diff options
| author | Andrew John Hughes <gnu_andrew@member.fsf.org> | 2006-05-03 21:33:24 +0000 |
|---|---|---|
| committer | Andrew John Hughes <gnu_andrew@member.fsf.org> | 2006-05-03 21:33:24 +0000 |
| commit | 940e4db75683240c9a097b812e973e1009ab56c4 (patch) | |
| tree | f8ccf9d28d0187f82242548af232ada92f68a61f | |
| parent | 480ccb4bfcc622c1ce320c20ce992188187f7573 (diff) | |
| download | classpath-940e4db75683240c9a097b812e973e1009ab56c4.tar.gz | |
2006-05-03 Andrew John Hughes <gnu_andrew@member.fsf.org>
* Merge of HEAD --> generics-branch for the period
2005/05/01 to 2005/05/03 (branch of 0.91 for release)
69 files changed, 10572 insertions, 1242 deletions
@@ -1,3 +1,314 @@ +2006-05-03 Andrew John Hughes <gnu_andrew@member.fsf.org> + + * include/Makefile.am: + Added rules for gnu.java.net.local.LocalSocketImpl.h + * include/java_lang_VMSystem.h: + Regenerated correctly. + +2006-05-03 Sven de Marothy <sven@physto.se> + + PR 24023, 24701 + * java/awt/Image.java: + (getScaledInstance): Default to AreaAveraging for "smooth", + don't thrown an error on illegal flag values. + * java/awt/image/AreaAveragingScaleFilter.java: Implement. + +2006-05-03 Robert Schuster <robertschuster@fsfe.org> + + * javax/swing/text/FieldView.java: + (adjustAllocation): Added if-block to return null when shape argument + is null. + * javax/swing/text/PlainView.java: + (updateDamage): Added if-block to return early if a is null. + +2006-05-03 Robert Schuster <robertschuster@fsfe.org> + + * javax/swing/plaf/basic/BasicTextUI.java: + (changeUpdate): Added note. + (removeUpdate): Dito. + (insertUpdate): Dito. + (damageRange): Added if-block to return early. + (modelToView): Added check of getVisibleEditorRect's return value. + (getVisibleEditorRect): Return null instead of empty rectangle. + * javax/swing/text/DefaultCaret.java: + (clearHighlight): Removed if-clause to create a highlight entry if it + did not exist before. + * javax/swing/text/WrappedPlainView.java: + (WrappedLine.modelToView): Throw exception if allocation area is empty, + removed 2nd part of if-expression. + (WrappedLine.updateDamage): Added more documentation, added check + whether allocation area rectangle is null. + +2006-05-03 Audrius Meskauskas <AudriusA@Bioinformatics.org> + + * javax/swing/JSplitPane.java (setDividerLocation(int)): + Reset to preferred sizes if the argument is negative. + +2006-05-03 David Gilbert <david.gilbert@object-refinery.com> + + * javax/swing/JList.java: Added/updated API docs. + +2006-05-03 Lillian Angel <langel@redhat.com> + + * javax/swing/JComponent.java + (getRoot): New private function. Gets the root appropriate + for painting. If an applet exists as a parent, then it is returned. + (paintDoubleBuffered): Changed to use new function. + * javax/swing/RepaintManager.java + (getRoot): New private function. Gets the root appropriate + for painting. If an applet exists as a parent, then it is returned. + (getOffscreenBuffer): Changed to use new function. + * javax/swing/SwingUtilties.java + (getRoot): Reverted last patch to return Window, even if + an Applet exists. + +2006-05-03 Raif S. Naffah <raif@swiftdsl.com.au> + + * gnu/javax/crypto/jce/keyring/GnuKeyring.java: Re-implemented using + a pair of one public keyring and one private keyring. + * gnu/javax/crypto/keyring/GnuPublicKeyring.java (log): New field. + (containsCertificate): Added logging. + (getCertificate): Likewise. + (putCertificate): Likewsie. + (load): Likewise. + (store): Likewise. + * gnu/javax/crypto/keyring/GnuPrivateKeyring.java (log): New field. + (containsPrivateKey): Added logging. + (getPrivateKey): Likewise. + (putPrivateKey): Likewise. + (containsPublicKey): Likewise. + (getPublicKey): Likewise. + (putPublicKey): Likewise. + (containsCertPath): Likewise. + (getCertPath): Likewise. + (putCertPath): Likewise. + (load): Likewise. + (store): Likewise. + +2006-05-03 Roman Kennke <kennke@aicas.com> + + * gnu/java/awt/java2d/AlphaCompositeContext.java: New class. + * java/awt/AlphaComposite.java + (createContext): Implemented. + +2006-05-03 Audrius Meskauskas <AudriusA@Bioinformatics.org> + + * gnu/java/awt/peer/gtk/GdkGraphics2D.java (drawRaster): + Set the current color again after drawing the raster. + +2006-05-03 Audrius Meskauskas <AudriusA@Bioinformatics.org> + + * javax/swing/text/WrappedPlainView.java (WrappedLine.modelToView): + Do not check pos < currLineEnd if currLineStart == currLineEnd. + +2006-05-03 Raif S. Naffah <raif@swiftdsl.com.au> + + * tools/gnu/classpath/tools/keytool/Command.java (getCallbackHandler): + Assign returned value to field handler. + * tools/gnu/classpath/tools/jarsigner/Main.java (getCallbackHandler): + Likewise. + +2006-05-02 Audrius Meskauskas <AudriusA@Bioinformatics.org> + + * javax/swing/ScrollPaneLayout.java (layoutContainer): + Return without action if there is no view in the viewport. + * javax/swing/text/WrappedPlainView.java + (WrappedLine.getPreferredSpan): If metrics == null, update + metrics. + * javax/swing/tree/DefaultTreeModel.java (constructors): + Do not call setRoot, assign the root node directly. + +2006-05-02 Lillian Angel <langel@redhat.com> + + * javax/swing/SwingUtilities.java + (getRoot): Should return the Applet if it exists. + Only return the Window if an Applet has not been + encountered. + +2006-05-02 Lillian Angel <langel@redhat.com> + + * gnu/javax/swing/text/html/parser/support/Parser.java + (readAttributes): Reverted Audrius' last patch. There is + a slight difference in code between the NUMTOKEN and SLASH case. + +2006-05-02 Robert Schuster <robertschuster@fsfe.org> + + * javax/swing/text/JTextComponent.java: + (setText): Throw InternalError from catch-block. + * javax/swing/text/GapContent.java: + (removed): Removed if-expression, changed '>' to '>='. + +2006-05-02 Roman Kennke <kennke@aicas.com> + + * gnu/java/awt/java2d/AbstractGraphics2D.java + (AA_SAMPLING): New constant. + (alpha): New field. Used in the antialiasing renderer. + (edgeTable): New field. Used in the antialiasing renderer. + (AbstractGraphics2D): Initialize rendering hints wrt + anti-aliasing. + (draw): Clip after stroking. Commented out clipping for now, + it seems to be buggy. + (fill): Commented out clipping for now, it seems to be buggy. + (setComposite): Don't create composite context. + (setPaint): Only change paint when parameter is not null. + (translate): Call setClip() so subclasses can update their clip + too. + (clip): Call setClip() so subclasses can update their clip + too. + (drawGlyphVector): Added clipping, but left it commented out + because it's buggy. + (getClipBounds): Returns null when clip is null. + (drawLine): Call rawDrawLine with translation applied. + (filLRect): Call rawFillRect with translation applied. + (fillShape): Added support for anti-aliasing. + (rawSetForeground(int,int,int)): New method. + (rawFillShape): A couple of painting fixes. + (fillScanline): Implemented to call rawDrawLine. + (fillShapeAntialias): New method. Implements an anti-aliasing + shape filler. + (fillScanlineAA): New method. Used for the anti-aliasing + shape filler. + (fillScanlineAlpha): New method. Used for the anti-aliasing + shape filler. + (init): Initialize clip with the device bounds. + (updateOptimization): Fixed the optimization condition. + +2006-05-02 Robert Schuster <robertschuster@fsfe.org> + + * javax/swing/text/GapContent.java: + (GapContent): Restrict size argument by 2. + (insertString): Changed expression from >= to >. + (remove): Changed right side of expression to 'length - 1', changed + exception message. + (getChars): Throw exception if where below 0. + (replace): Replaced call to setPositionsInRange() with + resetMarksAtZero(), removed note. + +2006-05-02 Roman Kennke <kennke@aicas.com> + + PR 27326 + * javax/swing/MenuSelectionManager.java + (setSelectedPath): Rewritten. + +2006-05-02 Audrius Meskauskas <AudriusA@Bioinformatics.org> + + * gnu/javax/swing/text/html/parser/support/Parser.java + (readAttributes): Merge case NUMTOKEN: and case SLASH: + sections. + +2006-05-02 Raif S. Naffah <raif@swiftdsl.com.au> + + * tools/.cvsignore: Added keytool.sh. + * configure.ac: Added tools/keytool.sh to AC_CONFIG_FILES. + +2006-05-02 Raif S. Naffah <raif@swiftdsl.com.au> + + * doc/tools.texinfo: New file. + * doc/Makefile.am: Generate tools documentation. + +2006-05-02 Raif S. Naffah <raif@swiftdsl.com.au> + + * tools/keytool.sh.in: New file. + * tools/gnu/classpath/tools/keytool/CertReqCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/Command.java: Likewise. + * tools/gnu/classpath/tools/keytool/DeleteCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/ExportCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/GenKeyCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/IdentityDBCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/ImportCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/KeyCloneCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/KeyPasswdCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/ListCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/Main.java: Likewise. + * tools/gnu/classpath/tools/keytool/Messages.java: Likewise. + * tools/gnu/classpath/tools/keytool/PrintCertCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/SelfCertCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/StorePasswdCmd.java: Likewise. + * tools/gnu/classpath/tools/keytool/keytool.txt: Likewise. + * tools/gnu/classpath/tools/keytool/package.html: Likewise. + * resource/gnu/classpath/tools/keytool/MessageBundle.properties: Likewise. + +2006-05-02 Raif S. Naffah <raif@swiftdsl.com.au> + + * tools/gnu/classpath/tools/jarsigner/jarsigner.txt: Re-arranged to + resemble more closely man-page style text. + * tools/gnu/classpath/tools/jarsigner/SFHelper.java: + Mark (Eclipse) strings that need not be externalised. + (writeSF): Likewise. + (writeDSA): Likewise. + Use package-private Messages class to provide i18n-ready strings. + (startSigning): + Use package-private Messages class to provide i18n-ready strings. + (updateEntry): Likewise. + Mark (Eclipse) strings that need not be externalised. + (finishSigning): Likewise. + * tools/gnu/classpath/tools/jarsigner/Main.java: + Mark (Eclipse) strings that need not be externalised. + (main): Do not use constant strings as class name. + Use package-private Messages class to provide i18n-ready strings. + Reduced logging level so INFO becomes FINER, and WARNING becomes FINE. + (processArgs): Do not use constant strings as class name. + Mark (Eclipse) strings that need not be externalised. + Reduced logging level so INFO becomes FINER, and WARNING becomes FINE. + (start): Do not use constant strings as class name. + (teardown): Likewise. + Use ProviderUtil. + (setupCommonParams): Do not use constant strings as class name. + Use package-private Messages class to provide i18n-ready strings. + Reduced logging level so INFO becomes FINER, and WARNING becomes FINE. + (installNewProvider): Do not use constant strings as class name. + Use ProviderUtil. + (setupSigningParams): Do not use constant strings as class name. + Use package-private Messages class to provide i18n-ready strings. + Mark (Eclipse) strings that need not be externalised. + (getCallbackHandler): Use CallbackUtil. + * tools/gnu/classpath/tools/jarsigner/JarSigner.java (start): + Use package-private Messages class to provide i18n-ready strings. + Reduced logging level so INFO becomes FINER, and WARNING becomes FINE. + * tools/gnu/classpath/tools/jarsigner/JarVerifier.java (start): Likewise. + (verifySF): Likewise. + (verifySFEntries): Do not use constant strings as class name. + Use Boolean.valueOf instead of new Boolean(). + (verifySFEntry): Mark (Eclipse) strings that need not be externalised. + * resource/gnu/classpath/tools/jarsigner/MessageBundle.properties: + New file. + * tools/gnu/classpath/tools/jarsigner/package.html: Likewise. + * tools/gnu/classpath/tools/jarsigner/Messages.java: Likewise. + +2006-05-02 Raif S. Naffah <raif@swiftdsl.com.au> + + * tools/gnu/classpath/tools/common/CallbackUtil.java: New file. + * tools/gnu/classpath/tools/common/ProviderUtil.java: Likewise. + * tools/gnu/classpath/tools/common/SecurityProviderInfo.java: Likewise. + +2006-05-01 Tom Tromey <tromey@redhat.com> + + * java/nio/ByteBufferImpl.java (compact): Don't reset position + in empty case. + * gnu/java/nio/ChannelReader.java (read): Synchronize. + (close): Synchronize. + * java/nio/ShortBufferImpl.java (compact): Rewrote. + * java/nio/LongBufferImpl.java (compact): Rewrote. + * java/nio/IntBufferImpl.java (compact): Rewrote. + * java/nio/FloatBufferImpl.java (compact): Rewrote. + * java/nio/DoubleBufferImpl.java (compact): Rewrote. + * java/nio/CharBufferImpl.java (compact): Rewrote. + * gnu/java/nio/ChannelWriter.java: New file. + * java/nio/channels/Channels.java (newWriter): Implemented. + +2006-05-01 Lillian Angel <langel@redhat.com> + + * java/util/SimpleTimeZone.java + (SimpleTimeZone): Do not throw exception if startMonth == endMonth. + (SimpleTimeZone): Likewise. + (checkRule): Rewritten to properly check all values (more efficently). + This code is now more stable, at least less buggy than before. Fixed + API documentation. + (setStartRule): Moved checkRule call to end. + (setStartRule): Likewise. + (setEndRule): Likewise. + (setEndRule): Likewise. + 2006-05-01 Tom Tromey <tromey@redhat.com> * lib/.cvsignore: Added classes.2. diff --git a/configure.ac b/configure.ac index af4963067..136d8b249 100644 --- a/configure.ac +++ b/configure.ac @@ -676,6 +676,7 @@ lib/gen-classlist.sh lib/copy-vmresources.sh tools/Makefile tools/jarsigner.sh +tools/keytool.sh examples/Makefile examples/Makefile.jawt]) AC_CONFIG_COMMANDS([gen-classlist],[chmod 755 lib/gen-classlist.sh]) diff --git a/doc/Makefile.am b/doc/Makefile.am index 70100ce95..0bd79538b 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -2,7 +2,7 @@ SUBDIRS = api EXTRA_DIST = README.jaxp -info_TEXINFOS = hacking.texinfo vmintegration.texinfo +info_TEXINFOS = hacking.texinfo vmintegration.texinfo tools.texinfo %.dvi : %.texinfo texi2dvi $< @@ -10,4 +10,4 @@ info_TEXINFOS = hacking.texinfo vmintegration.texinfo %.ps : %.dvi dvips -o $@ $< -docs: hacking.ps vmintegration.ps +docs: hacking.ps vmintegration.ps tools.ps diff --git a/doc/tools.texinfo b/doc/tools.texinfo new file mode 100644 index 000000000..53eadfaae --- /dev/null +++ b/doc/tools.texinfo @@ -0,0 +1,781 @@ +\input texinfo @c -*-texinfo-*- + +@c %**start of header +@setfilename tools.info +@settitle GNU Classpath Tools Guide +@c %**end of header + +@setchapternewpage off + +@ifinfo +This file documents the Tools included in a standard distribution of the GNU +Classpath project deliverables. + +Copyright (C) 2006 Free Software Foundation, Inc. + +@ifnotplaintext +@dircategory GNU Libraries +@direntry +* Classpath Tools: (tools). GNU Classpath Tools Guide +@end direntry +@end ifnotplaintext +@end ifinfo + +@titlepage +@title GNU Classpath Tools Guide +@author Raif S. Naffah + +@page +@vskip 0pt plus 1filll +Copyright @copyright{} 2006 Free Software Foundation, Inc. +@sp 2 +Permission is granted to make and distribute verbatim copies of this document provided the copyright notice and this permission notice are preserved on all copies. + +Permission is granted to copy and distribute modified versions of this document under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. + +Permission is granted to copy and distribute translations of this manual into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. + +@end titlepage + +@ifinfo +@node Top, Security Tools, (dir), (dir) +@top GNU Classpath Tools Guide + +This document contains important information you need to know in order to use +the tools included in the GNU Classpath project deliverables. + +The Tools aim at providing a free replacement, similar in their behavior, to +their counter-parts found in the Reference Implementation (RI) of the Java +Software Development Kit (SDK). + +@end ifinfo + +@menu +* Security Tools:: Work securely with Java applications +* I18N Issues:: How to add support for non-English languages + +@detailmenu + --- The Detailed Node Listing --- + +Security Tools + +* jarsigner Tool:: Sign and verify .JAR files +* keytool Tool:: Manage private keys and public certificates + +I18N Issues + +* Language Resources:: Where resources are located +* Message Formats:: How messages are internationalized + +@end detailmenu +@end menu + +@comment ---------------------------------------------------------------------- + +@node Security Tools, I18N Issues, Top, Top +@comment node-name, next, previous, up +@chapter Security Tools + +Two Security Tools are available with GNU Classpath: @b{jarsugner} and @b{keytool}. + +@menu +* jarsigner Tool:: Sign and verify .JAR files +* keytool Tool:: Manage private keys and public certificates +@end menu + +If while using these tools you think you found a bug, then please report it at @uref{http://www.gnu.org/software/classpath/bugs.html,classpath-bugs}. + +@comment ---------------------------------------------------------------------- + +@node jarsigner Tool, keytool Tool, Security Tools, Security Tools +@comment node-name, next, previous, up +@section The @code{jarsigner} Tool + +@table @b + +@item SYNOPSIS +@code{jarsigner [OPTION]... FILE ALIAS}@* +@code{jarsigner -verify [OPTION]... FILE} + +@item DESCRIPTION +When the first form is used, the tool signs the designated JAR file. + +The second form, on the other hand, is used to verify a previously signed JAR file. + +@code{FILE} is the .JAR file to process; i.e. to sign if the first syntax form is used, or to verify if the second syntax form is used instead. + +@code{ALIAS} must be a known @i{Alias} of a @i{Key Entry} in the designated key store. The private key material associated with this @i{Alias} is then used for signing the designated .JAR file. + +@item SIGNING OPTIONS +@table @b +@item -keystore URL +Use this option to specify the location of the key store to use. The default value is a file URL referencing the file named @file{.keystore} located in the path returned by the call to @code{java.lang.System#getProperty(String)} using @code{user.home} as argument. + +If a URL was specified, but was found to be malformed --e.g. missing protocol element-- the tool will attempt to use the URL value as a file-name (with absolute or relative path-name) of a key store --as if the protocol was @code{file:}. + +@item -storetype STORE_TYPE +Use this option to specify the type of the key store to use. The default value, if this option is omitted, is that of the property @code{keystore.type} in the security properties file, which is obtained by invoking the static method call @code{getDefaultType()} in @code{java.security.KeyStore}. + +@item -storepass PASSWORD +Use this option to specify the password which will be used to unlock the key store. If this option is missing, the User will be prompted to provide a password. + +@item -keypass PASSWORD +Use this option to specify the password which the tool will use to unlock the @i{Key Entry} associated with the designated @i{Alias}. + +If this option is omitted, the tool will first attempt to unlock the @i{Key Entry} using the same password protecting the key store. If this fails, you will then be prompted to provide a password. + +@item -sigfile NAME +Use this option to designate a literal that will be used to construct file names for both the @code{.SF} and @code{.DSA} signature files. These files will be generated, by the tool, and placed in the @file{META-INF} directory of the signed JAR. Permissible characters for @code{NAME} must be in the range "a-zA-Z0-9_-". All characters will be converted to upper-case ones. + +If this option is missing, the first eight characters of the @code{ALIAS} argument will be used. When this is the case, any character in @code{ALIAS} that is outside the permissible range of characters will be replaced by an underscore. + +@item -signedjar FILE_NAME +Use this option to specify the file name of the signed JAR. If this option is omitted, then the signed JAR will be named the same as @code{FILE}; i.e. the input JAR file will be replaced with the signed copy. + +@end table + +@item VERIFICATION OPTIONS +@table @b +@item -verify +Use this option to indicate that the tool is to be used for verification purposes. + +@item -certs +This option is used in conjunction with the @code{-verbose} option. When present, along with the @code{-verbose} option, the tool will print more detailed information about the certificates of the signer(s) being processed. + +@end table + +@item COMMON OPTIONS +@table @b +@item -verbose +Use this option to force the tool to generate more verbose messages, during its processing. + +@item -internalsf +When present, the tool will include --which otherwise it does not-- the @code{.SF} file in the @code{.DSA} generated file. + +@item -sectionsonly +When present, the tool will include in the @code{.SF} generated file --which otherwise it does not-- a header containing a hash of the whole manifest file. When that header is included, the tool can quickly check, during verification, if the hash (in the header) matches or not the manifest file. + +@item -provider PROVIDER_CLASS_NAME +A fully qualified class name of a @i{Security Provider} to add to the current list of @i{Security Providers} already installed in the JVM in-use. If a provider class is specified with this option, and was successfully added to the runtime --i.e. it was not already installed-- then the tool will attempt to remove this @i{Security Provider} before exiting. + +@item -help +Prints a help text similar to this one. + +@end table +@end table + +@comment ---------------------------------------------------------------------- + +@node keytool Tool, , jarsigner Tool, Security Tools +@comment node-name, next, previous, up +@section The @code{keytool} Tool + +@table @b +@item SYNOPSIS +@code{keytool [COMMAND]...} + +@item DESCRIPTION +A Java-based tool for managing both @i{Key Entries} as well as @i{Trusted Certificates}. + +Multiple @code{COMMAND}s may be specified at once, each complete with its own options. @b{keytool} will parse all the arguments, before processing, and executing, each @code{COMMAND}. If an exception occurs while executing one @code{COMMAND} @b{keytool} will abort. + +A @code{COMMAND} can be one of the followings: + +@table @b +@item -genkey [OPTION]@dots{} +Generate a new @i{Key Entry}, eventually creating a new key store. + +@item -import [OPTION]@dots{} +Add, to a key store, @i{Key Entries} (private keys and certificate chains authenticating the public keys) and @i{Trusted Certificates} (3rd party certificates which can be used as @i{Trust Anchors} when building chains-of-trust). + +@item -selfcert [OPTION]@dots{} +Generate a new self-signed @i{Trusted Certificate}. + +@item -identitydb [OPTION]@dots{} +@b{NOT IMPLEMENTED YET}.@* +Import a JDK 1.1 style Identity Database. + +@item -certreq [OPTION]@dots{} +Issue a @i{Certificate Signing Request} (CSR) which can be then sent to a @i{Certification Authority} (CA) to issue a certificate signed (by the CA) and authenticating the @i{Subject} of the request. + +@item -export [OPTION]@dots{} +Export a certificate from a key store. + +@item -list [OPTION]@dots{} +Print one or all certificates in a key store to @code{STDOUT}. + +@item -printcert [OPTION]@dots{} +Print a human-readable form of a certificate, in a designated file, to @code{STDOUT}. + +@item -keyclone [OPTION]@dots{} +Clone a @i{Key Entry} in a key store. + +@item -storepasswd [OPTION]@dots{} +Change the password protecting a key store. + +@item -keypasswd [OPTION]@dots{} +Change the password protecting a @i{Key Entry} in a key store. + +@item -delete [OPTION]@dots{} +Delete a @i{Key Entry} or a @i{Trusted Certificate} from a key store. + +@item -help +Prints a help text similar to this one. + +@end table + +@item OPTIONS COMMON TO MORE THAN ONE COMMAND +The following @code{OPTION}s are used in more than one @code{COMMAND}. They are described here to reduce redundancy. + +@table @b +@anchor{alias} +@item -alias ALIAS +Every entry, be it a @i{Key Entry} or a @i{Trusted Certificate}, in a key store is uniquely identified by a user-defined @i{Alias} string. Use this option to specify the @i{Alias} to use when referring to an entry in the key store. Unless specified otherwise, a default value of @code{mykey} shall be used when this option is omitted from the command line. + +@anchor{keyalg} +@item -keyalg ALGORITHM +Use this option to specify the canonical name of the key-pair generation algorithm. The default value for this option is @code{DSS} (a synonym for the Digital Signature Algorithm also known as DSA). + +@anchor{keysize} +@item -keysize SIZE +Use this option to specify the number of bits of the shared modulus (for both the public and private keys) to use when generating new keys. A default value of @code{1024} will be used if this option is omitted from the command line. + +@anchor{validity} +@item -validity DAY_COUNT +Use this option to specify the number of days a newly generated certificate will be valid for. The default value is @code{90} (days) if this option is omitted from the command line. + +@anchor{storetype} +@item -storetype STORE_TYPE +Use this option to specify the type of the key store to use. The default value, if this option is omitted, is that of the property @code{keystore.type} in the security properties file, which is obtained by invoking the static method call @code{getDefaultType()} in @code{java.security.KeyStore}. + +@anchor{storepass} +@item -storepass PASSWORD +Use this option to specify the password protecting the key store. If this option is omitted from the command line, you will be prompted to provide a password. + +@anchor{keystore} +@item -keystore URL +Use this option to specify the location of the key store to use. The default value is a file URL referencing the file named @file{.keystore} located in the path returned by the call to @code{java.lang.System#getProperty(String)} using @code{user.home} as argument. + +If a URL was specified, but was found to be malformed --e.g. missing protocol element-- the tool will attempt to use the URL value as a file-name (with absolute or relative path-name) of a key store --as if the protocol was @code{file:}. + +@anchor{provider} +@item -provider PROVIDER_CLASS_NAME +A fully qualified class name of a @i{Security Provider} to add to the current list of @i{Security Providers} already installed in the JVM in-use. If a provider class is specified with this option, and was successfully added to the runtime --i.e. it was not already installed-- then the tool will attempt to removed this @i{Security Provider} before exiting. + +@anchor{file} +@item -file FILE_NAME +Use this option to designate a file to use with a command. When specified with this option, the value is expected to be the fully qualified path of a file accessible by the File System. Depending on the command, the file may be used as input or as output. When this option is omitted from the command line, @code{STDIN} will be used instead, as the source of input, and @code{STDOUT} will be used instead as the output destination. + +@anchor{verbose} +@item -v +Unless specified otherwise, use this option to enable more verbose output. + +@end table + +@anchor{dn} +@item X.500 DISTINGUISHED NAME +A @i{Distinguished Name} (or DN) MUST be supplied with some of the @code{COMMAND}s using a @code{-dname} option. The syntax of a valid value for this option MUST follow RFC-2253 specifications. Namely the following components (with their accepted meaning) will be recognized. Note that the component name is case-insensitive: + +@ftable @var +@item CN +The Common Name; e.g. @kbd{host.domain.com} +@item OU +The Organizational Unit; e.g. @kbd{IT Department} +@item O +The Organization Name; e.g. @kbd{The Sample Company} +@item L +The Locality Name; e.g. @kbd{Sydney} +@item ST +The State Name; e.g. @kbd{New South Wales} +@item C +The 2-letter Country identifier; e.g. @kbd{AU} +@end ftable + +When specified with a @code{-dname} option, each pair of component/value will be separated from the other with a comma. Each component and value pair MUST be separated by an equal sign. For example, the following is a valid DN value:@* + +@format +CN=host.domain.com, O=The Sample Company, L=Sydney, ST=NSW, C=AU +@end format +@* +If the @i{Distinguished Name} is required, and no valid default value can be used, the tool will prompt you to enter the information through the console. + +@item -genkey COMMAND +Generate a new key-pair (both private and public keys), and save these credentials in the key store as a @i{Key Entry}, associated with the designated (if was specified in the @code{-alias} option) or default (if the @code{-alias} option is omitted) @i{Alias}. + +The private key material will be protected with a user-defined password (see @code{-keypass} option). The public key on the other hand will be part of a self-signed X.509 certificate, which will form a 1-element chain and will be saved in the key store. + +@table @b +@item -alias ALIAS +For more details @pxref{alias,, ALIAS}. + +@item -keyalg ALGORITHM +For more details @pxref{keyalg,, ALGORITHM}. + +@item -keysize KEY_SIZE +For more details @pxref{keysize,, KEY_SIZE}. + +@item -sigalg ALGORITHM +The canonical name of the digital signature algorithm to use for signing certificates. If this option is omitted, a default value will be chosen based on the type of the key-pair; i.e. the algorithm that ends up being used by the -keyalg option. If the key-pair generation algorithm is @code{DSA}, the value for the signature algorithm will be @code{SHA1withDSA}. If on the other hand the key-pair generation algorithm is @code{RSA}, then the tool will use @code{MD5withRSA} as the signature algorithm. + +@item -dname NAME +This a mandatory value for the command. If no value is specified --i.e. the @code{-dname} option is omitted-- the tool will prompt you to enter a @i{Distinguished Name} to use as both the @i{Owner} and @i{Issuer} of the generated self-signed certificate. + +For more details @pxref{dn,, X.500 DISTINGUISHED NAME}. + +@item -keypass PASSWORD +Use this option to specify the password which the tool will use to protect the newly created @i{Key Entry}. + +If this option is omitted, you will be prompted to provide a password. + +@item -validity DAY_COUNT +For more details @pxref{validity,, DAY_COUNT}. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table + +@item -import COMMAND +Read an X.509 certificate, or a PKCS#7 @i{Certificate Reply} from a designated input source and incorporate the certificates into the key store. + +If the @i{Alias} does not already exist in the key store, the tool treats the certificate read from the input source as a new @i{Trusted Certificate}. It then attempts to discover a chain-of-trust, starting from that certificate and ending at another @i{Trusted Certificate}, already stored in the key store. If the @code{-trustcacerts} option is present, an additional key store, of type @code{JKS} named @file{cacerts}, and assumed to be present in @file{$@{JAVA_HOME@}/lib/security} will also be consulted if found --@code{$@{JAVA_HOME@}} refers to the location of an installed @i{Java Runtime Environment} (JRE). If no chain-of-trust can be established, and unless the @code{-noprompt} option has been specified, the certificate is printed to @code{STDOUT} and the user is prompted for a confirmation. + +If @i{Alias} exists in the key store, the tool will treat the certificate(s) read from the input source as a @i{Certificate Reply}, which can be a chain of certificates, that eventually would replace the chain of certificates associated with the @i{Key Entry} of that @i{Alias}. The substitution of the certificates only occurs if a chain-of-trust can be established between the bottom certificate of the chain read from the input file and the @i{Trusted Certificates} already present in the key store. Again, if the @code{-trustcacerts} option is specified, additional @i{Trusted Certificates} in the same @file{cacerts} key store will be considered. If no chain-of-trust can be established, the operation will abort. + +@table @b +@item -alias ALIAS +For more details @pxref{alias,, ALIAS}. + +@item -file FILE_NAME +For more details @pxref{file,, FILE_NAME}. + +@item -keypass PASSWORD +Use this option to specify the password which the tool will use to protect the @i{Key Entry} associated with the designated @i{Alias}, when replacing this @i{Alias}' chain of certificates with that found in the certificate reply. + +If this option is omitted, and the chain-of-trust for the certificate reply has been established, the tool will first attempt to unlock the @i{Key Entry} using the same password protecting the key store. If this fails, you will then be prompted to provide a password. + +@item -noprompt +Use this option to prevent the tool from prompting the user. + +@item -trustcacerts +Use this option to indicate to the tool that a key store, of type @code{JKS}, named @file{cacerts}, and usually located in @file{lib/security} in an installed @i{Java Runtime Environment} should be considered when trying to establish chain-of-trusts. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table + +@item -selfcert COMMAND +Generate a self-signed X.509 version 1 certificate. The newly generated certificate will form a chain of one element which will replace the previous chain associated with the designated @i{Alias} (if @code{-alias} option was specified), or the default @i{Alias} (if @code{-alias} option was omitted). + +@table @b +@item -alias ALIAS +For more details @pxref{alias,, ALIAS}. + +@item -sigalg ALGORITHM +The canonical name of the digital signature algorithm to use for signing the certificate. If this option is omitted, a default value will be chosen based on the type of the private key associated with the designated @i{Alias}. If the private key is a @code{DSA} one, the value for the signature algorithm will be @code{SHA1withDSA}. If on the other hand the private key is an @code{RSA} one, then the tool will use @code{MD5withRSA} as the signature algorithm. + +@item -dname NAME +Use this option to specify the @i{Distinguished Name} of the newly generated self-signed certificate. If this option is omitted, the existing @i{Distinguished Name} of the base certificate in the chain associated with the designated @i{Alias} will be used instead. + +For more details @pxref{dn,, X.500 DISTINGUISHED NAME}. + +@item -validity DAY_COUNT +For more details @pxref{validity,, DAY_COUNT}. + +@item -keypass PASSWORD +Use this option to specify the password which the tool will use to unlock the @i{Key Entry} associated with the designated @i{Alias}. + +If this option is omitted, the tool will first attempt to unlock the @i{Key Entry} using the same password protecting the key store. If this fails, you will then be prompted to provide a password. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table + +@item -identitydb COMMAND +@b{NOT IMPLEMENTED YET}. + +Import a JDK 1.1 style Identity Database. + +@table @b +@item -file FILE_NAME +For more details @pxref{file,, FILE_NAME}. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table + +@item -certreq COMMAND +Generate a PKCS#10 @i{Certificate Signing Request} (CSR) and writes it to a designated output destination. The contents of the destination should look something like the following: + +@example +-----BEGIN NEW CERTIFICATE REQUEST----- +MI...QAwXzEUMBIGA1UEAwwLcnNuQGdudS5vcmcxGzAZBgNVBAoMElUg +Q2...A0GA1UEBwwGU3lkbmV5MQwwCgYDVQQIDANOU1cxCzAJBgNVBACC +... +FC...IVwNVOfQLRX+O5kAhQ/a4RTZme2L8PnpvgRwrf7Eg8D6w== +-----END NEW CERTIFICATE REQUEST----- +@end example + +@b{IMPORTANT}: Some documentation (e.g. RSA examples) claims that the @code{Attributes} field, in the CSR is @code{OPTIONAL} while RFC-2986 implies the opposite. This implementation considers this field, by default, as @code{OPTIONAL}, unless the option @code{-attributes} is specified on the command line. + +@table @b +@item -alias ALIAS +For more details @pxref{alias,, ALIAS}. + +@item -sigalg ALGORITHM +The canonical name of the digital signature algorithm to use for signing the certificate. If this option is omitted, a default value will be chosen based on the type of the private key associated with the designated @i{Alias}. If the private key is a @code{DSA} one, the value for the signature algorithm will be @code{SHA1withDSA}. If on the other hand the private key is an @code{RSA} one, then the tool will use @code{MD5withRSA} as the signature algorithm. + +@item -file FILE_NAME +For more details @pxref{file,, FILE_NAME}. + +@item -keypass PASSWORD +Use this option to specify the password which the tool will use to unlock the @i{Key Entry} associated with the designated @i{Alias}. + +If this option is omitted, the tool will first attempt to unlock the @i{Key Entry} using the same password protecting the key store. If this fails, you will then be prompted to provide a password. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@item -attributes +Use this option to force the tool to encode a @code{NULL} DER value in the CSR as the value of the @code{Attributes} field. + +@end table + +@item -export COMMAND +Export a certificate stored in the key store to a designated output destination, either in binary format (if the @code{-v} option is specified), or in RFC-1421 compliant encoding (if the @code{-rfc} option is specified +instead). + +@table @b +@item -alias ALIAS +For more details @pxref{alias,, ALIAS}. + +@item -file FILE_NAME +For more details @pxref{file,, FILE_NAME}. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -rfc +Use RFC-1421 specifications when encoding the output. + +@item -v +Output the certificate in binary DER encoding. This is the default output format of the command if neither @code{-rfc} nor @code{-v} options were detected on the command line. If both this option and the @code{-rfc} option are detected on the command line, the tool will opt for the RFC-1421 style encoding. + +@end table + +@item -list COMMAND +Print one or all of the key store entries to @code{STDOUT}. Usually this command will only print a @i{fingerprint} of the certificate, unless either the @code{-rfc} or the @code{-v} option is specified. + +@table @b +@item -alias ALIAS +If this option is omitted, the tool will print ALL the entries found in the key store. + +For more details @pxref{alias,, ALIAS}. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -rfc +Use RFC-1421 specifications when encoding the output. + +@item -v +Output the certificate in human-readable format. If both this option and the @code{-rfc} option are detected on the command line, the tool will opt for the human-readable form and will not abort the command. + +@end table + +@item -printcert COMMAND +Read a certificate from a designated input source and print it to @code{STDOUT} in a human-readable form. + +@table @b +@item -file FILE_NAME +For more details @pxref{file,, FILE_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table + +@item -keyclone COMMAND +Clone an existing @i{Key Entry} and store it under a new (different) @i{Alias} protecting, its private key material with possibly a new password. + +@table @b +@item -alias ALIAS +For more details @pxref{alias,, ALIAS}. + +@item -dest ALIAS +Use this option to specify the new @i{Alias} which will be used to identify the cloned copy of the @i{Key Entry}. + +@item -keypass PASSWORD +Use this option to specify the password which the tool will use to unlock the @i{Key Entry} associated with the designated @i{Alias}. + +If this option is omitted, the tool will first attempt to unlock the @i{Key Entry} using the same password protecting the key store. If this fails, you will then be prompted to provide a password. + +@item -new PASSWORD +Use this option to specify the password protecting the private key material of the newly cloned copy of the @i{Key Entry}. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table + +@item -storepasswd COMMAND +Change the password protecting a key store. + +@table @b +@item -new PASSWORD +The new, and different, password which will be used to protect the designated key store. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table + +@item -keypasswd COMMAND +Change the password protecting the private key material of a designated @i{Key Entry}. + +@table @b +@item -alias ALIAS +For more details @pxref{alias,, ALIAS}. + +@item -keypass PASSWORD +Use this option to specify the password which the tool will use to unlock the @i{Key Entry} associated with the designated @i{Alias}. + +If this option is omitted, the tool will first attempt to unlock the @i{Key Entry} using the same password protecting the key store. If this fails, you will then be prompted to provide a password. + +@item -new PASSWORD +The new, and different, password which will be used to protect the private key material of the designated @i{Key Entry}. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table + +@item -delete COMMAND +Delete a designated key store entry. + +@table @b +@item -alias ALIAS +For more details @pxref{alias,, ALIAS}. + +@item -storetype STORE_TYPE +For more details @pxref{storetype,, STORE_TYPE}. + +@item -keystore URL +For more details @pxref{keystore,, URL}. + +@item -storepass PASSWORD +For more details @pxref{storepass,, PASSWORD}. + +@item -provider PROVIDER_CLASS_NAME +For more details @pxref{provider,, PROVIDER_CLASS_NAME}. + +@item -v +For more details @pxref{verbose}. + +@end table +@end table + +@comment ---------------------------------------------------------------------- + +@node I18N Issues, , Security Tools, Top +@comment node-name, next, previous, up +@chapter I18N Issues + +Some tools --@pxref{Security Tools}-- allow using other than the English language when prompting the User for input, and outputing messages. This chapter describes the elements used to offer this support and how they can be adapted for use with specific languages. + +@menu +* Language Resources:: Where resources are located +* Message Formats:: How messages are internationalized +@end menu + +@comment ---------------------------------------------------------------------- + +@node Language Resources, Message Formats, I18N Issues, I18N Issues +@comment node-name, next, previous, up +@section Language-Specific Resources + +The Tools use Java @code{ResourceBundle}s to store messages, and message templates they use at runtime to generate the message text itself, depending on the locale in use at the time. + +The @i{Resource Bundles} these tools use are essentially Java @i{Properties} files consisting of a set of @i{Name/Value} pairs. The @i{Name} is the @i{Propery Name} and the @i{Value} is a substitution string that is used when the code references the associated @i{Name}. For example the following is a line in a @i{Resource Bundle} used by the @code{keytool} Tool: + +@example +Command.23=A correct key password MUST be provided +@end example + +When the tool needs to signal a mandatory but missing key password, it would reference the property named @code{Command.23} and the message "@kbd{A correct key password MUST be provided}" will be used instead. This indirect referencing of "resources" permits replacing, as late as possible, the English strings with strings in other languages, provided of course @i{Resource Bundles} in those languages are provided. + +For the GNU Classpath Tools described in this Guide, the @i{Resource Bundles} are files named @file{MessageBundle[_ll[_CC[_VV]]].properties} where: + +@ftable @var +@item ll +Is the 2-letter code for the Language, +@item CC +Is the 2-letter code for the Region, and +@item VV +Is the 2-letter code for the Variant of the language. +@end ftable + +The complete list of language codes can be found at @uref{http://ftp.ics.uci.edu/pub/ietf/http/related/iso639.txt, Code for the representation of names of languages}. A similar list for the region codes can be found at @uref{http://userpage.chemie.fu-berlin.de/diverse/doc/ISO_3166.html, ISO 3166 Codes (Countries)}. + +The location of the @i{Resource Bundles} for the GNU Classpath Tools is specific to each tool. The next table shows where these files are found in a standard GNU Classpath distribution: + +@ftable @code +@item jarsigner +@file{gnu/classpath/tools/jarsigner} +@item keytool +@file{gnu/classpath/tools/keytool} +@end ftable + +The collection of @i{Resource Bundles} in a location act as an inverted tree with a parent-child relationship. For example suppose in the @file{gnu/classpath/tools/keytool} there are 3 message bundles named: + +@enumerate +@item @code{MessageBundle.properties} +@item @code{MessageBundle_fr.properties} +@item @code{MessageBundle_fr_FR.properties} +@end enumerate + +In the above example, bundle #1 will act as the parent of bundle #2, which in turn will act as the parent for bundle #3. This ordering is used by the Java runtime to choose which file to load based on the set Locale. For example if the Locale is @code{fr_CH}, @code{MessageBundle_fr.properties} will be used because (a) @code{MessageBundle_fr_CH.properties} does not exist, but (b) @code{MessageBundle_fr.properties} is the parent for the required bundle, and it exists. As another example, suppose the Locale was set to @code{en_AU}; then the tool will end up using @code{MessageBundle.properties} because (a) @code{MessageBundle_en_AU.properties} does not exist, (b) @code{MessageBundle_en.properties} which is the parent for the required bundle does not exist, but (c) @code{MessageBundle.properties} exists and is the root of the hierarchy. + +You can see from the examples above that @file{MessageBundle.properties} is the safety net that the Java runtime falls back to when failing to find a specific bunlde and its parent(s). This file is always provided with the Tool. In time, more localized versions will be included to cater for other languages. + +In the meantime, if you are willing to contribute localized versions of these resources, grab the @file{MessageBundle.properties} for a specific tool; translate it; save it with the appropriate language and region suffix and mail it to @code{classpath@@gnu.org}. + +@comment ---------------------------------------------------------------------- + +@node Message Formats, , Language Resources, I18N Issues +@comment node-name, next, previous, up +@section Message Formats + +If you open any of the @file{MessageBundle.properties} described in the previous section, you may see properties that look like so: + +@example +Command.67=Issuer: @{0@} +Command.68=Serial number: @{0,number@} +Command.69=Valid from: @{0,date,full@} - @{0,time,full@} +Command.70=\ \ \ \ \ until: @{0,date,full@} - @{0,time,full@} +@end example + +These are @i{Message Formats} used by the tools to customize a text string that will then be used either as a prompt for User input or as output. + +If you are translating a @file{MessageBundle.properties} be careful not to alter text between curly braces. + +@comment ---------------------------------------------------------------------- + +@bye diff --git a/gnu/java/awt/java2d/AbstractGraphics2D.java b/gnu/java/awt/java2d/AbstractGraphics2D.java index 7338a327e..845c2206e 100644 --- a/gnu/java/awt/java2d/AbstractGraphics2D.java +++ b/gnu/java/awt/java2d/AbstractGraphics2D.java @@ -42,14 +42,12 @@ import java.awt.AlphaComposite; import java.awt.BasicStroke; import java.awt.Color; import java.awt.Composite; -import java.awt.CompositeContext; import java.awt.Font; import java.awt.FontMetrics; import java.awt.Graphics; import java.awt.Graphics2D; import java.awt.Image; import java.awt.Paint; -import java.awt.PaintContext; import java.awt.Polygon; import java.awt.Rectangle; import java.awt.RenderingHints; @@ -78,6 +76,7 @@ import java.awt.image.RenderedImage; import java.awt.image.renderable.RenderableImage; import java.text.AttributedCharacterIterator; import java.util.ArrayList; +import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -92,6 +91,13 @@ public abstract class AbstractGraphics2D { /** + * Accuracy of the sampling in the anti-aliasing shape filler. + * Lower values give more speed, while higher values give more quality. + * It is advisable to choose powers of two. + */ + private static final int AA_SAMPLING = 8; + + /** * The transformation for this Graphics2D instance */ private AffineTransform transform; @@ -132,24 +138,25 @@ public abstract class AbstractGraphics2D private RenderingHints renderingHints; /** - * The paint context to use for draw and fill operations. + * The paint raster. */ - private PaintContext paintContext; + private Raster paintRaster; /** - * The paint raster. + * A cached pixel array. */ - private Raster paintRaster; + private int[] pixel; /** - * The composite context to use for draw and fill operations. + * Stores the alpha values for a scanline in the anti-aliasing shape + * renderer. */ - private CompositeContext compositeContext; + private transient int[] alpha; /** - * A cached pixel array. + * The edge table for the scanline conversion algorithms. */ - private int[] pixel; + private transient ArrayList[] edgeTable; /** * Indicates if cerain graphics primitives can be rendered in an optimized @@ -176,8 +183,12 @@ public abstract class AbstractGraphics2D background = Color.WHITE; composite = AlphaComposite.SrcOver; stroke = new BasicStroke(); - renderingHints = new RenderingHints(RenderingHints.KEY_RENDERING, - RenderingHints.VALUE_RENDER_DEFAULT); + HashMap hints = new HashMap(); + hints.put(RenderingHints.KEY_TEXT_ANTIALIASING, + RenderingHints.VALUE_TEXT_ANTIALIAS_DEFAULT); + hints.put(RenderingHints.KEY_ANTIALIASING, + RenderingHints.VALUE_ANTIALIAS_DEFAULT); + renderingHints = new RenderingHints(hints); pixel = new int[4]; } @@ -190,15 +201,18 @@ public abstract class AbstractGraphics2D */ public void draw(Shape shape) { - // Clip the shape. - Shape clipped = clipShape(shape); - if (clipped != null) - { - // Stroke the shape. - Shape strokedShape = stroke.createStrokedShape(clipped); - // Fill the shape. - fillShape(strokedShape); - } + // Stroke the shape. + Shape strokedShape = stroke.createStrokedShape(shape); + + // Clip the stroked shape. +// Shape clipped = clipShape(strokedShape); +// if (clipped != null) +// { +// // Fill the shape. +// fillShape(clipped, false); +// } + // FIXME: Clipping doesn't seem to work. + fillShape(strokedShape, false); } public boolean drawImage(Image image, AffineTransform xform, ImageObserver obs) @@ -290,9 +304,10 @@ public abstract class AbstractGraphics2D */ public void fill(Shape shape) { - Shape clipped = clipShape(shape); - if (clipped != null) - fillShape(shape); +// Shape clipped = clipShape(shape); +// if (clipped != null) +// fillShape(clipped, false); + fillShape(shape, false); } public boolean hit(Rectangle rect, Shape text, boolean onStroke) @@ -309,9 +324,6 @@ public abstract class AbstractGraphics2D public void setComposite(Composite comp) { composite = comp; - compositeContext = composite.createContext(getColorModel(), - getDestinationColorModel(), - renderingHints); if (! (comp.equals(AlphaComposite.SrcOver))) isOptimized = false; else @@ -325,14 +337,17 @@ public abstract class AbstractGraphics2D */ public void setPaint(Paint p) { - paint = p; - - if (paint != null && ! (paint instanceof Color)) - isOptimized = false; - else + if (p != null) { - updateOptimization(); - rawSetForeground((Color) paint); + paint = p; + + if (! (paint instanceof Color)) + isOptimized = false; + else + { + updateOptimization(); + rawSetForeground((Color) paint); + } } } @@ -423,6 +438,7 @@ public abstract class AbstractGraphics2D Rectangle r = (Rectangle) clip; r.x -= x; r.y -= y; + setClip(r); } else { @@ -660,6 +676,8 @@ public abstract class AbstractGraphics2D Rectangle clipRect = (Rectangle) clip; Rectangle r = (Rectangle) s; computeIntersection(r.x, r.y, r.width, r.height, clipRect); + // Call setClip so that subclasses get notified. + setClip(clipRect); } else { @@ -678,6 +696,8 @@ public abstract class AbstractGraphics2D current.intersect(intersect); clip = current; isOptimized = false; + // Call setClip so that subclasses get notified. + setClip(clip); } } @@ -700,14 +720,18 @@ public abstract class AbstractGraphics2D AffineTransform t = new AffineTransform(); t.translate(x, y); - // TODO: We could use fill(gv.getOutline()), but that doesn't seem - // to work yet with the font infrastructure I use. +// // TODO: We could use fill(gv.getOutline()), but that seems to be + // slightly more inefficient. for (int i = 0; i < numGlyphs; i++) { //fill(gv.getGlyphVisualBounds(i)); GeneralPath p = new GeneralPath(gv.getGlyphOutline(i)); p.transform(t); - fill(p); + //Shape clipped = clipShape(p); + //if (clipped != null) + // fillShape(clipped, true); + // FIXME: Clipping doesn't seem to work correctly. + fillShape(p, true); } } @@ -828,7 +852,10 @@ public abstract class AbstractGraphics2D */ public Rectangle getClipBounds() { - return clip.getBounds(); + Rectangle b = null; + if (clip != null) + b = clip.getBounds(); + return b; } /** @@ -896,7 +923,11 @@ public abstract class AbstractGraphics2D public void drawLine(int x1, int y1, int x2, int y2) { if (isOptimized) - rawDrawLine(x1, y1, x2, y2); + { + int tx = (int) transform.getTranslateX(); + int ty = (int) transform.getTranslateY(); + rawDrawLine(x1 + tx, y1 + ty, x2 + tx, y2 + ty); + } else { Line2D line = new Line2D.Double(x1, y1, x2, y2); @@ -915,7 +946,11 @@ public abstract class AbstractGraphics2D public void fillRect(int x, int y, int width, int height) { if (isOptimized) - rawFillRect(x, y, width, height); + { + int tx = (int) transform.getTranslateX(); + int ty = (int) transform.getTranslateY(); + rawFillRect(x + tx, y + ty, width, height); + } else { fill(new Rectangle(x, y, width, height)); @@ -1100,12 +1135,32 @@ public abstract class AbstractGraphics2D * current clip. * * @param s the shape to fill + * @param isFont <code>true</code> if the shape is a font outline */ - protected void fillShape(Shape s) + protected void fillShape(Shape s, boolean isFont) { + // Determine if we need to antialias stuff. + boolean antialias = false; + if (isFont) + { + Object v = renderingHints.get(RenderingHints.KEY_TEXT_ANTIALIASING); + // We default to antialiasing on for text as long as we have no + // good hinting implemented. + antialias = (v == RenderingHints.VALUE_TEXT_ANTIALIAS_ON + || v == RenderingHints.VALUE_TEXT_ANTIALIAS_DEFAULT); + } + else + { + Object v = renderingHints.get(RenderingHints.KEY_ANTIALIASING); + antialias = (v == RenderingHints.VALUE_ANTIALIAS_ON); + } + + // Flatten the path. TODO: Determine the best flattening factor + // wrt to speed and quality. PathIterator path = s.getPathIterator(getTransform(), 1.0); + // Build up polygons and let the native backend render this using - // rawFillPolygon() which would provide a default implementation for + // rawFillShape() which would provide a default implementation for // drawPixel using a PolyScan algorithm. double[] seg = new double[6]; @@ -1154,7 +1209,12 @@ public abstract class AbstractGraphics2D path.next(); } if (segs.size() > 0) - rawFillShape(segs, minX, minY, maxX, maxY); + { + if (antialias) + fillShapeAntialias(segs, minX, minY, maxX, maxY); + else + rawFillShape(segs, minX, minY, maxX, maxY); + } } /** @@ -1193,6 +1253,11 @@ public abstract class AbstractGraphics2D */ protected abstract void rawSetForeground(Color c); + protected void rawSetForeground(int r, int g, int b) + { + rawSetForeground(new Color(r, g, b)); + } + /** * Returns the color model of this Graphics object. * @@ -1341,12 +1406,6 @@ public abstract class AbstractGraphics2D for (Iterator i = segs.iterator(); i.hasNext();) { PolyEdge edge = (PolyEdge) i.next(); - - // Horizontal edges are not needed and make things only more - // complicated. Skip them. - if (Math.ceil(edge.y0) == Math.ceil(edge.y1)) - continue; - int yindex = (int) ((int) Math.ceil(edge.y0) - (int) Math.ceil(minY)); if (edgeTable[yindex] == null) // Create bucket when needed. edgeTable[yindex] = new ArrayList(); @@ -1376,7 +1435,7 @@ public abstract class AbstractGraphics2D for (Iterator i = activeEdges.iterator(); i.hasNext();) { PolyEdge edge = (PolyEdge) i.next(); - if (y >= edge.y0 && y >= edge.y1) + if (y > edge.y1) i.remove(); else { @@ -1416,43 +1475,309 @@ public abstract class AbstractGraphics2D } // Now draw all pixels inside the polygon. - int x0 = 0; // Gets initialized in the first else branch below. + // This is the last edge that intersected the scanline. + PolyEdge previous = null; // Gets initialized below. boolean active = false; //System.err.println("scanline: " + y); for (Iterator i = activeEdges.iterator(); i.hasNext();) { PolyEdge edge = (PolyEdge) i.next(); + // Only fill scanline, if the current edge actually intersects + // the scanline. There may be edges that lie completely + // within the current scanline. + //System.err.println("previous: " + previous); //System.err.println("edge: " + edge); - int x = (int) edge.xIntersection; if (active) { - fillScanline(x0, x, y); - active = false; + if (edge.y1 > y) + { + int x0 = (int) previous.xIntersection; + int x1 = (int) edge.xIntersection; + fillScanline(x0, x1, y); + previous = edge; + active = false; + } } else { - x0 = x; - active = true; + if (edge.y1 > y) + { + previous = edge; + active = true; + } + } + } + } + } + + /** + * Paints a scanline between x0 and x1. + * + * @param x0 the left offset + * @param x1 the right offset + * @param y the scanline + */ + protected void fillScanline(int x0, int x1, int y) + { + if (paint instanceof Color && composite == AlphaComposite.SrcOver) + { + rawDrawLine(x0, y, x1, y); + } + else + { + throw new UnsupportedOperationException("Not yet implemented."); + } + } + + /** + * Fills arbitrary shapes in an anti-aliased fashion. + * + * @param segs the line segments which define the shape which is to be filled + * @param minX the bounding box, left X + * @param minY the bounding box, upper Y + * @param maxX the bounding box, right X + * @param maxY the bounding box, lower Y + */ + private void fillShapeAntialias(ArrayList segs, double minX, double minY, + double maxX, double maxY) + { + // This is an implementation of a polygon scanline conversion algorithm + // described here: + // http://www.cs.berkeley.edu/~ug/slide/pipeline/assignments/scan/ + // The antialiasing is implemented using a sampling technique, we do + // not scan whole lines but fractions of the line. + + // This array will contain the oversampled transparency values for + // each pixel in the scanline. + int numScanlines = (int) Math.ceil(maxY) - (int) minY; + int numScanlinePixels = (int) Math.ceil(maxX) - (int) minX + 1; + if (alpha == null || alpha.length < (numScanlinePixels + 1)) + alpha = new int[numScanlinePixels + 1]; + + int firstLine = (int) minY; + //System.err.println("minY: " + minY); + int firstSubline = (int) (Math.ceil((minY - Math.floor(minY)) * AA_SAMPLING)); + double firstLineDouble = firstLine + firstSubline / (double) AA_SAMPLING; + //System.err.println("firstSubline: " + firstSubline); + + // Create table of all edges. + // The edge buckets, sorted and indexed by their Y values. + //System.err.println("numScanlines: " + numScanlines); + if (edgeTable == null + || edgeTable.length < numScanlines * AA_SAMPLING + AA_SAMPLING) + edgeTable = new ArrayList[numScanlines * AA_SAMPLING + AA_SAMPLING]; + + //System.err.println("firstLineDouble: " + firstLineDouble); + + for (Iterator i = segs.iterator(); i.hasNext();) + { + PolyEdge edge = (PolyEdge) i.next(); + int yindex = (int) (Math.ceil((edge.y0 - firstLineDouble) * AA_SAMPLING)); + //System.err.println("yindex: " + yindex + " for y0: " + edge.y0); + // Initialize edge's slope and initial xIntersection. + edge.slope = ((edge.x1 - edge.x0) / (edge.y1 - edge.y0)) / AA_SAMPLING; + if (edge.y0 == edge.y1) // Horizontal edge. + edge.xIntersection = Math.min(edge.x0, edge.x1); + else + { + double alignedFirst = Math.ceil(edge.y0 * AA_SAMPLING) / AA_SAMPLING; + edge.xIntersection = edge.x0 + (edge.slope * AA_SAMPLING) * (alignedFirst - edge.y0); + } + //System.err.println(edge); + // FIXME: Sanity check should not be needed when clipping works. + if (yindex >= 0 && yindex < edgeTable.length) + { + if (edgeTable[yindex] == null) // Create bucket when needed. + edgeTable[yindex] = new ArrayList(); + edgeTable[yindex].add(edge); // Add edge to the bucket of its line. + } + } + + // The activeEdges list contains all the edges of the current scanline + // ordered by their intersection points with this scanline. + ArrayList activeEdges = new ArrayList(); + PolyEdgeComparator comparator = new PolyEdgeComparator(); + + // Scan all lines. + int yindex = 0; + //System.err.println("firstLine: " + firstLine + ", maxY: " + maxY + ", firstSubline: " + firstSubline); + for (int y = firstLine; y <= maxY; y++) + { + for (int subY = firstSubline; subY < AA_SAMPLING; subY++) + { + //System.err.println("scanline: " + y + ", subScanline: " + subY); + ArrayList bucket = edgeTable[yindex]; + // Update all the x intersections in the current activeEdges table + // and remove entries that are no longer in the scanline. + for (Iterator i = activeEdges.iterator(); i.hasNext();) + { + PolyEdge edge = (PolyEdge) i.next(); + // TODO: Do the following using integer arithmetics. + if ((y + ((double) subY / (double) AA_SAMPLING)) > edge.y1) + i.remove(); + else + { + edge.xIntersection += edge.slope; + //System.err.println("edge: " + edge); + //edge.xIntersection = edge.x0 + edge.slope * (y - edge.y0); + //System.err.println("edge.xIntersection: " + edge.xIntersection); + } + } + + if (bucket != null) + { + activeEdges.addAll(bucket); + edgeTable[yindex].clear(); + } + + // Sort current edges. We are using a bubble sort, because the order + // of the intersections will not change in most situations. They + // will only change, when edges intersect each other. + int size = activeEdges.size(); + if (size > 1) + { + for (int i = 1; i < size; i++) + { + PolyEdge e1 = (PolyEdge) activeEdges.get(i - 1); + PolyEdge e2 = (PolyEdge) activeEdges.get(i); + if (comparator.compare(e1, e2) > 0) + { + // Swap e2 with its left neighbor until it 'fits'. + int j = i; + do + { + activeEdges.set(j, e1); + activeEdges.set(j - 1, e2); + j--; + if (j >= 1) + e1 = (PolyEdge) activeEdges.get(j - 1); + } while (j >= 1 && comparator.compare(e1, e2) > 0); + } + } + } + + // Now draw all pixels inside the polygon. + // This is the last edge that intersected the scanline. + PolyEdge previous = null; // Gets initialized below. + boolean active = false; + //System.err.println("scanline: " + y + ", subscanline: " + subY); + for (Iterator i = activeEdges.iterator(); i.hasNext();) + { + PolyEdge edge = (PolyEdge) i.next(); + // Only fill scanline, if the current edge actually intersects + // the scanline. There may be edges that lie completely + // within the current scanline. + //System.err.println("previous: " + previous); + //System.err.println("edge: " + edge); + if (active) + { + // TODO: Use integer arithmetics here. + if (edge.y1 > (y + (subY / (double) AA_SAMPLING))) + { + //System.err.println(edge); + // TODO: Eliminate the aligments. + int x0 = (int) Math.min(Math.max(previous.xIntersection, minX), maxX); + int x1 = (int) Math.min(Math.max(edge.xIntersection, minX), maxX); + //System.err.println("minX: " + minX + ", x0: " + x0 + ", x1: " + x1 + ", maxX: " + maxX); + // TODO: Pull out cast. + alpha[x0 - (int) minX]++; + alpha[x1 - (int) minX + 1]--; + previous = edge; + active = false; + } + } + else + { + // TODO: Use integer arithmetics here. + if (edge.y1 > (y + (subY / (double) AA_SAMPLING))) + { + //System.err.println(edge); + previous = edge; + active = true; + } + } } + yindex++; } + firstSubline = 0; + // Render full scanline. + //System.err.println("scanline: " + y); + fillScanlineAA(alpha, (int) minX, (int) y, numScanlinePixels); } + if (paint instanceof Color && composite == AlphaComposite.SrcOver) + rawSetForeground((Color) paint); } /** - * Fills a horizontal line between x0 and x1 with the current paint and - * composize. Backends should override this if they want to accelerate - * general shape drawing. They should respect the current paint and - * composite though (or call super for these tasks). It is not necessary - * to clip the line. + * Fills a horizontal line between x0 and x1 for anti aliased rendering. + * the alpha array contains the deltas of the alpha values from one pixel + * to the next. * + * @param alpha the alpha values in the scanline * @param x0 the beginning of the scanline - * @param x1 the end of the scanline * @param y the y coordinate of the line */ - protected void fillScanline(int x0, int x1, int y) + private void fillScanlineAA(int[] alpha, int x0, int y, int numScanlinePixels) { - for (int x = x0; x < x1; x++) - drawPixel(x, y); + int lastX = x0; + int lastAlpha = 0; + for (int i = 0; i < numScanlinePixels; i++) + { + if (alpha[i] == 0) + continue; + if (lastAlpha > 0) + { + //System.err.println("rawDrawScanline: " + lastX + ", " + (i+x0) + ", " + lastAlpha); + // TODO: Avoid double arithmetic. + fillScanlineAlpha(lastX, i + x0, y, lastAlpha); + } + lastAlpha += alpha[i]; + alpha[i] = 0; + lastX = i + x0; + } + if (lastAlpha > 0) + // TODO: Avoid double arithmetic. + fillScanlineAlpha(lastX, x0 + numScanlinePixels, y, lastAlpha); + } + + /** + * Renders one scanline with alpha sampling for anti-aliased shape rendering. + * + * @param x0 the start offset + * @param x1 the end offset + * @param y the scanline + * @param sample the sample value, relative to AA_SAMPLING + */ + private void fillScanlineAlpha(int x0, int x1, int y, int sample) + { + if (paint instanceof Color && composite == AlphaComposite.SrcOver) + { + // FIXME: We should composite over current pixels, not over the + // background color. + Color fg = (Color) paint; + if (sample < AA_SAMPLING) + { + Color bg = background; + int bgShare = (AA_SAMPLING - sample); + int red = (fg.getRed() * sample + bg.getRed() * bgShare) + / AA_SAMPLING; + int green = (fg.getGreen() * sample + bg.getGreen() * bgShare) + / AA_SAMPLING; + int blue = (fg.getBlue() * sample + bg.getBlue() * bgShare) + / AA_SAMPLING; + rawSetForeground(red, green, blue); + fillScanline(x0, x1 - 1, y); + } + else + { + rawSetForeground(fg); + fillScanline(x0, x1 - 1, y); + } + } + else + { + throw new UnsupportedOperationException("Not yet implemented"); + } } /** @@ -1464,6 +1789,10 @@ public abstract class AbstractGraphics2D setPaint(Color.BLACK); setFont(new Font("SansSerif", Font.PLAIN, 12)); isOptimized = true; + + // FIXME: Should not be necessary. A clip of null should mean + // 'clip against device bounds. + clip = getDeviceBounds(); } //protected abstract Raster getDestinationRaster(int x, int y, int w, int h); @@ -1476,11 +1805,13 @@ public abstract class AbstractGraphics2D private void updateOptimization() { int transformType = transform.getType(); - boolean optimizedTransform = - (transformType & - (AffineTransform.TYPE_TRANSLATION | AffineTransform.TYPE_IDENTITY)) != 0; + boolean optimizedTransform = false; + if (transformType == AffineTransform.TYPE_IDENTITY + || transformType == AffineTransform.TYPE_TRANSLATION) + optimizedTransform = true; - isOptimized = clip instanceof Rectangle + boolean optimizedClip = (clip == null || clip instanceof Rectangle); + isOptimized = optimizedClip && optimizedTransform && paint instanceof Color && composite == AlphaComposite.SrcOver && stroke.equals(new BasicStroke()); diff --git a/gnu/java/awt/java2d/AlphaCompositeContext.java b/gnu/java/awt/java2d/AlphaCompositeContext.java new file mode 100644 index 000000000..e01296f2d --- /dev/null +++ b/gnu/java/awt/java2d/AlphaCompositeContext.java @@ -0,0 +1,356 @@ +/* AlphaCompositeContext.java -- CompositeContext impl for AlphaComposite + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.awt.java2d; + +import java.awt.AWTError; +import java.awt.AlphaComposite; +import java.awt.CompositeContext; +import java.awt.image.ColorModel; +import java.awt.image.DataBuffer; +import java.awt.image.Raster; +import java.awt.image.WritableRaster; + +/** + * A CompositeContext implementation for {@link AlphaComposite}. + * + * @author Roman Kennke (kennke@aicas.com) + */ +public class AlphaCompositeContext + implements CompositeContext +{ + + /** + * The Composite object for which we perform compositing. + */ + private AlphaComposite composite; + + /** + * The source color model. + */ + private ColorModel srcColorModel; + + /** + * The destination color model. + */ + private ColorModel dstColorModel; + + /** + * The blending factor for the source. + */ + private float fs; + + /** + * The blending factor for the destination. + */ + private float fd; + + /** + * Creates a new AlphaCompositeContext. + * + * @param aComp the AlphaComposite object + * @param srcCM the source color model + * @param dstCM the destination color model + */ + public AlphaCompositeContext(AlphaComposite aComp, ColorModel srcCM, + ColorModel dstCM) + { + composite = aComp; + srcColorModel = srcCM; + dstColorModel = dstCM; + + + // Determine the blending factors according to the rule in the + // AlphaComposite. For some rules the factors must be determined + // dynamically because they depend on the actual pixel value. + switch (composite.getRule()) + { + case AlphaComposite.CLEAR: + fs = 0.F; + fd= 0.F; + break; + case AlphaComposite.DST: + fs = 0.F; + fd= 1.F; + break; + case AlphaComposite.DST_ATOP: + fs = 1.F; // Determined later as 1 - alpha_dst; + fd = 1.F; // Determined later as alpha_src; + break; + case AlphaComposite.DST_IN: + fs = 0.F; + fd = 0.F; // Determined later as alpha_src; + break; + case AlphaComposite.DST_OUT: + fs = 0.F; + fd = 0.F; // Determined later as 1 - alpha_src; + break; + case AlphaComposite.DST_OVER: + fs = 1.F; // Determined later as 1 - alpha_dst. + fd= 1.F; + break; + case AlphaComposite.SRC: + fs = 1.F; + fd= 0.F; + break; + case AlphaComposite.SRC_ATOP: + fs = 1.F; // Determined later as alpha_dst; + fd = 1.F; // Determined later as 1 - alpha_src; + break; + case AlphaComposite.SRC_IN: + fs = 0.F; // Determined later as alpha_dst; + fd = 0.F; + break; + case AlphaComposite.SRC_OUT: + fs = 0.F; // Determined later as 1 - alpha_dst; + fd = 0.F; + break; + case AlphaComposite.SRC_OVER: + fs = 1.F; + fd= 1.F; // Determined later as 1 - alpha_src. + break; + case AlphaComposite.XOR: + fs = 1.F; // Determined later as 1 - alpha_dst. + fd= 1.F; // Determined later as 1 - alpha_src. + break; + default: + throw new AWTError("Illegal AlphaComposite rule"); + } + + } + + /** + * Releases all resources held by this composite object. + */ + public void dispose() + { + // Nothing to do here yet. + } + + /** + * Performs compositing according to the rules specified in the + * AlphaComposite from the constructor. + */ + public void compose(Raster src, Raster dstIn, WritableRaster dstOut) + { + + // TODO: This implementation is very general and highly inefficient. There + // are two possible ways to optimize this: + // 1. Special cased implementations for common ColorModels and transfer + // types. + // 2. Native implementation. + + int x0 = src.getMinX(); + int y0 = src.getMinY(); + int width = src.getWidth(); + int height = src.getHeight(); + int x1 = x0 + width; + int y1 = x0 + height; + + Object srcPixel = null; + Object dstPixel = null; + + // Prepare the array that holds the color and alpha components of the + // source pixels. + float[] srcComponents; + int srcComponentsLength = srcColorModel.getNumComponents(); + if (! srcColorModel.hasAlpha()) + srcComponentsLength += 1; + srcComponents = new float[srcComponentsLength]; + + // Prepare the array that holds the color and alpha components of the + // destination pixels. + float[] dstComponents; + int dstComponentsLength = dstColorModel.getNumComponents(); + if (! dstColorModel.hasAlpha()) + dstComponentsLength += 1; + dstComponents = new float[dstComponentsLength]; + + if (srcComponentsLength != dstComponentsLength) + throw new AWTError("The color models of the source and destination have" + + "incompatible number of color components"); + + int srcTransferType = srcColorModel.getTransferType(); + int dstTransferType = dstColorModel.getTransferType(); + + for (int y = y0; y < y1; y++) + { + for (int x = x0; x < x1; x++) + { + // Fetch source pixel. + switch (srcTransferType) + { + case DataBuffer.TYPE_INT: + srcPixel = src.getPixel(x, y, (int[]) srcPixel); + break; + case DataBuffer.TYPE_FLOAT: + srcPixel = src.getPixel(x, y, (float[]) srcPixel); + break; + case DataBuffer.TYPE_DOUBLE: + srcPixel = src.getPixel(x, y, (double[]) srcPixel); + break; + default: + throw new AWTError("Invalid transfer type for source raster"); + } + // Fetch destination pixel. + switch (dstTransferType) + { + case DataBuffer.TYPE_INT: + dstPixel = dstIn.getPixel(x, y, (int[]) dstPixel); + break; + case DataBuffer.TYPE_FLOAT: + dstPixel = dstIn.getPixel(x, y, (float[]) dstPixel); + break; + case DataBuffer.TYPE_DOUBLE: + dstPixel = dstIn.getPixel(x, y, (double[]) dstPixel); + break; + default: + throw new AWTError("Invalid transfer type for source raster"); + } + + // Get normalized components. This is the only type that is + // guaranteed to be supported by all ColorModels. + srcComponents = + srcColorModel.getNormalizedComponents(srcPixel, srcComponents, 0); + if (! srcColorModel.hasAlpha()) + srcComponents[srcComponentsLength - 1] = 1.0F; + dstComponents = + dstColorModel.getNormalizedComponents(dstPixel, srcComponents, 0); + if (! dstColorModel.hasAlpha()) + dstComponents[dstComponentsLength - 1] = 1.0F; + + // Prepare the input. + float compositeAlpha = composite.getAlpha(); + srcComponents[srcComponentsLength - 1] *= compositeAlpha; + if (srcColorModel.isAlphaPremultiplied()) + { + for (int i = srcComponentsLength - 2; i >= 0; i++) + srcComponents[i] *= compositeAlpha; + } + else + { + for (int i = srcComponentsLength - 2; i >= 0; i++) + srcComponents[i] *= srcComponents[srcComponentsLength - 1]; + } + if (! dstColorModel.isAlphaPremultiplied()) + { + for (int i = dstComponentsLength - 2; i >= 0; i++) + dstComponents[i] *= dstComponents[dstComponents.length - 1]; + } + + // Determine the blending factors according to the rule in the + // AlphaComposite. For some rules the factors must be determined + // dynamically because they depend on the actual pixel value. + float srcAlpha = srcComponents[srcComponentsLength - 1]; + float dstAlpha = dstComponents[dstComponentsLength - 1]; + switch (composite.getRule()) + { + case AlphaComposite.DST_ATOP: + fs = 1.F - dstAlpha; + fd = srcAlpha; + break; + case AlphaComposite.DST_IN: + fd = srcAlpha; + break; + case AlphaComposite.DST_OUT: + fd = 1.F - srcAlpha; + break; + case AlphaComposite.DST_OVER: + fs = 1.F - dstAlpha; + break; + case AlphaComposite.SRC_ATOP: + fs = srcAlpha; + fd = 1.F - srcAlpha; + break; + case AlphaComposite.SRC_IN: + fs = dstAlpha; + break; + case AlphaComposite.SRC_OUT: + fs = 1.F - dstAlpha; + break; + case AlphaComposite.SRC_OVER: + fd= 1.F - srcAlpha; + break; + case AlphaComposite.XOR: + fs = 1.F - dstAlpha; + fd= 1.F - srcAlpha; + break; + default: + // For the other cases the factors have already been determined + // in the constructor. + } + + // Apply the blending equation to the pixels. + for (int i = 0; i < srcComponentsLength; i++) + { + dstComponents[i] = srcComponents[i] * fs + + dstComponents[i] * fd; + } + + // Convert the result back when the destination is not + // alpha-premultiplied. + dstAlpha = dstComponents[dstComponentsLength - 1]; + if (!dstColorModel.isAlphaPremultiplied() && dstAlpha != 0.F) + { + for (int i = 0; i < dstComponentsLength - 1; i++) + { + dstComponents[i] = dstComponents[i] / dstAlpha; + } + } + + // Store the result in the destination raster. + dstPixel = dstColorModel.getDataElements(dstComponents, 0, + dstPixel); + switch (dstTransferType) + { + case DataBuffer.TYPE_INT: + dstOut.setPixel(x, y, (int[] ) dstPixel); + break; + case DataBuffer.TYPE_FLOAT: + dstOut.setPixel(x, y, (float[] ) dstPixel); + break; + case DataBuffer.TYPE_DOUBLE: + dstOut.setPixel(x, y, (double[] ) dstPixel); + break; + } + + } // End X loop. + } // End Y loop. + } + +} diff --git a/gnu/java/awt/peer/gtk/GdkGraphics2D.java b/gnu/java/awt/peer/gtk/GdkGraphics2D.java index 195304dce..323d5614a 100644 --- a/gnu/java/awt/peer/gtk/GdkGraphics2D.java +++ b/gnu/java/awt/peer/gtk/GdkGraphics2D.java @@ -1229,7 +1229,10 @@ public class GdkGraphics2D extends Graphics2D drawPixels(pixels, r.getWidth(), r.getHeight(), r.getWidth(), i2u); updateBufferedImage(); - + + // Cairo seems loosing the current color. + setColor(fg); + return true; } diff --git a/gnu/java/nio/ChannelReader.java b/gnu/java/nio/ChannelReader.java index 44fe6625a..1e7372d2e 100644 --- a/gnu/java/nio/ChannelReader.java +++ b/gnu/java/nio/ChannelReader.java @@ -92,120 +92,126 @@ public class ChannelReader extends Reader public int read(char[] buf, int offset, int count) throws IOException { - // I declared channel being null meaning that the reader is closed. - if (!channel.isOpen()) - throw new IOException("Reader was already closed."); - - // I declared decoder being null meaning that there is no more data to read - // and convert. - if (decoder == null) - return -1; - - // Stores the amount of character being read. It -1 so that if no conversion - // occured the caller will see this as an 'end of file'. - int sum = -1; - - // Copies any characters which may be left from the last invocation into the - // destination array. - if (charBuffer.remaining() > 0) + synchronized (lock) { - sum = Math.min(count, charBuffer.remaining()); - charBuffer.get(buf, offset, sum); - - // Updates the control variables according to the latest copy operation. - offset += sum; - count -= sum; - } - - // Copies the character which have not been put in the destination array to - // the beginning. If data is actually copied count will be 0. If no data is - // copied count is >0 and we can now convert some more characters. - charBuffer.compact(); - - int converted = 0; - boolean last = false; - - while (count != 0) - { - // Tries to convert some bytes (Which will intentionally fail in the - // first place because we have not read any bytes yet.) - CoderResult result = decoder.decode(byteBuffer, charBuffer, last); - if (result.isMalformed() || result.isUnmappable()) - { - // JDK throws exception when bytes are malformed for sure. - // FIXME: Unsure what happens when a character is simply - // unmappable. - result.throwException(); - } - - // Marks that we should end this loop regardless whether the caller - // wants more chars or not, when this was the last conversion. - if (last) + // I declared channel being null meaning that the reader is closed. + if (!channel.isOpen()) + throw new IOException("Reader was already closed."); + + // I declared decoder being null meaning that there is no more data to read + // and convert. + if (decoder == null) + return -1; + + // Stores the amount of character being read. It -1 so that if no conversion + // occured the caller will see this as an 'end of file'. + int sum = -1; + + // Copies any characters which may be left from the last invocation into the + // destination array. + if (charBuffer.remaining() > 0) { - decoder = null; + sum = Math.min(count, charBuffer.remaining()); + charBuffer.get(buf, offset, sum); + + // Updates the control variables according to the latest copy operation. + offset += sum; + count -= sum; } - else if (result.isUnderflow()) + + // Copies the character which have not been put in the destination array to + // the beginning. If data is actually copied count will be 0. If no data is + // copied count is >0 and we can now convert some more characters. + charBuffer.compact(); + + int converted = 0; + boolean last = false; + + while (count != 0) { - // We need more bytes to do the conversion. - - // Copies the not yet converted bytes to the beginning making it - // being able to receive more bytes. - byteBuffer.compact(); - - // Reads in another bunch of bytes for being converted. - if (channel.read(byteBuffer) == -1) + // Tries to convert some bytes (Which will intentionally fail in the + // first place because we have not read any bytes yet.) + CoderResult result = decoder.decode(byteBuffer, charBuffer, last); + if (result.isMalformed() || result.isUnmappable()) { - // If there is no more data available in the channel we mark - // that state for the final character conversion run which is - // done in the next loop iteration. - last = true; + // JDK throws exception when bytes are malformed for sure. + // FIXME: Unsure what happens when a character is simply + // unmappable. + result.throwException(); } - - // Prepares the byteBuffer for the next character conversion run. - byteBuffer.flip(); + + // Marks that we should end this loop regardless whether the caller + // wants more chars or not, when this was the last conversion. + if (last) + { + decoder = null; + } + else if (result.isUnderflow()) + { + // We need more bytes to do the conversion. + + // Copies the not yet converted bytes to the beginning making it + // being able to receive more bytes. + byteBuffer.compact(); + + // Reads in another bunch of bytes for being converted. + if (channel.read(byteBuffer) == -1) + { + // If there is no more data available in the channel we mark + // that state for the final character conversion run which is + // done in the next loop iteration. + last = true; + } + + // Prepares the byteBuffer for the next character conversion run. + byteBuffer.flip(); + } + + // Prepares the charBuffer for being drained. + charBuffer.flip(); + + converted = Math.min(count, charBuffer.remaining()); + charBuffer.get(buf, offset, converted); + + // Copies characters which have not yet being copied into the char-Array + // to the beginning making it possible to read them later (If data is + // really copied here, then the caller has received enough characters so + // far.). + charBuffer.compact(); + + // Updates the control variables according to the latest copy operation. + offset += converted; + count -= converted; + + // Updates the amount of transferred characters. + sum += converted; + + if (decoder == null) + { + break; + } + + // Now that more characters have been transfered we let the loop decide + // what to do next. } - - // Prepares the charBuffer for being drained. + + // Makes the charBuffer ready for reading on the next invocation. charBuffer.flip(); - - converted = Math.min(count, charBuffer.remaining()); - charBuffer.get(buf, offset, converted); - - // Copies characters which have not yet being copied into the char-Array - // to the beginning making it possible to read them later (If data is - // really copied here, then the caller has received enough characters so - // far.). - charBuffer.compact(); - - // Updates the control variables according to the latest copy operation. - offset += converted; - count -= converted; - - // Updates the amount of transferred characters. - sum += converted; - - if (decoder == null) - { - break; - } - - // Now that more characters have been transfered we let the loop decide - // what to do next. + + return sum; } - - // Makes the charBuffer ready for reading on the next invocation. - charBuffer.flip(); - - return sum; } public void close() throws IOException { - channel.close(); + synchronized (lock) + { + channel.close(); - // Makes sure all intermediate data is released by the decoder. - if (decoder != null) - decoder.reset(); + // Makes sure all intermediate data is released by the decoder. + if (decoder != null) + decoder.reset(); + } } } diff --git a/gnu/java/nio/ChannelWriter.java b/gnu/java/nio/ChannelWriter.java new file mode 100644 index 000000000..8e533ccbf --- /dev/null +++ b/gnu/java/nio/ChannelWriter.java @@ -0,0 +1,190 @@ +/* ChannelWriter.java -- nio / writer bridge + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.java.nio; + +import java.io.IOException; +import java.io.Writer; +import java.nio.ByteBuffer; +import java.nio.CharBuffer; +import java.nio.channels.WritableByteChannel; +import java.nio.charset.CharsetEncoder; +import java.nio.charset.CoderResult; + +/** + * A Writer implementation that works by wrapping an NIO channel. + */ +public class ChannelWriter + extends Writer +{ + private static final int DEFAULT_BUFFER_CAP = 8192; + + /** + * The output channel. + */ + private WritableByteChannel byteChannel; + + /** + * The encoder to use. + */ + private CharsetEncoder enc; + + /** + * The byte buffer. Translated characters are stored here on their way out. + */ + private ByteBuffer byteBuffer; + + /** + * The character buffer. Characters are stored here on their way into + * the encoder. + */ + private CharBuffer charBuffer; + + private void writeBuffer() throws IOException + { + byteBuffer.flip(); + byteChannel.write(byteBuffer); + } + + /** + * Create a new instance, given the output byte channel, the encoder + * to use, and the minimum buffer capacity. + */ + public ChannelWriter(WritableByteChannel ch, CharsetEncoder enc, + int minBufferCap) + { + this.byteChannel = ch; + this.enc = enc; + if (minBufferCap == -1) + minBufferCap = DEFAULT_BUFFER_CAP; + this.byteBuffer + = ByteBuffer.allocate((int) (minBufferCap * enc.maxBytesPerChar())); + this.charBuffer = CharBuffer.allocate(minBufferCap); + this.charBuffer.clear(); + } + + /* (non-Javadoc) + * @see java.io.Writer#flush() + */ + public void flush() throws IOException + { + // Presumably if we have characters in our buffer, it is + // due to an underflow. So we don't bother trying to flush + // that here. + } + + /* (non-Javadoc) + * @see java.io.Writer#close() + */ + public void close() throws IOException + { + synchronized (lock) + { + if (enc == null) + throw new IOException("writer already closed"); + + byteBuffer.clear(); + charBuffer.flip(); + CoderResult res = enc.encode(charBuffer, byteBuffer, true); + if (res.isError() || res.isMalformed() || res.isUnmappable()) + res.throwException(); + writeBuffer(); + + byteBuffer.clear(); + res = enc.flush(byteBuffer); + if (res.isError() || res.isMalformed() || res.isUnmappable()) + res.throwException(); + writeBuffer(); + enc = null; + } + } + + /* (non-Javadoc) + * @see java.io.Writer#write(char[], int, int) + */ + public void write(char[] buf, int offset, int len) throws IOException + { + synchronized (lock) + { + if (enc == null) + throw new IOException("writer already closed"); + int lastLen = -1; + while (len > 0) + { + // Copy data into our character buffer. + int allowed = Math.min(charBuffer.remaining(), len); + charBuffer.put(buf, offset, allowed); + // Update for the next pass through the loop. + offset += allowed; + len -= allowed; + charBuffer.flip(); + // If we didn't make any progress, we want to clean up + // and save our state for the next write(). + if (len == lastLen) + { + if (len <= charBuffer.remaining()) + { + charBuffer.put(buf, offset, len); + charBuffer.flip(); + } + else + { + CharBuffer ncb = CharBuffer.allocate(charBuffer.length() + + len); + ncb.put(charBuffer); + ncb.put(buf, offset, len); + charBuffer = ncb; + } + break; + } + lastLen = len; + + // Convert. + byteBuffer.clear(); + CoderResult res = enc.encode(charBuffer, byteBuffer, false); + // Compact here, as we want to leave the buffer in the + // right state for any future put()s. + charBuffer.compact(); + if (res.isError() || res.isMalformed() || res.isUnmappable()) + res.throwException(); + // Write the byte buffer to the output channel. + writeBuffer(); + } + } + } +} diff --git a/gnu/javax/crypto/jce/keyring/GnuKeyring.java b/gnu/javax/crypto/jce/keyring/GnuKeyring.java index d74d386b4..d2501f893 100644 --- a/gnu/javax/crypto/jce/keyring/GnuKeyring.java +++ b/gnu/javax/crypto/jce/keyring/GnuKeyring.java @@ -1,4 +1,4 @@ -/* GnuKeyring.java -- +/* GnuKeyring.java -- KeyStore adapter for a pair of private and public Keyrings Copyright (C) 2003, 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. @@ -38,376 +38,412 @@ exception statement from your version. */ package gnu.javax.crypto.jce.keyring; +import gnu.java.security.Registry; +import gnu.javax.crypto.keyring.GnuPrivateKeyring; +import gnu.javax.crypto.keyring.GnuPublicKeyring; +import gnu.javax.crypto.keyring.IKeyring; +import gnu.javax.crypto.keyring.IPrivateKeyring; +import gnu.javax.crypto.keyring.IPublicKeyring; +import gnu.javax.crypto.keyring.MalformedKeyringException; +import gnu.javax.crypto.keyring.PrimitiveEntry; + import java.io.BufferedInputStream; -import java.io.InputStream; import java.io.IOException; +import java.io.InputStream; import java.io.OutputStream; - import java.security.Key; -import java.security.KeyStoreSpi; import java.security.KeyStoreException; +import java.security.KeyStoreSpi; import java.security.PrivateKey; import java.security.PublicKey; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; - -import java.util.Arrays; +import java.util.Collections; import java.util.Date; import java.util.Enumeration; import java.util.HashMap; +import java.util.HashSet; import java.util.Iterator; -import java.util.List; -import java.util.NoSuchElementException; +import java.util.Set; +import java.util.logging.Logger; import javax.crypto.SecretKey; -import gnu.java.security.Registry; -import gnu.javax.crypto.keyring.IKeyring; -import gnu.javax.crypto.keyring.IPrivateKeyring; -import gnu.javax.crypto.keyring.IPublicKeyring; -import gnu.javax.crypto.keyring.GnuPrivateKeyring; -import gnu.javax.crypto.keyring.GnuPublicKeyring; -import gnu.javax.crypto.keyring.MalformedKeyringException; -import gnu.javax.crypto.keyring.PrimitiveEntry; - -public class GnuKeyring extends KeyStoreSpi +/** + * An <i>Adapter</i> over a pair of one private, and one public keyrings to + * emulate the keystore operations. + */ +public class GnuKeyring + extends KeyStoreSpi { + private static final Logger log = Logger.getLogger(GnuKeyring.class.getName()); + private static final String NOT_LOADED = "not loaded"; - // Constants and fields. - // ------------------------------------------------------------------------ - + /** TRUE if the keystore is loaded; FALSE otherwise. */ private boolean loaded; + /** our underlying private keyring. */ + private IPrivateKeyring privateKR; + /** our underlying public keyring. */ + private IPublicKeyring publicKR; - private IKeyring keyring; - - // Constructor. - // ------------------------------------------------------------------------ - - public GnuKeyring() - { - } - - // Instance methods. - // ------------------------------------------------------------------------ + // default 0-arguments constructor public Enumeration engineAliases() { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return new Enumeration() + ensureLoaded(); + Enumeration result; + if (privateKR == null) + result = Collections.enumeration(Collections.EMPTY_SET); + else { - public boolean hasMoreElements() - { - return false; - } - - public Object nextElement() - { - throw new NoSuchElementException(); - } - }; - } - return keyring.aliases(); + Set aliases = new HashSet(); + for (Enumeration e = privateKR.aliases(); e.hasMoreElements();) + { + String alias = (String) e.nextElement(); + if (alias != null) + aliases.add(alias); + } + + for (Enumeration e = publicKR.aliases(); e.hasMoreElements();) + { + String alias = (String) e.nextElement(); + if (alias != null) + aliases.add(alias); + } + + result = Collections.enumeration(aliases); + } + + return result; } public boolean engineContainsAlias(String alias) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return false; - } - return keyring.containsAlias(alias); + log.entering(this.getClass().getName(), "engineContainsAlias", alias); + + ensureLoaded(); + boolean inPrivateKR = privateKR.containsAlias(alias); + log.finest("inPrivateKR=" + inPrivateKR); + boolean inPublicKR = publicKR.containsAlias(alias); + log.finest("inPublicKR=" + inPublicKR); + boolean result = inPrivateKR || inPublicKR; + + log.exiting(this.getClass().getName(), "engineContainsAlias", + Boolean.valueOf(result)); + return result; } public void engineDeleteEntry(String alias) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring != null) - { - keyring.remove(alias); - } + log.entering(this.getClass().getName(), "engineDeleteEntry", alias); + + ensureLoaded(); + if (privateKR.containsAlias(alias)) + privateKR.remove(alias); + else if (publicKR.containsAlias(alias)) + publicKR.remove(alias); + else + log.finer("Unknwon alias: " + alias); + + log.exiting(this.getClass().getName(), "engineDeleteEntry"); } public Certificate engineGetCertificate(String alias) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return null; - } - if (!(keyring instanceof IPublicKeyring)) - { - throw new IllegalStateException("not a public keyring"); - } - return ((IPublicKeyring) keyring).getCertificate(alias); + log.entering(this.getClass().getName(), "engineGetCertificate", alias); + + ensureLoaded(); + Certificate result = publicKR.getCertificate(alias); + + log.exiting(this.getClass().getName(), "engineGetCertificate", result); + return result; } public String engineGetCertificateAlias(Certificate cert) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return null; - } - if (!(keyring instanceof IPublicKeyring)) - { - throw new IllegalStateException("not a public keyring"); - } - Enumeration aliases = keyring.aliases(); - while (aliases.hasMoreElements()) + log.entering(this.getClass().getName(), "engineGetCertificateAlias", cert); + + ensureLoaded(); + String result = null; + for (Enumeration aliases = publicKR.aliases(); aliases.hasMoreElements();) { String alias = (String) aliases.nextElement(); - Certificate cert2 = ((IPublicKeyring) keyring).getCertificate(alias); + Certificate cert2 = publicKR.getCertificate(alias); if (cert.equals(cert2)) { - return alias; + result = alias; + break; } } - return null; + + log.exiting(this.getClass().getName(), "engineGetCertificateAlias", result); + return result; } public void engineSetCertificateEntry(String alias, Certificate cert) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - keyring = new GnuPublicKeyring("HMAC-SHA-1", 20); - } - if (!(keyring instanceof IPublicKeyring)) - { - throw new IllegalStateException("not a public keyring"); - } - ((IPublicKeyring) keyring).putCertificate(alias, cert); + log.entering(this.getClass().getName(), "engineSetCertificateEntry", + new Object[] { alias, cert }); + + ensureLoaded(); + publicKR.putCertificate(alias, cert); + + log.exiting(this.getClass().getName(), "engineSetCertificateEntry"); } public Certificate[] engineGetCertificateChain(String alias) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return null; - } - if (!(keyring instanceof IPrivateKeyring)) - { - throw new IllegalStateException("not a private keyring"); - } - return ((IPrivateKeyring) keyring).getCertPath(alias); + log.entering(this.getClass().getName(), "engineGetCertificateChain", alias); + + ensureLoaded(); + Certificate[] result = privateKR.getCertPath(alias); + + log.exiting(this.getClass().getName(), "engineGetCertificateChain", result); + return result; } public Date engineGetCreationDate(String alias) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return null; - } - List entries = keyring.get(alias); - if (entries.size() == 0) - { - return null; - } - for (Iterator it = entries.iterator(); it.hasNext();) - { - Object o = it.next(); - if (o instanceof PrimitiveEntry) - { - return ((PrimitiveEntry) o).getCreationDate(); - } - } - return null; + log.entering(this.getClass().getName(), "engineGetCreationDate", alias); + + ensureLoaded(); + Date result = getCreationDate(alias, privateKR); + if (result == null) + result = getCreationDate(alias, publicKR); + + log.exiting(this.getClass().getName(), "engineGetCreationDate", result); + return result; } public Key engineGetKey(String alias, char[] password) throws UnrecoverableKeyException { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return null; - } - if (!(keyring instanceof IPrivateKeyring)) - { - throw new IllegalStateException("not a private keyring"); - } + log.entering(this.getClass().getName(), "engineGetKey", + String.valueOf(password)); + + ensureLoaded(); + Key result = null; if (password == null) { - if (((IPrivateKeyring) keyring).containsPublicKey(alias)) - { - return ((IPrivateKeyring) keyring).getPublicKey(alias); - } - } - if (((IPrivateKeyring) keyring).containsPrivateKey(alias)) - { - return ((IPrivateKeyring) keyring).getPrivateKey(alias, password); + if (privateKR.containsPublicKey(alias)) + result = privateKR.getPublicKey(alias); } - return null; + else if (privateKR.containsPrivateKey(alias)) + result = privateKR.getPrivateKey(alias, password); + + log.exiting(this.getClass().getName(), "engineGetKey", result); + return result; } public void engineSetKeyEntry(String alias, Key key, char[] password, - Certificate[] chain) throws KeyStoreException + Certificate[] chain) + throws KeyStoreException { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - keyring = new GnuPrivateKeyring("HMAC-SHA-1", 20, "AES", "OFB", 16); - } - if (!(keyring instanceof IPrivateKeyring)) - { - throw new IllegalStateException("not a private keyring"); - } + log.entering(this.getClass().getName(), "engineSetKeyEntry", + new Object[] { alias, key, password, chain }); + ensureLoaded(); if (key instanceof PublicKey) + privateKR.putPublicKey(alias, (PublicKey) key); + else { - ((IPrivateKeyring) keyring).putPublicKey(alias, (PublicKey) key); - return; + if (! (key instanceof PrivateKey) && ! (key instanceof SecretKey)) + throw new KeyStoreException("cannot store keys of type " + + key.getClass().getName()); + privateKR.putCertPath(alias, chain); + log.finest("About to put private key in keyring..."); + privateKR.putPrivateKey(alias, key, password); } - if (!(key instanceof PrivateKey) && !(key instanceof SecretKey)) - { - throw new KeyStoreException("cannot store keys of type " - + key.getClass().getName()); - } - try - { - CertificateFactory fact = CertificateFactory.getInstance("X.509"); - ((IPrivateKeyring) keyring).putCertPath(alias, chain); - } - catch (CertificateException ce) - { - throw new KeyStoreException(ce.toString()); - } - ((IPrivateKeyring) keyring).putPrivateKey(alias, key, password); + + log.exiting(this.getClass().getName(), "engineSetKeyEntry"); } public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException { - throw new KeyStoreException("method not supported"); + KeyStoreException x = new KeyStoreException("method not supported"); + log.throwing(this.getClass().getName(), "engineSetKeyEntry(3)", x); + throw x; } public boolean engineIsCertificateEntry(String alias) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return false; - } - if (!(keyring instanceof IPublicKeyring)) - { - return false; - } - return ((IPublicKeyring) keyring).containsCertificate(alias); + log.entering(this.getClass().getName(), "engineIsCertificateEntry", alias); + + ensureLoaded(); + boolean result = publicKR.containsCertificate(alias); + + log.exiting(this.getClass().getName(), "engineIsCertificateEntry", + Boolean.valueOf(result)); + return result; } public boolean engineIsKeyEntry(String alias) { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return false; - } - if (!(keyring instanceof IPrivateKeyring)) - { - return false; - } - return ((IPrivateKeyring) keyring).containsPublicKey(alias) - || ((IPrivateKeyring) keyring).containsPrivateKey(alias); + log.entering(this.getClass().getName(), "engineIsKeyEntry", alias); + + ensureLoaded(); + boolean result = privateKR.containsPublicKey(alias) + || privateKR.containsPrivateKey(alias); + + log.exiting(this.getClass().getName(), "engineIsKeyEntry", + Boolean.valueOf(result)); + return result; } public void engineLoad(InputStream in, char[] password) throws IOException { + log.entering(this.getClass().getName(), "engineLoad", String.valueOf(password)); if (in != null) { - if (!in.markSupported()) - { - in = new BufferedInputStream(in); - } - in.mark(5); - for (int i = 0; i < 4; i++) - if (in.read() != Registry.GKR_MAGIC[i]) - throw new MalformedKeyringException("incorrect magic"); - int usage = in.read(); - in.reset(); - HashMap attr = new HashMap(); - attr.put(IKeyring.KEYRING_DATA_IN, in); - attr.put(IKeyring.KEYRING_PASSWORD, password); - switch (usage) - { - case GnuPublicKeyring.USAGE: - keyring = new GnuPublicKeyring(); - break; - case GnuPrivateKeyring.USAGE: - keyring = new GnuPrivateKeyring(); - break; - default: - throw new MalformedKeyringException("unsupported ring usage: " - + Integer.toBinaryString(usage)); - } - keyring.load(attr); + if (! in.markSupported()) + in = new BufferedInputStream(in); + + loadPrivateKeyring(in, password); + loadPublicKeyring(in, password); } + else + createNewKeyrings(); + loaded = true; + + log.exiting(this.getClass().getName(), "engineLoad"); } public void engineStore(OutputStream out, char[] password) throws IOException { - if (!loaded || keyring == null) - { - throw new IllegalStateException ("not loaded"); - } + log.entering(this.getClass().getName(), "engineStore", String.valueOf(password)); + + ensureLoaded(); HashMap attr = new HashMap(); attr.put(IKeyring.KEYRING_DATA_OUT, out); attr.put(IKeyring.KEYRING_PASSWORD, password); - keyring.store(attr); + + privateKR.store(attr); + publicKR.store(attr); + + log.exiting(this.getClass().getName(), "engineStore"); } public int engineSize() { - if (!loaded) - { - throw new IllegalStateException ("not loaded"); - } - if (keyring == null) - { - return 0; - } - return keyring.size(); + ensureLoaded(); + return privateKR.size() + publicKR.size(); + } + + /** + * Ensure that the underlying keyring pair is loaded. Throw an exception if it + * isn't; otherwise returns silently. + * + * @throws IllegalStateException if the keyring is not loaded. + */ + private void ensureLoaded() + { + if (! loaded) + throw new IllegalStateException(NOT_LOADED); + } + + /** + * Load the private keyring from the designated input stream. + * + * @param in the input stream to process. + * @param password the password protecting the keyring. + * @throws MalformedKeyringException if the keyring is not a private one. + * @throws IOException if an I/O related exception occurs during the process. + */ + private void loadPrivateKeyring(InputStream in, char[] password) + throws MalformedKeyringException, IOException + { + log.entering(this.getClass().getName(), "loadPrivateKeyring"); + + in.mark(5); + for (int i = 0; i < 4; i++) + if (in.read() != Registry.GKR_MAGIC[i]) + throw new MalformedKeyringException("incorrect magic"); + + int usage = in.read(); + in.reset(); + if (usage != GnuPrivateKeyring.USAGE) + throw new MalformedKeyringException("Was expecting a private keyring but got a wrong USAGE: " + + Integer.toBinaryString(usage)); + HashMap attr = new HashMap(); + attr.put(IKeyring.KEYRING_DATA_IN, in); + attr.put(IKeyring.KEYRING_PASSWORD, password); + privateKR = new GnuPrivateKeyring(); + privateKR.load(attr); + + log.exiting(this.getClass().getName(), "loadPrivateKeyring"); + } + + /** + * Load the public keyring from the designated input stream. + * + * @param in the input stream to process. + * @param password the password protecting the keyring. + * @throws MalformedKeyringException if the keyring is not a public one. + * @throws IOException if an I/O related exception occurs during the process. + */ + private void loadPublicKeyring(InputStream in, char[] password) + throws MalformedKeyringException, IOException + { + log.entering(this.getClass().getName(), "loadPublicKeyring"); + + in.mark(5); + for (int i = 0; i < 4; i++) + if (in.read() != Registry.GKR_MAGIC[i]) + throw new MalformedKeyringException("incorrect magic"); + + int usage = in.read(); + in.reset(); + if (usage != GnuPublicKeyring.USAGE) + throw new MalformedKeyringException("Was expecting a public keyring but got a wrong USAGE: " + + Integer.toBinaryString(usage)); + HashMap attr = new HashMap(); + attr.put(IKeyring.KEYRING_DATA_IN, in); + attr.put(IKeyring.KEYRING_PASSWORD, password); + publicKR = new GnuPublicKeyring(); + publicKR.load(attr); + + log.exiting(this.getClass().getName(), "loadPublicKeyring"); + } + + /** + * Return the creation date of a named alias in a designated keyring. + * + * @param alias the alias to look for. + * @param keyring the keyring to search. + * @return the creattion date of the entry named <code>alias</code>. Return + * <code>null</code> if <code>alias</code> was not found in + * <code>keyring</code>. + */ + private Date getCreationDate(String alias, IKeyring keyring) + { + log.entering(this.getClass().getName(), "getCreationDate", + new Object[] { alias, keyring }); + + Date result = null; + if (keyring != null) + for (Iterator it = keyring.get(alias).iterator(); it.hasNext();) + { + Object o = it.next(); + if (o instanceof PrimitiveEntry) + { + result = ((PrimitiveEntry) o).getCreationDate(); + break; + } + } + + log.exiting(this.getClass().getName(), "getCreationDate", result); + return result; + } + + /** Create empty keyrings. */ + private void createNewKeyrings() + { + log.entering(this.getClass().getName(), "createNewKeyrings"); + + privateKR = new GnuPrivateKeyring("HMAC-SHA-1", 20, "AES", "OFB", 16); + publicKR = new GnuPublicKeyring("HMAC-SHA-1", 20); + + log.exiting(this.getClass().getName(), "createNewKeyrings"); } -}
\ No newline at end of file +} diff --git a/gnu/javax/crypto/keyring/GnuPrivateKeyring.java b/gnu/javax/crypto/keyring/GnuPrivateKeyring.java index d49bd0963..c1fe30e67 100644 --- a/gnu/javax/crypto/keyring/GnuPrivateKeyring.java +++ b/gnu/javax/crypto/keyring/GnuPrivateKeyring.java @@ -42,8 +42,8 @@ import gnu.java.security.Registry; import java.io.DataInputStream; import java.io.DataOutputStream; -import java.io.InputStream; import java.io.IOException; +import java.io.InputStream; import java.io.OutputStream; import java.security.Key; import java.security.PublicKey; @@ -51,17 +51,18 @@ import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.util.Date; import java.util.Iterator; -import java.util.List; +import java.util.logging.Level; +import java.util.logging.Logger; /** * <p>.</p> */ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring { - // Constants and variables // ------------------------------------------------------------------------- + private static final Logger log = Logger.getLogger(GnuPrivateKeyring.class.getName()); public static final int USAGE = Registry.GKR_PRIVATE_KEYS | Registry.GKR_PUBLIC_CREDENTIALS; @@ -104,225 +105,277 @@ public class GnuPrivateKeyring extends BaseKeyring implements IPrivateKeyring public boolean containsPrivateKey(String alias) { - if (!containsAlias(alias)) - { - return false; - } - List l = get(alias); - for (Iterator it = l.iterator(); it.hasNext();) - { + log.entering(this.getClass().getName(), "containsPrivateKey", alias); + + boolean result = false; + if (containsAlias(alias)) + for (Iterator it = get(alias).iterator(); it.hasNext();) if (it.next() instanceof PasswordAuthenticatedEntry) { - return true; + result = true; + break; } - } - return false; + + log.exiting(this.getClass().getName(), "containsPrivateKey", + Boolean.valueOf(result)); + return result; } public Key getPrivateKey(String alias, char[] password) throws UnrecoverableKeyException { - if (!containsAlias(alias)) - { - return null; - } - List l = get(alias); - PasswordAuthenticatedEntry e1 = null; - PasswordEncryptedEntry e2 = null; - for (Iterator it = l.iterator(); it.hasNext();) - { - Entry e = (Entry) it.next(); - if (e instanceof PasswordAuthenticatedEntry) - { - e1 = (PasswordAuthenticatedEntry) e; - break; - } - } - if (e1 == null) - { - return null; - } - try - { - e1.verify(password); - } - catch (Exception e) - { - throw new UnrecoverableKeyException("authentication failed"); - } - for (Iterator it = e1.getEntries().iterator(); it.hasNext();) + log.entering(this.getClass().getName(), "getPrivateKey", + new Object[] { alias, String.valueOf(password) }); + + Key result = null; + if (containsAlias(alias)) { - Entry e = (Entry) it.next(); - if (e instanceof PasswordEncryptedEntry) + PasswordAuthenticatedEntry e1 = null; + PasswordEncryptedEntry e2 = null; + for (Iterator it = get(alias).iterator(); it.hasNext();) { - e2 = (PasswordEncryptedEntry) e; - break; + Entry e = (Entry) it.next(); + if (e instanceof PasswordAuthenticatedEntry) + { + e1 = (PasswordAuthenticatedEntry) e; + break; + } } - } - if (e2 == null) - { - return null; - } - try - { - e2.decrypt(password); - } - catch (Exception e) - { - throw new UnrecoverableKeyException("decryption failed"); - } - for (Iterator it = e2.get(alias).iterator(); it.hasNext();) - { - Entry e = (Entry) it.next(); - if (e instanceof PrivateKeyEntry) + + if (e1 != null) { - return ((PrivateKeyEntry) e).getKey(); + try + { + e1.verify(password); + } + catch (Exception e) + { + throw new UnrecoverableKeyException("authentication failed"); + } + + for (Iterator it = e1.getEntries().iterator(); it.hasNext();) + { + Entry e = (Entry) it.next(); + if (e instanceof PasswordEncryptedEntry) + { + e2 = (PasswordEncryptedEntry) e; + break; + } + } + + if (e2 != null) + { + try + { + e2.decrypt(password); + } + catch (Exception e) + { + throw new UnrecoverableKeyException("decryption failed"); + } + + for (Iterator it = e2.get(alias).iterator(); it.hasNext();) + { + Entry e = (Entry) it.next(); + if (e instanceof PrivateKeyEntry) + { + result = ((PrivateKeyEntry) e).getKey(); + break; + } + } + } } } - return null; + + log.exiting(this.getClass().getName(), "getPrivateKey", result); + return result; } public void putPrivateKey(String alias, Key key, char[] password) { - if (containsPrivateKey(alias)) - { - return; - } - alias = fixAlias(alias); - Properties p = new Properties(); - p.put("alias", alias); - PrivateKeyEntry pke = new PrivateKeyEntry(key, new Date(), p); - PasswordEncryptedEntry enc = new PasswordEncryptedEntry(cipher, mode, - keylen, - new Properties()); - PasswordAuthenticatedEntry auth = new PasswordAuthenticatedEntry( - mac, - maclen, - new Properties()); - enc.add(pke); - auth.add(enc); - try - { - enc.encode(null, password); - auth.encode(null, password); - } - catch (IOException ioe) + log.entering(this.getClass().getName(), "putPrivateKey", + new Object[] { alias, key, String.valueOf(password) }); + + if (! containsPrivateKey(alias)) { - throw new IllegalArgumentException(ioe.toString()); + alias = fixAlias(alias); + Properties p = new Properties(); + p.put("alias", alias); + PrivateKeyEntry pke = new PrivateKeyEntry(key, new Date(), p); + PasswordEncryptedEntry enc; + enc = new PasswordEncryptedEntry(cipher, mode, keylen, new Properties()); + enc.add(pke); + + PasswordAuthenticatedEntry auth; + auth = new PasswordAuthenticatedEntry(mac, maclen, new Properties()); + auth.add(enc); + + log.finest("About to encrypt the key..."); + try + { + enc.encode(null, password); + } + catch (IOException x) + { + log.log(Level.FINER, "Exception while encrypting the key. " + + "Rethrow as IllegalArgumentException", x); + throw new IllegalArgumentException(x.toString()); + } + + log.finest("About to authenticate the encrypted key..."); + try + { + auth.encode(null, password); + } + catch (IOException x) + { + log.log(Level.FINER, "Exception while authenticating the encrypted " + + "key. Rethrow as IllegalArgumentException", x); + throw new IllegalArgumentException(x.toString()); + } + + keyring.add(auth); } - keyring.add(auth); + else + log.finer("Keyring already contains alias: " + alias); + + log.exiting(this.getClass().getName(), "putPrivateKey"); } public boolean containsPublicKey(String alias) { - if (!containsAlias(alias)) - { - return false; - } - List l = get(alias); - for (Iterator it = l.iterator(); it.hasNext();) - { + log.entering(this.getClass().getName(), "containsPublicKey", alias); + + boolean result = false; + if (containsAlias(alias)) + for (Iterator it = get(alias).iterator(); it.hasNext();) if (it.next() instanceof PublicKeyEntry) { - return true; + result = true; + break; } - } - return false; + + log.exiting(this.getClass().getName(), "containsPublicKey", + Boolean.valueOf(result)); + return result; } public PublicKey getPublicKey(String alias) { - if (!containsAlias(alias)) - { - return null; - } - List l = get(alias); - for (Iterator it = l.iterator(); it.hasNext();) - { - Entry e = (Entry) it.next(); - if (e instanceof PublicKeyEntry) - { - return ((PublicKeyEntry) e).getKey(); - } - } - return null; + log.entering(this.getClass().getName(), "getPublicKey", alias); + + PublicKey result = null; + if (containsAlias(alias)) + for (Iterator it = get(alias).iterator(); it.hasNext();) + { + Entry e = (Entry) it.next(); + if (e instanceof PublicKeyEntry) + { + result = ((PublicKeyEntry) e).getKey(); + break; + } + } + + log.exiting(this.getClass().getName(), "getPublicKey", result); + return result; } public void putPublicKey(String alias, PublicKey key) { - if (containsPublicKey(alias)) + log.entering(this.getClass().getName(), "putPublicKey", + new Object[] { alias, key }); + + if (! containsPublicKey(alias)) { - return; + Properties p = new Properties(); + p.put("alias", fixAlias(alias)); + add(new PublicKeyEntry(key, new Date(), p)); } - Properties p = new Properties(); - p.put("alias", fixAlias(alias)); - add(new PublicKeyEntry(key, new Date(), p)); + else + log.finer("Keyring already contains alias: " + alias); + + log.exiting(this.getClass().getName(), "putPublicKey"); } public boolean containsCertPath(String alias) { - if (!containsAlias(alias)) - { - return false; - } - List l = get(alias); - for (Iterator it = l.iterator(); it.hasNext();) - { + log.entering(this.getClass().getName(), "containsCertPath", alias); + + boolean result = false; + if (containsAlias(alias)) + for (Iterator it = get(alias).iterator(); it.hasNext();) if (it.next() instanceof CertPathEntry) { - return true; + result = true; + break; } - } - return false; + + log.exiting(this.getClass().getName(), "containsCertPath", + Boolean.valueOf(result)); + return result; } public Certificate[] getCertPath(String alias) { - if (!containsAlias(alias)) - { - return null; - } - List l = get(alias); - for (Iterator it = l.iterator(); it.hasNext();) - { - Entry e = (Entry) it.next(); - if (e instanceof CertPathEntry) - { - return ((CertPathEntry) e).getCertPath(); - } - } - return null; + log.entering(this.getClass().getName(), "getCertPath", alias); + + Certificate[] result = null; + if (containsAlias(alias)) + for (Iterator it = get(alias).iterator(); it.hasNext();) + { + Entry e = (Entry) it.next(); + if (e instanceof CertPathEntry) + { + result = ((CertPathEntry) e).getCertPath(); + break; + } + } + + log.exiting(this.getClass().getName(), "getCertPath", result); + return result; } public void putCertPath(String alias, Certificate[] path) { - if (containsCertPath(alias)) + log.entering(this.getClass().getName(), "putCertPath", + new Object[] { alias, path }); + + if (! containsCertPath(alias)) { - return; + Properties p = new Properties(); + p.put("alias", fixAlias(alias)); + add(new CertPathEntry(path, new Date(), p)); } - Properties p = new Properties(); - p.put("alias", fixAlias(alias)); - add(new CertPathEntry(path, new Date(), p)); + else + log.finer("Keyring already contains alias: " + alias); + + log.exiting(this.getClass().getName(), "putCertPath"); } protected void load(InputStream in, char[] password) throws IOException { + log.entering(this.getClass().getName(), "load", + new Object[] { in, String.valueOf(password) }); + if (in.read() != USAGE) - { - throw new MalformedKeyringException("incompatible keyring usage"); - } + throw new MalformedKeyringException("incompatible keyring usage"); + if (in.read() != PasswordAuthenticatedEntry.TYPE) - { - throw new MalformedKeyringException( - "expecting password-authenticated entry tag"); - } - keyring = PasswordAuthenticatedEntry.decode(new DataInputStream(in), - password); + throw new MalformedKeyringException("expecting password-authenticated entry tag"); + + keyring = PasswordAuthenticatedEntry.decode(new DataInputStream(in), password); + + log.exiting(this.getClass().getName(), "load"); } protected void store(OutputStream out, char[] password) throws IOException { + log.entering(this.getClass().getName(), "store", + new Object[] { out, String.valueOf(password) }); + out.write(USAGE); keyring.encode(new DataOutputStream(out), password); + + log.exiting(this.getClass().getName(), "store"); } } diff --git a/gnu/javax/crypto/keyring/GnuPublicKeyring.java