diff options
Diffstat (limited to 'libjava/java/security/cert')
| -rw-r--r-- | libjava/java/security/cert/CRL.java | 87 | ||||
| -rw-r--r-- | libjava/java/security/cert/CRLException.java | 59 | ||||
| -rw-r--r-- | libjava/java/security/cert/Certificate.java | 237 | ||||
| -rw-r--r-- | libjava/java/security/cert/CertificateEncodingException.java | 58 | ||||
| -rw-r--r-- | libjava/java/security/cert/CertificateException.java | 59 | ||||
| -rw-r--r-- | libjava/java/security/cert/CertificateExpiredException.java | 58 | ||||
| -rw-r--r-- | libjava/java/security/cert/CertificateFactory.java | 259 | ||||
| -rw-r--r-- | libjava/java/security/cert/CertificateFactorySpi.java | 142 | ||||
| -rw-r--r-- | libjava/java/security/cert/CertificateNotYetValidException.java | 58 | ||||
| -rw-r--r-- | libjava/java/security/cert/CertificateParsingException.java | 58 | ||||
| -rw-r--r-- | libjava/java/security/cert/X509CRL.java | 370 | ||||
| -rw-r--r-- | libjava/java/security/cert/X509CRLEntry.java | 157 | ||||
| -rw-r--r-- | libjava/java/security/cert/X509Certificate.java | 444 | ||||
| -rw-r--r-- | libjava/java/security/cert/X509Extension.java | 102 |
14 files changed, 0 insertions, 2148 deletions
diff --git a/libjava/java/security/cert/CRL.java b/libjava/java/security/cert/CRL.java deleted file mode 100644 index f5cde15a4b0..00000000000 --- a/libjava/java/security/cert/CRL.java +++ /dev/null @@ -1,87 +0,0 @@ -/* CRL.java --- Certificate Revocation List - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; - -/** - Certificate Revocation List class for managing CRLs that - have different formats but the same general use. They - all serve as lists of revoked certificates and can - be queried for a given certificate. - - Specialized CRLs extend this class. - - @author Mark Benvenuto - - @since JDK 1.2 -*/ -public abstract class CRL -{ - - private String type; - - /** - Creates a new CRL for the specified type. An example - is "X.509". - - @param type the standard name for the CRL type. - */ - protected CRL(String type) - { - this.type = type; - } - - /** - Returns the CRL type. - - @return a string representing the CRL type - */ - public final String getType() - { - return type; - } - - /** - Returns a string representing the CRL. - - @return a string representing the CRL. - */ - public abstract String toString(); - - /** - Determines whether or not the specified Certificate - is revoked. - - @param cert A certificate to check if it is revoked - - @return true if the certificate is revoked, - false otherwise. - */ - public abstract boolean isRevoked(Certificate cert); - - -} diff --git a/libjava/java/security/cert/CRLException.java b/libjava/java/security/cert/CRLException.java deleted file mode 100644 index 376e25a6dfd..00000000000 --- a/libjava/java/security/cert/CRLException.java +++ /dev/null @@ -1,59 +0,0 @@ -/* CRLException.java --- Certificate Revocation List Exception - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.security.GeneralSecurityException; - -/** - Exception for a Certificate Revocation List. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public class CRLException extends GeneralSecurityException -{ - - /** - Constructs an CRLExceptionwithout a message string. - */ - public CRLException() - { - super(); - } - - /** - Constructs an CRLException with a message string. - - @param msg A message to display with exception - */ - public CRLException(String msg) - { - super( msg ); - } - -} diff --git a/libjava/java/security/cert/Certificate.java b/libjava/java/security/cert/Certificate.java deleted file mode 100644 index 2fb2a201f21..00000000000 --- a/libjava/java/security/cert/Certificate.java +++ /dev/null @@ -1,237 +0,0 @@ -/* Certificate.java --- Certificate class - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.security.PublicKey; -import java.security.NoSuchAlgorithmException; -import java.security.InvalidKeyException; -import java.security.NoSuchProviderException; -import java.security.SignatureException; -import java.io.ObjectInputStream; -import java.io.ByteArrayInputStream; -import java.io.ObjectStreamException; - -/** - The Certificate class is an abstract class used to manage - identity certificates. An identity certificate is a - combination of a principal and a public key which is - certified by another principal. This is the puprose of - Certificate Authorities (CA). - - This class is used to manage different types of certificates - but have important common puposes. Different types of - certificates like X.509 and OpenPGP share general certificate - functions (like encoding and verifying) and information like - public keys. - - X.509, OpenPGP, and SDSI can be implemented by subclassing this - class even though they differ in storage methods and information - stored. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public abstract class Certificate -{ - - private String type; - /** - Constructs a new certificate of the specified type. An example - is "X.509". - - @param type a valid standard name for a certificate. - */ - protected Certificate(String type) - { - this.type = type; - } - - /** - Returns the Certificate type. - - @return a string representing the Certificate type - */ - public final String getType() - { - return type; - } - - /** - Compares this Certificate to other. It checks if the - object if instanceOf Certificate and then checks if - the encoded form matches. - - @param other An Object to test for equality - - @return true if equal, false otherwise - */ - public boolean equals(Object other) - { - if( other instanceof Certificate ) { - try { - Certificate x = (Certificate) other; - if( getEncoded().length != x.getEncoded().length ) - return false; - - byte b1[] = getEncoded(); - byte b2[] = x.getEncoded(); - - for( int i = 0; i < b1.length; i++ ) - if( b1[i] != b2[i] ) - return false; - - } catch( CertificateEncodingException cee ) { - return false; - } - return true; - } - return false; - } - - /** - Returns a hash code for this Certificate in its encoded - form. - - @return