diff options
Diffstat (limited to 'libjava/java/security/cert/X509CRL.java')
| -rw-r--r-- | libjava/java/security/cert/X509CRL.java | 370 |
1 files changed, 0 insertions, 370 deletions
diff --git a/libjava/java/security/cert/X509CRL.java b/libjava/java/security/cert/X509CRL.java deleted file mode 100644 index c3b715351aa..00000000000 --- a/libjava/java/security/cert/X509CRL.java +++ /dev/null @@ -1,370 +0,0 @@ -/* X509CRL.java --- X.509 Certificate Revocation List - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.math.BigInteger; -import java.security.Principal; -import java.security.PublicKey; -import java.security.NoSuchAlgorithmException; -import java.security.InvalidKeyException; -import java.security.NoSuchProviderException; -import java.security.SignatureException; -import java.util.Date; -import java.util.Set; - -/** - The X509CRL class is the abstract class used to manage - X.509 Certificate Revocation Lists. The CRL is a list of - time stamped entries which indicate which lists have been - revoked. The list is signed by a Certificate Authority (CA) - and made publically available in a repository. - - Each revoked certificate in the CRL is identified by its - certificate serial number. When a piece of code uses a - certificate, the certificates validity is checked by - validating its signature and determing that it is not - only a recently acquired CRL. The recently aquired CRL - is depends on the local policy in affect. The CA issues - a new CRL periodically and entries are removed as the - certificate expiration date is reached - - - A description of the X.509 v2 CRL follows below from rfc2459. - - "The X.509 v2 CRL syntax is as follows. For signature calculation, - the data that is to be signed is ASN.1 DER encoded. ASN.1 DER - encoding is a tag, length, value encoding system for each element. - - CertificateList ::= SEQUENCE { - tbsCertList TBSCertList, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } - - TBSCertList ::= SEQUENCE { - version Version OPTIONAL, - -- if present, shall be v2 - signature AlgorithmIdentifier, - issuer Name, - thisUpdate Time, - nextUpdate Time OPTIONAL, - revokedCertificates SEQUENCE OF SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL - -- if present, shall be v2 - } OPTIONAL, - crlExtensions [0] EXPLICIT Extensions OPTIONAL - -- if present, shall be v2 - }" - - @author Mark Benvenuto - - @since JDK 1.2 -*/ -public abstract class X509CRL extends CRL implements X509Extension -{ - - /** - Constructs a new X509CRL. - */ - protected X509CRL() - { - super("X.509"); - } - - /** - Compares this X509CRL to other. It checks if the - object if instanceOf X509CRL and then checks if - the encoded form matches. - - @param other An Object to test for equality - - @return true if equal, false otherwise - */ - public boolean equals(Object other) - { - if( other instanceof X509CRL ) { - try { - X509CRL x = (X509CRL) other; - if( getEncoded().length != x.getEncoded().length ) - return false; - - byte b1[] = getEncoded(); - byte b2[] = x.getEncoded(); - - for( int i = 0; i < b1.length; i++ ) - if( b1[i] != b2[i] ) - return false; - - } catch( CRLException crle ) { - return false; - } - return true; - } - return false; - } - - /** - Returns a hash code for this X509CRL in its encoded - form. - - @return A hash code of this class - */ - public int hashCode() - { - return super.hashCode(); - } - - /** - Gets the DER ASN.1 encoded format for this X.509 CRL. - - @return byte array containg encoded form - - @throws CRLException if an error occurs - */ - public abstract byte[] getEncoded() throws CRLException; - - /** - Verifies that this CRL was properly signed with the - PublicKey that corresponds to its private key. - - @param key PublicKey to verify with - - @throws CRLException encoding error - @throws NoSuchAlgorithmException unsupported algorithm - @throws InvalidKeyException incorrect key - @throws NoSuchProviderException no provider - @throws SignatureException signature error - */ - public abstract void verify(PublicKey key) - throws CRLException, - NoSuchAlgorithmException, - InvalidKeyException, - NoSuchProviderException, - SignatureException; - - /** - Verifies that this CRL was properly signed with the - PublicKey that corresponds to its private key and