diff options
| author | andreast <andreast@138bc75d-0d04-0410-961f-82ee72b054a4> | 2004-11-15 20:02:08 +0000 |
|---|---|---|
| committer | andreast <andreast@138bc75d-0d04-0410-961f-82ee72b054a4> | 2004-11-15 20:02:08 +0000 |
| commit | 2c3b1fedd647cdf314993b821efa8177818bab94 (patch) | |
| tree | 397eb5fe893a7d4cba478362f2a48f749834452d /libjava/gnu/java/security/x509/X509CRL.java | |
| parent | c15d16bd4b4f42769fe099b39a2829dd5bb5a509 (diff) | |
| download | ppe42-gcc-2c3b1fedd647cdf314993b821efa8177818bab94.tar.gz ppe42-gcc-2c3b1fedd647cdf314993b821efa8177818bab94.zip | |
004-11-15 Andreas Tobler <a.tobler@schweiz.ch>
Import/Merge the X.509 certificate code from Classpath.
* Makefile.am: Add imported files.
* Makefile.in: Regenerate.
2004-11-07 Casey Marshall <csm@gnu.org>
* gnu/java/security/provider/Gnu.java(<init>): Add entries in a
priviliged action. Add new algorithms.
* gnu/java/security/provider/X509CertificateFactory.java
(engineGenerateCertificate): Chain exceptions.
(engineGenerateCertificates): Likewise.
(engineGenerateCRL): Likewise.
(engineGenerateCRLs): Likewise.
(engineGenerateCertPath): New methods.
(generateCert): Throw exception if 'inStream' is null.
(generateCRL): Likewise.
* gnu/java/security/x509/X500DistinguishedName.java: Replaced with
version from GNU Crypto CVS.
* gnu/java/security/x509/X509CRL.java: Likewise.
* gnu/java/security/x509/X509CRLEntry.java: Likewise.
* gnu/java/security/x509/X509Certificate.java: Likewise.
* java/security/cert/TrustAnchor.java: Call 'toString' and not
toRFC2253.
* gnu/java/security/provider/CollectionCertStoreImpl.java,
* gnu/java/security/provider/EncodedKeyFactory.java,
* gnu/java/security/provider/GnuDHPublicKey.java,
* gnu/java/security/provider/GnuRSAPrivateKey.java,
* gnu/java/security/provider/GnuRSAPublicKey.java,
* gnu/java/security/provider/MD2withRSA.java,
* gnu/java/security/provider/MD4withRSA.java,
* gnu/java/security/provider/MD5withRSA.java,
* gnu/java/security/provider/PKIXCertPathValidatorImpl.java,
* gnu/java/security/provider/RSA.java,
* gnu/java/security/provider/RSAKeyFactory.java,
* gnu/java/security/provider/SHA1withRSA.java,
* gnu/java/security/x509/GnuPKIExtension.java,
* gnu/java/security/x509/PolicyNodeImpl.java,
* gnu/java/security/x509/Util.java,
* gnu/java/security/x509/X509CRLSelectorImpl.java,
* gnu/java/security/x509/X509CertPath.java,
* gnu/java/security/x509/X509CertSelectorImpl.java,
* gnu/java/security/x509/ext/AuthorityKeyIdentifier.java,
* gnu/java/security/x509/ext/BasicConstraints.java,
* gnu/java/security/x509/ext/CRLNumber.java,
* gnu/java/security/x509/ext/CertificatePolicies.java,
* gnu/java/security/x509/ext/ExtendedKeyUsage.java,
* gnu/java/security/x509/ext/Extension.java,
* gnu/java/security/x509/ext/GeneralNames.java,
* gnu/java/security/x509/ext/IssuerAlternativeNames.java,
* gnu/java/security/x509/ext/KeyUsage.java,
* gnu/java/security/x509/ext/PolicyConstraint.java,
* gnu/java/security/x509/ext/PolicyMappings.java,
* gnu/java/security/x509/ext/PrivateKeyUsagePeriod.java,
* gnu/java/security/x509/ext/ReasonCode.java,
* gnu/java/security/x509/ext/SubjectAlternativeNames.java,
* gnu/java/security/x509/ext/SubjectKeyIdentifier.java: New files.
2004-11-07 Casey Marshall <csm@gnu.org>
* gnu/java/security/x509/X509CRL.java:
Missed import statements in previous checkin.
