1 files changed, 397 insertions, 0 deletions
diff --git a/libjava/classpath/java/security/cert/X509CRL.java b/libjava/classpath/java/security/cert/X509CRL.java
new file mode 100644
index 00000000000..5657b3eb3f5
--- /dev/null
+++ b/libjava/classpath/java/security/cert/X509CRL.java
@@ -0,0 +1,397 @@
+/* X509CRL.java --- X.509 Certificate Revocation List
+   Copyright (C) 1999, 2004  Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+ 
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package java.security.cert;
+
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.util.Date;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+   The X509CRL class is the abstract class used to manage
+   X.509 Certificate Revocation Lists. The CRL is a list of
+   time stamped entries which indicate which lists have been
+   revoked. The list is signed by a Certificate Authority (CA)
+   and made publically available in a repository.
+   
+   Each revoked certificate in the CRL is identified by its 
+   certificate serial number. When a piece of code uses a 
+   certificate, the certificates validity is checked by 
+   validating its signature and determing that it is not
+   only a recently acquired CRL. The recently aquired CRL
+   is depends on the local policy in affect. The CA issues
+   a new CRL periodically and entries are removed as the 
+   certificate expiration date is reached
+   
+   
+   A description of the X.509 v2 CRL follows below from rfc2459.
+   
+   "The X.509 v2 CRL syntax is as follows.  For signature calculation,
+   the data that is to be signed is ASN.1 DER encoded.  ASN.1 DER
+   encoding is a tag, length, value encoding system for each element.
+   
+	   CertificateList  ::=  SEQUENCE  {
+        	tbsCertList          TBSCertList,
+	        signatureAlgorithm   AlgorithmIdentifier,
+        	signatureValue       BIT STRING  }
+	
+	   TBSCertList  ::=  SEQUENCE  {
+        	version                 Version OPTIONAL,
+                                     -- if present, shall be v2
+	        signature               AlgorithmIdentifier,
+        	issuer                  Name,
+	        thisUpdate              Time,
+	        nextUpdate              Time OPTIONAL,
+	        revokedCertificates     SEQUENCE OF SEQUENCE  {
+	             userCertificate         CertificateSerialNumber,
+	             revocationDate          Time,
+	             crlEntryExtensions      Extensions OPTIONAL
+	                                           -- if present, shall be v2
+	                                  }  OPTIONAL,
+	        crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+	                                           -- if present, shall be v2
+	                                  }"
+
+	@author Mark Benvenuto
+
+	@since JDK 1.2
+*/
+public abstract class X509CRL extends CRL implements X509Extension
+{
+
+  /**
+     Constructs a new X509CRL.
+  */
+  protected X509CRL()
+  {
+    super("X.509");
+  }
+
+  /**
+     Compares this X509CRL to other. It checks if the
+     object if instanceOf X509CRL and then checks if
+     the encoded form matches.
+
+     @param other An Object to test for equality
+
+     @return true if equal, false otherwise
+  */
+  public boolean equals(Object other)
+  {
+    if( other instanceof X509CRL ) {
+      try {
+	X509CRL x = (X509CRL) other;
+	if( getEncoded().length != x.getEncoded().length )
+	  return false;
+
+	byte[] b1 = getEncoded();
+	byte[] b2 = x.getEncoded();
+
+	for( int i = 0; i < b1.length; i++ )
+	  if( b1[i] != b2[i] )
+	    return false;
+
+      } catch( CRLException crle ) { 
+	return false;
+      }
+      return true;
+    }
+    return false;
+  }
+
+  /**
+     Returns a hash code for this X509CRL in its encoded
+     form.
+
+     @return A hash code of this class
+  */
+  public int hashCode()
+  {
+    return super.hashCode();
+  }
+
+  /**
+     Gets the DER ASN.1 encoded format for this X.509 CRL.
+
+     @return byte array containg encoded form
+
+     @throws CRLException if an error occurs
+  */
+  public abstract byte[] getEncoded() throws CRLException;
+
+  /**
+     Verifies that this CRL was properly signed with the
+     PublicKey that corresponds to its private key. 
+
+     @param key PublicKey to verify with
+
+     @throws CRLException encoding error
+     @throws NoSuchAlgorithmException unsupported algorithm
+     @throws InvalidKeyException incorrect key
+     @throws NoSuchProviderException no provider
+     @throws SignatureException signature error
+  */
+  public abstract void verify(PublicKey key)
+    throws CRLException,
+    NoSuchAlgorithmException,
+    InvalidKeyException,
+    NoSuchProviderException,
+    SignatureException;
+
+  /**
+     Verifies that this CRL was properly signed with the
+     PublicKey that corresponds to its private key and uses
+     the signature engine provided by the provider. 
+
+     @param key PublicKey to verify with
+     @param sigProvider Provider to use for signature algorithm
+
+     @throws CRLException encoding error
+     @throws NoSuchAlgorithmException unsupported algorithm
+     @throws InvalidKeyException incorrect key
+     @throws NoSuchProviderException incorrect provider
+     @throws SignatureException signature error
+  */
+  public abstract void verify(PublicKey key,
+			      String sigProvider)
+    throws CRLException,
+    NoSuchAlgorithmException,
+    InvalidKeyException,
+    NoSuchProviderException,
+    SignatureException;
+
+  /**
+     Gets the version of this CRL.