uses - the signature engine provided by the provider. - - @param key PublicKey to verify with - @param sigProvider Provider to use for signature algorithm - - @throws CRLException encoding error - @throws NoSuchAlgorithmException unsupported algorithm - @throws InvalidKeyException incorrect key - @throws NoSuchProviderException incorrect provider - @throws SignatureException signature error - */ - public abstract void verify(PublicKey key, - String sigProvider) - throws CRLException, - NoSuchAlgorithmException, - InvalidKeyException, - NoSuchProviderException, - SignatureException; - - /** - Gets the version of this CRL. - - The ASN.1 encoding is: - - version Version OPTIONAL, - -- if present, shall be v2 - - Version ::= INTEGER { v1(0), v2(1), v3(2) } - - Consult rfc2459 for more information. - - @return the version number, Ex: 1 or 2 - */ - public abstract int getVersion(); - - /** - Returns the issuer (issuer distinguished name) of the CRL. - The issuer is the entity who signed and issued the - Certificate Revocation List. - - The ASN.1 DER encoding is: - - issuer Name, - - Name ::= CHOICE { - RDNSequence } - - RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - - RelativeDistinguishedName ::= - SET OF AttributeTypeAndValue - - AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - - AttributeType ::= OBJECT IDENTIFIER - - AttributeValue ::= ANY DEFINED BY AttributeType - - DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1.. MAX)), - bmpString BMPString (SIZE (1..MAX)) } - - Consult rfc2459 for more information. - - @return the issuer in the Principal class - */ - public abstract Principal getIssuerDN(); - - /** - Returns the thisUpdate date of the CRL. - - The ASN.1 DER encoding is: - - thisUpdate Time, - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Consult rfc2459 for more information. - - @return the thisUpdate date - */ - public abstract Date getThisUpdate(); - - /* - Gets the nextUpdate field - - The ASN.1 DER encoding is: - - nextUpdate Time OPTIONAL, - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Consult rfc2459 for more information. - - @return the nextUpdate date - */ - public abstract Date getNextUpdate(); - - /** - Gets the requeste dX509Entry for the specified - certificate serial number. - - @return a X509CRLEntry representing the X.509 CRL entry - */ - public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber); - - /** - Returns a Set of revoked certificates. - - @return a set of revoked certificates. - */ - public abstract Set getRevokedCertificates(); - - /** - Returns the DER ASN.1 encoded tbsCertList which is - the basic information of the list and associated certificates - in the encoded state. See top for more information. - - The ASN.1 DER encoding is: - - tbsCertList TBSCertList, - - Consult rfc2459 for more information. - - @return byte array representing tbsCertList - */ - public abstract byte[] getTBSCertList() throws CRLException; - - - /** - Returns the signature for the CRL. - - The ASN.1 DER encoding is: - - signatureValue BIT STRING - - Consult rfc2459 for more information. - */ - public abstract byte[] getSignature(); - - /** - Returns the signature algorithm used to sign the CRL. - An examples is "SHA-1/DSA". - - The ASN.1 DER encoding is: - - signatureAlgorithm AlgorithmIdentifier, - - AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - - Consult rfc2459 for more information. - - The algorithm name is determined from the OID. - - @return a string with the signature algorithm name - */ - public abstract String getSigAlgName(); - - /** - Returns the OID for the signature algorithm used. - Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\ - - The ASN.1 DER encoding for the example is: - - id-dsa-with-sha1 ID ::= { - iso(1) member-body(2) us(840) x9-57 (10040) - x9cm(4) 3 } - - Consult rfc2459 for more information. - - @return a string containing the OID. - */ - public abstract String getSigAlgOID(); - - /** - Returns the AlgorithmParameters in the encoded form - for the signature algorithm used. - - If access to the parameters is need, create an - instance of AlgorithmParameters. - - @return byte array containing algorithm parameters, null - if no parameters are present in CRL - */ - public abstract byte[] getSigAlgParams(); - -} |