"); + if (crtCoefficient == null) + throw new NullPointerException("crtCoefficient"); + if (otherPrimeInfo != null) + if (otherPrimeInfo.length == 0) + throw new IllegalArgumentException(); + else + this.otherPrimeInfo = (RSAOtherPrimeInfo[]) otherPrimeInfo.clone(); + + this.publicExponent = publicExponent; + this.primeP = primeP; + this.primeQ = primeQ; + this.primeExponentP = primeExponentP; + this.primeExponentQ = primeExponentQ; + this.crtCoefficient = crtCoefficient; + } + + // Class methods + // -------------------------------------------------------------------------- + + // Instance methods + // -------------------------------------------------------------------------- + + /** + * Returns the public exponent. + * + * @return the public exponent. + */ + public BigInteger getPublicExponent() + { + return this.publicExponent; + } + + /** + * Returns the prime p. + * + * @return the prime p. + */ + public BigInteger getPrimeP() + { + return this.primeP; + } + + /** + * Returns the prime q. + * + * @return the prime q. + */ + public BigInteger getPrimeQ() + { + return this.primeQ; + } + + /** + * Returns d mod (p-1). + * + * @return d mod (p-1). + */ + public BigInteger getPrimeExponentP() + { + return this.primeExponentP; + } + + /** + * Returns d mod (q-1). + * + * @return d mod (q-1). + */ + public BigInteger getPrimeExponentQ() + { + return this.primeExponentQ; + } + + /** + * Returns the CRT Coefficient q-1 mod p. + * + * @return the CRT Coefficient q-1 mod p. + */ + public BigInteger getCrtCoefficient() + { + return this.crtCoefficient; + } + + /** + * Returns a clone of otherPrimeInfo or null if + * it was null at construction time. + * + * @return a cloned copy of otherPrimeInfo. + */ + public RSAOtherPrimeInfo[] getOtherPrimeInfo() + { + return this.otherPrimeInfo == null + ? null + : (RSAOtherPrimeInfo[]) this.otherPrimeInfo.clone(); + } +} diff --git a/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java b/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java new file mode 100644 index 000000000..45dd53fab --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAOtherPrimeInfo.java @@ -0,0 +1,126 @@ +/* RSAOtherPrimeInfo.java -- + Copyright (C) 2003, Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + +package java.security.spec; + +import java.math.BigInteger; + +/** + * An in-memory representation of the RSA triplet (prime, exponent, and + * coefficient) inside a PKCS#1 v2.1 OtherPrimeInfo structure. + * + * @since 1.4 + * @see RSAPrivateCrtKeySpec + * @see java.security.interfaces.RSAMultiPrimePrivateCrtKey + */ +public class RSAOtherPrimeInfo +{ + // Constants and fields + // -------------------------------------------------------------------------- + + private BigInteger prime; + private BigInteger primeExponent; + private BigInteger crtCoefficient; + + // Constructor(s) + // -------------------------------------------------------------------------- + + /** + * Constructs a new RSAOtherPrimeInfo given the PKCS#1 MPIs. + * + * @param prime + * the prime factor of n. + * @param primeExponent + * the exponent. + * @param crtCoefficient + * the Chinese Remainder Theorem coefficient. + * @throws NullPointerException + * if any of the parameters is null. + */ + public RSAOtherPrimeInfo(BigInteger prime, BigInteger primeExponent, + BigInteger crtCoefficient) + { + super(); + + if (prime == null) + throw new NullPointerException("prime"); + if (primeExponent == null) + throw new NullPointerException("primeExponent"); + if (crtCoefficient == null) + throw new NullPointerException("crtCoefficient"); + + this.prime = prime; + this.primeExponent = primeExponent; + this.crtCoefficient = crtCoefficient; + } + + // Class methods + // -------------------------------------------------------------------------- + + // Instance methods + // -------------------------------------------------------------------------- + + /** + * Returns the prime. + * + * @return the prime. + */ + public final BigInteger getPrime() + { + return this.prime; + } + + /** + * Returns the prime's exponent. + * + * @return the primeExponent. + */ + public final BigInteger getExponent() + { + return this.primeExponent; + } + + /** + * Returns the CRT Coefficient. + * + * @return the CRT Coefficient. + */ + public final BigInteger getCrtCoefficient() + { + return this.crtCoefficient; + } +} diff --git a/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java b/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java new file mode 100644 index 000000000..6d327e62b --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAPrivateCrtKeySpec.java @@ -0,0 +1,151 @@ +/* RSAPrivateCrtKeySpec.java --- RSA Private Certificate Key Specificaton class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + RSA Private Certificate Key class Specification. Used to + maintain the RSA Private Certificate Keys with the + Chinese Remainder Theorem(CRT) as specified by PKCS#1. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class RSAPrivateCrtKeySpec extends RSAPrivateKeySpec +{ + private BigInteger publicExponent; + private BigInteger primeP; + private BigInteger primeQ; + private BigInteger primeExponentP; + private BigInteger primeExponentQ; + private BigInteger crtCoefficient; + + /** + Constructs a new RSAPrivateKeySpec with the specified + variables. + + @param modulus the RSA modulus + @param publicExponent the public key exponent + @param privateExponent the private key exponent + @param primeP the prime P + @param primeQ the prime Q + @param primeExponentP the prime exponent P + @param primeExponentQ the prime exponent P + @param crtCoefficient the CRT coefficient + */ + public RSAPrivateCrtKeySpec(BigInteger modulus, + BigInteger publicExponent, + BigInteger privateExponent, + BigInteger primeP, + BigInteger primeQ, + BigInteger primeExponentP, + BigInteger primeExponentQ, + BigInteger crtCoefficient) + { + super( modulus, privateExponent); + this.publicExponent = publicExponent; + this.primeP = primeP; + this.primeQ = primeQ; + this.primeExponentP = primeExponentP; + this.primeExponentQ = primeExponentQ; + this.crtCoefficient = crtCoefficient; + } + + /** + Gets the RSA public exponent. + + @return the RSA public exponent + */ + public BigInteger getPublicExponent() + { + return this.publicExponent; + } + + /** + Gets the RSA prime P. + + @return the RSA prime P + */ + public BigInteger getPrimeP() + { + return this.primeP; + } + + /** + Gets the RSA prime Q. + + @return the RSA prime Q + */ + public BigInteger getPrimeQ() + { + return this.primeQ; + } + + /** + Gets the RSA prime exponent P. + + @return the RSA prime exponent P + */ + public BigInteger getPrimeExponentP() + { + return this.primeExponentP; + } + + /** + Gets the RSA prime exponent P. + + @return the RSA prime exponent Q + */ + public BigInteger getPrimeExponentQ() + { + return this.primeExponentQ; + } + + /** + Gets the RSA CRT coefficient. + + @return the RSA CRT coefficient + */ + public BigInteger getCrtCoefficient() + { + return this.crtCoefficient; + } + +} diff --git a/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java b/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java new file mode 100644 index 000000000..f812766ba --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAPrivateKeySpec.java @@ -0,0 +1,88 @@ +/* RSAPrivateKeySpec.java --- RSA Private Key Specificaton class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + RSA Private Key class Specification. Used to maintain the RSA + Private Keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class RSAPrivateKeySpec implements KeySpec +{ + private BigInteger modulus; + private BigInteger privateExponent; + + /** + Constructs a new RSAPrivateKeySpec with the specified + modulus and privateExponent. + + @param modulus the RSA modulus + @param privateExponent the private key exponent + */ + public RSAPrivateKeySpec(BigInteger modulus, BigInteger privateExponent) + { + this.modulus = modulus; + this.privateExponent = privateExponent; + } + + /** + Gets the RSA modulus. + + @return the RSA modulus + */ + public BigInteger getModulus() + { + return this.modulus; + } + + /** + Gets the RSA private exponent. + + @return the RSA private exponent + */ + public BigInteger getPrivateExponent() + { + return this.privateExponent; + } + +} diff --git a/libjava/classpath/java/security/spec/RSAPublicKeySpec.java b/libjava/classpath/java/security/spec/RSAPublicKeySpec.java new file mode 100644 index 000000000..acee6bcdf --- /dev/null +++ b/libjava/classpath/java/security/spec/RSAPublicKeySpec.java @@ -0,0 +1,88 @@ +/* RSAPublicKeySpec.java --- RSA Public Key Specificaton class + Copyright (C) 1999 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; +import java.math.BigInteger; + +/** + RSA Public Key class Specification. Used to maintain the RSA + Public Keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class RSAPublicKeySpec implements KeySpec +{ + private BigInteger modulus; + private BigInteger publicExponent; + + /** + Constructs a new RSAPublicKeySpec with the specified + modulus and publicExponent. + + @param modulus the RSA modulus + @param publicExponent the public key exponent + */ + public RSAPublicKeySpec(BigInteger modulus, BigInteger publicExponent) + { + this.modulus = modulus; + this.publicExponent = publicExponent; + } + + /** + Gets the RSA modulus. + + @return the RSA modulus + */ + public BigInteger getModulus() + { + return this.modulus; + } + + /** + Gets the RSA public exponent. + + @return the RSA public exponent + */ + public BigInteger getPublicExponent() + { + return this.publicExponent; + } + +} diff --git a/libjava/classpath/java/security/spec/X509EncodedKeySpec.java b/libjava/classpath/java/security/spec/X509EncodedKeySpec.java new file mode 100644 index 000000000..8b50aaae1 --- /dev/null +++ b/libjava/classpath/java/security/spec/X509EncodedKeySpec.java @@ -0,0 +1,82 @@ +/* X509EncodedKeySpec.java --- X.509 Encoded Key Specificaton class + Copyright (C) 1999, 2001 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.spec; + +/** + X.509 Encoded Key Specification class which is used to store + "X.509" byte encoded keys. + + @since JDK 1.2 + + @author Mark Benvenuto +*/ +public class X509EncodedKeySpec extends EncodedKeySpec +{ + + /** + Constructs a new X509EncodedKeySpec with the specified encoded key. + + @param encodedKey A key to store, assumed to be "X.509" + */ + public X509EncodedKeySpec(byte[] encodedKey) + { + super( encodedKey ); + } + + /** + Gets the encoded key in byte format. + + @returns the encoded key + */ + public byte[] getEncoded() + { + return super.getEncoded(); + } + + /** + Returns the name of the key format used which is "X.509" + + @return a string representing the name + */ + public final String getFormat() + { + return "X.509"; + } + +} diff --git a/libjava/classpath/java/security/spec/package.html b/libjava/classpath/java/security/spec/package.html new file mode 100644 index 000000000..8e818896a --- /dev/null +++ b/libjava/classpath/java/security/spec/package.html @@ -0,0 +1,46 @@ + + + + +GNU Classpath - java.security.spec + + +

+ + + -- cgit v1.2.3