+
+     The ASN.1 encoding is:
+
+     version                 Version OPTIONAL,
+     -- if present, shall be v2
+
+     Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+     Consult rfc2459 for more information.
+
+     @return the version number, Ex: 1 or 2
+  */
+  public abstract int getVersion();
+
+  /**
+     Returns the issuer (issuer distinguished name) of the CRL.
+     The issuer is the entity who signed and issued the 
+     Certificate Revocation List.
+
+     The ASN.1 DER encoding is:
+
+     issuer                  Name,
+
+     Name ::= CHOICE {
+     RDNSequence }
+
+     RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+     RelativeDistinguishedName ::=
+     SET OF AttributeTypeAndValue
+
+     AttributeTypeAndValue ::= SEQUENCE {
+     type     AttributeType,
+     value    AttributeValue }
+
+     AttributeType ::= OBJECT IDENTIFIER
+
+     AttributeValue ::= ANY DEFINED BY AttributeType
+
+     DirectoryString ::= CHOICE {
+     teletexString           TeletexString (SIZE (1..MAX)),
+     printableString         PrintableString (SIZE (1..MAX)),
+     universalString         UniversalString (SIZE (1..MAX)),
+     utf8String              UTF8String (SIZE (1.. MAX)),
+     bmpString               BMPString (SIZE (1..MAX)) }
+
+     Consult rfc2459 for more information.
+
+     @return the issuer in the Principal class
+  */
+  public abstract Principal getIssuerDN();
+
+  /**
+     Returns the thisUpdate date of the CRL.
+
+     The ASN.1 DER encoding is:
+
+     thisUpdate              Time,
+
+     Time ::= CHOICE {
+     utcTime        UTCTime,
+     generalTime    GeneralizedTime }
+
+     Consult rfc2459 for more information.
+
+     @return the thisUpdate date
+  */
+  public abstract Date getThisUpdate();
+
+  /*
+    Gets the nextUpdate field
+
+    The ASN.1 DER encoding is:
+
+    nextUpdate              Time OPTIONAL,
+
+    Time ::= CHOICE {
+    utcTime        UTCTime,
+    generalTime    GeneralizedTime }
+
+    Consult rfc2459 for more information.
+
+    @return the nextUpdate date
+  */
+  public abstract Date getNextUpdate();
+
+  /**
+     Gets the requeste dX509Entry for the specified
+     certificate serial number.
+
+     @return a X509CRLEntry representing the X.509 CRL entry
+  */
+  public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
+
+  /**
+     Returns a Set of revoked certificates.
+
+     @return a set of revoked certificates.
+  */
+  public abstract Set getRevokedCertificates();
+
+  /**
+     Returns the DER ASN.1 encoded tbsCertList which is 
+     the basic information of the list and associated certificates
+     in the encoded state. See top for more information.
+
+     The ASN.1 DER encoding is:
+
+     tbsCertList          TBSCertList,
+
+     Consult rfc2459 for more information.
+
+     @return byte array representing tbsCertList
+  */
+  public abstract byte[] getTBSCertList() throws CRLException;
+
+
+  /**
+     Returns the signature for the CRL. 
+
+     The ASN.1 DER encoding is:
+
+     signatureValue       BIT STRING
+
+     Consult rfc2459 for more information.
+  */
+  public abstract byte[] getSignature();
+
+  /**
+     Returns the signature algorithm used to sign the CRL. 
+     An examples is "SHA-1/DSA".
+
+     The ASN.1 DER encoding is:
+
+     signatureAlgorithm   AlgorithmIdentifier,
+
+     AlgorithmIdentifier  ::=  SEQUENCE  {
+     algorithm               OBJECT IDENTIFIER,
+     parameters              ANY DEFINED BY algorithm OPTIONAL  }
+
+     Consult rfc2459 for more information.
+
+     The algorithm name is determined from the OID.
+
+     @return a string with the signature algorithm name
+  */
+  public abstract String getSigAlgName();
+
+  /**
+     Returns the OID for the signature algorithm used.
+     Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+     The ASN.1 DER encoding for the example is:
+
+     id-dsa-with-sha1 ID  ::=  {
+     iso(1) member-body(2) us(840) x9-57 (10040)
+     x9cm(4) 3 }
+
+     Consult rfc2459 for more information.
+
+     @return a string containing the OID.
+  */
+  public abstract String getSigAlgOID();
+
+  /**
+     Returns the AlgorithmParameters in the encoded form
+     for the signature algorithm used. 
+
+     If access to the parameters is need, create an 
+     instance of AlgorithmParameters.
+
+     @return byte array containing algorithm parameters, null
+     if no parameters are present in CRL
+  */
+  public abstract byte[] getSigAlgParams();
+
+  // 1.4 instance methods.
+  // ------------------------------------------------------------------------
+
+  /**
+   * Returns the X.500 distinguished name of this CRL's issuer.
+   *
+   * @return The issuer's X.500 distinguished name.
+   * @since JDK 1.4
+   */
+  public X500Principal getIssuerX500Principal()
+  {
+    throw new UnsupportedOperationException();
+  }
+}