b/gnu/javax/crypto/keyring/GnuPublicKeyring.java index 318eb036f..490eb4458 100644 --- a/gnu/javax/crypto/keyring/GnuPublicKeyring.java +++ b/gnu/javax/crypto/keyring/GnuPublicKeyring.java @@ -38,26 +38,24 @@ exception statement from your version. */ package gnu.javax.crypto.keyring; +import gnu.java.security.Registry; + import java.io.DataInputStream; import java.io.DataOutputStream; -import java.io.InputStream; import java.io.IOException; +import java.io.InputStream; import java.io.OutputStream; - +import java.security.cert.Certificate; import java.util.Date; import java.util.Iterator; -import java.util.List; - -import java.security.cert.Certificate; - -import gnu.java.security.Registry; +import java.util.logging.Logger; public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring { - // Fields. // ------------------------------------------------------------------------ + private static final Logger log = Logger.getLogger(GnuPublicKeyring.class.getName()); public static final int USAGE = Registry.GKR_CERTIFICATES; // Constructors. @@ -79,68 +77,84 @@ public class GnuPublicKeyring extends BaseKeyring implements IPublicKeyring public boolean containsCertificate(String alias) { - if (!containsAlias(alias)) - { - return false; - } - List l = get(alias); - for (Iterator it = l.iterator(); it.hasNext();) - { + log.entering(this.getClass().getName(), "containsCertificate", alias); + + boolean result = false; + if (containsAlias(alias)) + for (Iterator it = get(alias).iterator(); it.hasNext();) if (it.next() instanceof CertificateEntry) { - return true; + result = true; + break; } - } - return false; + + log.exiting(this.getClass().getName(), "containsCertificate", + Boolean.valueOf(result)); + return result; } public Certificate getCertificate(String alias) { - if (!containsAlias(alias)) - { - return null; - } - List l = get(alias); - for (Iterator it = l.iterator(); it.hasNext();) - { - Entry e = (Entry) it.next(); - if (e instanceof CertificateEntry) - { - return ((CertificateEntry) e).getCertificate(); - } - } - return null; + log.entering(this.getClass().getName(), "getCertificate", alias); + + Certificate result = null; + if (containsAlias(alias)) + for (Iterator it = get(alias).iterator(); it.hasNext();) + { + Entry e = (Entry) it.next(); + if (e instanceof CertificateEntry) + { + result = ((CertificateEntry) e).getCertificate(); + break; + } + } + + log.exiting(this.getClass().getName(), "getCertificate", result); + return result; } public void putCertificate(String alias, Certificate cert) { - if (containsCertificate(alias)) + log.entering(this.getClass().getName(), "putCertificate", + new Object[] { alias, cert }); + + if (! containsCertificate(alias)) { - return; + Properties p = new Properties(); + p.put("alias", fixAlias(alias)); + add(new CertificateEntry(cert, new Date(), p)); } - Properties p = new Properties(); - p.put("alias", fixAlias(alias)); - add(new CertificateEntry(cert, new Date(), p)); + else + log.finer("Keyring already contains alias: " + alias); + + log.exiting(this.getClass().getName(), "putCertificate"); } protected void load(InputStream in, char[] password) throws IOException { + log.entering(this.getClass().getName(), "load", + new Object[] { in, String.valueOf(password) }); + if (in.read() != USAGE) - { - throw new MalformedKeyringException("incompatible keyring usage"); - } + throw new MalformedKeyringException("incompatible keyring usage"); + if (in.read() != PasswordAuthenticatedEntry.TYPE) - { - throw new MalformedKeyringException( - "expecting password-authenticated entry tag"); - } - keyring = PasswordAuthenticatedEntry.decode(new DataInputStream(in), - password); + throw new MalformedKeyringException("expecting password-authenticated entry tag"); + + DataInputStream dis = new DataInputStream(in); + keyring = PasswordAuthenticatedEntry.decode(dis, password); + + log.exiting(this.getClass().getName(), "load"); } protected void store(OutputStream out, char[] password) throws IOException { + log.entering(this.getClass().getName(), "store", + new Object[] { out, String.valueOf(password) }); + out.write(USAGE); keyring.encode(new DataOutputStream(out), password); + + log.exiting(this.getClass().getName(), "store"); } } diff --git a/include/Makefile.am b/include/Makefile.am index 72440cc01..5cda78e88 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -119,6 +119,7 @@ $(GTKPEER_H_FILES) \ $(QTPEER_H_FILES) \ $(top_srcdir)/include/gnu_java_net_VMPlainDatagramSocketImpl.h \ $(top_srcdir)/include/gnu_java_net_VMPlainSocketImpl.h \ +$(top_srcdir)/include/gnu_java_net_local_LocalSocketImpl.h \ $(top_srcdir)/include/gnu_java_nio_VMPipe.h \ $(top_srcdir)/include/gnu_java_nio_VMSelector.h \ $(top_srcdir)/include/gnu_java_nio_channels_FileChannelImpl.h \ @@ -168,6 +169,8 @@ $(top_srcdir)/include/gnu_java_net_VMPlainDatagramSocketImpl.h: $(top_srcdir)/vm $(JAVAH) -o $@ gnu.java.net.VMPlainDatagramSocketImpl $(top_srcdir)/include/gnu_java_net_VMPlainSocketImpl.h: $(top_srcdir)/vm/reference/gnu/java/net/VMPlainSocketImpl.java $(JAVAH) -o $@ gnu.java.net.VMPlainSocketImpl +$(top_srcdir)/include/gnu_java_net_local_LocalSocketImpl.h: $(top_srcdir)/gnu/java/net/local/LocalSocketImpl.java + $(JAVAH) -o $@ gnu.java.net.local.LocalSocketImpl $(top_srcdir)/include/gnu_java_nio_VMPipe.h: $(top_srcdir)/vm/reference/gnu/java/nio/VMPipe.java $(JAVAH) -o $@ gnu.java.nio.VMPipe $(top_srcdir)/include/gnu_java_nio_VMSelector.h: $(top_srcdir)/vm/reference/gnu/java/nio/VMSelector.java diff --git a/java/awt/AlphaComposite.java b/java/awt/AlphaComposite.java index d6e1842d9..92b9e09a6 100644 --- a/java/awt/AlphaComposite.java +++ b/java/awt/AlphaComposite.java @@ -38,7 +38,7 @@ exception statement from your version. */ package java.awt; -import gnu.classpath.NotImplementedException; +import gnu.java.awt.java2d.AlphaCompositeContext; import java.awt.image.ColorModel; import java.util.LinkedHashMap; @@ -139,15 +139,25 @@ public final class AlphaComposite implements Composite } return a; } + + /** + * Creates a {@link CompositeContext} that can be used to perform + * compositing operations according to this AlphaComposite settings. + * + * @param srcColorModel the color model of the source raster + * @param dstColorModel the color model of the destination raster + * @param hints the rendering hints to use + * + * @return a {@link CompositeContext} that can be used to perform + * compositing operations according to this AlphaComposite settings + */ public CompositeContext createContext(ColorModel srcColorModel, ColorModel dstColorModel, RenderingHints hints) - throws NotImplementedException { - // XXX Implement. Sun uses undocumented implementation class - // sun.java2d.SunCompositeContext. - throw new Error("not implemented"); + return new AlphaCompositeContext(this, srcColorModel, dstColorModel); } + public float getAlpha() { return alpha; diff --git a/java/awt/Image.java b/java/awt/Image.java index 93c2c4790..6ade302a1 100644 --- a/java/awt/Image.java +++ b/java/awt/Image.java @@ -166,6 +166,8 @@ public abstract class Image * loading will be produced according to the hints of the algorithm * requested. If either the width or height is non-positive, it is adjusted * to preserve the original aspect ratio. + * If an illegal value of <code>flags</code> is passed, + * the default algorithm is used. * * @param width the width of the scaled image * @param height the height of the scaled image @@ -183,18 +185,15 @@ public abstract class Image ImageFilter filter; switch (flags) { - case SCALE_DEFAULT: - case SCALE_FAST: - case SCALE_REPLICATE: - filter = new ReplicateScaleFilter(width, height); - break; case SCALE_AREA_AVERAGING: + case SCALE_SMOOTH: filter = new AreaAveragingScaleFilter(width, height); break; - case SCALE_SMOOTH: - throw new Error("SCALE_SMOOTH: not implemented"); + case SCALE_DEFAULT: + case SCALE_FAST: + case SCALE_REPLICATE: default: - throw new Error("Unknown flag or not implemented: " + flags); + filter = new ReplicateScaleFilter(width, height); } ImageProducer producer = new FilteredImageSource(getSource(), filter); diff --git a/java/awt/image/AreaAveragingScaleFilter.java b/java/awt/image/AreaAveragingScaleFilter.java index 6333ce9e7..44d5cec9d 100644 --- a/java/awt/image/AreaAveragingScaleFilter.java +++ b/java/awt/image/AreaAveragingScaleFilter.java @@ -1,5 +1,5 @@ /* AreaAveragingScaleFilter.java -- Java class for filtering images - Copyright (C) 1999 Free Software Foundation, Inc. + Copyright (C) 1999,2006 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -45,86 +45,225 @@ package java.awt.image; * points should give the desired results although Sun does not * specify what the exact algorithm should be. * <br> - * FIXME: Currently this filter does nothing and needs to be implemented. * * @author C. Brian Jones (cbj@gnu.org) */ public class AreaAveragingScaleFilter extends ReplicateScaleFilter { - /** - * Construct an instance of <code>AreaAveragingScaleFilter</code> which - * should be used in conjunction with a <code>FilteredImageSource</code> - * object. - * - * @param width the width of the destination image - * @param height the height of the destination image - */ - public AreaAveragingScaleFilter(int width, int height) { - super(width, height); - } - - /** - * The <code>ImageProducer</code> should call this method with a - * bit mask of hints from any of <code>RANDOMPIXELORDER</code>, - * <code>TOPDOWNLEFTRIGHT</code>, <code>COMPLETESCANLINES</code>, - * <code>SINGLEPASS</code>, <code>SINGLEFRAME</code> from the - * <code>ImageConsumer</code> interface. - * <br> - * FIXME - more than likely Sun's implementation desires - * <code>TOPDOWNLEFTRIGHT</code> order and this method is overloaded here - * in order to assure that mask is part of the hints added to - * the consumer. - * - * @param flags a bit mask of hints - * @see ImageConsumer - */ - public void setHints(int flags) - { - if (consumer != null) - consumer.setHints(flags); - } - - /** - * This function delivers a rectangle of pixels where any - * pixel(m,n) is stored in the array as a <code>byte</code> at - * index (n * scansize + m + offset). - * - * @param x the x coordinate of the rectangle - * @param y the y coordinate of the rectangle - * @param w the width of the rectangle - * @param h the height of the rectangle - * @param model the <code>ColorModel</code> used to translate the pixels - * @param pixels the array of pixel values - * @param offset the index of the first pixels in the <code>pixels</code> array - * @param scansize the width to use in extracting pixels from the <code>pixels</code> array - */ - public void setPixels(int x, int y, int w, int h, - ColorModel model, byte[] pixels, int offset, int scansize) - { - if (consumer != null) - consumer.setPixels(x, y, w, h, model, pixels, offset, scansize); - } - - /** - * This function delivers a rectangle of pixels where any - * pixel(m,n) is stored in the array as an <code>int</code> at - * index (n * scansize + m + offset). - * - * @param x the x coordinate of the rectangle - * @param y the y coordinate of the rectangle - * @param w the width of the rectangle - * @param h the height of the rectangle - * @param model the <code>ColorModel</code> used to translate the pixels - * @param pixels the array of pixel values - * @param offset the index of the first pixels in the <code>pixels</code> array - * @param scansize the width to use in extracting pixels from the <code>pixels</code> array - */ - public void setPixels(int x, int y, int w, int h, - ColorModel model, int[] pixels, int offset, int scansize) - { - if (consumer != null) - consumer.setPixels(x, y, w, h, model, pixels, offset, scansize); - } + /** + * Construct an instance of <code>AreaAveragingScaleFilter</code> which + * should be used in conjunction with a <code>FilteredImageSource</code> + * object. + * + * @param width the width of the destination image + * @param height the height of the destination image + */ + public AreaAveragingScaleFilter(int width, int height) { + super(width, height); + } + /** + * The <code>ImageProducer</code> should call this method with a + * bit mask of hints from any of <code>RANDOMPIXELORDER</code>, + * <code>TOPDOWNLEFTRIGHT</code>, <code>COMPLETESCANLINES</code>, + * <code>SINGLEPASS</code>, <code>SINGLEFRAME</code> from the + * <code>ImageConsumer</code> interface. + * <br> + * FIXME - more than likely Sun's implementation desires + * <code>TOPDOWNLEFTRIGHT</code> order and this method is overloaded here + * in order to assure that mask is part of the hints added to + * the consumer. + * + * @param flags a bit mask of hints + * @see ImageConsumer + */ + public void setHints(int flags) + { + if (consumer != null) + consumer.setHints(flags); + } + + /** + * This function delivers a rectangle of pixels where any + * pixel(m,n) is stored in the array as a <code>byte</code> at + * index (n * scansize + m + offset). + * + * @param x the x coordinate of the rectangle + * @param y the y coordinate of the rectangle + * @param w the width of the rectangle + * @param h the height of the rectangle + * @param model the <code>ColorModel</code> used to translate the pixels + * @param pixels the array of pixel values + * @param offset the index of the first pixels in the <code>pixels</code> array + * @param scansize the width to use in extracting pixels from the <code>pixels</code> array + */ + public void setPixels(int x, int y, int w, int h, + ColorModel model, byte[] pixels, int offset, int scansize) + { + double rx = ((double) srcWidth) / destWidth; + double ry = ((double) srcHeight) / destHeight; + + int destScansize = (int) Math.round(scansize / rx); + + byte[] destPixels = averagePixels(x, y, w, h, + model, pixels, offset, scansize, + rx, ry, destScansize); + + if (consumer != null) + consumer.setPixels((int) Math.floor(x/rx), (int) Math.floor(y/ry), + (int) Math.ceil(w/rx), (int) Math.ceil(h/ry), + model, destPixels, 0, destScansize); + } + + /** + * This function delivers a rectangle of pixels where any + * pixel(m,n) is stored in the array as an <code>int</code> at + * index (n * scansize + m + offset). + * + * @param x the x coordinate of the rectangle + * @param y the y coordinate of the rectangle + * @param w the width of the rectangle + * @param h the height of the rectangle + * @param model the <code>ColorModel</code> used to translate the pixels + * @param pixels the array of pixel values + * @param offset the index of the first pixels in the <code>pixels</code> array + * @param scansize the width to use in extracting pixels from the <code>pixels</code> array + */ + public void setPixels(int x, int y, int w, int h, + ColorModel model, int[] pixels, int offset, int scansize) + { + double rx = ((double) srcWidth) / destWidth; + double ry = ((double) srcHeight) / destHeight; + + int destScansize = (int) Math.round(scansize / rx); + + int[] destPixels = averagePixels(x, y, w, h, + model, pixels, offset, scansize, + rx, ry, destScansize); + + if (consumer != null) + consumer.setPixels((int) Math.floor(x/rx), (int) Math.floor(y/ry), + (int) Math.ceil(w/rx), (int) Math.ceil(h/ry), + model, destPixels, 0, destScansize); + } + + /** + * This is a really terrible implementation, + * since it uses the nearest-neighbor method. This filter is rarely used though. + * + * @param srcx, srcy - Source rectangle upper-left corner + * @param srcw, srch - Source rectangle width and height + * @param model - Pixel color model + * @param srcPixels - Source pixel data. + * @param srcOffset - Starting offset into the source pixel data array. + * @param srcScansize - Source array scanline size. + * @param rx,ry - Scaling factor. + * @param dstScansize - Destination array scanline size. + */ + private byte[] averagePixels(int srcx, int srcy, int srcw, int srch, + ColorModel model, byte[] srcPixels, + int srcOffset, int srcScansize, + double rx, double ry, int destScansize) + { + int destW = (int) Math.ceil(srcw/rx); + int destH = (int) Math.ceil(srch/ry); + byte[] destPixels = new byte[ destW * destH ]; + int sx, sy; + + int w = (int)Math.ceil(rx); + int h = (int)Math.ceil(ry); + + for(int x = 0; x < destW; x++) + for(int y = 0; y < destH; y++) + { + sx = (int) (x * rx); + sy = (int) (y * ry); + + int r,g,b,a; + r = g = b = a = 0; + + for(int i = 0; i < w; i++) + { + for(int j = 0; j < h; j++) + { + int idx = srcx + sx + i + (srcy + sy + j)*srcScansize; + r += model.getRed(srcPixels[ idx ]); + g += model.getGreen(srcPixels[ idx ]); + b += model.getBlue(srcPixels[ idx ]); + a += model.getAlpha(srcPixels[ idx ]); + } + } + + r = r / (w * h); + g = g / (w * h); + b = b / (w * h); + a = a / (w * h); + + // Does this really work? + destPixels[x + destScansize*y] = (byte)model.getDataElement + (new int[]{r, g, b, a}, 0); + } + + return destPixels; + } + + /** + * This is a really terrible implementation, + * since it uses the nearest-neighbor method. This filter is rarely used though. + * + * @param srcx, srcy - Source rectangle upper-left corner + * @param srcw, srch - Source rectangle width and height + * @param model - Pixel color model + * @param srcPixels - Source pixel data. + * @param srcOffset - Starting offset into the source pixel data array. + * @param srcScansize - Source array scanline size. + * @param rx,ry - Scaling factor. + * @param dstScansize - Destination array scanline size. + */ + private int[] averagePixels(int srcx, int srcy, int srcw, int srch, + ColorModel model, int[] srcPixels, + int srcOffset, int srcScansize, + double rx, double ry, int destScansize) + { + int destW = (int) Math.ceil(srcw/rx); + int destH = (int) Math.ceil(srch/ry); + int[] destPixels = new int[ destW * destH ]; + int sx, sy; + + int w = (int)Math.ceil(rx); + int h = (int)Math.ceil(ry); + + for(int x = 0; x < destW; x++) + for(int y = 0; y < destH; y++) + { + sx = (int) (x * rx); + sy = (int) (y * ry); + + int r,g,b,a; + r = g = b = a = 0; + + for(int i = 0; i < w; i++) + { + for(int j = 0; j < h; j++) + { + int idx = srcx + sx + i + (srcy + sy + j)*srcScansize; + r += model.getRed(srcPixels[ idx ]); + g += model.getGreen(srcPixels[ idx ]); + b += model.getBlue(srcPixels[ idx ]); + a += model.getAlpha(srcPixels[ idx ]); + } + } + + r = r / (w * h); + g = g / (w * h); + b = b / (w * h); + a = a / (w * h); + + destPixels[x + destScansize*y] = model.getDataElement + (new int[]{r, g, b, a}, 0); + } + + return destPixels; + } } diff --git a/java/nio/ByteBufferImpl.java b/java/nio/ByteBufferImpl.java index 48d715200..cbe627b06 100644 --- a/java/nio/ByteBufferImpl.java +++ b/java/nio/ByteBufferImpl.java @@ -120,13 +120,8 @@ final class ByteBufferImpl extends ByteBuffer int count = remaining(); shiftDown(0, pos, count); position(count); - limit(capacity()); - } - else - { - position(limit()); - limit(capacity()); } + limit(capacity()); return this; } diff --git a/java/nio/CharBufferImpl.java b/java/nio/CharBufferImpl.java index 33f8dab98..e6097cb75 100644 --- a/java/nio/CharBufferImpl.java +++ b/java/nio/CharBufferImpl.java @@ -90,15 +90,14 @@ final class CharBufferImpl extends CharBuffer { checkIfReadOnly(); mark = -1; - int copied = 0; - - while (remaining () > 0) + int p = position(); + int n = limit() - p; + if (n > 0) { - put (copied, get ()); - copied++; + System.arraycopy(backing_buffer, array_offset + p, + backing_buffer, array_offset, n); } - - position (copied); + position(n); limit(capacity()); return this; } diff --git a/java/nio/DoubleBufferImpl.java b/java/nio/DoubleBufferImpl.java index 248ab45e7..98e8e974f 100644 --- a/java/nio/DoubleBufferImpl.java +++ b/java/nio/DoubleBufferImpl.java @@ -82,15 +82,14 @@ final class DoubleBufferImpl extends DoubleBuffer { checkIfReadOnly(); mark = -1; - int copied = 0; - - while (remaining () > 0) + int p = position(); + int n = limit() - p; + if (n > 0) { - put (copied, get ()); - copied++; + System.arraycopy(backing_buffer, array_offset + p, + backing_buffer, array_offset, n); } - - position (copied); + position(n); limit(capacity()); return this; } diff --git a/java/nio/FloatBufferImpl.java b/java/nio/FloatBufferImpl.java index b4868780c..f1182ba38 100644 --- a/java/nio/FloatBufferImpl.java +++ b/java/nio/FloatBufferImpl.java @@ -82,15 +82,14 @@ final class FloatBufferImpl extends FloatBuffer { checkIfReadOnly(); mark = -1; - int copied = 0; - - while (remaining () > 0) + int p = position(); + int n = limit() - p; + if (n > 0) { - put (copied, get ()); - copied++; + System.arraycopy(backing_buffer, array_offset + p, + backing_buffer, array_offset, n); } - - position (copied); + position(n); limit(capacity()); return this; } diff --git a/java/nio/IntBufferImpl.java b/java/nio/IntBufferImpl.java index 22657482b..2bd184244 100644 --- a/java/nio/IntBufferImpl.java +++ b/java/nio/IntBufferImpl.java @@ -82,15 +82,14 @@ final class IntBufferImpl extends IntBuffer { checkIfReadOnly(); mark = -1; - int copied = 0; - - while (remaining () > 0) + int p = position(); + int n = limit() - p; + if (n > 0) { - put (copied, get ()); - copied++; + System.arraycopy(backing_buffer, array_offset + p, + backing_buffer, array_offset, n); } - - position (copied); + position(n); limit(capacity()); return this; } diff --git a/java/nio/LongBufferImpl.java b/java/nio/LongBufferImpl.java index 8772f618c..c04c41775 100644 --- a/java/nio/LongBufferImpl.java +++ b/java/nio/LongBufferImpl.java @@ -82,15 +82,14 @@ final class LongBufferImpl extends LongBuffer { checkIfReadOnly(); mark = -1; - int copied = 0; - - while (remaining () > 0) + int p = position(); + int n = limit() - p; + if (n > 0) { - put (copied, get ()); - copied++; + System.arraycopy(backing_buffer, array_offset + p, + backing_buffer, array_offset, n); } - - position (copied); + position(n); limit(capacity()); return this; } diff --git a/java/nio/ShortBufferImpl.java b/java/nio/ShortBufferImpl.java index ee5bff2f9..50f65ecbf 100644 --- a/java/nio/ShortBufferImpl.java +++ b/java/nio/ShortBufferImpl.java @@ -82,15 +82,14 @@ final class ShortBufferImpl extends ShortBuffer { checkIfReadOnly(); mark = -1; - int copied = 0; - - while (remaining () > 0) + int p = position(); + int n = limit() - p; + if (n > 0) { - put (copied, get ()); - copied++; + System.arraycopy(backing_buffer, array_offset + p, + backing_buffer, array_offset, n); } - - position (copied); + position(n); limit(capacity()); return this; } diff --git a/java/nio/channels/Channels.java b/java/nio/channels/Channels.java index a53cc2c74..382a3d705 100644 --- a/java/nio/channels/Channels.java +++ b/java/nio/channels/Channels.java @@ -38,8 +38,8 @@ exception statement from your version. */ package java.nio.channels; -import gnu.classpath.NotImplementedException; import gnu.java.nio.ChannelReader; +import gnu.java.nio.ChannelWriter; import gnu.java.nio.InputStreamChannel; import gnu.java.nio.OutputStreamChannel; @@ -126,10 +126,8 @@ public final class Channels */ public static Writer newWriter(WritableByteChannel ch, CharsetEncoder enc, int minBufferCap) - throws NotImplementedException { - // FIXME: implement java.nio.channels.Channel.newWriter(WritableByteChannel, CharsetEncoder, int) - throw new Error("not implemented"); + return new ChannelWriter(ch, enc, minBufferCap); } /** diff --git a/java/util/SimpleTimeZone.java b/java/util/SimpleTimeZone.java index 0bda44c33..72d61ff19 100644 --- a/java/util/SimpleTimeZone.java +++ b/java/util/SimpleTimeZone.java @@ -333,8 +333,6 @@ public class SimpleTimeZone extends TimeZone setStartRule(startMonth, startDayOfWeekInMonth, startDayOfWeek, startTime); setEndRule(endMonth, endDayOfWeekInMonth, endDayOfWeek, endTime); - if (startMonth == endMonth) - throw new IllegalArgumentException("startMonth and endMonth must be different"); this.startYear = 0; } @@ -393,8 +391,6 @@ public class SimpleTimeZone extends TimeZone setStartRule(startMonth, startDayOfWeekInMonth, startDayOfWeek, startTime); setEndRule(endMonth, endDayOfWeekInMonth, endDayOfWeek, endTime); - if (startMonth == endMonth) - throw new IllegalArgumentException("startMonth and endMonth must be different"); this.startYear = 0; this.dstSavings = dstSavings; @@ -413,67 +409,66 @@ public class SimpleTimeZone extends TimeZone } /** - * Checks if the month, day, dayOfWeek arguments are in range and + * Checks if the values are in range and * returns the mode of the rule. * @param month the month parameter as in the constructor - * @param day the day parameter as in the constructor - * @param dayOfWeek the day of week parameter as in the constructor * @return the mode of this rule see startMode. * @exception IllegalArgumentException if parameters are out of range. * @see #SimpleTimeZone(int, String, int, int, int, int, int, int, int, int) * @see #startMode */ - private int checkRule(int month, int day, int dayOfWeek) + private int checkRule(int month) { - if (month < 0 || month > 11) - throw new IllegalArgumentException("month out of range"); - - int daysInMonth = getDaysInMonth(month, 1); - if (dayOfWeek == 0) - { - if (day <= 0 || day > daysInMonth) - throw new IllegalArgumentException("day out of range"); - return DOM_MODE; - } - else if (dayOfWeek > 0) - { - if (Math.abs(day) > (daysInMonth + 6) / 7) - throw new IllegalArgumentException("dayOfWeekInMonth out of range"); - if (dayOfWeek > Calendar.SATURDAY) - throw new IllegalArgumentException("dayOfWeek out of range"); - return DOW_IN_MONTH_MODE; - } - else + if (startDay != 0) { - if (day == 0 || Math.abs(day) > daysInMonth) - throw new IllegalArgumentException("day out of range"); - if (dayOfWeek < -Calendar.SATURDAY) - throw new IllegalArgumentException("dayOfWeek out of range"); - if (day < 0) - return DOW_LE_DOM_MODE; - else - return DOW_GE_DOM_MODE; + if (startMonth < 0 || startMonth > 11) + throw new IllegalArgumentException("month out of range"); + + if (startDayOfWeek == 0) + startMode = DOM_MODE; + else + { + if (startDayOfWeek > 0) + startMode = DOW_IN_MONTH_MODE; + else + { + startDayOfWeek = -startDayOfWeek; + if (startDay < 0) + { + startDay = - startDay; + startMode = DOW_LE_DOM_MODE; + } + else + startMode = DOW_GE_DOM_MODE; + } + + if (startDayOfWeek > Calendar.SATURDAY) + throw new IllegalArgumentException("day of week out of range"); + } + + if (startMode != DOW_IN_MONTH_MODE + && (startDay <= 0 || startDay > getDaysInMonth(month, 1))) + throw new IllegalArgumentException("day out of range"); } + return startMode; } /** - * Sets the daylight savings start rule. You must also set the - * end rule with <code>setEndRule</code> or the result of - * getOffset is undefined. For the parameters see the ten-argument - * constructor above. - * - * @param month The month where daylight savings start, zero - * based. You should use the constants in Calendar. + * Sets the daylight savings start rule. You must also set the end rule with + * <code>setEndRule</code> or the result of getOffset is undefined. For the + * parameters see the ten-argument constructor above. + * + * @param month The month where daylight savings start, zero based. You should + * use the constants in Calendar. * @param day A day of month or day of week in month. * @param dayOfWeek The day of week where daylight savings start. - * @param time The time in milliseconds standard time where daylight - * savings start. + * @param time The time in milliseconds standard time where daylight savings + * start. * @exception IllegalArgumentException if parameters are out of range. * @see SimpleTimeZone */ public void setStartRule(int month, int day, int dayOfWeek, int time) { - this.startMode = checkRule(month, day, dayOfWeek); this.startMonth = month; this.startDay = day; this.startDayOfWeek = Math.abs(dayOfWeek); @@ -483,6 +478,7 @@ public class SimpleTimeZone extends TimeZone // Convert from UTC to STANDARD this.startTime = time + this.rawOffset; useDaylight = true; + this.startMode = checkRule(month); } /** @@ -517,9 +513,6 @@ public class SimpleTimeZone extends TimeZone // or before mode. this.startDay = after ? Math.abs(day) : -Math.abs(day); this.startDayOfWeek = after ? Math.abs(dayOfWeek) : -Math.abs(dayOfWeek); - this.startMode = (dayOfWeek != 0) - ? (after ? DOW_GE_DOM_MODE : DOW_LE_DOM_MODE) - : checkRule(month, day, dayOfWeek); this.startDay = Math.abs(this.startDay); this.startDayOfWeek = Math.abs(this.startDayOfWeek); @@ -531,6 +524,9 @@ public class SimpleTimeZone extends TimeZone // Convert from UTC to STANDARD this.startTime = time + this.rawOffset; useDaylight = true; + this.startMode = (dayOfWeek != 0) + ? (after ? DOW_GE_DOM_MODE : DOW_LE_DOM_MODE) + : checkRule(month); } /** @@ -566,7 +562,6 @@ public class SimpleTimeZone extends TimeZone */ public void setEndRule(int month, int day, int dayOfWeek, int time) { - this.endMode = checkRule(month, day, dayOfWeek); this.endMonth = month; this.endDay = day; this.endDayOfWeek = Math.abs(dayOfWeek); @@ -579,6 +574,7 @@ public class SimpleTimeZone extends TimeZone // Convert from UTC to DST this.endTime = time + this.rawOffset + this.dstSavings; useDaylight = true; + this.endMode = checkRule(month); } /** @@ -611,9 +607,6 @@ public class SimpleTimeZone extends TimeZone // or before mode. this.endDay = after ? Math.abs(day) : -Math.abs(day); this.endDayOfWeek = after ? Math.abs(dayOfWeek) : -Math.abs(dayOfWeek); - this.endMode = (dayOfWeek != 0) - ? (after ? DOW_GE_DOM_MODE : DOW_LE_DOM_MODE) - : checkRule(month, day, dayOfWeek); this.endDay = Math.abs(this.endDay); this.endDayOfWeek = Math.abs(endDayOfWeek); @@ -628,6 +621,9 @@ public class SimpleTimeZone extends TimeZone // Convert from UTC to DST this.endTime = time + this.rawOffset + this.dstSavings; useDaylight = true; + this.endMode = (dayOfWeek != 0) + ? (after ? DOW_GE_DOM_MODE : DOW_LE_DOM_MODE) + : checkRule(month); } /** diff --git a/javax/swing/JComponent.java b/javax/swing/JComponent.java index 8838dda0a..68d7d9d1c 100644 --- a/javax/swing/JComponent.java +++ b/javax/swing/JComponent.java @@ -2159,6 +2159,33 @@ public abstract class JComponent extends Container implements Serializable } /** + * Gets the root of the component given. If a parent of the + * component is an instance of Applet, then the applet is + * returned. The applet is considered the root for painting + * and adding/removing components. Otherwise, the root Window + * is returned if it exists. + * + * @param comp - The component to get the root for. + * @return the parent root. An applet if it is a parent, + * or the root window. If neither exist, null is returned. + */ + private Component getRoot(Component comp) + { + Applet app = null; + + while (comp != null) + { + if (app == null && comp instanceof Window) + return comp; + else if (comp instanceof Applet) + app = (Applet) comp; + comp = comp.getParent(); + } + + return app; + } + + /** * Performs double buffered repainting. */ private void paintDoubleBuffered(Rectangle r) @@ -2166,7 +2193,7 @@ public abstract class JComponent extends Container implements Serializable RepaintManager rm = RepaintManager.currentManager(this); // Paint on the offscreen buffer. - Component root = SwingUtilities.getRoot(this); + Component root = getRoot(this); Image buffer = rm.getOffscreenBuffer(this, root.getWidth(), root.getHeight()); //Rectangle targetClip = SwingUtilities.convertRectangle(this, r, root); diff --git a/javax/swing/JList.java b/javax/swing/JList.java index 04f3881a2..13ca094bb 100644 --- a/javax/swing/JList.java +++ b/javax/swing/JList.java @@ -965,11 +965,19 @@ public class JList extends JComponent implements Accessible, Scrollable int visibleRowCount; /** - * Fire a {@link ListSelectionEvent} to all the registered ListSelectionListeners. + * Fire a {@link ListSelectionEvent} to all the registered + * ListSelectionListeners. + * + * @param firstIndex the lowest index covering the selection change. + * @param lastIndex the highest index covering the selection change. + * @param isAdjusting a flag indicating if this event is one in a series + * of events updating the selection. */ - protected void fireSelectionValueChanged(int firstIndex, int lastIndex, boolean isAdjusting) + protected void fireSelectionValueChanged(int firstIndex, int lastIndex, + boolean isAdjusting) { - ListSelectionEvent evt = new ListSelectionEvent(this, firstIndex, lastIndex, isAdjusting); + ListSelectionEvent evt = new ListSelectionEvent(this, firstIndex, + lastIndex, isAdjusting); ListSelectionListener listeners[] = getListSelectionListeners(); for (int i = 0; i < listeners.length; ++i) { @@ -1172,6 +1180,8 @@ public class JList extends JComponent implements Accessible, Scrollable * #prototypeCellValue} property is set, but setting it explicitly * overrides the width computed from {@link #prototypeCellValue}. * + * @param w the width. + * * @see #getFixedCellHeight * @see #getPrototypeCellValue */ @@ -1247,6 +1257,16 @@ public class JList extends JComponent implements Accessible, Scrollable return (ListSelectionListener[]) getListeners(ListSelectionListener.class); } + /** + * Returns the selection mode for the list (one of: + * {@link ListSelectionModel#SINGLE_SELECTION}, + * {@link ListSelectionModel#SINGLE_INTERVAL_SELECTION} and + * {@link ListSelectionModel#MULTIPLE_INTERVAL_SELECTION}). + * + * @return The selection mode. + * + * @see #setSelectionMode(int) + */ public int getSelectionMode() { return selectionModel.getSelectionMode(); @@ -1292,6 +1312,9 @@ public class JList extends JComponent implements Accessible, Scrollable * For each element <code>a[i]</code> of the provided array * <code>a</code>, calls {@link #setSelectedIndex} on <code>a[i]</code>. * + * @param a an array of selected indices (<code>null</code> not permitted). + * + * @throws NullPointerException if <code>a</code> is <code>null</code>. * @see #setSelectionMode * @see #selectionModel */ @@ -1572,6 +1595,13 @@ public class JList extends JComponent implements Accessible, Scrollable setModel(createListModel(listData)); } + /** + * Returns a {@link ListModel} backed by the specified array. + * + * @param items the list items (don't use <code>null</code>). + * + * @return A list model containing the specified items. + */ private ListModel createListModel(final Object[] items) { return new AbstractListModel() @@ -1587,6 +1617,13 @@ public class JList extends JComponent implements Accessible, Scrollable }; } + /** + * Returns a {@link ListModel} backed by the specified vector. + * + * @param items the list items (don't use <code>null</code>). + * + * @return A list model containing the specified items. + */ private ListModel createListModel(final Vector items) { return new AbstractListModel() @@ -1694,7 +1731,21 @@ public class JList extends JComponent implements Accessible, Scrollable repaint(); } - + /** + * Returns the selection model for the {@link JList} component. Note that + * this class contains a range of convenience methods for configuring the + * selection model:<br> + * <ul> + * <li>{@link #clearSelection()};</li> + * <li>{@link #setSelectionMode(int)};</li> + * <li>{@link #addSelectionInterval(int, int)};</li> + * <li>{@link #setSelectedIndex(int)};</li> + * <li>{@link #setSelectedIndices(int[])};</li> + * <li>{@link #setSelectionInterval(int, int)}.