A hash code of this class - */ - public int hashCode() - { - return super.hashCode(); - } - - /** - Gets the DER ASN.1 encoded format for this Certificate. - It assumes each certificate has only one encoding format. - Ex: X.509 is encoded as ASN.1 DER - - @return byte array containg encoded form - - @throws CertificateEncodingException if an error occurs - */ - public abstract byte[] getEncoded() throws CertificateEncodingException; - - /** - Verifies that this Certificate was properly signed with the - PublicKey that corresponds to its private key. - - @param key PublicKey to verify with - - @throws CertificateException encoding error - @throws NoSuchAlgorithmException unsupported algorithm - @throws InvalidKeyException incorrect key - @throws NoSuchProviderException no provider - @throws SignatureException signature error - */ - public abstract void verify(PublicKey key) - throws CertificateException, - NoSuchAlgorithmException, - InvalidKeyException, - NoSuchProviderException, - SignatureException; - - /** - Verifies that this Certificate was properly signed with the - PublicKey that corresponds to its private key and uses - the signature engine provided by the provider. - - @param key PublicKey to verify with - @param sigProvider Provider to use for signature algorithm - - @throws CertificateException encoding error - @throws NoSuchAlgorithmException unsupported algorithm - @throws InvalidKeyException incorrect key - @throws NoSuchProviderException incorrect provider - @throws SignatureException signature error - */ - public abstract void verify(PublicKey key, - String sigProvider) - throws CertificateException, - NoSuchAlgorithmException, - InvalidKeyException, - NoSuchProviderException, - SignatureException; - - /** - Returns a string representing the Certificate. - - @return a string representing the Certificate. - */ - public abstract String toString(); - - - /** - Returns the public key stored in the Certificate. - - @return The public key - */ - public abstract PublicKey getPublicKey(); - - - /* INNER CLASS */ - /** - Certificate.CertificateRep is an inner class used to provide an alternate - storage mechanism for serialized Certificates. - */ - protected static class CertificateRep implements java.io.Serializable - { - private String type; - private byte[] data; - - /** - Create an alternate Certificate class to store a serialized Certificate - - @param type the name of certificate type - @param data the certificate data - */ - protected CertificateRep(String type, - byte[] data) - { - this.type = type; - this.data = data; - } - - /** - Return the stored Certificate - - @return the stored certificate - - @throws ObjectStreamException if certificate cannot be resolved - */ - protected Object readResolve() - throws ObjectStreamException - { - try { - return new ObjectInputStream( new ByteArrayInputStream( data ) ).readObject(); - } catch ( Exception e ) { - e.printStackTrace(); - throw new RuntimeException ( e.toString() ); - } - } - } - -} diff --git a/libjava/java/security/cert/CertificateEncodingException.java b/libjava/java/security/cert/CertificateEncodingException.java deleted file mode 100644 index ab8843fe38d..00000000000 --- a/libjava/java/security/cert/CertificateEncodingException.java +++ /dev/null @@ -1,58 +0,0 @@ -/* CertificateEncodingException.java --- Certificate Encoding Exception - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; - -/** - Exception for a Certificate Encoding. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public class CertificateEncodingException extends CertificateException -{ - - /** - Constructs an CertificateEncodingException without a message string. - */ - public CertificateEncodingException() - { - super(); - } - - /** - Constructs an CertificateEncodingException with a message string. - - @param msg A message to display with exception - */ - public CertificateEncodingException(String msg) - { - super( msg ); - } - -} diff --git a/libjava/java/security/cert/CertificateException.java b/libjava/java/security/cert/CertificateException.java deleted file mode 100644 index ab584d2cbbf..00000000000 --- a/libjava/java/security/cert/CertificateException.java +++ /dev/null @@ -1,59 +0,0 @@ -/* CertificateException.java --- Certificate Exception - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.security.GeneralSecurityException; - -/** - Exception for a Certificate. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public class CertificateException extends GeneralSecurityException -{ - - /** - Constructs an CertificateException without a message string. - */ - public CertificateException() - { - super(); - } - - /** - Constructs an CertificateException with a message string. - - @param msg A message to display with exception - */ - public CertificateException(String msg) - { - super( msg ); - } - -} diff --git a/libjava/java/security/cert/CertificateExpiredException.java b/libjava/java/security/cert/CertificateExpiredException.java deleted file mode 100644 index c5b67f3573b..00000000000 --- a/libjava/java/security/cert/CertificateExpiredException.java +++ /dev/null @@ -1,58 +0,0 @@ -/* CertificateExpiredException.java --- Certificate Expired Exception - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; - -/** - Exception for a Certificate Expiring. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public class CertificateExpiredException extends CertificateException -{ - - /** - Constructs an CertificateExpiredException without a message string. - */ - public CertificateExpiredException() - { - super(); - } - - /** - Constructs an CertificateExpiredException with a message string. - - @param msg A message to display with exception - */ - public CertificateExpiredException(String msg) - { - super( msg ); - } - -} diff --git a/libjava/java/security/cert/CertificateFactory.java b/libjava/java/security/cert/CertificateFactory.java deleted file mode 100644 index b5fe2e3518e..00000000000 --- a/libjava/java/security/cert/CertificateFactory.java +++ /dev/null @@ -1,259 +0,0 @@ -/* CertificateFactory.java --- Certificate Factory Class - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.Security; -import java.io.InputStream; -import java.util.Collection; - -/** - This class implments the CertificateFactory class interface - used to generate certificates and certificate revocation - list (CRL) objects from their encodings. - - A certifcate factory for X.509 returns certificates of the - java.security.cert.X509Certificate class, and CRLs of the - java.security.cert.X509CRL class. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public class CertificateFactory -{ - - private CertificateFactorySpi certFacSpi; - private Provider provider; - private String type; - - /** - Creates an instance of CertificateFactory - - @param certFacSpi A CertificateFactory engine to use - @param provider A provider to use - @param type The type of Certificate - */ - protected CertificateFactory(CertificateFactorySpi certFacSpi, Provider provider, String type) - { - this.certFacSpi = certFacSpi; - this.provider = provider; - this.type = type; - } - - - /** - Gets an instance of the CertificateFactory class representing - the specified certificate factory. If the type is not - found then, it throws CertificateException. - - @param type the type of certificate to choose - - @return a CertificateFactory repesenting the desired type - - @throws CertificateException if the type of certificate is not implemented by providers - */ - public static final CertificateFactory getInstance(String type) throws CertificateException - { - Provider[] p = Security.getProviders (); - - for (int i = 0; i < p.length; i++) - { - String classname = p[i].getProperty ("CertificateFactory." + type); - if (classname != null) - return getInstance (classname, type, p[i]); - } - - throw new CertificateException(type); - } - - - - /** - Gets an instance of the CertificateFactory class representing - the specified certificate factory from the specified provider. - If the type is not found then, it throws CertificateException. - If the provider is not found, then it throws - NoSuchProviderException. - - @param type the type of certificate to choose - - @return a CertificateFactory repesenting the desired type - - @throws CertificateException if the type of certificate is not implemented by providers - @throws NoSuchProviderException if the provider is not found - */ - public static final CertificateFactory getInstance(String type, String provider) - throws CertificateException, NoSuchProviderException - { - Provider p = Security.getProvider(provider); - if( p == null) - throw new NoSuchProviderException(); - - return getInstance (p.getProperty ("CertificateFactory." + type), - type, p); - } - - private static CertificateFactory getInstance (String classname, - String type, - Provider provider) - throws CertificateException - { - try { - return new CertificateFactory( (CertificateFactorySpi)Class.forName( classname ).newInstance(), provider, type ); - } catch( ClassNotFoundException cnfe) { - throw new CertificateException("Class not found"); - } catch( InstantiationException ie) { - throw new CertificateException("Class instantiation failed"); - } catch( IllegalAccessException iae) { - throw new CertificateException("Illegal Access"); - } - } - - - /** - Gets the provider that the class is from. - - @return the provider of this class - */ - public final Provider getProvider() - { - return provider; - } - - /** - Returns the type of the certificate supported - - @return A string with the type of certificate - */ - public final String getType() - { - return type; - } - - /** - Generates a Certificate based on the encoded data read - from the InputStream. - - The input stream must contain only one certificate. - - If there exists a specialized certificate class for the - certificate format handled by the certificate factory - then the return Ceritificate should be a typecast of it. - Ex: A X.509 CertificateFactory should return X509Certificate. - - For X.509 certificates, the certificate in inStream must be - DER encoded and supplied in binary or printable (Base64) - encoding. If the certificate is in Base64 encoding, it must be - bounded by -----BEGINCERTIFICATE-----, and - -----END CERTIFICATE-----. - - @param inStream an input stream containing the certificate data - - @return a certificate initialized with InputStream data. - - @throws CertificateException Certificate parsing error - */ - public final Certificate generateCertificate(InputStream inStream) - throws CertificateException - { - return certFacSpi.engineGenerateCertificate( inStream ); - } - - /** - Returns a collection of certificates that were read from the - input stream. It may be empty, have only one, or have - multiple certificates. - - For a X.509 certificate factory, the stream may contain a - single DER encoded certificate or a PKCS#7 certificate - chain. This is a PKCS#7 <I>SignedData</I> object with the - most significant field being <I>certificates</I>. If no - CRLs are present, then an empty collection is returned. - - @param inStream an input stream containing the certificates - - @return a collection of certificates initialized with - the InputStream data. - - @throws CertificateException Certificate parsing error - */ - public final Collection generateCertificates(InputStream inStream) - throws CertificateException - { - return certFacSpi.engineGenerateCertificates( inStream ); - } - - /** - Generates a CRL based on the encoded data read - from the InputStream. - - The input stream must contain only one CRL. - - If there exists a specialized CRL class for the - CRL format handled by the certificate factory - then the return CRL should be a typecast of it. - Ex: A X.509 CertificateFactory should return X509CRL. - - @param inStream an input stream containing the CRL data - - @return a CRL initialized with InputStream data. - - @throws CRLException CRL parsing error - */ - public final CRL generateCRL(InputStream inStream) - throws CRLException - { - return certFacSpi.engineGenerateCRL( inStream ); - } - - - /** - Generates CRLs based on the encoded data read - from the InputStream. - - For a X.509 certificate factory, the stream may contain a - single DER encoded CRL or a PKCS#7 CRL set. This is a - PKCS#7 <I>SignedData</I> object with the most significant - field being <I>crls</I>. If no CRLs are present, then an - empty collection is returned. - - @param inStream an input stream containing the CRLs - - @return a collection of CRLs initialized with - the InputStream data. - - @throws CRLException CRL parsing error - */ - public final Collection generateCRLs(InputStream inStream) - throws CRLException - { - return certFacSpi.engineGenerateCRLs( inStream ); - } - -} diff --git a/libjava/java/security/cert/CertificateFactorySpi.java b/libjava/java/security/cert/CertificateFactorySpi.java deleted file mode 100644 index 5fb5b966ab6..00000000000 --- a/libjava/java/security/cert/CertificateFactorySpi.java +++ /dev/null @@ -1,142 +0,0 @@ -/* CertificateFactorySpi.java --- Certificate Factory Class - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.io.InputStream; -import java.util.Collection; - -/** - CertificateFactorySpi is the abstract class Service Provider - Interface (SPI) for the CertificateFactory class. A provider - must implment all the abstract methods if they wish to - supply a certificate factory for a particular certificate - type. Ex: X.509 - - Certificate factories are used to generate certificates and - certificate revocation lists (CRL) from their encoding. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public abstract class CertificateFactorySpi -{ - - /** - Constructs a new CertificateFactorySpi - */ - public CertificateFactorySpi() - {} - - /** - Generates a Certificate based on the encoded data read - from the InputStream. - - The input stream must contain only one certificate. - - If there exists a specialized certificate class for the - certificate format handled by the certificate factory - then the return Ceritificate should be a typecast of it. - Ex: A X.509 CertificateFactory should return X509Certificate. - - For X.509 certificates, the certificate in inStream must be - DER encoded and supplied in binary or printable (Base64) - encoding. If the certificate is in Base64 encoding, it must be - bounded by -----BEGINCERTIFICATE-----, and - -----END CERTIFICATE-----. - - @param inStream an input stream containing the certificate data - - @return a certificate initialized with InputStream data. - - @throws CertificateException Certificate parsing error - */ - public abstract Certificate engineGenerateCertificate(InputStream inStream) - throws CertificateException; - - /** - Returns a collection of certificates that were read from the - input stream. It may be empty, have only one, or have - multiple certificates. - - For a X.509 certificate factory, the stream may contain a - single DER encoded certificate or a PKCS#7 certificate - chain. This is a PKCS#7 <I>SignedData</I> object with the - most significant field being <I>certificates</I>. If no - CRLs are present, then an empty collection is returned. - - @param inStream an input stream containing the certificates - - @return a collection of certificates initialized with - the InputStream data. - - @throws CertificateException Certificate parsing error - */ - public abstract Collection engineGenerateCertificates(InputStream inStream) - throws CertificateException; - - /** - Generates a CRL based on the encoded data read - from the InputStream. - - The input stream must contain only one CRL. - - If there exists a specialized CRL class for the - CRL format handled by the certificate factory - then the return CRL should be a typecast of it. - Ex: A X.509 CertificateFactory should return X509CRL. - - @param inStream an input stream containing the CRL data - - @return a CRL initialized with InputStream data. - - @throws CRLException CRL parsing error - */ - public abstract CRL engineGenerateCRL(InputStream inStream) - throws CRLException; - - /** - Generates CRLs based on the encoded data read - from the InputStream. - - For a X.509 certificate factory, the stream may contain a - single DER encoded CRL or a PKCS#7 CRL set. This is a - PKCS#7 <I>SignedData</I> object with the most significant - field being <I>crls</I>. If no CRLs are present, then an - empty collection is returned. - - @param inStream an input stream containing the CRLs - - @return a collection of CRLs initialized with - the InputStream data. - - @throws CRLException CRL parsing error - */ - public abstract Collection engineGenerateCRLs(InputStream inStream) - throws CRLException; -} - diff --git a/libjava/java/security/cert/CertificateNotYetValidException.java b/libjava/java/security/cert/CertificateNotYetValidException.java deleted file mode 100644 index ec2cc212143..00000000000 --- a/libjava/java/security/cert/CertificateNotYetValidException.java +++ /dev/null @@ -1,58 +0,0 @@ -/* CertificateNotYetValidException.java --- Certificate Not Yet Valid Exception - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; - -/** - Exception for a Certificate being not yet valid. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public class CertificateNotYetValidException extends CertificateException -{ - - /** - Constructs an CertificateNotYetValidException without a message string. - */ - public CertificateNotYetValidException() - { - super(); - } - - /** - Constructs an CertificateNotYetValidException with a message string. - - @param msg A message to display with exception - */ - public CertificateNotYetValidException(String msg) - { - super( msg ); - } - -} diff --git a/libjava/java/security/cert/CertificateParsingException.java b/libjava/java/security/cert/CertificateParsingException.java deleted file mode 100644 index 6184e01d2a4..00000000000 --- a/libjava/java/security/cert/CertificateParsingException.java +++ /dev/null @@ -1,58 +0,0 @@ -/* CertificateParsingException.java --- Certificate Parsing Exception - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; - -/** - Exception for a Certificate Parsing. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public class CertificateParsingException extends CertificateException -{ - - /** - Constructs an CertificateParsingException without a message string. - */ - public CertificateParsingException() - { - super(); - } - - /** - Constructs an CertificateParsingException with a message string. - - @param msg A message to display with exception - */ - public CertificateParsingException(String msg) - { - super( msg ); - } - -} diff --git a/libjava/java/security/cert/X509CRL.java b/libjava/java/security/cert/X509CRL.java deleted file mode 100644 index c3b715351aa..00000000000 --- a/libjava/java/security/cert/X509CRL.java +++ /dev/null @@ -1,370 +0,0 @@ -/* X509CRL.java --- X.509 Certificate Revocation List - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.math.BigInteger; -import java.security.Principal; -import java.security.PublicKey; -import java.security.NoSuchAlgorithmException; -import java.security.InvalidKeyException; -import java.security.NoSuchProviderException; -import java.security.SignatureException; -import java.util.Date; -import java.util.Set; - -/** - The X509CRL class is the abstract class used to manage - X.509 Certificate Revocation Lists. The CRL is a list of - time stamped entries which indicate which lists have been - revoked. The list is signed by a Certificate Authority (CA) - and made publically available in a repository. - - Each revoked certificate in the CRL is identified by its - certificate serial number. When a piece of code uses a - certificate, the certificates validity is checked by - validating its signature and determing that it is not - only a recently acquired CRL. The recently aquired CRL - is depends on the local policy in affect. The CA issues - a new CRL periodically and entries are removed as the - certificate expiration date is reached - - - A description of the X.509 v2 CRL follows below from rfc2459. - - "The X.509 v2 CRL syntax is as follows. For signature calculation, - the data that is to be signed is ASN.1 DER encoded. ASN.1 DER - encoding is a tag, length, value encoding system for each element. - - CertificateList ::= SEQUENCE { - tbsCertList TBSCertList, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } - - TBSCertList ::= SEQUENCE { - version Version OPTIONAL, - -- if present, shall be v2 - signature AlgorithmIdentifier, - issuer Name, - thisUpdate Time, - nextUpdate Time OPTIONAL, - revokedCertificates SEQUENCE OF SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL - -- if present, shall be v2 - } OPTIONAL, - crlExtensions [0] EXPLICIT Extensions OPTIONAL - -- if present, shall be v2 - }" - - @author Mark Benvenuto - - @since JDK 1.2 -*/ -public abstract class X509CRL extends CRL implements X509Extension -{ - - /** - Constructs a new X509CRL. - */ - protected X509CRL() - { - super("X.509"); - } - - /** - Compares this X509CRL to other. It checks if the - object if instanceOf X509CRL and then checks if - the encoded form matches. - - @param other An Object to test for equality - - @return true if equal, false otherwise - */ - public boolean equals(Object other) - { - if( other instanceof X509CRL ) { - try { - X509CRL x = (X509CRL) other; - if( getEncoded().length != x.getEncoded().length ) - return false; - - byte b1[] = getEncoded(); - byte b2[] = x.getEncoded(); - - for( int i = 0; i < b1.length; i++ ) - if( b1[i] != b2[i] ) - return false; - - } catch( CRLException crle ) { - return false; - } - return true; - } - return false; - } - - /** - Returns a hash code for this X509CRL in its encoded - form. - - @return A hash code of this class - */ - public int hashCode() - { - return super.hashCode(); - } - - /** - Gets the DER ASN.1 encoded format for this X.509 CRL. - - @return byte array containg encoded form - - @throws CRLException if an error occurs - */ - public abstract byte[] getEncoded() throws CRLException; - - /** - Verifies that this CRL was properly signed with the - PublicKey that corresponds to its private key. - - @param key PublicKey to verify with - - @throws CRLException encoding error - @throws NoSuchAlgorithmException unsupported algorithm - @throws InvalidKeyException incorrect key - @throws NoSuchProviderException no provider - @throws SignatureException signature error - */ - public abstract void verify(PublicKey key) - throws CRLException, - NoSuchAlgorithmException, - InvalidKeyException, - NoSuchProviderException, - SignatureException; - - /** - Verifies that this CRL was properly signed with the - PublicKey that corresponds to its private key and uses - the signature engine provided by the provider. - - @param key PublicKey to verify with - @param sigProvider Provider to use for signature algorithm - - @throws CRLException encoding error - @throws NoSuchAlgorithmException unsupported algorithm - @throws InvalidKeyException incorrect key - @throws NoSuchProviderException incorrect provider - @throws SignatureException signature error - */ - public abstract void verify(PublicKey key, - String sigProvider) - throws CRLException, - NoSuchAlgorithmException, - InvalidKeyException, - NoSuchProviderException, - SignatureException; - - /** - Gets the version of this CRL. - - The ASN.1 encoding is: - - version Version OPTIONAL, - -- if present, shall be v2 - - Version ::= INTEGER { v1(0), v2(1), v3(2) } - - Consult rfc2459 for more information. - - @return the version number, Ex: 1 or 2 - */ - public abstract int getVersion(); - - /** - Returns the issuer (issuer distinguished name) of the CRL. - The issuer is the entity who signed and issued the - Certificate Revocation List. - - The ASN.1 DER encoding is: - - issuer Name, - - Name ::= CHOICE { - RDNSequence } - - RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - - RelativeDistinguishedName ::= - SET OF AttributeTypeAndValue - - AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - - AttributeType ::= OBJECT IDENTIFIER - - AttributeValue ::= ANY DEFINED BY AttributeType - - DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1.. MAX)), - bmpString BMPString (SIZE (1..MAX)) } - - Consult rfc2459 for more information. - - @return the issuer in the Principal class - */ - public abstract Principal getIssuerDN(); - - /** - Returns the thisUpdate date of the CRL. - - The ASN.1 DER encoding is: - - thisUpdate Time, - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Consult rfc2459 for more information. - - @return the thisUpdate date - */ - public abstract Date getThisUpdate(); - - /* - Gets the nextUpdate field - - The ASN.1 DER encoding is: - - nextUpdate Time OPTIONAL, - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Consult rfc2459 for more information. - - @return the nextUpdate date - */ - public abstract Date getNextUpdate(); - - /** - Gets the requeste dX509Entry for the specified - certificate serial number. - - @return a X509CRLEntry representing the X.509 CRL entry - */ - public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber); - - /** - Returns a Set of revoked certificates. - - @return a set of revoked certificates. - */ - public abstract Set getRevokedCertificates(); - - /** - Returns the DER ASN.1 encoded tbsCertList which is - the basic information of the list and associated certificates - in the encoded state. See top for more information. - - The ASN.1 DER encoding is: - - tbsCertList TBSCertList, - - Consult rfc2459 for more information. - - @return byte array representing tbsCertList - */ - public abstract byte[] getTBSCertList() throws CRLException; - - - /** - Returns the signature for the CRL. - - The ASN.1 DER encoding is: - - signatureValue BIT STRING - - Consult rfc2459 for more information. - */ - public abstract byte[] getSignature(); - - /** - Returns the signature algorithm used to sign the CRL. - An examples is "SHA-1/DSA". - - The ASN.1 DER encoding is: - - signatureAlgorithm AlgorithmIdentifier, - - AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - - Consult rfc2459 for more information. - - The algorithm name is determined from the OID. - - @return a string with the signature algorithm name - */ - public abstract String getSigAlgName(); - - /** - Returns the OID for the signature algorithm used. - Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\ - - The ASN.1 DER encoding for the example is: - - id-dsa-with-sha1 ID ::= { - iso(1) member-body(2) us(840) x9-57 (10040) - x9cm(4) 3 } - - Consult rfc2459 for more information. - - @return a string containing the OID. - */ - public abstract String getSigAlgOID(); - - /** - Returns the AlgorithmParameters in the encoded form - for the signature algorithm used. - - If access to the parameters is need, create an - instance of AlgorithmParameters. - - @return byte array containing algorithm parameters, null - if no parameters are present in CRL - */ - public abstract byte[] getSigAlgParams(); - -} diff --git a/libjava/java/security/cert/X509CRLEntry.java b/libjava/java/security/cert/X509CRLEntry.java deleted file mode 100644 index 2fbe64199fd..00000000000 --- a/libjava/java/security/cert/X509CRLEntry.java +++ /dev/null @@ -1,157 +0,0 @@ -/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.math.BigInteger; -import java.util.Date; - -/** - Abstract class for entries in the CRL (Certificate Revocation - List). The ASN.1 definition for <I>revokedCertificates</I> is - - revokedCertificates SEQUENCE OF SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL - -- if present, shall be v2 - } OPTIONAL, - - CertificateSerialNumber ::= INTEGER - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - - Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - - For more information consult rfc2459. - - @author Mark Benvenuto - - @since JDK 1.2 -*/ -public abstract class X509CRLEntry implements X509Extension -{ - - /** - Creates a new X509CRLEntry - */ - public X509CRLEntry() - {} - - /** - Compares this X509CRLEntry to other. It checks if the - object if instanceOf X509CRLEntry and then checks if - the encoded form( the inner SEQUENCE) matches. - - @param other An Object to test for equality - - @return true if equal, false otherwise - */ - public boolean equals(Object other) - { - if( other instanceof X509CRLEntry ) { - try { - X509CRLEntry xe = (X509CRLEntry) other; - if( getEncoded().length != xe.getEncoded().length ) - return false; - - byte b1[] = getEncoded(); - byte b2[] = xe.getEncoded(); - - for( int i = 0; i < b1.length; i++ ) - if( b1[i] != b2[i] ) - return false; - - } catch( CRLException crle ) { - return false; - } - return true; - } - return false; - } - - /** - Returns a hash code for this X509CRLEntry in its encoded - form. - - @return A hash code of this class - */ - public int hashCode() - { - return super.hashCode(); - } - - /** - Gets the DER ASN.1 encoded format for this CRL Entry, - the inner SEQUENCE. - - @return byte array containg encoded form - - @throws CRLException if an error occurs - */ - public abstract byte[] getEncoded() throws CRLException; - - /** - Gets the serial number for <I>userCertificate</I> in - this X509CRLEntry. - - @return the serial number for this X509CRLEntry. - */ - public abstract BigInteger getSerialNumber(); - - - /** - Gets the revocation date in <I>revocationDate</I> for - this X509CRLEntry. - - @return the revocation date for this X509CRLEntry. - */ - public abstract Date getRevocationDate(); - - - /** - Checks if this X509CRLEntry has extensions. - - @return true if it has extensions, false otherwise - */ - public abstract boolean hasExtensions(); - - - /** - Returns a string that represents this X509CRLEntry. - - @return a string representing this X509CRLEntry. - */ - public abstract String toString(); - -} diff --git a/libjava/java/security/cert/X509Certificate.java b/libjava/java/security/cert/X509Certificate.java deleted file mode 100644 index 46f47f615d5..00000000000 --- a/libjava/java/security/cert/X509Certificate.java +++ /dev/null @@ -1,444 +0,0 @@ -/* X509Certificate.java --- X.509 Certificate class - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.math.BigInteger; -import java.security.Principal; -import java.security.PublicKey; -import java.security.NoSuchAlgorithmException; -import java.security.InvalidKeyException; -import java.security.NoSuchProviderException; -import java.security.SignatureException; -import java.util.Date; - -/** - X509Certificate is the abstract class for X.509 certificates. - This provides a stanard class interface for accessing all - the attributes of X.509 certificates. - - In June 1996, the basic X.509 v3 format was finished by - ISO/IEC and ANSI X.9. The ASN.1 DER format is below: - - Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } - - These certificates are widely used in various Internet - protocols to support authentication. It is used in - Privacy Enhanced Mail (PEM), Transport Layer Security (TLS), - Secure Sockets Layer (SSL), code signing for trusted software - distribution, and Secure Electronic Transactions (SET). - - The certificates are managed and vouched for by - <I>Certificate Authorities</I> (CAs). CAs are companies or - groups that create certificates by placing the data in the - X.509 certificate format and signing it with their private - key. CAs serve as trusted third parties by certifying that - the person or group specified in the certificate is who - they say they are. - - The ASN.1 defintion for <I>tbsCertificate</I> is - - TBSCertificate ::= SEQUENCE { - version [0] EXPLICIT Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - extensions [3] EXPLICIT Extensions OPTIONAL - -- If present, version shall be v3 - } - - Version ::= INTEGER { v1(0), v2(1), v3(2) } - - CertificateSerialNumber ::= INTEGER - - Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - UniqueIdentifier ::= BIT STRING - - SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } - - Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - - Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - - - Certificates are created with the CertificateFactory. - For more information about X.509 certificates, consult - rfc2459. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public abstract class X509Certificate extends Certificate implements X509Extension -{ - - /** - Constructs a new certificate of the specified type. - */ - protected X509Certificate() - { - super( "X.509" ); - } - - /** - Checks the validity of the X.509 certificate. It is valid - if the current date and time are within the period specified - by the certificate. - - The ASN.1 DER encoding is: - - validity Validity, - - Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Consult rfc2459 for more information. - - @throws CertificateExpiredException if the certificate expired - @throws CertificateNotYetValidException if the certificate is - not yet valid - */ - public abstract void checkValidity() - throws CertificateExpiredException, - CertificateNotYetValidException; - - /** - Checks the validity of the X.509 certificate for the - specified time and date. It is valid if the specified - date and time are within the period specified by - the certificate. - - @throws CertificateExpiredException if the certificate expired - based on the date - @throws CertificateNotYetValidException if the certificate is - not yet valid based on the date - */ - public abstract void checkValidity(Date date) - throws CertificateExpiredException, - CertificateNotYetValidException; - - /** - Returns the version of this certificate. - - The ASN.1 DER encoding is: - - version [0] EXPLICIT Version DEFAULT v1, - - Version ::= INTEGER { v1(0), v2(1), v3(2) } - - Consult rfc2459 for more information. - - @return version number of certificate - */ - public abstract int getVersion(); - - /** - Gets the serial number for serial Number in - this Certifcate. It must be a unique number - unique other serial numbers from the granting CA. - - The ASN.1 DER encoding is: - - serialNumber CertificateSerialNumber, - - CertificateSerialNumber ::= INTEGER - - Consult rfc2459 for more information. - - @return the serial number for this X509CRLEntry. - */ - public abstract BigInteger getSerialNumber(); - - /** - Returns the issuer (issuer distinguished name) of the - Certificate. The issuer is the entity who signed - and issued the Certificate. - - The ASN.1 DER encoding is: - - issuer Name, - - Name ::= CHOICE { - RDNSequence } - - RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - - RelativeDistinguishedName ::= - SET OF AttributeTypeAndValue - - AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - - AttributeType ::= OBJECT IDENTIFIER - - AttributeValue ::= ANY DEFINED BY AttributeType - - DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1.. MAX)), - bmpString BMPString (SIZE (1..MAX)) } - - Consult rfc2459 for more information. - - @return the issuer in the Principal class - */ - public abstract Principal getIssuerDN(); - - /** - Returns the subject (subject distinguished name) of the - Certificate. The subject is the entity who the Certificate - identifies. - - The ASN.1 DER encoding is: - - subject Name, - - Consult rfc2459 for more information. - - @return the issuer in the Principal class - */ - public abstract Principal getSubjectDN(); - - /** - Returns the date that this certificate is not to be used - before, <I>notBefore</I>. - - The ASN.1 DER encoding is: - - validity Validity, - - Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Consult rfc2459 for more information. - - @return the date <I>notBefore</I> - */ - public abstract Date getNotBefore(); - - /** - Returns the date that this certificate is not to be used - after, <I>notAfter</I>. - - @return the date <I>notAfter</I> - */ - public abstract Date getNotAfter(); - - - /** - Returns the <I>tbsCertificate</I> from the certificate. - - @return the DER encoded tbsCertificate - - @throws CertificateEncodingException if encoding error occured - */ - public abstract byte[] getTBSCertificate() throws CertificateEncodingException; - - /** - Returns the signature in its raw DER encoded