2004-11-07 Casey Marshall <csm@gnu.org>
* gnu/java/security/x509/X509CertPath.java (parse): Fixed reference
to 'X509CertificateImpl' from previous checkin.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@90682 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'libjava/gnu/java/security/x509/X509CRL.java')
| -rw-r--r-- | libjava/gnu/java/security/x509/X509CRL.java | 168 |
1 files changed, 123 insertions, 45 deletions
diff --git a/libjava/gnu/java/security/x509/X509CRL.java b/libjava/gnu/java/security/x509/X509CRL.java index e31a85df7b9..adaa003f3cb 100644 --- a/libjava/gnu/java/security/x509/X509CRL.java +++ b/libjava/gnu/java/security/x509/X509CRL.java @@ -7,7 +7,7 @@ GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. - + GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU @@ -44,6 +44,7 @@ import gnu.java.security.der.BitString; import gnu.java.security.der.DER; import gnu.java.security.der.DERReader; import gnu.java.security.der.DERValue; +import gnu.java.security.x509.ext.Extension; import java.io.InputStream; import java.io.IOException; @@ -57,11 +58,12 @@ import java.security.Signature; import java.security.SignatureException; import java.security.cert.Certificate; import java.security.cert.CRLException; -import java.security.cert.X509CRLEntry; +import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.HashSet; import java.util.HashMap; +import java.util.Iterator; import java.util.Set; import javax.security.auth.x500.X500Principal; @@ -72,11 +74,22 @@ import javax.security.auth.x500.X500Principal; * @author Casey Marshall (rsdio@metastatic.org) */ public class X509CRL extends java.security.cert.X509CRL + implements GnuPKIExtension { // Constants and fields. // ------------------------------------------------------------------------ + private static final boolean DEBUG = false; + private static void debug(String msg) + { + if (DEBUG) + { + System.err.print(">> X509CRL: "); + System.err.println(msg); + } + } + private static final OID ID_DSA = new OID("1.2.840.10040.4.1"); private static final OID ID_DSA_WITH_SHA1 = new OID("1.2.840.10040.4.3"); private static final OID ID_RSA = new OID("1.2.840.113549.1.1.1"); @@ -92,12 +105,10 @@ public class X509CRL extends java.security.cert.X509CRL private byte[] algParams; private Date thisUpdate; private Date nextUpdate; - private X500Principal issuerDN; + private X500DistinguishedName issuerDN; private HashMap revokedCerts; private HashMap extensions; - private HashSet critOids; - private HashSet nonCritOids; - + private OID sigAlg; private byte[] sigAlgParams; private byte[] rawSig; @@ -118,8 +129,6 @@ public class X509CRL extends java.security.cert.X509CRL super(); revokedCerts = new HashMap(); extensions = new HashMap(); - critOids = new HashSet(); - nonCritOids = new HashSet(); try { parse(encoded); @@ -141,7 +150,9 @@ public class X509CRL extends java.security.cert.X509CRL public boolean equals(Object o) { - return ((X509CRL) o).revokedCerts.equals(revokedCerts); + if (!(o instanceof X509CRL)) + return false; + return ((X509CRL) o).getRevokedCertificates().equals(revokedCerts.values()); } public int hashCode() @@ -182,7 +193,7 @@ public class X509CRL extends java.security.cert.X509CRL public X500Principal getIssuerX500Principal() { - return issuerDN; + return new X500Principal(issuerDN.getDer()); } public Date getThisUpdate() @@ -197,9 +208,9 @@ public class X509CRL extends java.security.cert.X509CRL return null; } - public X509CRLEntry getRevokedCertificate(BigInteger serialNo) + public java.security.cert.X509CRLEntry getRevokedCertificate(BigInteger serialNo) { - return (X509CRLEntry) revokedCerts.get(serialNo); + return (java.security.cert.X509CRLEntry) revokedCerts.get(serialNo); } public Set getRevokedCertificates() @@ -247,33 +258,68 @@ public class X509CRL extends java.security.cert.X509CRL public boolean hasUnsupportedCriticalExtension() { - return false; // XXX + for (Iterator it = extensions.values().iterator(); it.hasNext(); ) + { + Extension e = (Extension) it.next(); + if (e.isCritical() && !e.isSupported()) + return true; + } + return false; } public Set getCriticalExtensionOIDs() { - return Collections.unmodifiableSet(critOids); + HashSet s = new HashSet(); + for (Iterator it = extensions.values().iterator(); it.hasNext(); ) + { + Extension e = (Extension) it.next(); + if (e.isCritical()) + s.add(e.getOid().toString()); + } + return Collections.unmodifiableSet(s); } public Set getNonCriticalExtensionOIDs() { - return Collections.unmodifiableSet(nonCritOids); + HashSet s = new HashSet(); + for (Iterator it = extensions.values().iterator(); it.hasNext(); ) + { + Extension e = (Extension) it.next(); + if (!e.isCritical()) + s.add(e.getOid().toString()); + } + return Collections.unmodifiableSet(s); } public byte[] getExtensionValue(String oid) { - byte[] ext = (byte[]) extensions.get(oid); - if (ext != null) - return (byte[]) ext.clone(); + Extension e = getExtension(new OID(oid)); + if (e != null) + { + return e.getValue().getEncoded(); + } return null; } + // GnuPKIExtension method. + // ------------------------------------------------------------------------- + + public Extension getExtension(OID oid) + { + return (Extension) extensions.get(oid); + } + + public Collection getExtensions() + { + return extensions.values(); + } + // CRL methods. - // ------------------------------------------------------------------------ + // ------------------------------------------------------------------------- public String toString() { - return gnu.java.security.x509.X509CRL.class.getName(); + return X509CRL.class.getName(); } public boolean isRevoked(Certificate cert) @@ -302,17 +348,23 @@ public class X509CRL extends java.security.cert.X509CRL private void parse(InputStream in) throws Exception { + // CertificateList ::= SEQUENCE { DERReader der = new DERReader(in); DERValue val = der.read(); + debug("start CertificateList len == " + val.getLength()); if (!val.isConstructed()) - throw new ASN1ParsingException("malformed CertificateList"); + throw new IOException("malformed CertificateList"); encoded = val.getEncoded(); + // tbsCertList ::= SEQUENCE { -- TBSCertList val = der.read(); if (!val.isConstructed()) - throw new ASN1ParsingException("malformed TBSCertList"); + throw new IOException("malformed TBSCertList"); + debug("start tbsCertList len == " + val.getLength()); tbsCRLBytes = val.getEncoded(); + // version Version OPTIONAL, + // -- If present must be v2 val = der.read(); if (val.getValue() instanceof BigInteger) { @@ -321,78 +373,104 @@ public class X509CRL extends java.security.cert.X509CRL } else version = 1; + debug("read version == " + version); + // signature AlgorithmIdentifier, + debug("start AlgorithmIdentifier len == " + val.getLength()); if (!val.isConstructed()) - throw new ASN1ParsingException("malformed AlgorithmIdentifier"); + throw new IOException("malformed AlgorithmIdentifier"); DERValue algIdVal = der.read(); algId = (OID) algIdVal.getValue(); + debug("read object identifier == " + algId); if (val.getLength() > algIdVal.getEncodedLength()) { val = der.read(); + debug("read parameters len == " + val.getEncodedLength()); algParams = val.getEncoded(); if (val.isConstructed()) in.skip(val.getLength()); } - issuerDN = new X500Principal(in); + // issuer Name, + val = der.read(); + issuerDN = new X500DistinguishedName(val.getEncoded()); + der.skip(val.getLength()); + debug("read issuer == " + issuerDN); + // thisUpdate Time, thisUpdate = (Date) der.read().getValue(); + debug("read thisUpdate == " + thisUpdate); + // nextUpdate Time OPTIONAL, val = der.read(); if (val.getValue() instanceof Date) { nextUpdate = (Date) val.getValue(); + debug("read nextUpdate == " + nextUpdate); val = der.read(); } + + // revokedCertificates SEQUENCE OF SEQUENCE { + // -- X509CRLEntry objects... + // } OPTIONAL, if (val.getTag() != 0) { int len = 0; while (len < val.getLength()) { - X509CRLEntry entry = - new gnu.java.security.x509.X509CRLEntry(version, in); + X509CRLEntry entry = new X509CRLEntry(version, der); revokedCerts.put(entry.getSerialNumber(), entry); len += entry.getEncoded().length; } + val = der.read(); } - if (version >= 2 && val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0) + + // crlExtensions [0] EXPLICIT Extensions OPTIONAL + // -- if present MUST be v2 + if (val.getTagClass() != DER.UNIVERSAL && val.getTag() == 0) { - val = der.read(); + if (version < 2) + throw new IOException("extra data in CRL"); + DERValue exts = der.read(); + if (!exts.isConstructed()) + throw new IOException("malformed Extensions"); + debug("start Extensions len == " + exts.getLength()); int len = 0; - while (len < val.getLength()) + while (len < exts.getLength()) { DERValue ext = der.read(); - OID extId = (OID) der.read().getValue(); - DERValue val2 = der.read(); - Boolean crit = Boolean.valueOf(false); - if (val2.getValue() instanceof Boolean) - { - crit = (Boolean) val2.getValue(); - val2 = der.read(); - } - byte[] extVal = (byte[]) val2.getValue(); - extensions.put(extId.toString(), extVal); - if (crit.booleanValue()) - critOids.add(extId.toString()); - else - nonCritOids.add(extId.toString()); + if (!ext.isConstructed()) + throw new IOException("malformed Extension"); + Extension e = new Extension(ext.getEncoded()); + extensions.put(e.getOid(), e); + der.skip(ext.getLength()); len += ext.getEncodedLength(); + debug("current count == " + len); } + val = der.read(); } - val = der.read(); + debug("read tag == " + val.getTag()); if (!val.isConstructed()) - throw new ASN1ParsingException("malformed AlgorithmIdentifier"); + throw new IOException("malformed AlgorithmIdentifier"); + debug("start AlgorithmIdentifier len == " + val.getLength()); DERValue sigAlgVal = der.read(); + debug("read tag == " + sigAlgVal.getTag()); + if (sigAlgVal.getTag() != DER.OBJECT_IDENTIFIER) + throw new IOException("malformed AlgorithmIdentifier"); sigAlg = (OID) sigAlgVal.getValue(); + debug("signature id == " + sigAlg); + debug("sigAlgVal length == " + sigAlgVal.getEncodedLength()); if (val.getLength() > sigAlgVal.getEncodedLength()) { val = der.read(); + debug("sig params tag = " + val.getTag() + " len == " + val.getEncodedLength()); sigAlgParams = (byte[]) val.getEncoded(); if (val.isConstructed()) in.skip(val.getLength()); } val = der.read(); + debug("read tag = " + val.getTag()); rawSig = val.getEncoded(); signature = ((BitString) val.getValue()).toByteArray(); } |