</li> + * </ul> + * + * @return The selection model. + */ public ListSelectionModel getSelectionModel() { return selectionModel; @@ -2049,11 +2100,23 @@ public class JList extends JComponent implements Accessible, Scrollable return retVal; } + /** + * Returns the index of the anchor item in the current selection, or + * <code>-1</code> if there is no anchor item. + * + * @return The item index. + */ public int getAnchorSelectionIndex() { return selectionModel.getAnchorSelectionIndex(); } + /** + * Returns the index of the lead item in the current selection, or + * <code>-1</code> if there is no lead item. + * + * @return The item index. + */ public int getLeadSelectionIndex() { return selectionModel.getLeadSelectionIndex(); @@ -2085,21 +2148,48 @@ public class JList extends JComponent implements Accessible, Scrollable return selectionModel.getMaxSelectionIndex(); } + /** + * Clears the current selection. + */ public void clearSelection() { selectionModel.clearSelection(); } + /** + * Sets the current selection to the items in the specified range (inclusive). + * Note that <code>anchor</code> can be less than, equal to, or greater than + * <code>lead</code>. + * + * @param anchor the index of the anchor item. + * @param lead the index of the anchor item. + */ public void setSelectionInterval(int anchor, int lead) { selectionModel.setSelectionInterval(anchor, lead); } + /** + * Adds the specified interval to the current selection. Note that + * <code>anchor</code> can be less than, equal to, or greater than + * <code>lead</code>. + * + * @param anchor the index of the anchor item. + * @param lead the index of the lead item. + */ public void addSelectionInterval(int anchor, int lead) { selectionModel.addSelectionInterval(anchor, lead); } + /** + * Removes the specified interval from the current selection. Note that + * <code>index0</code> can be less than, equal to, or greater than + * <code>index1</code>. + * + * @param index0 an index for one end of the range. + * @param index1 an index for the other end of the range. + */ public void removeSelectionInterval(int index0, int index1) { selectionModel.removeSelectionInterval(index0, index1); diff --git a/javax/swing/JSplitPane.java b/javax/swing/JSplitPane.java index 4e18b7cda..c11512198 100644 --- a/javax/swing/JSplitPane.java +++ b/javax/swing/JSplitPane.java @@ -713,16 +713,23 @@ public class JSplitPane extends JComponent implements Accessible /** * This method sets the location of the divider. - * - * @param location The location of the divider. + * + * @param location The location of the divider. The negative value forces to + * compute the new location from the preferred sizes of the split + * pane components. */ public void setDividerLocation(int location) { if (ui != null && location != getDividerLocation()) { - int oldLocation = getDividerLocation(); - ((SplitPaneUI) ui).setDividerLocation(this, location); - firePropertyChange(DIVIDER_LOCATION_PROPERTY, oldLocation, location); + int oldLocation = getDividerLocation(); + if (location < 0) + ((SplitPaneUI) ui).resetToPreferredSizes(this); + else + ((SplitPaneUI) ui).setDividerLocation(this, location); + + firePropertyChange(DIVIDER_LOCATION_PROPERTY, oldLocation, + getDividerLocation()); } } diff --git a/javax/swing/MenuSelectionManager.java b/javax/swing/MenuSelectionManager.java index 12f6d2f9e..df7b42037 100644 --- a/javax/swing/MenuSelectionManager.java +++ b/javax/swing/MenuSelectionManager.java @@ -365,53 +365,35 @@ public class MenuSelectionManager return; } - int i; - int minSize = path.length; // size of the smaller path. + int minSize = path.length; // size of the smaller path. + int currentSize = selectedPath.size(); + int firstDiff = 0; - if (path.length > selectedPath.size()) + // Search first item that is different in the current and new path. + for (int i = 0; i < minSize; i++) { - minSize = selectedPath.size(); - - // if new selected path contains more elements then current - // selection then first add all elements at - // the indexes > selectedPath.size - for (i = selectedPath.size(); i < path.length; i++) - { - selectedPath.add(path[i]); - path[i].menuSelectionChanged(true); - } + if (i < currentSize && (MenuElement) selectedPath.get(i) == path[i]) + firstDiff++; + else + break; } - else if (path.length < selectedPath.size()) + // Remove items from selection and send notification. + for (int i = currentSize - 1; i >= firstDiff; i--) { - // if new selected path contains less elements then current - // selection then first remove all elements from the selection - // at the indexes > path.length - for (i = selectedPath.size() - 1; i >= path.length; i--) - { - ((MenuElement) selectedPath.get(i)).menuSelectionChanged(false); - selectedPath.remove(i); - } - - minSize = path.length; + MenuElement el = (MenuElement) selectedPath.get(i); + selectedPath.remove(i); + el.menuSelectionChanged(false); } - // Now compare elements in new and current selection path at the - // same location and adjust selection until - // same menu elements will be encountered at the - // same index in both current and new selection path. - MenuElement oldSelectedItem; - - for (i = minSize - 1; i >= 0; i--) + // Add new items to selection and send notification. + for (int i = firstDiff; i < minSize; i++) { - oldSelectedItem = (MenuElement) selectedPath.get(i); - - if ((i + 1) < path.length && path[i + 1].equals(oldSelectedItem)) - break; - - oldSelectedItem.menuSelectionChanged(false); - path[i].menuSelectionChanged(true); - selectedPath.setElementAt(path[i], i); + if (path[i] != null) + { + selectedPath.add(path[i]); + path[i].menuSelectionChanged(true); + } } fireStateChanged(); diff --git a/javax/swing/RepaintManager.java b/javax/swing/RepaintManager.java index 9e246ee1e..8508996f5 100644 --- a/javax/swing/RepaintManager.java +++ b/javax/swing/RepaintManager.java @@ -38,11 +38,13 @@ exception statement from your version. */ package javax.swing; +import java.applet.Applet; import java.awt.Component; import java.awt.Dimension; import java.awt.Graphics; import java.awt.Image; import java.awt.Rectangle; +import java.awt.Window; import java.awt.image.VolatileImage; import java.util.ArrayList; import java.util.Collections; @@ -607,7 +609,7 @@ public class RepaintManager public Image getOffscreenBuffer(Component component, int proposedWidth, int proposedHeight) { - Component root = SwingUtilities.getRoot(component); + Component root = getRoot(component); Image buffer = (Image) offscreenBuffers.get(root); if (buffer == null || buffer.getWidth(null) < proposedWidth @@ -622,7 +624,33 @@ public class RepaintManager } return buffer; } - + + /** + * Gets the root of the component given. If a parent of the + * component is an instance of Applet, then the applet is + * returned. The applet is considered the root for painting. + * Otherwise, the root Window is returned if it exists. + * + * @param comp - The component to get the root for. + * @return the parent root. An applet if it is a parent, + * or the root window. If neither exist, null is returned. + */ + private Component getRoot(Component comp) + { + Applet app = null; + + while (comp != null) + { + if (app == null && comp instanceof Window) + return comp; + else if (comp instanceof Applet) + app = (Applet) comp; + comp = comp.getParent(); + } + + return app; + } + /** * Blits the back buffer of the specified root component to the screen. If * the RepaintManager is currently working on a paint request, the commit diff --git a/javax/swing/ScrollPaneLayout.java b/javax/swing/ScrollPaneLayout.java index da8f03afb..31846fa55 100644 --- a/javax/swing/ScrollPaneLayout.java +++ b/javax/swing/ScrollPaneLayout.java @@ -328,6 +328,12 @@ public class ScrollPaneLayout // parent is no JScrollPane, so do we. JScrollPane sc = (JScrollPane) parent; JViewport viewport = sc.getViewport(); + Component view = viewport.getView(); + + // If there is no view in the viewport, there is no work to be done. + if (view == null) + return; + Dimension viewSize = viewport.getView().getPreferredSize(); int x1 = 0, x2 = 0, x3 = 0, x4 = 0; diff --git a/javax/swing/SwingUtilities.java b/javax/swing/SwingUtilities.java index 58eb6d922..b5ef61bd9 100644 --- a/javax/swing/SwingUtilities.java +++ b/javax/swing/SwingUtilities.java @@ -386,20 +386,17 @@ public class SwingUtilities app = (Applet) comp; comp = comp.getParent(); } - + if (win != null) return win; - else - return app; + return app; } /** - * Return true if a descends from b, in other words if b is an - * ancestor of a. - * + * Return true if a descends from b, in other words if b is an ancestor of a. + * * @param a The child to search the ancestry of * @param b The potential ancestor to search for - * * @return true if a is a descendent of b, false otherwise */ public static boolean isDescendingFrom(Component a, Component b) diff --git a/javax/swing/plaf/basic/BasicTextUI.java b/javax/swing/plaf/basic/BasicTextUI.java index 66c0da284..3b620f049 100644 --- a/javax/swing/plaf/basic/BasicTextUI.java +++ b/javax/swing/plaf/basic/BasicTextUI.java @@ -440,6 +440,9 @@ public abstract class BasicTextUI extends TextUI */ public void changedUpdate(DocumentEvent ev) { + // Updates are forwarded to the View even if 'getVisibleEditorRect' + // method returns null. This means the View classes have to be + // aware of that possibility. rootView.changedUpdate(ev, getVisibleEditorRect(), rootView.getViewFactory()); } @@ -451,6 +454,9 @@ public abstract class BasicTextUI extends TextUI */ public void insertUpdate(DocumentEvent ev) { + // Updates are forwarded to the View even if 'getVisibleEditorRect' + // method returns null. This means the View classes have to be + // aware of that possibility. rootView.insertUpdate(ev, getVisibleEditorRect(), rootView.getViewFactory()); } @@ -462,6 +468,9 @@ public abstract class BasicTextUI extends TextUI */ public void removeUpdate(DocumentEvent ev) { + // Updates are forwarded to the View even if 'getVisibleEditorRect' + // method returns null. This means the View classes have to be + // aware of that possibility. rootView.removeUpdate(ev, getVisibleEditorRect(), rootView.getViewFactory()); } @@ -1015,6 +1024,10 @@ public abstract class BasicTextUI extends TextUI public void damageRange(JTextComponent t, int p0, int p1, Position.Bias firstBias, Position.Bias secondBias) { + // Do nothing if the component cannot be properly displayed. + if (t.getWidth() == 0 || t.getHeight() == 0) + return; + try { // Limit p0 and p1 to sane values to prevent unfriendly @@ -1201,7 +1214,10 @@ public abstract class BasicTextUI extends TextUI public Rectangle modelToView(JTextComponent t, int pos, Position.Bias bias) throws BadLocationException { - return rootView.modelToView(pos, getVisibleEditorRect(), bias).getBounds(); + Rectangle r = getVisibleEditorRect(); + + return (r != null) ? rootView.modelToView(pos, r, bias).getBounds() + : null; } /** @@ -1278,8 +1294,9 @@ public abstract class BasicTextUI extends TextUI int width = textComponent.getWidth(); int height = textComponent.getHeight(); + // Return null if the component has no valid size. if (width <= 0 || height <= 0) - return new Rectangle(0, 0, 0, 0); + return null; Insets insets = textComponent.getInsets(); return new Rectangle(insets.left, insets.top, diff --git a/javax/swing/text/DefaultCaret.java b/javax/swing/text/DefaultCaret.java index fc2aca0a0..3bef80d9e 100644 --- a/javax/swing/text/DefaultCaret.java +++ b/javax/swing/text/DefaultCaret.java @@ -721,9 +721,7 @@ public class DefaultCaret extends Rectangle { try { - if (highlightEntry == null) - highlightEntry = highlighter.addHighlight(0, 0, getSelectionPainter()); - else + if (highlightEntry != null) highlighter.changeHighlight(highlightEntry, 0, 0); // Free the global variable which stores the text component with an active diff --git a/javax/swing/text/FieldView.java b/javax/swing/text/FieldView.java index 127f32f53..0c2f0fef1 100644 --- a/javax/swing/text/FieldView.java +++ b/javax/swing/text/FieldView.java @@ -138,6 +138,10 @@ public class FieldView extends PlainView */ protected Shape adjustAllocation(Shape shape) { + // Return null when the original allocation is null (like the RI). + if (shape == null) + return null; + Rectangle rectIn = shape.getBounds(); // vertical adjustment int height = (int) getPreferredSpan(Y_AXIS); diff --git a/javax/swing/text/GapContent.java b/javax/swing/text/GapContent.java index bad7c0a01..219accb40 100644 --- a/javax/swing/text/GapContent.java +++ b/javax/swing/text/GapContent.java @@ -289,6 +289,7 @@ public class GapContent */ public GapContent(int size) { + size = Math.max(size, 2); buffer = (char[]) allocateArray(size); gapStart = 1; gapEnd = size; @@ -351,7 +352,7 @@ public class GapContent throw new BadLocationException("The where argument cannot be smaller" + " than the zero", where); - if (where >= length) + if (where > length) throw new BadLocationException("The where argument cannot be greater" + " than the content length", where); @@ -375,14 +376,11 @@ public class GapContent { // check arguments int length = length(); - - if (where >= length) - throw new BadLocationException("the where argument cannot be greater" - + " than the content length", where); - if ((where + nitems) > length) + + if ((where + nitems) >= length) throw new BadLocationException("where + nitems cannot be greater" + " than the content length", where + nitems); - + String removedText = getString(where, nitems); replace(where, nitems, null, 0); @@ -439,6 +437,8 @@ public class GapContent { // check arguments int length = length(); + if (where < 0) + throw new BadLocationException("the where argument may not be below zero", where); if (where >= length) throw new BadLocationException("the where argument cannot be greater" + " than the content length", where); @@ -643,12 +643,8 @@ public class GapContent { System.arraycopy(addItems, 0, buffer, gapStart, addSize); - // Position objects having their mark at the end of the gap - // (results in an offset equal to gapStart) should be moved down - // because the size of the gap will decrease by addSize and the - // offsets will increase by the same amount and the latter should - // not happen. - setPositionsInRange(gapEnd, 0, gapStart); + + resetMarksAtZero(); gapStart += addSize; } diff --git a/javax/swing/text/JTextComponent.java b/javax/swing/text/JTextComponent.java index 8492d8b90..1103de9b4 100644 --- a/javax/swing/text/JTextComponent.java +++ b/javax/swing/text/JTextComponent.java @@ -1191,6 +1191,7 @@ public abstract class JTextComponent extends JComponent catch (BadLocationException e) { // This can never happen. + throw (InternalError) new InternalError().initCause(e); } } diff --git a/javax/swing/text/PlainView.java b/javax/swing/text/PlainView.java index 5f2f57705..18818c0ba 100644 --- a/javax/swing/text/PlainView.java +++ b/javax/swing/text/PlainView.java @@ -437,6 +437,11 @@ public class PlainView extends View implements TabExpander */ protected void updateDamage(DocumentEvent changes, Shape a, ViewFactory f) { + // Return early and do no updates if the allocation area is null + // (like the RI). + if (a == null) + return; + float oldMaxLineLength = maxLineLength; Rectangle alloc = a.getBounds(); Element el = getElement(); diff --git a/javax/swing/text/WrappedPlainView.java b/javax/swing/text/WrappedPlainView.java index 1cd85b515..a6c369a4c 100644 --- a/javax/swing/text/WrappedPlainView.java +++ b/javax/swing/text/WrappedPlainView.java @@ -518,7 +518,11 @@ public class WrappedPlainView extends BoxView implements TabExpander if (axis == X_AXIS) return getWidth(); else if (axis == Y_AXIS) - return numLines * metrics.getHeight(); + { + if (metrics == null) + updateMetrics(); + return numLines * metrics.getHeight(); + } throw new IllegalArgumentException("Invalid axis for getPreferredSpan: " + axis); @@ -538,9 +542,15 @@ public class WrappedPlainView extends BoxView implements TabExpander public Shape modelToView(int pos, Shape a, Bias b) throws BadLocationException { + Rectangle rect = a.getBounds(); + + // Throwing a BadLocationException is an observed behavior of the RI. + if (rect.isEmpty()) + throw new BadLocationException("Unable to calculate view coordinates " + + "when allocation area is empty.", 5); + Segment s = getLineBuffer(); int lineHeight = metrics.getHeight(); - Rectangle rect = a.getBounds(); // Return a rectangle with width 1 and height equal to the height // of the text @@ -661,11 +671,16 @@ public class WrappedPlainView extends BoxView implements TabExpander } /** - * This method is called from insertUpdate and removeUpdate. - * If the number of lines in the document has changed, just repaint + * <p>This method is called from insertUpdate and removeUpdate.</p> + * + * <p>If the number of lines in the document has changed, just repaint * the whole thing (note, could improve performance by not repainting * anything above the changes). If the number of lines hasn't changed, - * just repaint the given Rectangle. + * just repaint the given Rectangle.</p> + * + * <p>Note that the <code>Rectangle</code> argument may be <code>null</code> + * when the allocation area is empty.</code> + * * @param a the Rectangle to repaint if the number of lines hasn't changed */ void updateDamage (Rectangle a) @@ -674,7 +689,7 @@ public class WrappedPlainView extends BoxView implements TabExpander // As determining the number of lines is impossible in that state we // reset it to an invalid value which can then be recalculated at a // later point. - if (a.isEmpty()) + if (a == null || a.isEmpty()) { numLines = 1; return; diff --git a/javax/swing/tree/DefaultTreeModel.java b/javax/swing/tree/DefaultTreeModel.java index 713343811..5ca69e2ff 100644 --- a/javax/swing/tree/DefaultTreeModel.java +++ b/javax/swing/tree/DefaultTreeModel.java @@ -75,26 +75,29 @@ public class DefaultTreeModel protected boolean asksAllowsChildren; /** - * Constructor DefaultTreeModel + * Constructor DefaultTreeModel where any node can have children. * * @param root the tree root. */ public DefaultTreeModel(TreeNode root) { - if (root == null) - root = new DefaultMutableTreeNode(); - setRoot(root); + this (root, false); } /** - * Constructor DefaultTreeModel + * Create the DefaultTreeModel that may check if the nodes can have + * children or not. * - * @param root the tree root. - * @param asksAllowsChildren TODO + * @param aRoot the tree root. + * @param asksAllowsChildren if true, each node is asked if it can have + * children. If false, the model does not care about this, supposing, that + * any node can have children. */ - public DefaultTreeModel(TreeNode root, boolean asksAllowsChildren) + public DefaultTreeModel(TreeNode aRoot, boolean asksAllowsChildren) { - setRoot(root); + if (aRoot == null) + aRoot = new DefaultMutableTreeNode(); + this.root = aRoot; this.asksAllowsChildren = asksAllowsChildren; } diff --git a/tools/.cvsignore b/tools/.cvsignore index ed63b49d8..4bbf2266e 100644 --- a/tools/.cvsignore +++ b/tools/.cvsignore @@ -1,4 +1,5 @@ jarsigner.sh +keytool.sh Makefile.in Makefile tools.zip diff --git a/tools/gnu/classpath/tools/common/CallbackUtil.java b/tools/gnu/classpath/tools/common/CallbackUtil.java new file mode 100644 index 000000000..398bb6cae --- /dev/null +++ b/tools/gnu/classpath/tools/common/CallbackUtil.java @@ -0,0 +1,145 @@ +/* CallbackUtil.java -- Callback related utilities + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.common; + +import gnu.javax.security.auth.callback.ConsoleCallbackHandler; + +import java.security.Provider; +import java.security.Security; +import java.util.logging.Logger; + +import javax.security.auth.callback.CallbackHandler; + +/** + * A <i>Helper</i> class containing general purpose utlity methods dealing with + * callback handlers and their <i>Security Provider</i>. + */ +public abstract class CallbackUtil +{ + private static final Logger log = Logger.getLogger(CallbackUtil.class.getName()); + + // default 0-arguments constructor + + // Class methods + // -------------------------------------------------------------------------- + + /** + * Return an implementation of the {@link CallbackHandler}, from any + * {@link Provider}, capable of handling callbacks through the <i>console</i>; + * i.e. <code>System.in</code> and <code>System.out</code>. + * <p> + * If no <i>Security Provider</i> for this type of callback was found, this + * method returns the default GNU implementation. + * + * @return a console {@link CallbackHandler} implementation. + */ + public static final CallbackHandler getConsoleHandler() + { + CallbackHandler result = getHandler("Console"); + if (result == null) + { + log.fine("No console callback handler found. Will use ours"); + result = new ConsoleCallbackHandler(); + } + return result; + } + + /** + * Return a {@link CallbackHandler}, of a designated type, for interacting + * with the user. + * <p> + * This method first finds all currently installed <i>Security Providers</i> + * capable of providing such service and then in turn attempts to instantiate + * the handler from those providers. As soon as one provider returns a non- + * null instance of the callback handler, the search stops and that instance + * is returned. + * + * @return a {@link CallbackHandler} of the designated type, or + * <code>null</code> if no provider was found for theis type of + * callback. + */ + private static final CallbackHandler getHandler(String handlerType) + { + log.entering(CallbackUtil.class.getName(), "getHandler", handlerType); + + CallbackHandler result = null; + String service = "CallbackHandler." + handlerType; + Provider[] providers = Security.getProviders(service); + if (providers != null) + for (int i = 0; i < providers.length; i++) + { + Provider p = providers[i]; + String className = p.getProperty(service); + if (className != null) + try + { + result = (CallbackHandler) Class.forName(className.trim()).newInstance(); + } + catch (InstantiationException x) + { + log.fine("InstantiationException while creating [" + + className + "] from provider [" + p.getName() + + "]. Ignore"); + } + catch (IllegalAccessException x) + { + log.fine("IllegalAccessException while creating [" + + className + "] from provider [" + p.getName() + + "]. Ignore"); + } + catch (ClassNotFoundException x) + { + log.fine("ClassNotFoundException while creating [" + + className + "] from provider [" + p.getName() + + "]. Ignore"); + } + + if (result != null) + { + + log.fine("Will use [" + result.getClass().getName() + + "] from [" + p.getName() + "]"); + break; + } + } + + log.exiting(CallbackUtil.class.getName(), "getHandler", result); + return result; + } +} diff --git a/tools/gnu/classpath/tools/common/ProviderUtil.java b/tools/gnu/classpath/tools/common/ProviderUtil.java new file mode 100644 index 000000000..8d0434433 --- /dev/null +++ b/tools/gnu/classpath/tools/common/ProviderUtil.java @@ -0,0 +1,163 @@ +/* ProviderUtil.java -- Security Provider related utilities + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.common; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; +import java.util.logging.Logger; + +/** + * A <i>Helper</i> class containing general purpose utlity methods dealing with + * installing and removing <i>Security Providers</i> at runtime. + */ +public abstract class ProviderUtil +{ + private static final Logger log = Logger.getLogger(ProviderUtil.class.getName()); + + // default 0-arguments constructor + + // Class methods + // -------------------------------------------------------------------------- + + /** + * Attempt to (a) instantiate, and (b) add a designated {@link Provider} by + * inserting at at the top of the list of <i>Security Providers</i> already + * present at runtime, only if it is not already installed. + * <p> + * <b>IMPORTANT</b>: This method overrides the security check usually carried + * out by the security manager when inserting a new {@link Provider}. + * + * @param providerClass a fully qualified, non-null, class name of a + * <i>Security Provider</i> to add if it is not already installed. + * @return an instance of {@link SecurityProviderInfo} referencing the + * {@link Provider} instance created with the designated class name, + * and its position in the underlying JVM runtime. + */ + public static final SecurityProviderInfo addProvider(String providerClass) + { + log.entering(ProviderUtil.class.getName(), "addProvider", providerClass); + + Provider provider = null; + try + { + provider = (Provider) Class.forName(providerClass.trim()).newInstance(); + } + catch (InstantiationException x) + { + log.fine("InstantiationException while creating [" + providerClass + + "]. Ignore"); + } + catch (IllegalAccessException x) + { + log.fine("IllegalAccessException while creating [" + providerClass + + "]. Ignore"); + } + catch (ClassNotFoundException x) + { + log.fine("ClassNotFoundException while creating [" + providerClass + + "]. Ignore"); + } + + int position = provider != null ? addProvider(provider) : -1; + SecurityProviderInfo result = new SecurityProviderInfo(provider, position); + + log.exiting(ProviderUtil.class.getName(), "addProvider", result); + return result; + } + + /** + * Attempt to add the designated {@link Provider} by inserting at at the top + * of the list of <i>Security Providers</i> already present at runtime, only + * if it is not already installed. + * <p> + * <b>IMPORTANT</b>: This method overrides the security check usually carried + * out by the security manager when inserting a new {@link Provider}. + * + * @param provider a non-null <i>Security Provider</i> to add if it is not + * already installed. + * @return the new position of the designated provider in the list if it was + * not already present, or <code>-1</code> if it was already + * installed. + */ + public static final int addProvider(final Provider provider) + { + log.entering(ProviderUtil.class.getName(), "addProvider", provider); + + Integer actualPosition = (Integer) AccessController.doPrivileged(new PrivilegedAction() + { + public Object run() + { + int result = Security.insertProviderAt(provider, 1); + return Integer.valueOf(result); + } + }); + + int result = actualPosition.intValue(); + log.fine("Provider [" + provider.getName() + "] installed? " + (result != - 1)); + + log.exiting(ProviderUtil.class.getName(), "addProvider", actualPosition); + return result; + } + + /** + * Remove a designated <i>Security Provider</i>. + * <p> + * <b>IMPORTANT</b>: This method overrides the security check usually carried + * out by the security manager when removing a {@link Provider}. + * + * @param providerName the name of the {@link Provider} to remove. + */ + public static final void removeProvider(final String providerName) + { + log.entering(ProviderUtil.class.getName(), "removeProvider", providerName); + + AccessController.doPrivileged(new PrivilegedAction() + { + public Object run() + { + Security.removeProvider(providerName); + return null; + } + }); + + log.exiting(ProviderUtil.class.getName(), "removeProvider"); + } +} diff --git a/tools/gnu/classpath/tools/common/SecurityProviderInfo.java b/tools/gnu/classpath/tools/common/SecurityProviderInfo.java new file mode 100644 index 000000000..e12ee4fe3 --- /dev/null +++ b/tools/gnu/classpath/tools/common/SecurityProviderInfo.java @@ -0,0 +1,99 @@ +/* SecurityProviderInfo.java -- Data Access Object for a security provider + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.common; + +import java.security.Provider; + +/** + * A Data Access Object (DAO) referenceing a <i>Security Provider</i> and its + * position in the list of installed <i>Security Providers</i> in the underlying + * JVM runtime. + */ +public class SecurityProviderInfo +{ + final private Provider provider; + final private int position; + private transient String str; + + /** + * Constructs an instance of <code>SecurityProviderInfo</code>. + * <p> + * Used by {@link ProviderUtil} to indicate the result of adding a provider, + * given its class name. + * + * @param provider the possibly <code>null</code> {@link Provider}. + * @param position the position of <code>provider</code> in the list of + * <i>Security Providers</i> in the underlying JVM runtime. <code>-1</code> + * if that provider (a) is <code>null</code>, or (b) was not added because it + * was already there. + */ + SecurityProviderInfo(Provider provider, int position) + { + super(); + + this.provider = provider; + this.position = position; + } + + /** @return the possibly <code>null</code> {@link Provider} instance. */ + public Provider getProvider() + { + return this.provider; + } + + /** + * @return the position of the {@link Provider}, or <code>-1</code> if it + * was not added. + */ + public int getPosition() + { + return this.position; + } + + public String toString() + { + if (str == null) + if (provider == null) + str = "SecurityProviderInfo{null, -1}"; + else + str = "SecurityProviderInfo{" + provider.getName() + ", " + position + "}"; + + return str; + } +} diff --git a/tools/gnu/classpath/tools/jarsigner/JarSigner.java b/tools/gnu/classpath/tools/jarsigner/JarSigner.java index e6106a600..40bee9fe9 100644 --- a/tools/gnu/classpath/tools/jarsigner/JarSigner.java +++ b/tools/gnu/classpath/tools/jarsigner/JarSigner.java @@ -69,7 +69,7 @@ public class JarSigner void start() throws Exception { - log.entering("JarSigner", "start"); + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ JarFile jarFile = new JarFile(main.getJarFileName()); SFHelper sfHelper = new SFHelper(jarFile); @@ -87,15 +87,15 @@ public class JarSigner sfHelper.updateEntry(je); if (main.isVerbose()) - System.out.println(" signing: " + jeName); + System.out.println(Messages.getString("JarSigner.1") + jeName); //$NON-NLS-1$ } sfHelper.finishSigning(main.isSectionsOnly()); if (main.isVerbose()) - System.out.println(" updating: " + JarFile.MANIFEST_NAME); + System.out.println(Messages.getString("JarSigner.2") + JarFile.MANIFEST_NAME); //$NON-NLS-1$ // 2. write jar entries and manifest - File signedJarFile = File.createTempFile("gcp-", ".jar"); + File signedJarFile = File.createTempFile("gcp-", ".jar"); //$NON-NLS-1$ //$NON-NLS-2$ FileOutputStream fos = new FileOutputStream(signedJarFile); JarOutputStream outSignedJarFile = new JarOutputStream(fos, sfHelper.getManifest()); @@ -107,7 +107,7 @@ public class JarSigner || jeName.endsWith(File.separator)) continue; - log.finest("Processing " + jeName); + log.finest("Processing " + jeName); //$NON-NLS-1$ JarEntry newEntry = new JarEntry(jeName); newEntry.setTime(je.getTime()); outSignedJarFile.putNextEntry(newEntry); @@ -119,19 +119,19 @@ public class JarSigner String signaturesFileName = main.getSigFileName(); String sfFileName = JarUtils.META_INF + signaturesFileName + JarUtils.SF_SUFFIX; - log.finest("Processing " + sfFileName); + log.finest("Processing " + sfFileName); //$NON-NLS-1$ JarEntry sfEntry = new JarEntry(sfFileName); sfEntry.setTime(System.currentTimeMillis()); outSignedJarFile.putNextEntry(sfEntry); sfHelper.writeSF(outSignedJarFile); - log.info("Created .SF file"); + log.finer("Created .SF file"); //$NON-NLS-1$ if (main.isVerbose()) - System.out.println(" adding: " + sfFileName); + System.out.println(Messages.getString("JarSigner.8") + sfFileName); //$NON-NLS-1$ // 4. create the .DSA file String dsaFileName = JarUtils.META_INF + signaturesFileName + JarUtils.DSA_SUFFIX; - log.finest("Processing " + dsaFileName); + log.finest("Processing " + dsaFileName); //$NON-NLS-1$ JarEntry dsaEntry = new JarEntry(dsaFileName); dsaEntry.setTime(System.currentTimeMillis()); outSignedJarFile.putNextEntry(dsaEntry); @@ -139,20 +139,20 @@ public class JarSigner main.getSignerPrivateKey(), main.getSignerCertificateChain(), main.isInternalSF()); - log.info("Created .DSA file"); + log.finer("Created .DSA file"); //$NON-NLS-1$ if (main.isVerbose()) - System.out.println(" adding: " + dsaFileName); + System.out.println(Messages.getString("JarSigner.11") + dsaFileName); //$NON-NLS-1$ // cleanup outSignedJarFile.close(); fos.close(); signedJarFile.renameTo(new File(main.getSignedJarFileName())); - log.info("Renamed signed JAR file"); + log.finer("Renamed signed JAR file"); //$NON-NLS-1$ if (main.isVerbose()) - System.out.println(SystemProperties.getProperty("line.separator") - + "jar signed."); + System.out.println(SystemProperties.getProperty("line.separator") //$NON-NLS-1$ + + Messages.getString("JarSigner.14")); //$NON-NLS-1$ - log.exiting("JarSigner", "start"); + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ } private void copyFromTo(InputStream in, JarOutputStream out) diff --git a/tools/gnu/classpath/tools/jarsigner/JarVerifier.java b/tools/gnu/classpath/tools/jarsigner/JarVerifier.java index 1d3a98dda..f80147dfa 100644 --- a/tools/gnu/classpath/tools/jarsigner/JarVerifier.java +++ b/tools/gnu/classpath/tools/jarsigner/JarVerifier.java @@ -94,7 +94,7 @@ public class JarVerifier void start() throws Exception { - log.entering("JarVerifier", "start"); + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ String jarFileName = main.getJarFileName(); jarFile = new JarFile(jarFileName); @@ -110,7 +110,7 @@ public class JarVerifier continue; // only interested in .SF files in, and not deeper than, META-INF - String[] jeNameParts = jeName.split("/"); + String[] jeNameParts = jeName.split("/"); //$NON-NLS-1$ if (jeNameParts.length != 2) continue; @@ -121,7 +121,7 @@ public class JarVerifier // 2. verify each one if (sfFiles.isEmpty()) - System.out.println("jar is not signed.--no signature files found."); + System.out.println(Messages.getString("JarVerifier.2")); //$NON-NLS-1$ else { int limit = sfFiles.size(); @@ -135,15 +135,17 @@ public class JarVerifier } if (count == 0) - System.out.println("jar verification failed."); + System.out.println(Messages.getString("JarVerifier.3")); //$NON-NLS-1$ else if (count != limit) - System.out.println("jar partially verified --" + count + " of " - + limit + " signers."); + System.out.println(Messages.getFormattedString("JarVerifier.4", //$NON-NLS-1$ + new Integer[] {Integer.valueOf(count), + Integer.valueOf(limit)})); else - System.out.println("jar verified --" + limit + " signer(s)."); + System.out.println(Messages.getFormattedString("JarVerifier.7", //$NON-NLS-1$ + Integer.valueOf(limit))); } - log.exiting("JarVerifier", "start"); + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ } /** @@ -160,15 +162,15 @@ public class JarVerifier private boolean verifySF(String sigFileName) throws CRLException, CertificateException, ZipException, IOException { - log.entering("JarVerifier", "verifySF"); - log.finest("About to verify signature of " + sigFileName + "..."); + log.entering(this.getClass().getName(), "verifySF"); //$NON-NLS-1$ + log.finest("About to verify signature of " + sigFileName + "..."); //$NON-NLS-1$ //$NON-NLS-2$ // 1. find the corresponding .DSA file for this .SF file JarEntry dsaEntry = jarFile.getJarEntry(JarUtils.META_INF + sigFileName + JarUtils.DSA_SUFFIX); if (dsaEntry == null) - throw new SecurityException("Signature Block missing for " + sigFileName); - + throw new SecurityException(Messages.getFormattedString("JarVerifier.13", //$NON-NLS-1$ + sigFileName)); // 2. read the .DSA file contents as a PKCS7 SignedData InputStream in = jarFile.getInputStream(dsaEntry); PKCS7SignedData pkcs7SignedData = new PKCS7SignedData(in); @@ -177,19 +179,19 @@ public class JarVerifier // this octet string is the digital signature of the .SF file contents Set signerInfos = pkcs7SignedData.getSignerInfos(); if (signerInfos == null || signerInfos.isEmpty()) - throw new SecurityException("At least one SignerInfo element MUST be " - + "present in a Signature Block (.DSA file)"); + throw new SecurityException(Messages.getString("JarVerifier.14")); //$NON-NLS-1$ + SignerInfo signerInfo = (SignerInfo) signerInfos.iterator().next(); byte[] encryptedDigest = signerInfo.getEncryptedDigest(); if (encryptedDigest == null) - throw new SecurityException("Missing EncryptedDigest in Signature Block " - + "(.DSA file) first SignerInfo element"); - log.finest("\n" + Util.dumpString(encryptedDigest, "--- signedSFBytes ")); + throw new SecurityException(Messages.getString("JarVerifier.16")); //$NON-NLS-1$ + + log.finest("\n" + Util.dumpString(encryptedDigest, "--- signedSFBytes ")); //$NON-NLS-1$ //$NON-NLS-2$ // 5. get the signer public key Certificate cert = pkcs7SignedData.getCertificates()[0]; PublicKey verifierKey = cert.getPublicKey(); - log.finest("--- verifier public key = " + verifierKey); + log.finest("--- verifier public key = " + verifierKey); //$NON-NLS-1$ // 6. verify the signature file signature OID digestEncryptionAlgorithmOID = signerInfo.getDigestEncryptionAlgorithmId(); @@ -223,10 +225,10 @@ public class JarVerifier signatureAlgorithm.update(buffer, 0, n); boolean result = signatureAlgorithm.verify(herSignature); - log.info("Signature block [" + sigFileName + "] is " - + (result ? "" : "NOT ") + "OK"); + log.finer("Signature block [" + sigFileName + "] is " //$NON-NLS-1$ //$NON-NLS-2$ + + (result ? "" : "NOT ") + "OK"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ - log.exiting("JarVerifier", "verifySF", new Boolean(result)); + log.exiting(this.getClass().getName(), "verifySF", Boolean.valueOf(result)); //$NON-NLS-1$ return result; } @@ -248,7 +250,7 @@ public class JarVerifier */ private boolean verifySFEntries(String alias) throws IOException { - log.entering("JarVerifier", "verifySFEntries"); + log.entering(this.getClass().getName(), "verifySFEntries"); //$NON-NLS-1$ // 1. read the signature file JarEntry jarEntry = jarFile.getJarEntry(JarUtils.META_INF + alias @@ -289,7 +291,8 @@ public class JarVerifier break; } - log.exiting("JarVerifier", "verifySFEntries", new Boolean(result)); + log.exiting(this.getClass().getName(), "verifySFEntries", + Boolean.valueOf(result)); //$NON-NLS-1$ return result; } @@ -316,7 +319,7 @@ public class JarVerifier { String expectedValue = getEntryHash(JarFile.MANIFEST_NAME); boolean result = expectedValue.equalsIgnoreCase(hash); - log.finest("Is " + name + " OK? " + result); + log.finest("Is " + name + " OK? " + result); //$NON-NLS-1$ //$NON-NLS-2$ return result; } diff --git a/tools/gnu/classpath/tools/jarsigner/Main.java b/tools/gnu/classpath/tools/jarsigner/Main.java index 360a88e56..f460a96cc 100644 --- a/tools/gnu/classpath/tools/jarsigner/Main.java +++ b/tools/gnu/classpath/tools/jarsigner/Main.java @@ -40,6 +40,8 @@ package gnu.classpath.tools.jarsigner; import gnu.classpath.SystemProperties; import gnu.classpath.tools.HelpPrinter; +import gnu.classpath.tools.common.CallbackUtil; +import gnu.classpath.tools.common.ProviderUtil; import gnu.java.security.OID; import gnu.java.security.Registry; import gnu.javax.security.auth.callback.ConsoleCallbackHandler; @@ -49,13 +51,11 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.net.URL; -import java.security.AccessController; import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; -import java.security.PrivilegedAction; import java.security.Provider; import java.security.Security; import java.security.UnrecoverableKeyException; @@ -82,10 +82,10 @@ import javax.security.auth.callback.UnsupportedCallbackException; public class Main { private static final Logger log = Logger.getLogger(Main.class.getName()); - private static final String HELP_PATH = "jarsigner/jarsigner.txt"; - private static final Locale EN_US_LOCALE = new Locale("en", "US"); - static final String DIGEST = "SHA1-Digest"; - static final String DIGEST_MANIFEST = "SHA1-Digest-Manifest"; + private static final String HELP_PATH = "jarsigner/jarsigner.txt"; //$NON-NLS-1$ + private static final Locale EN_US_LOCALE = new Locale("en", "US"); //$NON-NLS-1$ //$NON-NLS-2$ + static final String DIGEST = "SHA1-Digest"; //$NON-NLS-1$ + static final String DIGEST_MANIFEST = "SHA1-Digest-Manifest"; //$NON-NLS-1$ static final Name DIGEST_ATTR = new Name(DIGEST); static final Name DIGEST_MANIFEST_ATTR = new Name(DIGEST_MANIFEST); static final OID DSA_SIGNATURE_OID = new OID(Registry.DSA_OID_STRING); @@ -123,7 +123,7 @@ public class Main public static final void main(String[] args) { - log.entering("Main", "main", args); + log.entering(Main.class.getName(), "main", args); //$NON-NLS-1$ Main tool = new Main(); try @@ -133,18 +133,18 @@ public class Main } catch (SecurityException x) { - log.throwing("Main", "main", x); - System.err.println("jarsigner: " + x.getMessage()); + log.throwing(Main.class.getName(), "main", x); //$NON-NLS-1$ + System.err.println(Messages.getString("Main.7") + x.getMessage()); //$NON-NLS-1$ } catch (Exception x) { - log.throwing("Main", "main", x); - System.err.println("jarsigner error: " + x); + log.throwing(Main.class.getName(), "main", x); //$NON-NLS-1$ + System.err.println(Messages.getString("Main.9") + x); //$NON-NLS-1$ } tool.teardown(); - log.exiting("Main", "main"); + log.exiting(Main.class.getName(), "main"); //$NON-NLS-1$ // System.exit(0); } @@ -159,46 +159,46 @@ public class Main */ private void processArgs(String[] args) throws Exception { - log.entering("Main", "processArgs", args); + log.entering(this.getClass().getName(), "processArgs", args); //$NON-NLS-1$ HelpPrinter.checkHelpKey(args, HELP_PATH); if (args == null || args.length == 0) HelpPrinter.printHelpAndExit(HELP_PATH); int limit = args.length; - log.finest("args.length=" + limit); + log.finest("args.length=" + limit); //$NON-NLS-1$ int i = 0; String opt; while (i < limit) { opt = args[i++]; - log.finest("args[" + (i - 1) + "]=" + opt); + log.finest("args[" + (i - 1) + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ if (opt == null || opt.length() == 0) continue; - if ("-verify".equals(opt)) // -verify + if ("-verify".equals(opt)) // -verify //$NON-NLS-1$ verify = true; - else if ("-keystore".equals(opt)) // -keystore URL + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ ksURL = args[i++]; - else if ("-storetype".equals(opt)) // -storetype STORE_TYPE + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ ksType = args[i++]; - else if ("-storepass".equals(opt)) // -storepass PASSWORD + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ ksPassword = args[i++]; - else if ("-keypass".equals(opt)) // -keypass PASSWORD + else if ("-keypass".equals(opt)) // -keypass PASSWORD //$NON-NLS-1$ password = args[i++]; - else if ("-sigfile".equals(opt)) // -sigfile NAME + else if ("-sigfile".equals(opt)) // -sigfile NAME //$NON-NLS-1$ sigFileName = args[i++]; - else if ("-signedjar".equals(opt)) // -signedjar FILE_NAME + else if ("-signedjar".equals(opt)) // -signedjar FILE_NAME //$NON-NLS-1$ signedJarFileName = args[i++]; - else if ("-verbose".equals(opt)) // -verbose + else if ("-verbose".equals(opt)) // -verbose //$NON-NLS-1$ verbose = true; - else if ("-certs".equals(opt)) // -certs + else if ("-certs".equals(opt)) // -certs //$NON-NLS-1$ certs = true; - else if ("-internalsf".equals(opt)) // -internalsf + else if ("-internalsf".equals(opt)) // -internalsf //$NON-NLS-1$ internalSF = true; - else if ("-sectionsonly".equals(opt)) // -sectionsonly + else if ("-sectionsonly".equals(opt)) // -sectionsonly //$NON-NLS-1$ sectionsOnly = true; - else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ providerClassName = args[i++]; else { @@ -211,43 +211,43 @@ public class Main } if (i < limit) // more options than needed - log.warning("Last argument is assumed at index #" + (i - 1) - + ". Remaining arguments (" + args[i] - + "...) will be ignored"); + log.fine("Last argument is assumed at index #" + (i - 1) //$NON-NLS-1$ + + ". Remaining arguments (" + args[i] //$NON-NLS-1$ + + "...) will be ignored"); //$NON-NLS-1$ setupCommonParams(); if (verify) { - log.info("Will verify with the following parameters:"); - log.info(" jar-file = '" + jarFileName + "'"); - log.info("Options:"); - log.info(" provider = '" + providerClassName + "'"); - log.info(" verbose ? " + verbose); - log.info(" certs ? " + certs); - log.info(" internalsf ? " + internalSF); - log.info(" sectionsonly ? " + sectionsOnly); + log.finer("Will verify with the following parameters:"); //$NON-NLS-1$ + log.finer(" jar-file = '" + jarFileName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer("Options:"); //$NON-NLS-1$ + log.finer(" provider = '" + providerClassName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" verbose ? " + verbose); //$NON-NLS-1$ + log.finer(" certs ? " + certs); //$NON-NLS-1$ + log.finer(" internalsf ? " + internalSF); //$NON-NLS-1$ + log.finer(" sectionsonly ? " + sectionsOnly); //$NON-NLS-1$ } else // sign { setupSigningParams(); - log.info("Will sign with the following parameters:"); - log.info(" jar-file = '" + jarFileName + "'"); - log.info(" alias = '" + alias + "'"); - log.info("Options:"); - log.info(" keystore = '" + ksURL + "'"); - log.info(" storetype = '" + ksType + "'"); - log.info(" storepass = '" + ksPassword + "'"); - log.info(" keypass = '" + password + "'"); - log.info(" sigfile = '" + sigFileName + "'"); - log.info(" signedjar = '" + signedJarFileName + "'"); - log.info(" provider = '" + providerClassName + "'"); - log.info(" verbose ? " + verbose); - log.info(" internalsf ? " + internalSF); - log.info(" sectionsonly ? " + sectionsOnly); + log.finer("Will sign with the following parameters:"); //$NON-NLS-1$ + log.finer(" jar-file = '" + jarFileName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" alias = '" + alias + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer("Options:"); //$NON-NLS-1$ + log.finer(" keystore = '" + ksURL + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" storetype = '" + ksType + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" storepass = '" + ksPassword + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" keypass = '" + password + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" sigfile = '" + sigFileName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" signedjar = '" + signedJarFileName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" provider = '" + providerClassName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" verbose ? " + verbose); //$NON-NLS-1$ + log.finer(" internalsf ? " + internalSF); //$NON-NLS-1$ + log.finer(" sectionsonly ? " + sectionsOnly); //$NON-NLS-1$ } - log.exiting("Main", "processArgs"); + log.exiting(this.getClass().getName(), "processArgs"); //$NON-NLS-1$ } /** @@ -260,7 +260,7 @@ public class Main */ private void start() throws Exception { - log.entering("Main", "start"); + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ if (verify) { @@ -273,7 +273,7 @@ public class Main js.start(); } - log.exiting("Main", "start"); + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ } /** @@ -287,24 +287,12 @@ public class Main */ private void teardown() { - log.entering("Main", "teardown"); + log.entering(this.getClass().getName(), "teardown"); //$NON-NLS-1$ if (providerInstalled) - { - final String providerName = provider.getName(); - log.info("About to remove provider: " + providerName); - // remove it. again we need to override security checks - AccessController.doPrivileged(new PrivilegedAction() - { - public Object run() - { - Security.removeProvider(providerName); - return null; - } - }); - } + ProviderUtil.removeProvider(provider.getName()); - log.exiting("Main", "teardown"); + log.exiting(this.getClass().getName(), "teardown"); //$NON-NLS-1$ } /** @@ -329,7 +317,7 @@ public class Main private void setupCommonParams() throws InstantiationException, IllegalAccessException, ClassNotFoundException, IOException { - log.entering("Main", "setupCommonParams"); + log.entering(this.getClass().getName(), "setupCommonParams"); //$NON-NLS-1$ if (jarFileName == null) HelpPrinter.printHelpAndExit(HELP_PATH); @@ -339,10 +327,10 @@ public class Main throw new FileNotFoundException(jarFileName); if (jar.isDirectory()) - throw new IOException("JAR file [" + jarFileName - + "] is NOT a file object"); + throw new IOException(Messages.getFormattedString("Main.70", jarFileName)); //$NON-NLS-1$ + if (! jar.canRead()) - throw new IOException("JAR file [" + jarFileName + "] is NOT readable"); + throw new IOException(Messages.getFormattedString("Main.72", jarFileName)); //$NON-NLS-1$ //$NON-NLS-2$ if (providerClassName != null && providerClassName.length() > 0) { @@ -351,18 +339,18 @@ public class Main String providerName = provider.getName(); Provider installedProvider = Security.getProvider(providerName); if (installedProvider != null) - log.info("Provider " + providerName + " is already installed"); + log.finer("Provider " + providerName + " is already installed"); //$NON-NLS-1$ //$NON-NLS-2$ else // install it installNewProvider(); } if (! verbose && certs) { - log.warning("Option <certs> is set but <verbose> is not. Ignored"); + log.fine("Option <certs> is set but <verbose> is not. Ignored"); //$NON-NLS-1$ certs = false; } - log.exiting("Main", "setupCommonParams"); + log.exiting(this.getClass().getName(), "setupCommonParams"); //$NON-NLS-1$ } /** @@ -372,23 +360,11 @@ public class Main */ private void installNewProvider() { - log.entering("Main", "installNewProvider"); - - String providerName = provider.getName(); - log.info("About to install new provider: " + providerName); - // we need to override security checks - Boolean result = (Boolean) AccessController.doPrivileged(new PrivilegedAction() - { - public Object run() - { - int actualPosition = Security.insertProviderAt(provider, 1); - return new Boolean(actualPosition != - 1); - } - }); - log.info("Provider " + providerName + " installed successfully? " + result); - providerInstalled = result.booleanValue(); + log.entering(this.getClass().getName(), "installNewProvider"); //$NON-NLS-1$ + + providerInstalled = ProviderUtil.addProvider(provider) != -1; - log.exiting("Main", "installNewProvider"); + log.exiting(this.getClass().getName(), "installNewProvider"); //$NON-NLS-1$ } /** @@ -414,22 +390,21 @@ public class Main NoSuchAlgorithmException, CertificateException, UnsupportedCallbackException, UnrecoverableKeyException { - log.entering("Main", "setupSigningParams"); + log.entering(this.getClass().getName(), "setupSigningParams"); //$NON-NLS-1$ if (ksURL == null || ksURL.trim().length() == 0) { - String userHome = SystemProperties.getProperty("user.home"); + String userHome = SystemProperties.getProperty("user.home"); //$NON-NLS-1$ if (userHome == null || userHome.trim().length() == 0) - throw new SecurityException("Option '-keystore' is not defined or" - + " is an empty string, and 'user.home'" - + " is unknown"); - ksURL = "file:" + userHome.trim() + "/.keystore"; + throw new SecurityException(Messages.getString("Main.85")); //$NON-NLS-1$ + + ksURL = "file:" + userHome.trim() + "/.keystore"; //$NON-NLS-1$ //$NON-NLS-2$ } else { ksURL = ksURL.trim(); - if (ksURL.indexOf(":") == -1) - ksURL = "file:" + ksURL; + if (ksURL.indexOf(":") == -1) //$NON-NLS-1$ + ksURL = "file:" + ksURL; //$NON-NLS-1$ } if (ksType == null || ksType.trim().length() == 0) @@ -442,7 +417,7 @@ public class Main if (ksPassword == null) { // ask the user to provide one - PasswordCallback pcb = new PasswordCallback("Enter keystore password: ", + PasswordCallback pcb = new PasswordCallback(Messages.getString("Main.92"), //$NON-NLS-1$ false); getCallbackHandler().handle(new Callback[] { pcb }); ksPasswordChars = pcb.getPassword(); @@ -458,11 +433,11 @@ public class Main HelpPrinter.printHelpAndExit(HELP_PATH); if (! store.containsAlias(alias)) - throw new SecurityException("Designated alias [" + alias - + "] MUST be known to the key store in use"); + throw new SecurityException(Messages.getFormattedString("Main.6", alias)); //$NON-NLS-1$ + if (! store.isKeyEntry(alias)) - throw new SecurityException("Designated alias [" + alias - + "] MUST be an Alias of a Key Entry"); + throw new SecurityException(Messages.getFormattedString("Main.95", alias)); //$NON-NLS-1$ + Key key; if (password == null) { @@ -474,8 +449,8 @@ public class Main catch (UnrecoverableKeyException x) { // ask the user to provide one - PasswordCallback pcb = new PasswordCallback("Enter key password for " - + alias + ": ", false); + String prompt = Messages.getFormattedString("Main.97", alias); //$NON-NLS-1$ + PasswordCallback pcb = new PasswordCallback(prompt, false); getCallbackHandler().handle(new Callback[] { pcb }); passwordChars = pcb.getPassword(); // take 2 @@ -489,8 +464,8 @@ public class Main } if (! (key instanceof PrivateKey)) - throw new SecurityException("Key associated with " + alias - + " MUST be a private key"); + throw new SecurityException(Messages.getFormattedString("Main.99", alias)); //$NON-NLS-1$ + signerPrivateKey = (PrivateKey) key; signerCertificateChain = store.getCertificateChain(alias); log.finest(String.valueOf(signerCertificateChain)); @@ -518,7 +493,7 @@ public class Main if (signedJarFileName == null) signedJarFileName = jarFileName; - log.exiting("Main", "setupSigningParams"); + log.exiting(this.getClass().getName(), "setupSigningParams"); //$NON-NLS-1$ } boolean isVerbose() @@ -585,53 +560,7 @@ public class Main protected CallbackHandler getCallbackHandler() { if (handler == null) - { - String service = "CallbackHandler.Console"; //$NON-NLS-1$ - Provider[] providers = Security.getProviders(service); - if (providers != null) - for (int i = 0; i < providers.length; i++) - { - Provider p = providers[i]; - String className = p.getProperty(service); - if (className != null) - try - { - handler = (CallbackHandler) Class.forName(className).newInstance(); - } - catch (InstantiationException x) - { - log.fine("InstantiationException while creating [" //$NON-NLS-1$ - + className + "] from provider [" + p.getName() //$NON-NLS-1$ - + "]. Ignore"); //$NON-NLS-1$ - } - catch (IllegalAccessException x) - { - log.fine("IllegalAccessException while creating [" //$NON-NLS-1$ - + className + "] from provider [" + p.getName() //$NON-NLS-1$ - + "]. Ignore"); //$NON-NLS-1$ - } - catch (ClassNotFoundException x) - { - log.fine("ClassNotFoundException while creating [" //$NON-NLS-1$ - + className + "] from provider [" + p.getName() //$NON-NLS-1$ - + "]. Ignore"); //$NON-NLS-1$ - } - - if (handler != null) - { - - log.fine("Will use [" + handler.getClass().getName() //$NON-NLS-1$ - + "] from [" + p.getName() + "]"); //$NON-NLS-1$ //$NON-NLS-2$ - break; - } - } - - if (handler == null) - { - log.fine("No console callback handler found. Will use ours"); //$NON-NLS-1$ - handler = new ConsoleCallbackHandler(); - } - } + handler = CallbackUtil.getConsoleHandler(); return handler; } diff --git a/tools/gnu/classpath/tools/jarsigner/Messages.java b/tools/gnu/classpath/tools/jarsigner/Messages.java new file mode 100644 index 000000000..284639115 --- /dev/null +++ b/tools/gnu/classpath/tools/jarsigner/Messages.java @@ -0,0 +1,115 @@ +/* Messages.java -- I18N related helper class + Copyright (C) 2006 Free Software Foundation, Inc. + + This file is part of GNU Classpath. + + GNU Classpath is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + GNU Classpath is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNU Classpath; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. */ + + +package gnu.classpath.tools.jarsigner; + +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.Map; +import java.util.MissingResourceException; +import java.util.ResourceBundle; +import java.util.logging.Logger; + +/** + * An initially generated Eclipse helper class to ease the use of localized + * messages. + * <p> + * Enriched to handle localized message formats. + */ +class Messages +{ + private static final Logger log = Logger.getLogger(Messages.class.getName()); + private static final String BUNDLE_NAME = "gnu.classpath.tools.jarsigner.MessageBundle"; //$NON-NLS-1$ + private static final ResourceBundle RESOURCE_BUNDLE = ResourceBundle.getBundle(BUNDLE_NAME); + private static final Map CACHED_FORMATS = new HashMap(5); + + private Messages() + { + super(); + } + + public static String getString(String key) + { + try + { + return RESOURCE_BUNDLE.getString(key); + } + catch (MissingResourceException e) + { + return constructMessage(key, null); + } + } + + public static String getFormattedString(String key, Object args) + { + MessageFormat mf = (MessageFormat) CACHED_FORMATS.get(key); + if (mf == null) + { + String formatString = getString(key); + if (formatString.startsWith("!")) + return constructMessage(key, args); + + mf = new MessageFormat(formatString); + CACHED_FORMATS.put(key, mf); + } + + // if the argument is not an array, then build one consisiting of the + // sole argument before passing it to the format() method + try + { + if (args instanceof Object[]) + return mf.format(args); + + return mf.format(new Object[] { args }); + } + catch (IllegalArgumentException x) + { + log.fine("Exception while rendering a message format keyed by [" + + key + "]: " + mf.toPattern()); + return constructMessage(mf.toPattern(), args); + } + } + + private static final String constructMessage(String m, Object args) + { + if (args == null) + return '!' + m + '!'; + + return '!' + m + '!' + String.valueOf(args) + '!'; + } +} diff --git a/tools/gnu/classpath/tools/jarsigner/SFHelper.java b/tools/gnu/classpath/tools/jarsigner/SFHelper.java index cf72cfc2a..b4e5cc193 100644 --- a/tools/gnu/classpath/tools/jarsigner/SFHelper.java +++ b/tools/gnu/classpath/tools/jarsigner/SFHelper.java @@ -96,7 +96,7 @@ public class SFHelper private static final int SF_GENERATED = 3; private static final int DSA_GENERATED = 4; /** http://asn1.elibel.tm.fr/cgi-bin/oid/display?oid=1.3.14.3.2.26&action=display */ - private static final OID hashAlgorithmIdentifierSHA1 = new OID("1.3.14.3.2.26"); + private static final OID hashAlgorithmIdentifierSHA1 = new OID("1.3.14.3.2.26"); //$NON-NLS-1$ private int state; private JarFile jar; @@ -137,12 +137,12 @@ public class SFHelper void writeSF(JarOutputStream jar) throws IOException { if (this.state != FINISHED) - throw new IllegalStateException("Helper is NOT finished"); + throw new IllegalStateException(Messages.getString("SFHelper.1")); //$NON-NLS-1$ ByteArrayOutputStream baos = new ByteArrayOutputStream(); JarUtils.writeSFManifest(sfMainAttributes, sfEntries, baos); sfBytes = baos.toByteArray(); - log.finest("\n" + Util.dumpString(sfBytes, "+++ sfBytes ")); + log.finest("\n" + Util.dumpString(sfBytes, "+++ sfBytes ")); //$NON-NLS-1$ //$NON-NLS-2$ jar.write(sfBytes); jar.flush(); @@ -214,9 +214,9 @@ public class SFHelper throws IOException, CertificateEncodingException, CRLException { if (this.state != SF_GENERATED) - throw new IllegalStateException(".SF file has NOT been generated"); + throw new IllegalStateException(Messages.getString("SFHelper.4")); //$NON-NLS-1$ - log.finest("+++ signer private key = " + signerKey); + log.finest("+++ signer private key = " + signerKey); //$NON-NLS-1$ ISignature signatureAlgorithm; ISignatureCodec signatureCodec; OID digestEncryptionAlgorithmOID; @@ -233,7 +233,7 @@ public class SFHelper digestEncryptionAlgorithmOID = Main.RSA_SIGNATURE_OID; } else - throw new SecurityException("Unknown or unsupported private key algorithm"); + throw new SecurityException(Messages.getString("SFHelper.6")); //$NON-NLS-1$ Map signatureAttributes = new HashMap(); signatureAttributes.put(ISignature.SIGNER_KEY, signerKey); @@ -241,7 +241,7 @@ public class SFHelper signatureAlgorithm.update(sfBytes, 0, sfBytes.length); Object signature = signatureAlgorithm.sign(); byte[] signedSFBytes = signatureCodec.encodeSignature(signature); - log.finest("\n" + Util.dumpString(signedSFBytes, "+++ signedSFBytes ")); + log.finest("\n" + Util.dumpString(signedSFBytes, "+++ signedSFBytes ")); //$NON-NLS-1$ //$NON-NLS-2$ Set digestAlgorithms = new HashSet(); List digestAlgorithm = new ArrayList(2); @@ -296,7 +296,7 @@ public class SFHelper void startSigning() throws IOException { if (this.state != READY) - throw new IllegalStateException("Helper is NOT ready"); + throw new IllegalStateException(Messages.getString("SFHelper.9")); //$NON-NLS-1$ Manifest oldManifest = jar.getManifest(); this.manifest = oldManifest == null ? new Manifest() @@ -317,12 +317,12 @@ public class SFHelper void updateEntry(JarEntry entry) throws IOException { if (this.state != STARTED) - throw new IllegalStateException("Helper is NOT started"); + throw new IllegalStateException(Messages.getString("SFHelper.10")); //$NON-NLS-1$ String name = entry.getName(); InputStream jeis = jar.getInputStream(entry); String hash = util.hashStream(jeis); - log.finer("Hash of " + name + " = " + hash); + log.finer("Hash of " + name + " = " + hash); //$NON-NLS-1$ //$NON-NLS-2$ Attributes mainfestAttributes = manifest.getAttributes(name); if (mainfestAttributes == null) @@ -344,9 +344,9 @@ public class SFHelper } sfAttributes.putValue(Main.DIGEST, sfHash); - log.finest("Name: " + name); - log.finest(Main.DIGEST + ": " + sfHash); - log.finest(""); + log.finest("Name: " + name); //$NON-NLS-1$ + log.finest(Main.DIGEST + ": " + sfHash); //$NON-NLS-1$ + log.finest(""); //$NON-NLS-1$ } /** @@ -356,7 +356,7 @@ public class SFHelper void finishSigning(boolean sectionsOnly) throws IOException { if (state != STARTED) - throw new IllegalStateException("Helper is NOT started"); + throw new IllegalStateException(Messages.getString("SFHelper.10")); //$NON-NLS-1$ if (sectionsOnly) return; @@ -365,7 +365,7 @@ public class SFHelper manifest.write(baos); baos.flush(); String manifestHash = util.hashByteArray(baos.toByteArray()); - log.fine("Hashed Manifest " + manifestHash); + log.fine("Hashed Manifest " + manifestHash); //$NON-NLS-1$ sfMainAttributes.putValue(Main.DIGEST_MANIFEST, manifestHash); this.state = FINISHED; diff --git a/tools/gnu/classpath/tools/jarsigner/jarsigner.txt b/tools/gnu/classpath/tools/jarsigner/jarsigner.txt index 499c81fc9..e615609c1 100644 --- a/tools/gnu/classpath/tools/jarsigner/jarsigner.txt +++ b/tools/gnu/classpath/tools/jarsigner/jarsigner.txt @@ -1,103 +1,116 @@ -Java ARchive (JAR) file signing and verification tool. - -Copyright (C) 2006 Free Software Foundation, Inc. -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -Please report bugs at http://www.gnu.org/software/classpath/bugs.html - -Usage: - jarsigner [options] jar-file alias - jarsigner -verify [options] jar-file - - When the first form is used, the tool signs the designated <jar-file>. The - second form, on the other hand, is used to verify a previously signed JAR - file. - - The <jar-file> is the JAR file to process; i.e. to sign if the first syntax - form is used, or to verify if the second syntax form is used instead. - - <alias> is the Keystore alias to use for signing the <jar-file>. - - - When the tool is used for signing a JAR file, the possible <options> include: - -keystore URL - Indicates to the tool that the Keystore located at the - designated <URL> must be used. When this option is missing, - the tool, by default, will look for a Keystore named - ".keystore" in the current User's home directory; i.e. the - value of the System property named "user.home". - - If the <URL> is malformed --e.g. missing protocol element-- the - tool will attempt to use the <URL> value as a file-name (with - absolute or relative path-name) of a Keystore --as if the - protocol was "file:". - - -storetype STORE_TYPE - Designates the type of Keystore to expect. The default value - is that of the property "keystore.type" in the security - properties file, which is obtained by invoking the static - method call getDefaultType() in java.security.KeyStore. - - -storepass PASSWORD - Designates the <PASSWORD> to use when accessing the Keystore. - If this option is missing, the User will be prompted to provide - one. - - -keypass PASSWORD - Designates the <PASSWORD> protecting the private key to use, - from the Keystore, for signing the JAR file. If this option is - missing, the User will be prompted to provide one. - - -sigfile NAME - Designates a literal that will be used to construct file names - for the .SF and .DSA signature files which will be generated - and placed in the MET-INF directory of the signed JAR. - Permissible characters for <NAME> must be in the range - "a-zA-Z0-9_-". All characters will be converted by the tool to - upper-case ones. - - If this option is missing, the first eight characters of the - <alias> argument will be used. When this is the case, any - character in <alias> that is outside the permissible range of - characters will be replaced by an underscore. - - -signedjar FILE_NAME - If present, <FILE_NAME> will be used as the name of the signed - JAR. If this option is not present, then the signed JAR will - be named the same as <jar-file>; i.e. the input JAR will be - replaced with the signed one. - - - When the tool is used for verifying a JAR file, the possible options include: - -verify Indicates that the tool is to be used for verification purposes. - - -certs This option is used in conjunction with the -verbose option. - When present, along with the -verbose option, the tool will - print more detailed information about the certificates of the - signer(s) being processed. - - - Other options, common to both signing and verification include: - -verbose Specifies that the tool should generate more messages, during - its processing. - - -internalsf When present, the tool will include --which otherwise it does - not-- the .SF file in the .DSA generated file. - - -sectionsonly - When present, the tool will include in the .SF generated file - --which otherwise it does not-- a header containing a hash of - the whole manifest file. When that header is included, the - tool can quickly check, during verification, if the hash (in - the header) matches or not the manifest file. - - -provider PROVIDER_CLASS_NAME - Designates an implementation of the Provider interface to use - for obtaining cryptographic algorithm implementations required - by this tool to perform its functions; specifically the - implementation of the Security Provider capable of managing a - Key Store of the designated, or default, type. - - -help Prints this help text. - +NAME + jarsigner - Java ARchive (JAR) file signing and verification tool + +SYNOPSIS + jarsigner [OPTION]... FILE ALIAS + jarsigner -verify [OPTION]... FILE + +DESCRIPTION + When the first form is used, the tool signs the designated JAR file. + The second form, on the other hand, is used to verify a previously + signed JAR file. + + FILE is the .JAR file to process; i.e. to sign if the first syntax form + is used, or to verify if the second syntax form is used instead. + + ALIAS must be a known Alias of a Key Entry in the designated key store. + The private key material associated with this Alias is then used for + signing the designated .JAR file. + +SIGNING OPTIONS + -keystore URL + Use this option to specify the location of the key store to use. + The default value is a file URL referencing the file named + ".keystore" (all lower case and without the enclosing quotes) + located in the path returned by the call to + java.lang.System#getProperty(String) using "user.home" as + argument. + + If a URL was specified, but was found to be malformed --e.g. + missing protocol element-- the tool will attempt to use the URL + value as a file-name (with absolute or relative path-name) of a + key store --as if the protocol was "file:". + + -storetype STORE_TYPE + Use this option to specify the type of the key store to use. + The default value, if this option is omitted, is that of the + property "keystore.type" in the security properties file, which + is obtained by invoking the static method call getDefaultType() + in java.security.KeyStore. + + -storepass PASSWORD + Use this option to specify the password which will be used to + unlock the key store. If this option is missing, the User will + be prompted to provide a password. + + -keypass PASSWORD + Use this option to specify the password which the tool will use + to unlock the Key Entry associated with the designated Alias. + + If this option is omitted, the tool will first attempt to unlock + the Key Entry using the same password protecting the key store. + If this fails, you will then be prompted to provide a password. + + -sigfile NAME + Use this option to designate a literal that will be used to + construct file names for both the .SF and .DSA signature files. + These files will be generated, by the tool, and placed in the + META-INF directory of the signed JAR. Permissible characters + for NAME must be in the range "a-zA-Z0-9_-". All characters + will be converted to upper-case ones. + + If this option is missing, the first eight characters of the + ALIAS argument will be used. When this is the case, any + character in ALIAS that is outside the permissible range of + characters will be replaced by an underscore. + + -signedjar FILE_NAME + Use this option to specify the file name of the signed JAR. If + this option is omitted, then the signed JAR will be named the + same as FILE; i.e. the input JAR file will be replaced with the + signed copy. + +VERIFICATION OPTIONS + -verify + Use this option to indicate that the tool is to be used for + verification purposes. + + -certs This option is used in conjunction with the -verbose option. + When present, along with the -verbose option, the tool will + print more detailed information about the certificates of the + signer(s) being processed. + +COMMON OPTIONS + -verbose + Use this option to force the tool to generate more verbose + messages, during its processing. + + -internalsf + When present, the tool will include --which otherwise it does + not-- the .SF file in the .DSA generated file. + + -sectionsonly + When present, the tool will include in the .SF generated file + --which otherwise it does not-- a header containing a hash of + the whole manifest file. When that header is included, the + tool can quickly check, during verification, if the hash (in + the header) matches or not the manifest file. + + -provider PROVIDER_CLASS_NAME + A fully qualified class name of a Security Provider to add to + the current list of Security Providers already installed in the + JVM in-use. If a provider class is specified with this option, + and was successfully added to the runtime --i.e. it was not + already installed-- then the tool will attempt to remove this + Security Provider before exiting. + + -help Prints this help text. + +REPORTING BUGS + Please report bugs at http://www.gnu.org/software/classpath/bugs.html + +COPYRIGHT + Copyright (C) 2006 Free Software Foundation, Inc. + This is free software; see the source for copying conditions. There is + NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. diff --git a/tools/gnu/classpath/tools/jarsigner/package.html b/tools/gnu/classpath/tools/jarsigner/package.html new file mode 100644 index 000000000..50574ddb7 --- /dev/null +++ b/tools/gnu/classpath/tools/jarsigner/package.html @@ -0,0 +1,60 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in gnu.classpath.tools.jarsigner + +Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head> + <title>GNU Classpath - gnu.classpath.tools.jarsigner</title> +</head> + +<body> +This package contains the classes that provide an implementation of the +Security Tool: <code>jarsigner</code>. The behaviour of these classes should +match that of the same tool provided in the RI version 1.4.2, except for the +following: + +<ul> + <li>The RI tool accepts -J<i>javaoption</i> options which it then passes to + the underlying JVM. This is because the RI tool acts as a <i>wrapper</i> + around the JVM launcher. + <p> + This implementation DOES NOT support these options. + </li> +</ul> +</body> +</html> diff --git a/tools/gnu/classpath/tools/keytool/CertReqCmd.java b/tools/gnu/classpath/tools/keytool/CertReqCmd.java new file mode 100644 index 000000000..0c64246e8 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/CertReqCmd.java @@ -0,0 +1,405 @@ +/* CertReqCmd.java -- The certreq command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.java.security.OID; +import gnu.java.security.der.BitString; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; +import gnu.java.security.util.Base64; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.PrintWriter; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.logging.Logger; + +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.x500.X500Principal; + +/** + * The <b>-certreq</b> keytool command handler is used to generate a Certificate + * Signing Request (CSR) in PKCS#10 format. + * <p> + * The ASN.1 specification of a CSR, as stated in RFC-2986 is as follows: + * <p> + * <pre> + * CertificationRequest ::= SEQUENCE { + * certificationRequestInfo CertificationRequestInfo, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING + * } + * + * CertificationRequestInfo ::= SEQUENCE { + * version INTEGER -- v1(0) + * subject Name, + * subjectPKInfo SubjectPublicKeyInfo, + * attributes [0] IMPLICIT Attributes -- see note later + * } + * + * SubjectPublicKeyInfo ::= SEQUENCE { + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING + * } + * </pre> + * <b>IMPORTANT</b>: Some documentation (e.g. RSA examples) claims that the + * <code>attributes</code> field is <i>OPTIONAL</i> while <i>RFC-2986</i> + * implies the opposite. This implementation considers this field, by default, + * as <i>OPTIONAL</i>, unless the option <code>-attributes</code> is included + * on the command line. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-sigalg ALGORITHM</dt> + * <dd>The canonical name of the digital signature algorithm to use for + * signing the certificate. If this option is omitted, a default value will + * be chosen based on the type of the private key associated with the + * designated <i>Alias</i>. If the private key is a <code>DSA</code> one, + * the value for the signature algorithm will be <code>SHA1withDSA</code>. + * If on the other hand the private key is an <code>RSA</code> one, then + * the tool will use <code>MD5withRSA</code> as the signature algorithm. + * <p></dd> + * + * <dt>-file FILE_NAME</dt> + * + * <dt>-keypass PASSWORD</dt> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output. + * <p></dd> + * + * <dt>-attributes</dt> + * <dd>Use this option to force the tool to encode a NULL DER value in the + * CSR as the value of the Attributes field.</dd> + * </dl> + */ +class CertReqCmd extends Command +{ + private static final Logger log = Logger.getLogger(CertReqCmd.class.getName()); + private String _alias; + private String _sigAlgorithm; + private String _certReqFileName; + private String _password; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private boolean nullAttributes; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** + * @param algorithm the canonical name of the digital signature algorithm to + * use. + */ + public void setSigalg(String algorithm) + { + this._sigAlgorithm = algorithm; + } + + /** @param pathName the fully qualified path name of the file to process. */ + public void setFile(String pathName) + { + this._certReqFileName = pathName; + } + + /** @param password the (private) key password to use. */ + public void setKeypass(String password) + { + this._password = password; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + /** + * @param flag whether to use, or not, a <code>NULL</code> DER value for + * the certificate's Attributes field. + */ + public void setAttributes(String flag) + { + this.nullAttributes = Boolean.valueOf(flag).booleanValue(); + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS //$NON-NLS-1$ + _alias = args[++i]; + else if ("-sigalg".equals(opt)) // -sigalg ALGORITHM //$NON-NLS-1$ + _sigAlgorithm = args[++i]; + else if ("-file".equals(opt)) // -file FILE_NAME //$NON-NLS-1$ + _certReqFileName = args[++i]; + else if ("-keypass".equals(opt)) // -keypass PASSWORD //$NON-NLS-1$ + _password = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ + _providerClassName = args[++i]; + else if ("-v".equals(opt)) //$NON-NLS-1$ + verbose = true; + else if ("-attributes".equals(opt)) //$NON-NLS-1$ + nullAttributes = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setOutputStreamParam(_certReqFileName); + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setAliasParam(_alias); + setKeyPasswordNoPrompt(_password); +// setSignatureAlgorithm(_sigAlgorithm); + + log.finer("-certreq handler will use the following options:"); //$NON-NLS-1$ + log.finer(" -alias=" + alias); //$NON-NLS-1$ + log.finer(" -sigalg=" + _sigAlgorithm); //$NON-NLS-1$ + log.finer(" -file=" + _certReqFileName); //$NON-NLS-1$ + log.finer(" -keypass=" + _password); //$NON-NLS-1$ + log.finer(" -storetype=" + storeType); //$NON-NLS-1$ + log.finer(" -keystore=" + storeURL); //$NON-NLS-1$ + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); //$NON-NLS-1$ + log.finer(" -provider=" + provider); //$NON-NLS-1$ + log.finer(" -v=" + verbose); //$NON-NLS-1$ + log.finer(" -attributes=" + nullAttributes); //$NON-NLS-1$ + } + + void start() throws KeyStoreException, NoSuchAlgorithmException, IOException, + UnsupportedCallbackException, UnrecoverableKeyException, + InvalidKeyException, SignatureException + { + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ + + // 1. get the key entry and certificate chain associated to alias + Key privateKey = getAliasPrivateKey(); + Certificate[] chain = store.getCertificateChain(alias); + + // 2. get alias's DN and public key to use in the CSR + X509Certificate bottomCertificate = (X509Certificate) chain[0]; + X500Principal aliasName = bottomCertificate.getIssuerX500Principal(); + PublicKey publicKey = bottomCertificate.getPublicKey(); + + // 3. generate the CSR + setSignatureAlgorithmParam(_sigAlgorithm, privateKey); + byte[] derBytes = getCSR(aliasName, publicKey, (PrivateKey) privateKey); + + // 4. encode it in base-64 and write it to outStream + String encoded = Base64.encode(derBytes, 0, derBytes.length, true); + PrintWriter writer = new PrintWriter(outStream, true); + writer.