format. - - The ASN.1 DER encoding is: - - signatureValue BIT STRING - - Consult rfc2459 for more information. - - @return byte array representing signature - */ - public abstract byte[] getSignature(); - - /** - Returns the signature algorithm used to sign the CRL. - An examples is "SHA-1/DSA". - - The ASN.1 DER encoding is: - - signatureAlgorithm AlgorithmIdentifier, - - AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - - Consult rfc2459 for more information. - - The algorithm name is determined from the OID. - - @return a string with the signature algorithm name - */ - public abstract String getSigAlgName(); - - - /** - Returns the OID for the signature algorithm used. - Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\ - - The ASN.1 DER encoding for the example is: - - id-dsa-with-sha1 ID ::= { - iso(1) member-body(2) us(840) x9-57 (10040) - x9cm(4) 3 } - - Consult rfc2459 for more information. - - @return a string containing the OID. - */ - public abstract String getSigAlgOID(); - - - /** - Returns the AlgorithmParameters in the encoded form - for the signature algorithm used. - - If access to the parameters is need, create an - instance of AlgorithmParameters. - - @return byte array containing algorithm parameters, null - if no parameters are present in certificate - */ - public abstract byte[] getSigAlgParams(); - - - /** - Returns the issuer unique ID for this certificate. - - The ASN.1 DER encoding is: - - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - - UniqueIdentifier ::= BIT STRING - - Consult rfc2459 for more information. - - @return bit representation of <I>issuerUniqueID</I> - */ - public abstract boolean[] getIssuerUniqueID(); - - /** - Returns the subject unique ID for this certificate. - - The ASN.1 DER encoding is: - - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - - UniqueIdentifier ::= BIT STRING - - Consult rfc2459 for more information. - - @return bit representation of <I>subjectUniqueID</I> - */ - public abstract boolean[] getSubjectUniqueID(); - - /** - Returns a boolean array representing the <I>KeyUsage</I> - extension for the certificate. The KeyUsage (OID = 2.5.29.15) - defines the purpose of the key in the certificate. - - The ASN.1 DER encoding is: - - id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - - KeyUsage ::= BIT STRING { - digitalSignature (0), - nonRepudiation (1), - keyEncipherment (2), - dataEncipherment (3), - keyAgreement (4), - keyCertSign (5), - cRLSign (6), - encipherOnly (7), - decipherOnly (8) } - - Consult rfc2459 for more information. - - @return bit representation of <I>KeyUsage</I> - */ - public abstract boolean[] getKeyUsage(); - - /** - Returns the certificate constraints path length from the - critical BasicConstraints extension, (OID = 2.5.29.19). - - The basic constraints extensions is used to determine if - the subject of the certificate is a Certificate Authority (CA) - and how deep the certification path may exist. The - <I>pathLenConstraint</I> only takes affect if <I>cA</I> - is set to true. "A value of zero indicates that only an - end-entity certificate may follow in the path." (rfc2459) - - The ASN.1 DER encoding is: - - id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } - - BasicConstraints ::= SEQUENCE { - cA BOOLEAN DEFAULT FALSE, - pathLenConstraint INTEGER (0..MAX) OPTIONAL } - - Consult rfc2459 for more information. - - @return the length of the path constraint if BasicConstraints - is present and cA is TRUE. Otherwise returns -1. - */ - public abstract int getBasicConstraints(); - - -} diff --git a/libjava/java/security/cert/X509Extension.java b/libjava/java/security/cert/X509Extension.java deleted file mode 100644 index bba72c010aa..00000000000 --- a/libjava/java/security/cert/X509Extension.java +++ /dev/null @@ -1,102 +0,0 @@ -/* X509Extension.java --- X.509 Extension - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.util.Set; - -/** - Public abstract interface for the X.509 Extension. - - This is used for X.509 v3 Certificates and CRL v2 (Certificate - Revocation Lists) for managing attributes assoicated with - Certificates, for managing the hierarchy of certificates, - and for managing the distribution of CRL. This extension - format is used to define private extensions. - - Each extensions for a certificate or CRL must be marked - either critical or non-critical. If the certificate/CRL - system encounters a critical extension not recognized then - it must reject the certificate. A non-critical extension - may be just ignored if not recognized. - - - The ASN.1 definition for this class is: - - Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - - Extension ::= SEQUENCE { - extnId OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING - -- contains a DER encoding of a value - -- of the type registered for use with - -- the extnId object identifier value - } - - @author Mark Benvenuto - - @since JDK 1.2 -*/ -public abstract interface X509Extension -{ - - /** - Returns true if the certificate contains a critical extension - that is not supported. - - @return true if has unsupported extension, false otherwise - */ - public boolean hasUnsupportedCriticalExtension(); - - /** - Returns a set of the CRITICAL extension OIDs from the - certificate/CRL that the object implementing this interface - manages. - - @return A Set containing the OIDs. If there are no CRITICAL - extensions or extensions at all this returns null. - */ - public Set getCriticalExtensionOIDs(); - - /** - Returns a set of the NON-CRITICAL extension OIDs from the - certificate/CRL that the object implementing this interface - manages. - - @return A Set containing the OIDs. If there are no NON-CRITICAL - extensions or extensions at all this returns null. - */ - public Set getNonCriticalExtensionOIDs(); - - /** - Returns the DER encoded OCTET string for the specified - extension value identified by a OID. The OID is a string - of number seperated by periods. Ex: 12.23.45.67 - */ - public byte[] getExtensionValue(String oid); - -} |