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); //$NON-NLS-1$ + writer.println(encoded); + writer.println("-----END NEW CERTIFICATE REQUEST-----"); //$NON-NLS-1$ + + if (verbose) + { + if (! systemOut) + System.out.println(Messages.getFormattedString("CertReqCmd.27", //$NON-NLS-1$ + _certReqFileName)); + System.out.println(Messages.getString("CertReqCmd.28")); //$NON-NLS-1$ + } + + writer.close(); + + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ + } + + // own methods -------------------------------------------------------------- + + /** + * @param aliasName + * @param publicKey + * @param privateKey + * @return the DER encoded Certificate Signing Request. + * @throws IOException + * @throws InvalidKeyException + * @throws SignatureException + */ + private byte[] getCSR(X500Principal aliasName, PublicKey publicKey, + PrivateKey privateKey) + throws IOException, InvalidKeyException, SignatureException + { + DERValue derVersion = new DERValue(DER.INTEGER, BigInteger.ZERO); + DERValue derSubject = new DERReader(aliasName.getEncoded()).read(); + DERValue derSubjectPKInfo = new DERReader(publicKey.getEncoded()).read(); + byte[] b = nullAttributes ? new byte[] { 0x05, 0x00 } : new byte[0]; + DERValue derAttributes = new DERValue(DER.CONSTRUCTED | DER.CONTEXT | 0, + b.length, b, null); + ArrayList certRequestInfo = new ArrayList(4); + certRequestInfo.add(derVersion); + certRequestInfo.add(derSubject); + certRequestInfo.add(derSubjectPKInfo); + certRequestInfo.add(derAttributes); + DERValue derCertRequestInfo = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, + certRequestInfo); + + OID sigAlgorithmID = getSignatureAlgorithmOID(); + DERValue derSigAlgorithmID = new DERValue(DER.OBJECT_IDENTIFIER, + sigAlgorithmID); + ArrayList sigAlgorithm = new ArrayList(2); + sigAlgorithm.add(derSigAlgorithmID); + if (! sigAlgorithmID.equals(Command.SHA1_WITH_DSA)) // it's an RSA-based + sigAlgorithm.add(new DERValue(DER.NULL, null)); + + sigAlgorithm.trimToSize(); + DERValue derSignatureAlgorithm = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, + sigAlgorithm); + + signatureAlgorithm.initSign(privateKey); + signatureAlgorithm.update(derCertRequestInfo.getEncoded()); + byte[] sigBytes = signatureAlgorithm.sign(); + DERValue derSignature = new DERValue(DER.BIT_STRING, new BitString(sigBytes)); + + ArrayList csr = new ArrayList(3); + csr.add(derCertRequestInfo); + csr.add(derSignatureAlgorithm); + csr.add(derSignature); + DERValue derCSR = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, csr); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + DERWriter.write(baos, derCSR); + byte[] result = baos.toByteArray(); + + return result; + } +} diff --git a/tools/gnu/classpath/tools/keytool/Command.java b/tools/gnu/classpath/tools/keytool/Command.java new file mode 100644 index 000000000..a59614644 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/Command.java @@ -0,0 +1,1147 @@ +/* Command.java -- Abstract implementation of a keytool command handler + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.classpath.SystemProperties; +import gnu.classpath.tools.common.CallbackUtil; +import gnu.classpath.tools.common.ProviderUtil; +import gnu.classpath.tools.common.SecurityProviderInfo; +import gnu.java.security.OID; +import gnu.java.security.Registry; +import gnu.java.security.der.BitString; +import gnu.java.security.der.DER; +import gnu.java.security.der.DERReader; +import gnu.java.security.der.DERValue; +import gnu.java.security.der.DERWriter; +import gnu.java.security.hash.IMessageDigest; +import gnu.java.security.hash.MD5; +import gnu.java.security.hash.Sha160; +import gnu.java.security.util.Util; +import gnu.java.security.x509.X500DistinguishedName; +import gnu.javax.security.auth.callback.ConsoleCallbackHandler; + +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.PrintWriter; +import java.math.BigInteger; +import java.net.URL; +import java.net.URLConnection; +import java.security.InvalidKeyException; +import java.security.InvalidParameterException; +import java.security.Key; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.security.interfaces.DSAKey; +import java.security.interfaces.RSAKey; +import java.util.ArrayList; +import java.util.Date; +import java.util.logging.Logger; +import java.util.prefs.Preferences; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +/** + * A base class of the keytool command to facilitate implementation of concrete + * keytool Handlers. + */ +abstract class Command +{ + // Fields and constants ----------------------------------------------------- + + private static final Logger log = Logger.getLogger(Command.class.getName()); + /** Default value for the ALIAS argument. */ + private static final String DEFAULT_ALIAS = "mykey"; //$NON-NLS-1$ + /** Default algorithm for key-pair generation. */ + private static final String DEFAULT_KEY_ALGORITHM = "DSA"; //$NON-NLS-1$ + /** Default DSA digital signature algorithm to use with DSA keys. */ + private static final String DSA_SIGNATURE_ALGORITHM = "SHA1withDSA"; //$NON-NLS-1$ + /** Default RSA digital signature algorithm to use with RSA keys. */ + private static final String RSA_SIGNATURE_ALGORITHM = "MD5withRSA"; //$NON-NLS-1$ + /** Default validity (in days) of newly generated certificates. */ + private static final int DEFAULT_VALIDITY = 90; + /** OID of SHA1withDSA signature algorithm as stated in RFC-2459. */ + protected static final OID SHA1_WITH_DSA = new OID("1.2.840.10040.4.3"); //$NON-NLS-1$ + /** OID of MD2withRSA signature algorithm as stated in RFC-2459. */ + private static final OID MD2_WITH_RSA = new OID("1.2.840.113549.1.1.2"); //$NON-NLS-1$ + /** OID of MD5withRSA signature algorithm as stated in RFC-2459. */ + private static final OID MD5_WITH_RSA = new OID("1.2.840.113549.1.1.4"); //$NON-NLS-1$ + /** OID of SHA1withRSA signature algorithm as stated in RFC-2459. */ + private static final OID SHA1_WITH_RSA = new OID("1.2.840.113549.1.1.5"); //$NON-NLS-1$ + /** Number of milliseconds in one day. */ + private static final long MILLIS_IN_A_DAY = 24 * 60 * 60 * 1000L; + + /** The Alias to use. */ + protected String alias; + /** The password characters protecting a Key Entry. */ + protected char[] keyPasswordChars; + /** A security provider to add. */ + protected Provider provider; + /** The key store type. */ + protected String storeType; + /** The password characters protecting the key store. */ + protected char[] storePasswordChars; + /** The key store URL. */ + protected URL storeURL; + /** The input stream from the key store URL. */ + protected InputStream storeStream; + /** The key store instance to use. */ + protected KeyStore store; + /** The output stream the concrete handler will use. */ + protected OutputStream outStream; + /** Whether we are printing to System.out. */ + protected boolean systemOut; + /** The key-pair generation algorithm instance to use. */ + protected KeyPairGenerator keyPairGenerator; + /** The digital signature algorithm instance to use. */ + protected Signature signatureAlgorithm; + /** Validity period, in number of days, to use when generating certificates. */ + protected int validityInDays; + /** The input stream the concrete handler will use. */ + protected InputStream inStream; + /** Whether verbose output is required or not. */ + protected boolean verbose; + + /** MD5 hash to use when generating certificate fingerprints. */ + private IMessageDigest md5 = new MD5(); + /** SHA1 hash to use when generating certificate fingerprints. */ + private IMessageDigest sha = new Sha160(); + /** The new position of a user-defined provider if it is not already installed. */ + private int providerNdx = -2; + /** The callback handler to use when needing to interact with user. */ + private CallbackHandler handler; + + // Constructor(s) ----------------------------------------------------------- + + // default 0-arguments constructor + + // Methods ------------------------------------------------------------------ + + /** + * A public method to allow using any keytool command handler programmatically + * by using a JavaBeans style of parameter(s) initialization. The user is + * assumed to have set individually the required options through their + * respective setters before invoking this method. + * <p> + * If an exception is encountered during the processing of the command, this + * implementation attempts to release any resources that may have been + * allocated at the time the exception occurs, before re-throwing that + * exception. + * + * @throws Exception if an exception occurs during the processing of this + * command. For a more comprehensive list of exceptions that may + * occur, see the documentation of the {@link #setup()} and + * {@link #start()} methods. + */ + public void doCommand() throws Exception + { + try + { + setup(); + start(); + } + finally + { + teardown(); + } + } + + /** + * @param flag whether to use, or not, more verbose output while processing + * the command. + */ + public void setVerbose(String flag) + { + this.verbose = Boolean.valueOf(flag).booleanValue(); + } + + // life-cycle methods ------------------------------------------------------- + + /** + * Given a potential sub-array of options for this concrete handler, starting + * at position <code>startIndex + 1</code>, potentially followed by other + * commands and their options, this method sets up this concrete command + * handler with its own options and returns the index of the first unprocessed + * argument in the array. + * <p> + * The general contract of this method is that it is invoked with the + * <code>startIndex</code> argument pointing to the keyword argument that + * uniquelly identifies the command itself; e.g. <code>-genkey</code> or + * <code>-list</code>, etc... + * + * @param args an array of options for this handler and possibly other + * commands and their options. + * @param startIndex the index of the first argument in <code>args</code> to + * process. + * @return the index of the first unprocessed argument in <code>args</code>. + */ + abstract int processArgs(String[] args, int startIndex); + + /** + * Initialize this concrete command handler for later invocation of the + * {@link #start()} or {@link #doCommand()} methods. + * <p> + * Handlers usually initialize their local variables and resources within the + * scope of this call. + * + * @throws IOException if an I/O related exception, such as opening an input + * stream, occurs during the execution of this method. + * @throws UnsupportedCallbackException if a requested callback handler + * implementation was not found, or was found but encountered an + * exception during its processing. + * @throws ClassNotFoundException if a designated security provider class was + * not found. + * @throws IllegalAccessException no 0-arguments constructor for the + * designated security provider class was found. + * @throws InstantiationException the designated security provider class is + * not instantiable. + * @throws KeyStoreException if an exception occurs during the instantiation + * of the KeyStore. + * @throws CertificateException if a certificate related exception, such as + * expiry, occurs during the loading of the KeyStore. + * @throws NoSuchAlgorithmException if no current security provider can + * provide a needed algorithm referenced by the KeyStore or one of + * its Key Entries or Certificates. + */ + abstract void setup() throws Exception; + + /** + * Do the real work this handler is supposed to do. + * <p> + * The code in this (abstract) class throws a <i>Not implemented yet</i> + * runtime exception. Concrete implementations MUST override this method. + * + * @throws CertificateException If no concrete implementation was found for a + * certificate Factory of a designated type. In this tool, the type + * is usually X.509 v1. + * @throws KeyStoreException if a keys-store related exception occurs; e.g. + * the key store has not been initialized. + * @throws IOException if an I/O related exception occurs during the process. + * @throws SignatureException if a digital signature related exception occurs. + * @throws InvalidKeyException if the genereated keys are invalid. + * @throws UnrecoverableKeyException if the password used to unlock a key in + * the key store was invalid. + * @throws NoSuchAlgorithmException if a concrete implementation of an + * algorithm used to store a Key Entry was not found at runtime. + * @throws UnsupportedCallbackException if a requested callback handler + * implementation was not found, or was found but encountered an + * exception during its processing. + */ + void start() throws Exception + { + throw new RuntimeException("Not implemented yet"); //$NON-NLS-1$ + } + + /** + * Tear down the handler, releasing any resources which may have been + * allocated at setup time. + */ + void teardown() + { + log.entering(this.getClass().getName(), "teardown"); //$NON-NLS-1$ + + if (storeStream != null) + try + { + storeStream.close(); + } + catch (IOException ignored) + { + log.fine("Exception while closing key store URL stream. Ignored: " //$NON-NLS-1$ + + ignored); + } + + if (outStream != null) + { + try + { + outStream.flush(); + } + catch (IOException ignored) + { + } + + if (! systemOut) + try + { + outStream.close(); + } + catch (IOException ignored) + { + } + } + + if (inStream != null) + try + { + inStream.close(); + } + catch (IOException ignored) + { + } + + if (providerNdx > 0) + ProviderUtil.removeProvider(provider.getName()); + + log.exiting(this.getClass().getName(), "teardown"); //$NON-NLS-1$ + } + + // parameter setup and validation methods ----------------------------------- + + /** + * Convenience method to setup the key store given its type, its password, its + * location and portentially a specialized security provider. + * + * @param className the potentially null fully qualified class name of a + * security provider to add at runtime, if no installed provider is + * able to provide a key store implementation of the desired type. + * @param type the potentially null type of the key store to request from the + * key store factory. + * @param password the potentially null password protecting the key store. + * @param url the URL of the key store. + */ + protected void setKeyStoreParams(String className, String type, + String password, String url) + throws IOException, UnsupportedCallbackException, KeyStoreException, + NoSuchAlgorithmException, CertificateException + { + setProviderClassNameParam(className); + setKeystoreTypeParam(type); + setKeystorePasswordParam(password); + setKeystoreURLParam(url); + } + + /** + * Set a security provider class name to (install and) use for key store + * related operations. + * + * @param className the possibly null, fully qualified class name of a + * security provider to add, if it is not already installed, to the + * set of available providers. + */ + protected void setProviderClassNameParam(String className) + { + log.finest("setProviderClassNameParam(" + className + ")"); //$NON-NLS-1$ //$NON-NLS-2$ + if (className != null && className.trim().length() > 0) + { + className = className.trim(); + SecurityProviderInfo spi = ProviderUtil.addProvider(className); + provider = spi.getProvider(); + if (provider == null) + log.fine("Was unable to add provider from class " + className); + + providerNdx = spi.getPosition(); + } + } + + /** + * Set the type of key store to initialize, load and use. + * + * @param type the possibly null type of the key store. if this argument is + * <code>null</code>, or is an empty string, then this method sets + * the type of the key store to be the default value returned from + * the invocation of the {@link KeyStore#getDefaultType()} method. + * For GNU Classpath this is <i>gkr</i> which stands for the "Gnu + * KeyRing" specifications. + */ + protected void setKeystoreTypeParam(String type) + { + log.finest("setKeystoreTypeParam(" + type + ")"); //$NON-NLS-1$ //$NON-NLS-2$ + if (type == null || type.trim().length() == 0) + storeType = KeyStore.getDefaultType(); + else + storeType = type.trim(); + } + + /** + * Set the key password given a command line option argument. If no value was + * present on the command line then prompt the user to provide one. + * + * @param password a possibly null key password gleaned from the command line. + * @throws IOException if an I/O related exception occurs. + * @throws UnsupportedCallbackException if no concrete implementation of a + * password callback was found at runtime. + */ + protected void setKeyPasswordParam(String password) throws IOException, + UnsupportedCallbackException + { + setKeyPasswordNoPrompt(password); + if (keyPasswordChars == null) + setKeyPasswordParam(); + } + + /** + * Set the Alias to use when associating Key Entries and Trusted Certificates + * in the current key store. + * + * @param name the possibly null alias to use. If this arfument is + * <code>null</code>, then a default value of <code>mykey</code> + * will be used instead. + */ + protected void setAliasParam(String name) + { + alias = name == null ? DEFAULT_ALIAS : name.trim(); + } + + /** + * Set the key password given a command line option argument. + * + * @param password a possibly null key password gleaned from the command line. + */ + protected void setKeyPasswordNoPrompt(String password) + { + if (password != null) + keyPasswordChars = password.toCharArray(); + } + + /** + * Prompt the user to provide a password to protect a Key Entry in the key + * store. + * + * @throws IOException if an I/O related exception occurs. + * @throws UnsupportedCallbackException if no concrete implementation of a + * password callback was found at runtime. + * @throws SecurityException if no password is available, even after prompting + * the user. + */ + protected void setKeyPasswordParam() throws IOException, + UnsupportedCallbackException + { + String prompt = Messages.getFormattedString("Command.21", alias); //$NON-NLS-1$ + PasswordCallback pcb = new PasswordCallback(prompt, false); + getCallbackHandler().handle(new Callback[] { pcb }); + keyPasswordChars = pcb.getPassword(); + pcb.clearPassword(); + if (keyPasswordChars == null) + throw new SecurityException(Messages.getString("Command.23")); //$NON-NLS-1$ + } + + protected void setKeystorePasswordParam(String password) throws IOException, + UnsupportedCallbackException + { + if (password != null) + storePasswordChars = password.toCharArray(); + else // ask the user to provide one + { + String prompt = Messages.getString("Command.24"); //$NON-NLS-1$ + PasswordCallback pcb = new PasswordCallback(prompt, false); + getCallbackHandler().handle(new Callback[] { pcb }); + storePasswordChars = pcb.getPassword(); + pcb.clearPassword(); + } + log.finest("storePasswordChars = [" + String.valueOf(storePasswordChars)+ "]"); //$NON-NLS-1$ //$NON-NLS-2$ + } + + /** + * Set the key store URL to use. + * + * @param url + * @throws IOException + * @throws KeyStoreException + * @throws UnsupportedCallbackException + * @throws NoSuchAlgorithmException + * @throws CertificateException + */ + protected void setKeystoreURLParam(String url) throws IOException, + KeyStoreException, UnsupportedCallbackException, NoSuchAlgorithmException, + CertificateException + { + log.finest("setKeystoreURLParam(" + url + ")"); //$NON-NLS-1$ //$NON-NLS-2$ + if (url == null || url.trim().length() == 0) + { + String userHome = SystemProperties.getProperty("user.home"); //$NON-NLS-1$ + if (userHome == null || userHome.trim().length() == 0) + throw new InvalidParameterException(Messages.getString("Command.36")); //$NON-NLS-1$ + + url = userHome.trim() + "/.keystore"; //$NON-NLS-1$ + // if it does not exist create it + new File(url).createNewFile(); + url = "file:" + url; //$NON-NLS-1$ + } + else + { + url = url.trim(); + if (url.indexOf(":") == -1) // if it does not exist create it //$NON-NLS-1$ + new File(url).createNewFile(); + + url = "file:" + url; //$NON-NLS-1$ + } + + boolean newKeyStore = false; + storeURL = new URL(url); + storeStream = storeURL.openStream(); + if (storeStream.available() == 0) + { + log.fine("Store is empty. Will use <null> when loading, to create it"); //$NON-NLS-1$ + newKeyStore = true; + } + + try + { + store = KeyStore.getInstance(storeType); + } + catch (KeyStoreException x) + { + if (provider != null) + throw x; + + log.fine("Exception while getting key store with default provider(s)." //$NON-NLS-1$ + + " Will prompt user for another provider and continue"); //$NON-NLS-1$ + String prompt = Messages.getString("Command.40"); //$NON-NLS-1$ + NameCallback ncb = new NameCallback(prompt); + getCallbackHandler().handle(new Callback[] { ncb }); + String className = ncb.getName(); + setProviderClassNameParam(className); // we may have a Provider + if (provider == null) + { + x.fillInStackTrace(); + throw x; + } + // try again + store = KeyStore.getInstance(storeType, provider); + } + + // now we have a KeyStore instance. load it + // KeyStore public API claims: "...In order to create an empty keystore, + // you pass null as the InputStream argument to the load method. + if (newKeyStore) + store.load(null, storePasswordChars); + else + store.load(storeStream, storePasswordChars); + + // close the stream + try + { + storeStream.close(); + storeStream = null; + } + catch (IOException x) + { + log.fine("Exception while closing the key store input stream: " + x //$NON-NLS-1$ + + ". Ignore"); //$NON-NLS-1$ + } + } + + protected void setOutputStreamParam(String fileName) throws SecurityException, + IOException + { + if (fileName == null || fileName.trim().length() == 0) + { + outStream = System.out; + systemOut = true; + } + else + { + fileName = fileName.trim(); + File outFile = new File(fileName); + if (! outFile.exists()) + { + boolean ok = outFile.createNewFile(); + if (!ok) + throw new InvalidParameterException(Messages.getFormattedString("Command.19", //$NON-NLS-1$ + fileName)); + } + else + { + if (! outFile.isFile()) + throw new InvalidParameterException(Messages.getFormattedString("Command.42", //$NON-NLS-1$ + fileName)); + if (! outFile.canWrite()) + throw new InvalidParameterException(Messages.getFormattedString("Command.44", //$NON-NLS-1$ + fileName)); + } + outStream = new FileOutputStream(outFile); + } + } + + protected void setInputStreamParam(String fileName) + throws FileNotFoundException + { + if (fileName == null || fileName.trim().length() == 0) + inStream = System.in; + else + { + fileName = fileName.trim(); + File inFile = new File(fileName); + if (! (inFile.exists() && inFile.isFile() && inFile.canRead())) + throw new InvalidParameterException(Messages.getFormattedString("Command.46", //$NON-NLS-1$ + fileName)); + inStream = new FileInputStream(inFile); + } + } + + /** + * Set both the key-pair generation algorithm, and the digital signature + * algorithm instances to use when generating new entries. + * + * @param kpAlg the possibly null name of a key-pair generator algorithm. + * if this argument is <code>null</code> or is an empty string, the + * "DSS" algorithm will be used. + * @param sigAlg the possibly null name of a digital signature algorithm. + * If this argument is <code>null</code> or is an empty string, this + * method uses the "SHA1withDSA" (Digital Signature Standard, a.k.a. + * DSA, with the Secure Hash Algorithm function) as the default + * algorithm if, and only if, the key-pair generation algorithm ends + * up being "DSS"; otherwise, if the key-pair generation algorithm + * was "RSA", then the "MD5withRSA" signature algorithm will be used. + * If the key-pair generation algorithm is neither "DSS" (or its + * alias "DSA"), nor is it "RSA", then an exception is thrown. + * @throws NoSuchAlgorithmException if no concrete implementation of the + * designated algorithm is available. + */ + protected void setAlgorithmParams(String kpAlg, String sigAlg) + throws NoSuchAlgorithmException + { + if (kpAlg == null || kpAlg.trim().length() == 0) + kpAlg = DEFAULT_KEY_ALGORITHM; + else + kpAlg = kpAlg.trim().toLowerCase(); + + keyPairGenerator = KeyPairGenerator.getInstance(kpAlg); + + if (sigAlg == null || sigAlg.trim().length() == 0) + if (kpAlg.equalsIgnoreCase(Registry.DSS_KPG) + || kpAlg.equalsIgnoreCase(Registry.DSA_KPG)) + sigAlg = DSA_SIGNATURE_ALGORITHM; + else if (kpAlg.equalsIgnoreCase(Registry.RSA_KPG)) + sigAlg = RSA_SIGNATURE_ALGORITHM; + else + throw new IllegalArgumentException( + Messages.getFormattedString("Command.20", //$NON-NLS-1$ + new String[] { sigAlg, kpAlg })); + else + sigAlg = sigAlg.trim().toLowerCase(); + + signatureAlgorithm = Signature.getInstance(sigAlg); + } + + /** + * Set the signature algorithm to use when digitally signing private keys, + * certificates, etc... + * <p> + * If the designated algorithm name is <code>null</code> or is an empty + * string, this method checks the private key (the second argument) and based + * on its type decides which algorithm to use. The keytool public + * specification states that if the private key is a DSA key, then the + * signature algorithm will be <code>SHA1withDSA</code>, otherwise if it is + * an RSA private key, then the signature algorithm will be + * <code>MD5withRSA</code>. If the private key is neither a private DSA nor + * a private RSA key, then this method throws an + * {@link IllegalArgumentException}. + * + * @param algorithm the possibly null name of a digital signature algorithm. + * @param privateKey an instance of a private key to use as a fal-back option + * when <code>algorithm</code> is invalid. + * @throws NoSuchAlgorithmException if no concrete implementation of the + * designated, or default, signature algorithm is available. + */ + protected void setSignatureAlgorithmParam(String algorithm, Key privateKey) + throws NoSuchAlgorithmException + { + if (algorithm == null || algorithm.trim().length() == 0) + if (privateKey instanceof DSAKey) + algorithm = DSA_SIGNATURE_ALGORITHM; + else if (privateKey instanceof RSAKey) + algorithm = RSA_SIGNATURE_ALGORITHM; + else + throw new InvalidParameterException(Messages.getString("Command.48")); //$NON-NLS-1$ + else + algorithm = algorithm.trim(); + + signatureAlgorithm = Signature.getInstance(algorithm); + } + + /** + * Set the validity period, in number of days, to use when issuing new + * certificates. + * + * @param days the number of days, as a string, the generated certificate will + * be valid for, starting from today's date. if this argument is + * <code>null</code>, a default value of <code>90</code> days + * will be used. + * @throws NumberFormatException if the designated string is not a decimal + * integer. + * @throws InvalidParameterException if the integer value of the non-null + * string is not greater than zero. + */ + protected void setValidityParam(String days) + { + if (days == null || days.trim().length() == 0) + validityInDays = DEFAULT_VALIDITY; + else + { + days = days.trim(); + validityInDays = Integer.parseInt(days); + if (validityInDays < 1) + throw new InvalidParameterException(Messages.getString("Command.51")); //$NON-NLS-1$ + } + } + + /** + * RFC-2459 (http://rfc.net/rfc2459.html) fully describes the structure and + * semantics of X.509 certificates. The ASN.1 structures below are gleaned + * from that reference. + * + * <pre> + * Certificate ::= SEQUENCE { + * tbsCertificate TBSCertificate, + * signatureAlgorithm AlgorithmIdentifier, + * signatureValue BIT STRING + * } + * + * TBSCertificate ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * serialNumber CertificateSerialNumber, + * signature AlgorithmIdentifier, + * issuer Name, + * validity Validity, + * subject Name, + * subjectPublicKeyInfo SubjectPublicKeyInfo + * } + * + * Version ::= INTEGER { v1(0), v2(1), v3(2) } + * + * CertificateSerialNumber ::= INTEGER + * + * Validity ::= SEQUENCE { + * notBefore Time, + * notAfter Time + * } + * + * Time ::= CHOICE { + * utcTime UTCTime, + * generalTime GeneralizedTime + * } + * + * UniqueIdentifier ::= BIT STRING + * + * SubjectPublicKeyInfo ::= SEQUENCE { + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING + * } + * </pre> + * + * @param distinguishedName the X.500 Distinguished Name to use as both the + * Issuer and Subject of the self-signed certificate to generate. + * @param publicKey the public key of the issuer/subject. + * @param privateKey the private key of the issuer/signer. + * @return the DER encoded form of a self-signed X.509 v1 certificate. + * @throws IOException If an I/O related exception occurs during the process. + * @throws SignatureException If a digital signature related exception occurs. + * @throws InvalidKeyException if the designated private key is invalid. + * @throws InvalidParameterException if the concrete signature algorithm does + * not know its name, no OID is known/supported for that name, or we + * were unable to match the name to a known string for which we can + * use a standard OID. + */ + protected byte[] getSelfSignedCertificate(X500DistinguishedName distinguishedName, + PublicKey publicKey, + PrivateKey privateKey) + throws IOException, SignatureException, InvalidKeyException + { + log.entering(this.getClass().getName(), "getSelfSignedCertificate", //$NON-NLS-1$ + new Object[] { distinguishedName, publicKey, privateKey }); + + byte[] versionBytes = new DERValue(DER.INTEGER, BigInteger.ZERO).getEncoded(); + DERValue derVersion = new DERValue(DER.CONSTRUCTED | DER.CONTEXT | 0, + versionBytes.length, versionBytes, null); + + // NOTE (rsn): the next 3 lines should be atomic but they're not. + Preferences prefs = Preferences.systemNodeForPackage(this.getClass()); + int lastSerialNumber = prefs.getInt(Main.LAST_SERIAL_NUMBER, 0) + 1; + prefs.putInt(Main.LAST_SERIAL_NUMBER, lastSerialNumber); + DERValue derSerialNumber = new DERValue(DER.INTEGER, + BigInteger.valueOf(lastSerialNumber)); + + OID signatureID = getSignatureAlgorithmOID(); + DERValue derSignatureID = new DERValue(DER.OBJECT_IDENTIFIER, signatureID); + ArrayList signature = new ArrayList(1); + signature.add(derSignatureID); + // rfc-2459 states the following: + // + // for the DSA signature: + // ...Where the id-dsa-with-sha1 algorithm identifier appears as the + // algorithm field in an AlgorithmIdentifier, the encoding shall omit + // the parameters field. That is, the AlgorithmIdentifier shall be a + // SEQUENCE of one component - the OBJECT IDENTIFIER id-dsa-with-sha1. + // + // for RSA signatures: + // ...When any of these three OIDs (i.e. xxxWithRSAEncryption) appears + // within the ASN.1 type AlgorithmIdentifier, the parameters component of + // that type shall be the ASN.1 type NULL. + if (! signatureID.equals(SHA1_WITH_DSA)) + signature.add(new DERValue(DER.NULL, null)); + + DERValue derSignature = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, + signature); + + DERValue derIssuer = new DERReader(distinguishedName.getDer()).read(); + + long notBefore = System.currentTimeMillis(); + long notAfter = notBefore + validityInDays * MILLIS_IN_A_DAY; + + ArrayList validity = new ArrayList(2); + validity.add(new DERValue(DER.UTC_TIME, new Date(notBefore))); + validity.add(new DERValue(DER.UTC_TIME, new Date(notAfter))); + DERValue derValidity = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, + validity); + + // for a self-signed certificate subject and issuer are identical + DERValue derSubject = derIssuer; + + DERValue derSubjectPublicKeyInfo = new DERReader(publicKey.getEncoded()).read(); + + ArrayList tbsCertificate = new ArrayList(7); + tbsCertificate.add(derVersion); + tbsCertificate.add(derSerialNumber); + tbsCertificate.add(derSignature); + tbsCertificate.add(derIssuer); + tbsCertificate.add(derValidity); + tbsCertificate.add(derSubject); + tbsCertificate.add(derSubjectPublicKeyInfo); + DERValue derTBSCertificate = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, + tbsCertificate); + + // The 'signature' field MUST contain the same algorithm identifier as the + // 'signatureAlgorithm' field in the sequence Certificate. + DERValue derSignatureAlgorithm = derSignature; + + signatureAlgorithm.initSign(privateKey); + signatureAlgorithm.update(derTBSCertificate.getEncoded()); + byte[] sigBytes = signatureAlgorithm.sign(); + DERValue derSignatureValue = new DERValue(DER.BIT_STRING, + new BitString(sigBytes)); + + ArrayList certificate = new ArrayList(3); + certificate.add(derTBSCertificate); + certificate.add(derSignatureAlgorithm); + certificate.add(derSignatureValue); + DERValue derCertificate = new DERValue(DER.CONSTRUCTED | DER.SEQUENCE, + certificate); + + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + DERWriter.write(baos, derCertificate); + byte[] result = baos.toByteArray(); + + log.exiting(this.getClass().getName(), "getSelfSignedCertificate"); //$NON-NLS-1$ + return result; + } + + /** + * This method attempts to find, and return, an OID representing the digital + * signature algorithm used to sign the certificate. The OIDs returned are + * those described in RFC-2459. They are listed here for the sake of + * completness. + * + * <pre> + * id-dsa-with-sha1 OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 + * } + * + * md2WithRSAEncryption OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 2 + * } + * + * md5WithRSAEncryption OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 + * } + * + * sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { + * iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 + * } + * </pre> + * + * <b>IMPORTANT</b>: This method checks the signature algorithm name against + * (a) The GNU algorithm implementation's name, and (b) publicly referenced + * names of the same algorithm. In other words this search is not + * comprehensive and may fail for uncommon names of the same algorithms. + * + * @return the OID of the signature algorithm in use. + * @throws InvalidParameterException if the concrete signature algorithm does + * not know its name, no OID is known/supported for that name, or we + * were unable to match the name to a known string for which we can + * return an OID. + */ + protected OID getSignatureAlgorithmOID() + { + String algorithm = signatureAlgorithm.getAlgorithm(); + // if we already have a non-null signature then the name was valid. the + // only case where algorithm is invalid would be if the implementation is + // flawed. check anyway + if (algorithm == null || algorithm.trim().length() == 0) + throw new InvalidParameterException(Messages.getString("Command.52")); //$NON-NLS-1$ + + algorithm = algorithm.trim(); + if (algorithm.equalsIgnoreCase(Registry.DSS_SIG) + || algorithm.equalsIgnoreCase("SHA1withDSA")) //$NON-NLS-1$ + return SHA1_WITH_DSA; + + if (algorithm.equalsIgnoreCase(Registry.RSA_PKCS1_V1_5_SIG + "-" //$NON-NLS-1$ + + Registry.MD2_HASH) + || algorithm.equalsIgnoreCase("MD2withRSA")) //$NON-NLS-1$ + return MD2_WITH_RSA; + + if (algorithm.equalsIgnoreCase(Registry.RSA_PKCS1_V1_5_SIG + "-" //$NON-NLS-1$ + + Registry.MD5_HASH) + || algorithm.equalsIgnoreCase("MD5withRSA") //$NON-NLS-1$ + || algorithm.equalsIgnoreCase("rsa")) //$NON-NLS-1$ + return MD5_WITH_RSA; + + if (algorithm.equalsIgnoreCase(Registry.RSA_PKCS1_V1_5_SIG + "-" //$NON-NLS-1$ + + Registry.SHA160_HASH) + || algorithm.equalsIgnoreCase("SHA1withRSA")) //$NON-NLS-1$ + return SHA1_WITH_RSA; + + throw new InvalidParameterException(Messages.getFormattedString("Command.60", //$NON-NLS-1$ + algorithm)); + } + + /** + * Saves the key store using the designated password. This operation is called + * by handlers if/when the key store password has changed, or amendements have + * been made to the contents of the store; e.g. addition of a new Key Entry or + * a Trusted Certificate. + * + * @param password the password protecting the key store. + * @throws IOException if an I/O related exception occurs during the process. + * @throws CertificateException if any of the certificates in the current key + * store could not be persisted. + * @throws NoSuchAlgorithmException if a required data integrity algorithm + * implementation was not found. + * @throws KeyStoreException if the key store has not been loaded previously. + */ + protected void saveKeyStore(char[] password) throws IOException, + KeyStoreException, NoSuchAlgorithmException, CertificateException + { + log.entering(this.getClass().getName(), "saveKeyStore", String.valueOf(password)); //$NON-NLS-1$ + + URLConnection con = storeURL.openConnection(); + con.setDoOutput(true); + con.setUseCaches(false); + OutputStream out = con.getOutputStream(); + if (verbose) + System.out.println(Messages.getFormattedString("Command.63", storeURL.getPath())); //$NON-NLS-1$ + + store.store(out, password); + out.flush(); + out.close(); + + log.exiting(this.getClass().getName(), "saveKeyStore"); //$NON-NLS-1$ + } + + /** + * Convenience method. Calls the method with the same name passing it the + * same password characters used to initially load the key-store. + * + * @throws IOException if an I/O related exception occurs during the process. + * @throws KeyStoreException if the key store has not been loaded previously. + * @throws NoSuchAlgorithmException if a required data integrity algorithm + * implementation was not found. + * @throws CertificateException if any of the certificates in the current key + * store could not be persisted. + */ + protected void saveKeyStore() throws IOException, KeyStoreException, + NoSuchAlgorithmException, CertificateException + { + saveKeyStore(storePasswordChars); + } + + /** + * Prints a human-readable form of the designated certificate to a designated + * {@link PrintWriter}. + * + * @param certificate the certificate to process. + * @param writer where to print it. + * @throws CertificateEncodingException if an exception occurs while obtaining + * the DER encoded form <code>certificate</code>. + */ + protected void printVerbose(Certificate certificate, PrintWriter writer) + throws CertificateEncodingException + { + X509Certificate x509 = (X509Certificate) certificate; + writer.println(Messages.getFormattedString("Command.66", x509.getSubjectDN())); //$NON-NLS-1$ + writer.println(Messages.getFormattedString("Command.67", x509.getIssuerDN())); //$NON-NLS-1$ + writer.println(Messages.getFormattedString("Command.68", x509.getSerialNumber())); //$NON-NLS-1$ + writer.println(Messages.getFormattedString("Command.69", x509.getNotBefore())); //$NON-NLS-1$ + writer.println(Messages.getFormattedString("Command.70", x509.getNotAfter())); //$NON-NLS-1$ + writer.println(Messages.getString("Command.71")); //$NON-NLS-1$ + byte[] derBytes = certificate.getEncoded(); + writer.println(Messages.getFormattedString("Command.72", digest(md5, derBytes))); //$NON-NLS-1$ + writer.println(Messages.getFormattedString("Command.73", digest(sha, derBytes))); //$NON-NLS-1$ + } + + /** + * Convenience method. Prints a human-readable form of the designated + * certificate to <code>System.out</code>. + * + * @param certificate the certificate to process. + * @throws CertificateEncodingException if an exception occurs while obtaining + * the DER encoded form <code>certificate</code>. + */ + protected void printVerbose(Certificate certificate) + throws CertificateEncodingException + { + printVerbose(certificate, new PrintWriter(System.out, true)); + } + + /** + * Digest the designated contents with MD5 and return a string representation + * suitable for use as a fingerprint; i.e. sequence of hexadecimal pairs of + * characters separated by a colon. + * + * @param contents the non-null contents to digest. + * @return a sequence of hexadecimal pairs of characters separated by colons. + */ + protected String digestWithMD5(byte[] contents) + { + return digest(md5, contents); + } + + private String digest(IMessageDigest hash, byte[] encoded) + { + hash.update(encoded); + byte[] b = hash.digest(); + StringBuilder sb = new StringBuilder().append(Util.toString(b, 0, 1)); + for (int i = 1; i < b.length; i++) + sb.append(":").append(Util.toString(b, i, 1)); //$NON-NLS-1$ + + String result = sb.toString(); + return result; + } + + /** + * Ensure that the currently set Alias is contained in the currently set key + * store; otherwise throw an exception. + * + * @throws KeyStoreException if the keystore has not been loaded. + * @throws IllegalArgumentException if the currently set alias is not known to + * the currently set key store. + */ + protected void ensureStoreContainsAlias() throws KeyStoreException + { + if (! store.containsAlias(alias)) + throw new IllegalArgumentException(Messages.getFormattedString("Command.75", //$NON-NLS-1$ + alias)); + } + + /** + * Ensure that the currently set Alias is associated with a Key Entry in the + * currently set key store; otherwise throw an exception. + * + * @throws KeyStoreException if the keystore has not been loaded. + * @throws SecurityException if the currently set alias is not a Key Entry in + * the currently set key store. + */ + protected void ensureAliasIsKeyEntry() throws KeyStoreException + { + if (! store.isKeyEntry(alias)) + throw new SecurityException(Messages.getFormattedString("Command.77", //$NON-NLS-1$ + alias)); + } + + protected Key getAliasPrivateKey() throws KeyStoreException, + NoSuchAlgorithmException, IOException, UnsupportedCallbackException, + UnrecoverableKeyException + { + ensureAliasIsKeyEntry(); + Key result; + if (keyPasswordChars == null) + try + { + result = store.getKey(alias, storePasswordChars); + // it worked. assign to keyPasswordChars for later use + keyPasswordChars = storePasswordChars; + } + catch (UnrecoverableKeyException x) + { + // prompt the user to provide one + setKeyPasswordParam(); + result = store.getKey(alias, keyPasswordChars); + } + else + result = store.getKey(alias, keyPasswordChars); + + return result; + } + + /** + * Return a CallbackHandler which uses the Console (System.in and System.out) + * for interacting with the user. + * <p> + * This method first finds all currently installed security providers capable + * of providing such service and then in turn attempts to instantiate the + * handler from those providers. As soon as one provider returns a non-null + * instance of the callback handler, the search stops and that instance is + * set to be used from now on. + * <p> + * If no installed providers were found, this method falls back on the GNU + * provider, by-passing the Security search mechanism. The default console + * callback handler implementation is {@link ConsoleCallbackHandler}. + * + * @return a console-based {@link CallbackHandler}. + */ + protected CallbackHandler getCallbackHandler() + { + if (handler == null) + handler = CallbackUtil.getConsoleHandler(); + + return handler; + } +} diff --git a/tools/gnu/classpath/tools/keytool/DeleteCmd.java b/tools/gnu/classpath/tools/keytool/DeleteCmd.java new file mode 100644 index 000000000..968af50f8 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/DeleteCmd.java @@ -0,0 +1,235 @@ +/* DeleteCmd.java -- The delete command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import java.io.IOException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.logging.Logger; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +/** + * The <b>-delete</b> keytool command handler is used to delete from the key + * store the entry associated with a designated alias. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class DeleteCmd extends Command +{ + private static final Logger log = Logger.getLogger(DeleteCmd.class.getName()); + private String _alias; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS //$NON-NLS-1$ + _alias = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ + _providerClassName = args[++i]; + else if ("-v".equals(opt)) //$NON-NLS-1$ + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setTheAlias(_alias); + + log.finer("-delete handler will use the following options:"); //$NON-NLS-1$ + log.finer(" -alias=" + alias); //$NON-NLS-1$ + log.finer(" -storetype=" + storeType); //$NON-NLS-1$ + log.finer(" -keystore=" + storeURL); //$NON-NLS-1$ + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); //$NON-NLS-1$ + log.finer(" -provider=" + provider); //$NON-NLS-1$ + log.finer(" -v=" + verbose); //$NON-NLS-1$ + } + + void start() throws KeyStoreException, NoSuchAlgorithmException, + CertificateException, IOException + { + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ + + ensureStoreContainsAlias(); + store.deleteEntry(alias); + saveKeyStore(); + + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ + } + + // own methods -------------------------------------------------------------- + + /** + * Set the alias to delete from the key store. + * <p> + * Unlike in other keytool handlers, the default value (<i>mykey</i>) for the + * Alias is not used. Instead, if an alias was not found on the command line, + * the user is prompted to enter one. + * + * @param anAlias a possibly null Alias gleaned from the command line. + * @throws IOException if an I/O related exception occurs during the process. + * @throws UnsupportedCallbackException if no implementation of a password + * callback handler was found. + */ + private void setTheAlias(String anAlias) throws IOException, + UnsupportedCallbackException + { + if (anAlias == null || anAlias.trim().length() == 0) + { + String prompt = Messages.getString("DeleteCmd.19"); //$NON-NLS-1$ + NameCallback ncb = new NameCallback(prompt); + getCallbackHandler().handle(new Callback[] { ncb }); + anAlias = ncb.getName(); + if (anAlias == null || anAlias.trim().length() == 0) + throw new SecurityException(Messages.getString("DeleteCmd.20")); //$NON-NLS-1$ + } + alias = anAlias.trim(); + } +} diff --git a/tools/gnu/classpath/tools/keytool/ExportCmd.java b/tools/gnu/classpath/tools/keytool/ExportCmd.java new file mode 100644 index 000000000..0d1692245 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/ExportCmd.java @@ -0,0 +1,266 @@ +/* ExportCmd.java -- The export command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.java.security.util.Base64; + +import java.io.IOException; +import java.io.PrintWriter; +import java.security.KeyStoreException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.util.logging.Logger; + +/** + * The <b>-export</b> keytool command handler is used to read the certificate + * associated with a designated alias from the key store, and write it to a + * designated file. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-file FILE_NAME</dt> + * <dd>The fully qualified path of the file where the certificate will be + * exported to. If omitted, STDOUT will be used instead. + * <p></dd> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-rfc</dt> + * <dd>Use RFC-1421 specifications when encoding the output. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Output the certificate in binary DER encoding. This is the default + * output format of the command if neither <code>-rfc</code> nor + * <code>-v</code> options were detected on the command line. If both this + * option and the <code>-rfc</code> option are detected on the command + * line, the tool will opt for the RFC-1421 style encoding.</dd> + * </dl> + */ +class ExportCmd extends Command +{ + private static final Logger log = Logger.getLogger(ExportCmd.class.getName()); + private String _alias; + private String _certFileName; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private boolean rfc; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** @param pathName the fully qualified path name of the file to process. */ + public void setFile(String pathName) + { + this._certFileName = pathName; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + /** + * @param flag whether to use, or not, RFC-1421 format when exporting the + * certificate(s). + */ + public void setRfc(String flag) + { + this.rfc = Boolean.valueOf(flag).booleanValue(); + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS + _alias = args[++i]; + else if ("-file".equals(opt)) // -file FILE_NAME + _certFileName = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME + _providerClassName = args[++i]; + else if ("-rfc".equals(opt)) + rfc = true; + else if ("-v".equals(opt)) + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setOutputStreamParam(_certFileName); + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setAliasParam(alias); + + log.finer("-export handler will use the following options:"); + log.finer(" -alias=" + alias); + log.finer(" -file=" + _certFileName); + log.finer(" -storetype=" + storeType); + log.finer(" -keystore=" + storeURL); + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); + log.finer(" -provider=" + provider); + log.finer(" -rfc=" + rfc); + log.finer(" -v=" + verbose); + } + + void start() throws KeyStoreException, CertificateEncodingException, + IOException + { + log.entering(this.getClass().getName(), "start"); + + ensureStoreContainsAlias(); + Certificate certificate; + if (store.isCertificateEntry(alias)) + { + log.fine("Alias [" + alias + "] is a trusted certificate"); + certificate = store.getCertificate(alias); + } + else + { + log.fine("Alias [" + alias + "] is a key entry"); + Certificate[] chain = store.getCertificateChain(alias); + certificate = chain[0]; + } + + byte[] derBytes = certificate.getEncoded(); + if (rfc) + { + String encoded = Base64.encode(derBytes, 0, derBytes.length, true); + PrintWriter pw = new PrintWriter(outStream, true); + pw.println("-----BEGIN CERTIFICATE-----"); + pw.println(encoded); + pw.println("-----END CERTIFICATE-----"); + } + else + outStream.write(derBytes); + + // stream is closed in Command.teardown() + log.exiting(this.getClass().getName(), "start"); + } +} diff --git a/tools/gnu/classpath/tools/keytool/GenKeyCmd.java b/tools/gnu/classpath/tools/keytool/GenKeyCmd.java new file mode 100644 index 000000000..2d92134c2 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/GenKeyCmd.java @@ -0,0 +1,511 @@ +/* GenKeyCmd.java -- The genkey command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.java.security.util.Util; +import gnu.java.security.x509.X500DistinguishedName; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SignatureException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.logging.Logger; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.TextInputCallback; +import javax.security.auth.callback.TextOutputCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +/** + * The <b>-genkey</b> keytool command handler is used to generate a key pair (a + * public, and associated private keys). It then generates a self-signed X509 v1 + * certificate (authenticating the public key) and stores this certificate and + * the private key in the key store associating both to a designated alias. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-keyalg ALGORITHM</dt> + * <dd>Use this option to specify the canonical name of the key-pair + * generation algorithm. The default value for this option is + * <code>DSS</code> (a synonym for the Digital Signature Algorithm also + * known as <code>DSA</code>). + * <p></dd> + * + * <dt>-keysize KEY_SIZE</dt> + * <dd>Use this option to specify the number of bits of the shared modulus + * (for both the public and private keys) to use when generating new keys. + * A default value of <code>1024</code> will be used if this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-sigalg ALGORITHM</dt> + * <dd>The canonical name of the digital signature algorithm to use for + * signing certificates. If this option is omitted, a default value will be + * chosen based on the type of the key-pair; i.e. the algorithm that ends + * up being used by the <code>-keyalg</code> option. If the key-pair + * generation algorithm is <code>DSA</code>, the value for the signature + * algorithm will be <code>SHA1withDSA</code>. If on the other hand the + * key-pair generation algorithm is <code>RSA</code>, then the tool will + * use <code>MD5withRSA</code> as the signature algorithm. + * <p></dd> + * + * <dt>-dname NAME</dt> + * <dd>This a mandatory value for this command. If this option is omitted + * the tool will prompt you to enter a <i>Distinguished Name</i> to use as + * both the <i>Owner</i> and <i>Issuer</i> of the generated self-signed + * certificate. + * <p> + * The syntax of a valid value for this option MUST follow RFC-2253 + * specifications. Namely the following components (with their accepted + * meaning) will be recognized. Note that the component name is case- + * insensitive: + * <dl> + * <dt>CN</dt> + * <dd>The Common Name; e.g. "host.domain.com"</dd> + * + * <dt>OU</dt> + * <dd>The Organizational Unit; e.g. "IT Department"</dd> + * + * <dt>O</dt> + * <dd>The Organization Name; e.g. "The Sample Company"</dd> + * + * <dt>L</dt> + * <dd>The Locality Name; e.g. "Sydney"</dd> + * + * <dt>ST</dt> + * <dd>The State Name; e.g. "New South Wales"</dd> + * + * <dt>C</dt> + * <dd>The 2-letter Country identifier; e.g. "AU"</dd> + * </dl> + * <p> + * When specified with a <code>-dname</code> option, each pair of component + * / value will be separated from the other with a comma. Each component + * and value pair MUST be separated by an equal sign. For example, the + * following is a valid DN value: + * <pre> + * CN=host.domain.com, O=The Sample Company, L=Sydney, ST=NSW, C=AU + * </pre> + * If this option is omitted, the tool will prompt you to enter the + * information through the console. + * <p></dd> + * + * <dt>-keypass PASSWORD</dt> + * <dd>Use this option to specify the password which the tool will use to + * protect the newly created Key Entry. + * <p> + * If this option is omitted, you will be prompted to provide a password. + * <p></dd> + * + * <dt>-validity DAY_COUNT</dt> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class GenKeyCmd extends Command +{ + private static final Logger log = Logger.getLogger(GenKeyCmd.class.getName()); + /** Default key size in bits. */ + private static final int DEFAULT_KEY_SIZE = 1024; + + private String _alias; + private String _keyAlgorithm; + private String _keySizeStr; + private String _sigAlgorithm; + private String _dName; + private String _password; + private String _validityStr; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private int keySize; + private X500DistinguishedName distinguishedName; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** @param algorithm the canonical name of the key-pair algorithm to use. */ + public void setKeyalg(String algorithm) + { + this._keyAlgorithm = algorithm; + } + + /** + * @param bits the string representation of the number of bits (a decimal + * positive integer) the modulus of the generated keys (private and + * public) should have. + */ + public void setKeysize(String bits) + { + this._validityStr = bits; + } + + /** + * @param algorithm the canonical name of the digital signature algorithm to + * use. + */ + public void setSigalg(String algorithm) + { + this._sigAlgorithm = algorithm; + } + + /** @param name the distiniguished name to use. */ + public void setDname(String name) + { + this._dName = name; + } + + /** @param password the (private) key password to use. */ + public void setKeypass(String password) + { + this._password = password; + } + + /** + * @param days the string representation of the number of days (a decimal, + * positive integer) to assign to the generated certificate. + */ + public void setValidity(String days) + { + this._validityStr = days; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS //$NON-NLS-1$ + _alias = args[++i]; + else if ("-keyalg".equals(opt)) // -keyalg ALGORITHM //$NON-NLS-1$ + _keyAlgorithm = args[++i]; + else if ("-keysize".equals(opt)) // -keysize KEY_SIZE //$NON-NLS-1$ + _keySizeStr = args[++i]; + else if ("-sigalg".equals(opt)) // -sigalg ALGORITHM //$NON-NLS-1$ + _sigAlgorithm = args[++i]; + else if ("-dname".equals(opt)) // -dname NAME //$NON-NLS-1$ + _dName = args[++i]; + else if ("-keypass".equals(opt)) // -keypass PASSWORD //$NON-NLS-1$ + _password = args[++i]; + else if ("-validity".equals(opt)) // -validity DAY_COUNT //$NON-NLS-1$ + _validityStr = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ + _providerClassName = args[++i]; + else if ("-v".equals(opt)) //$NON-NLS-1$ + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setAliasParam(_alias); + setKeyPasswordParam(_password); + setAlgorithmParams(_keyAlgorithm, _sigAlgorithm); + setKeySize(_keySizeStr); + setDName(_dName); + setValidityParam(_validityStr); + + log.finer("-genkey handler will use the following options:"); //$NON-NLS-1$ + log.finer(" -alias=" + alias); //$NON-NLS-1$ + log.finer(" -keyalg=" + keyPairGenerator.getAlgorithm()); //$NON-NLS-1$ + log.finer(" -keysize=" + keySize); //$NON-NLS-1$ + log.finer(" -sigalg=" + signatureAlgorithm.getAlgorithm()); //$NON-NLS-1$ + log.finer(" -dname=" + distinguishedName); //$NON-NLS-1$ + log.finer(" -keypass=" + String.valueOf(keyPasswordChars)); //$NON-NLS-1$ + log.finer(" -validity=" + validityInDays); //$NON-NLS-1$ + log.finer(" -storetype=" + storeType); //$NON-NLS-1$ + log.finer(" -keystore=" + storeURL); //$NON-NLS-1$ + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); //$NON-NLS-1$ + log.finer(" -provider=" + provider); //$NON-NLS-1$ + log.finer(" -v=" + verbose); //$NON-NLS-1$ + } + + void start() throws CertificateException, KeyStoreException, + InvalidKeyException, SignatureException, IOException, + NoSuchAlgorithmException + { + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ + + // 1. generate a new key-pair + log.fine("About to generate key-pair..."); + keyPairGenerator.initialize(keySize); + KeyPair kp = keyPairGenerator.generateKeyPair(); + PublicKey publicKey = kp.getPublic(); + PrivateKey privateKey = kp.getPrivate(); + + // 2. generate a self-signed certificate + log.fine("About to generate a self-signed certificate..."); + byte[] derBytes = getSelfSignedCertificate(distinguishedName, + publicKey, + privateKey); + log.finest(Util.dumpString(derBytes, "derBytes ")); //$NON-NLS-1$ + CertificateFactory x509Factory = CertificateFactory.getInstance(Main.X_509); + ByteArrayInputStream bais = new ByteArrayInputStream(derBytes); + Certificate certificate = x509Factory.generateCertificate(bais); + log.finest("certificate = " + certificate); //$NON-NLS-1$ + + // 3. store it, w/ its private key, associating them to alias + Certificate[] chain = new Certificate[] { certificate }; + log.finest("About to store newly generated material in key store..."); //$NON-NLS-1$ + store.setKeyEntry(alias, privateKey, keyPasswordChars, chain); + + // 4. persist the key store + saveKeyStore(); + + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ + } + + // own methods -------------------------------------------------------------- + + /** + * @param size the desired key size as a string. + * @throws NumberFormatException if the string does not represent a valid + * decimal integer value. + */ + private void setKeySize(String size) + { + if (size == null || size.trim().length() == 0) + this.keySize = DEFAULT_KEY_SIZE; + else + { + size = size.trim(); + keySize = Integer.parseInt(size); + // When generating a DSA key pair, the key size must be in the range + // from 512 to 1024 bits, and must be a multiple of 64. The default + // key size for any algorithm is 1024 bits + if (keySize < 1) + throw new IllegalArgumentException(Messages.getString("GenKeyCmd.54")); //$NON-NLS-1$ + } + } + + /** + * @param name the X.500 distinguished name of the principal for whom the + * key/certificate are being generated. + * @throws UnsupportedCallbackException if no implementation of a name + * callback is available. + * @throws IOException if an I/O related exception occurs during the process. + * @throws IllegalArgumentException if the designated, or captured, value is + * not a valid X.500 distinguished name. + */ + private void setDName(String name) throws IOException, + UnsupportedCallbackException + { + if (name != null && name.trim().length() > 0) + name = name.trim(); + else + { + // prompt user to provide one + String dnTxt = Messages.getString("GenKeyCmd.0"); //$NON-NLS-1$ + String oDefault = Messages.getString("GenKeyCmd.6"); //$NON-NLS-1$ + String lDefault = Messages.getString("GenKeyCmd.7"); //$NON-NLS-1$ + String stDefault = Messages.getString("GenKeyCmd.8"); //$NON-NLS-1$ + String cDefault = Messages.getString("GenKeyCmd.9"); //$NON-NLS-1$ + String cnPrompt = Messages.getString("GenKeyCmd.10"); //$NON-NLS-1$ + String oPrompt = Messages.getFormattedString("GenKeyCmd.11", oDefault); //$NON-NLS-1$ + String ouPrompt = Messages.getString("GenKeyCmd.13"); //$NON-NLS-1$ + String lPrompt = Messages.getFormattedString("GenKeyCmd.14", lDefault); //$NON-NLS-1$ + String stPrompt = Messages.getFormattedString("GenKeyCmd.16", stDefault); //$NON-NLS-1$ + String cPrompt = Messages.getFormattedString("GenKeyCmd.18", cDefault); //$NON-NLS-1$ + + TextOutputCallback dnCB = new TextOutputCallback(TextOutputCallback.INFORMATION, + dnTxt); + TextInputCallback cnCB = new TextInputCallback(cnPrompt); + TextInputCallback oCB = new TextInputCallback(oPrompt, oDefault); + TextInputCallback ouCB = new TextInputCallback(ouPrompt); + TextInputCallback lCB = new TextInputCallback(lPrompt, lDefault); + TextInputCallback sCB = new TextInputCallback(stPrompt, stDefault); + TextInputCallback cCB = new TextInputCallback(cPrompt, cDefault); + getCallbackHandler().handle(new Callback[] { dnCB, cnCB, oCB, ouCB, lCB, sCB, cCB }); + StringBuilder sb = new StringBuilder(); + + // handle CN + name = parseUserPrompt(cnCB); + if (name != null && name.length() > 0) + sb.append("CN=").append(name); //$NON-NLS-1$ + + // handle O + name = parseUserPrompt(oCB); + if (name != null && name.length() > 0) + sb.append(",O=").append(name); //$NON-NLS-1$ + + // handle OU + name = parseUserPrompt(ouCB); + if (name != null && name.length() > 0) + sb.append(",OU=").append(name.trim()); //$NON-NLS-1$ + + // handle L + name = parseUserPrompt(lCB); + if (name != null && name.length() > 0) + sb.append(",L=").append(name.trim()); //$NON-NLS-1$ + + // handle ST + name = parseUserPrompt(sCB); + if (name != null && name.length() > 0) + sb.append(",ST=").append(name.trim()); //$NON-NLS-1$ + + // handle C + name = parseUserPrompt(cCB); + if (name != null && name.length() > 0) + sb.append(",C=").append(name.trim()); //$NON-NLS-1$ + + name = sb.toString().trim(); + } + + log.fine("dName=[" + name + "]"); //$NON-NLS-1$ //$NON-NLS-2$ + distinguishedName = new X500DistinguishedName(name); + } + + private String parseUserPrompt(TextInputCallback ticb) + { + String result = ticb.getText(); + if (result == null || result.trim().length() == 0) + result = ticb.getDefaultText(); + else if (result.trim().equals(".")) //$NON-NLS-1$ + result = null; + else + result = result.trim(); + + return result; + } +} diff --git a/tools/gnu/classpath/tools/keytool/IdentityDBCmd.java b/tools/gnu/classpath/tools/keytool/IdentityDBCmd.java new file mode 100644 index 000000000..cb6b6dac2 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/IdentityDBCmd.java @@ -0,0 +1,185 @@ +/* IdentityDBCmd.java -- The identitydb command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import java.util.logging.Logger; + +/** + * <b>NOT IMPLEMENTED YET</b> + * <p> + * The <b>-identitydb</b> keytool command handler is used to read the JDK 1.1.x- + * style identity database and add its entries to the key store. If a key store + * does not exist, it is created. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-file FILE_NAME</dt> + * <dd>The fully qualified path of the identity file to import. If this + * option is omitted, the tool will process STDIN. + * <p></dd> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class IdentityDBCmd extends Command +{ + private static final Logger log = Logger.getLogger(IdentityDBCmd.class.getName()); + private String _idbFileName; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param pathName the fully qualified path name of the file to process. */ + public void setFile(String pathName) + { + this._idbFileName = pathName; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); + if (opt == null || opt.length() == 0) + continue; + + if ("-file".equals(opt)) // -file FILE_NAME + _idbFileName = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME + _providerClassName = args[++i]; + else if ("-v".equals(opt)) + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setInputStreamParam(_idbFileName); + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + + log.finer("-identitydb handler will use the following options:"); + log.finer(" -file=" + _idbFileName); + log.finer(" -storetype=" + storeType); + log.finer(" -keystore=" + storeURL); + log.finer(" -storepass=" + new String(storePasswordChars)); + log.finer(" -provider=" + provider); + log.finer(" -v=" + verbose); + } +} diff --git a/tools/gnu/classpath/tools/keytool/ImportCmd.java b/tools/gnu/classpath/tools/keytool/ImportCmd.java new file mode 100644 index 000000000..b5058b581 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/ImportCmd.java @@ -0,0 +1,751 @@ +/* ImportCmd.java -- The import command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.classpath.SystemProperties; +import gnu.java.security.x509.X509CertPath; + +import java.io.FileInputStream; +import java.io.IOException; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertPathValidator; +import java.security.cert.CertPathValidatorException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.PKIXCertPathValidatorResult; +import java.security.cert.PKIXParameters; +import java.security.interfaces.DSAParams; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.Collection; +import java.util.LinkedList; +import java.util.logging.Level; +import java.util.logging.Logger; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.ConfirmationCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +/** + * The <code>-import</code> keytool command handler is used to read an X.509 + * certificate, or a PKCS#7 Certificate Reply from a designated input source and + * incorporate the certificates into the key store. + * <p> + * If the <i>Alias</i> does not already exist in the key store, the tool treats + * the certificate read from the input source as a new Trusted Certificate. It + * then attempts to discover a chain-of-trust, starting from that certificate + * and ending at another <i>Trusted Certificate</i>, already stored in the key + * store. If the <code>-trustcacerts</code> option is present, an additional + * key store, of type <code>JKS</code> named <code>cacerts</code>, and assumed + * to be present in <code>${JAVA_HOME}/lib/security</code> will also be + * consulted if found --<code>${JAVA_HOME}</code> refers to the location of an + * installed Java Runtime Environment (JRE). If no chain-of-trust can be + * established, and unless the <code>-noprompt</code> option has been specified, + * the certificate is printed to STDOUT and the user is prompted for a + * confirmation. + * <p> + * If <i>Alias</i> exists in the key store, the tool will treat the + * certificate(s) read from the input source as a <i>Certificate Reply</i>, + * which can be a chain of certificates, that eventually would replace the chain + * of certificates associated with the <i>Key Entry</i> of that <i>Alias</i>. + * The substitution of the certificates only occurs if a chain-of-trust can be + * established between the bottom certificate of the chain read from the input + * file and the <i>Trusted Certificates</i> already present in the key store. + * Again, if the <code>-trustcacerts</code> option is specified, additional + * <i>Trusted Certificates</i> in the same <code>cacerts</code> key store will + * be considered. If no chain-of-trust can be established, the operation will + * abort. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-file FILE_NAME</dt> + * <dd>The fully qualified path of the file to read from. If omitted, the + * tool will process STDIN. + * <p></dd> + * + * <dt>-keypass PASSWORD</dt> + * <dd>Use this option to specify the password which the tool will use to + * protect the <i>Key Entry</i> associated with the designated <i>Alias</i>, + * when replacing this <i>Alias</i>' chain of certificates with that found + * in the certificate reply. + * <p> + * If this option is omitted, and the chain-of-trust for the certificate + * reply has been established, the tool will first attempt to unlock the + * <i>Key Entry</i> using the same password protecting the key store. If + * this fails, you will then be prompted to provide a password. + * <p></dd> + * + * <dt>-noprompt</dt> + * <dd>Use this option to prevent the tool from prompting the user. + * <p></dd> + * + * <dt>-trustcacerts</dt> + * <dd>Use this option to indicate to the tool that a key store, of type + * <code>JKS</code>, named <code>cacerts</code>, and usually located in + * <code>lib/security</code> in an installed Java Runtime Environment + * should be considered when trying to establish chain-of-trusts. + * <p></dd> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class ImportCmd extends Command +{ + private static final Logger log = Logger.getLogger(ImportCmd.class.getName()); + private String _alias; + private String _certFileName; + private String _password; + private boolean noPrompt; + private boolean trustCACerts; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private CertificateFactory x509Factory; + private boolean imported; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the existing alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** @param pathName the fully qualified path name of the file to process. */ + public void setFile(String pathName) + { + this._certFileName = pathName; + } + + /** @param password the existing (private) key password to use. */ + public void setKeypass(String password) + { + this._password = password; + } + + /** + * @param flag whether to prompt, or not, the user to verify certificate + * fingerprints. + */ + public void setNoprompt(String flag) + { + this.noPrompt = Boolean.valueOf(flag).booleanValue(); + } + + /** + * @param flag whether to trust, or not, certificates found in the + * <code>cacerts</code> key store. + */ + public void setTrustcacerts(String flag) + { + this.trustCACerts = Boolean.valueOf(flag).booleanValue(); + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS //$NON-NLS-1$ + _alias = args[++i]; + else if ("-file".equals(opt)) // -file FILE_NAME //$NON-NLS-1$ + _certFileName = args[++i]; + else if ("-keypass".equals(opt)) // -keypass PASSWORD //$NON-NLS-1$ + _password = args[++i]; + else if ("-noprompt".equals(opt)) //$NON-NLS-1$ + noPrompt = true; + else if ("-trustcacerts".equals(opt)) //$NON-NLS-1$ + trustCACerts = true; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ + _providerClassName = args[++i]; + else if ("-v".equals(opt)) //$NON-NLS-1$ + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setInputStreamParam(_certFileName); + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setAliasParam(_alias); + setKeyPasswordNoPrompt(_password); + + log.finer("-import handler will use the following options:"); //$NON-NLS-1$ + log.finer(" -alias=" + alias); //$NON-NLS-1$ + log.finer(" -file=" + _certFileName); //$NON-NLS-1$ + log.finer(" -keypass=" + _password); //$NON-NLS-1$ + log.finer(" -noprompt=" + noPrompt); //$NON-NLS-1$ + log.finer(" -trustcacerts=" + trustCACerts); //$NON-NLS-1$ + log.finer(" -storetype=" + storeType); //$NON-NLS-1$ + log.finer(" -keystore=" + storeURL); //$NON-NLS-1$ + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); //$NON-NLS-1$ + log.finer(" -provider=" + provider); //$NON-NLS-1$ + log.finer(" -v=" + verbose); //$NON-NLS-1$ + } + + void start() throws CertificateException, KeyStoreException, IOException, + UnsupportedCallbackException, NoSuchAlgorithmException, + CertPathValidatorException, UnrecoverableKeyException + { + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ + + x509Factory = CertificateFactory.getInstance("X.509"); //$NON-NLS-1$ + // the alias will tell us whether we're dealing with + // a new trusted certificate or a certificate reply + if (! store.containsAlias(alias)) + importNewTrustedCertificate(); + else + { + ensureAliasIsKeyEntry(); + importCertificateReply(); + } + + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ + } + + // own methods -------------------------------------------------------------- + + /** + * When importing a new trusted certificate, <i>alias</i> MUST NOT yet exist + * in the key store. + * <p> + * Before adding the certificate to the key store and associate it with the + * designated Alias, this method tries to verify it by attempting to construct + * a chain of trust from that certificate to a self-signed certificate + * (belonging to a root CA), using (already) trusted certificates that are + * available in the key store. + * <p> + * If the <code>-trustcacerts</code> option was detected on the command + * line, additional trusted certificates are considered for establishing the + * chain of trust. Those additional certificates are assumed to be in a key + * store, of type <code>JKS</code> named <code>cacerts</code> and usually + * located in <code>${JAVA_HOME}/lib/security</code>, where + * <code>${JAVA_HOME}</code> is the root folder location of a Java runtime. + * <p> + * If this method fails to establish a trust path from the certificate to be + * imported up to a trusted self-signed certificate, the certificate is + * printed to <code>STDOUT</code>, and the user is prompted to verify it, + * with the option of aborting the import operation. If however the option + * <code>-noprompt</code> was detected on the command line, no interaction + * with the user will take place and the import operation will abort. + * + * @throws CertificateException + * @throws KeyStoreException + * @throws NoSuchAlgorithmException + * @throws UnsupportedCallbackException + * @throws IOException + * @throws UnrecoverableKeyException + * @throws CertPathValidatorException + */ + private void importNewTrustedCertificate() throws CertificateException, + KeyStoreException, NoSuchAlgorithmException, IOException, + UnsupportedCallbackException, CertPathValidatorException, + UnrecoverableKeyException + { + log.entering(this.getClass().getName(), "importNewTrustedCertificate"); //$NON-NLS-1$ + + Certificate certificate = x509Factory.generateCertificate(inStream); + log.finest("certificate = " + certificate); //$NON-NLS-1$ + LinkedList orderedReply = new LinkedList(); + orderedReply.addLast(certificate); + + if (findTrustAndUpdate(orderedReply, ! noPrompt)) + { + store.setCertificateEntry(alias, certificate); + System.out.println(Messages.getString("ImportCmd.29")); //$NON-NLS-1$ + saveKeyStore(); + } + else + System.out.println(Messages.getString("ImportCmd.28")); //$NON-NLS-1$ + + log.exiting(this.getClass().getName(), "importNewTrustedCertificate"); //$NON-NLS-1$ + } + + /** + * A certificate reply is a certificate, whose Owner is stored in the key + * store associated to the designated Alias, and now signed by supposedly a + * trusted CA (Certificate Authority). In other words, the Subject in this + * certificate reply is Alias's own and the Issuer is a CA. + * <p> + * When importing a certificate reply, the reply is validated using trusted + * certificates from the key store, and optionally (if the option + * <code>-trustcacerts</code> was detected on the command line) certificates + * found in the key store, of type <code>JKS</code> named <code>cacerts</code> + * located in <code>${JAVA_HOME}/lib/security</code>, where + * <code>${JAVA_HOME}</code> is the root folder location of a Java runtime. + * + * @throws CertificateException + * @throws UnsupportedCallbackException + * @throws IOException + * @throws KeyStoreException + * @throws CertPathValidatorException + * @throws NoSuchAlgorithmException + * @throws UnrecoverableKeyException + */ + private void importCertificateReply() throws CertificateException, + IOException, UnsupportedCallbackException, KeyStoreException, + NoSuchAlgorithmException, CertPathValidatorException, + UnrecoverableKeyException + { + log.entering(this.getClass().getName(), "importCertificateReply"); //$NON-NLS-1$ + + Collection certificates = x509Factory.generateCertificates(inStream); + ensureReplyIsOurs(certificates); + // we now have established that the public keys are the same. + // find a chain-of-trust if one exists + if (certificates.size() == 1) + importCertificate((Certificate) certificates.iterator().next()); + else + importChain(certificates); + + log.exiting(this.getClass().getName(), "importCertificateReply"); //$NON-NLS-1$ + } + + /** + * If the reply is a single X.509 certificate, keytool attempts to establish a + * trust chain, starting at the certificate reply and ending at a self-signed + * certificate (belonging to a root CA). The certificate reply and the + * hierarchy of certificates used to authenticate the certificate reply form + * the new certificate chain of alias. If a trust chain cannot be established, + * the certificate reply is not imported. In this case, keytool does not print + * out the certificate, nor does it prompt the user to verify it. This is + * because it is very hard (if not impossible) for a user to determine the + * authenticity of the certificate reply. + * + * @param certificate the certificate reply to import into the key store. + * @throws NoSuchAlgorithmException + * @throws CertPathValidatorException + * @throws UnsupportedCallbackException + * @throws IOException + * @throws UnrecoverableKeyException + * @throws KeyStoreException + * @throws CertificateException + */ + private void importCertificate(Certificate certificate) + throws NoSuchAlgorithmException, CertPathValidatorException, + KeyStoreException, UnrecoverableKeyException, IOException, + UnsupportedCallbackException, CertificateException + { + log.entering(this.getClass().getName(), "importCertificate", certificate); //$NON-NLS-1$ + + LinkedList reply = new LinkedList(); + reply.addLast(certificate); + + if (! findTrustAndUpdate(reply, false)) + throw new CertPathValidatorException(Messages.getString("ImportCmd.34")); //$NON-NLS-1$ + + Certificate[] newChain = (Certificate[]) reply.toArray(new Certificate[0]); + Key privateKey = getAliasPrivateKey(); + store.setKeyEntry(alias, privateKey, keyPasswordChars, newChain); + saveKeyStore(); + + log.exiting(this.getClass().getName(), "importCertificate"); //$NON-NLS-1$ + } + + /** + * If the reply is a PKCS#7 formatted certificate chain, the chain is first + * ordered (with the user certificate first and the self-signed root CA + * certificate last), before keytool attempts to match the root CA certificate + * provided in the reply with any of the trusted certificates in the key store + * or the "cacerts" keystore file (if the -trustcacerts option was specified). + * If no match can be found, the information of the root CA certificate is + * printed out, and the user is prompted to verify it, e.g., by comparing the + * displayed certificate fingerprints with the fingerprints obtained from some + * other (trusted) source of information, which might be the root CA itself. + * The user then has the option of aborting the import operation. If the + * -noprompt option is given, however, there will be no interaction with the + * user. + * + * @param chain the collection of certificates parsed from the user + * designated input. + * @throws UnsupportedCallbackException + * @throws IOException + * @throws UnrecoverableKeyException + * @throws KeyStoreException + * @throws CertPathValidatorException + * @throws NoSuchAlgorithmException + * @throws CertificateException + */ + private void importChain(Collection chain) throws NoSuchAlgorithmException, + CertPathValidatorException, KeyStoreException, UnrecoverableKeyException, + IOException, UnsupportedCallbackException, CertificateException + { + log.entering(this.getClass().getName(), "importChain", chain); //$NON-NLS-1$ + + LinkedList reply = orderChain(chain); + if (findTrustAndUpdate(reply, ! noPrompt)) + { + Certificate[] newChain = (Certificate[]) reply.toArray(new Certificate[0]); + Key privateKey = getAliasPrivateKey(); + store.setKeyEntry(alias, privateKey, keyPasswordChars, newChain); + saveKeyStore(); + } + + log.exiting(this.getClass().getName(), "importChain"); //$NON-NLS-1$ + } + + /** + * Check to ensure that alias's public key is the subject of the first + * certificate in the passed certificate collection. Throws an exception if + * the public keys do not match. + * + * @param certificates a {@link Collection} of certificate replies (either a + * signle certificate reply, or a PKCS#7 certificate reply chain) + * usually sent by a CA as a response to a Certificate Signing + * Request (CSR). + * @throws IOException + * @throws UnsupportedCallbackException + * @throws KeyStoreException + */ + private void ensureReplyIsOurs(Collection certificates) throws IOException, + UnsupportedCallbackException, KeyStoreException + { + log.entering(this.getClass().getName(), "ensureReplyIsOurs"); //$NON-NLS-1$ + + Certificate certificate = (Certificate) certificates.iterator().next(); + log.finest("certificate = " + certificate); //$NON-NLS-1$ + Certificate[] chain = store.getCertificateChain(alias); + if (chain == null) + throw new IllegalArgumentException(Messages.getFormattedString("ImportCmd.37", //$NON-NLS-1$ + alias)); + Certificate anchor = chain[0]; + PublicKey anchorPublicKey = anchor.getPublicKey(); + PublicKey certPublicKey = certificate.getPublicKey(); + boolean sameKey; + if (anchorPublicKey instanceof DSAPublicKey) + { + DSAPublicKey pk1 = (DSAPublicKey) anchorPublicKey; + if (!(certPublicKey instanceof DSAPublicKey)) + throw new IllegalArgumentException(Messages.getString("ImportCmd.38")); //$NON-NLS-1$ + + sameKey = areEqual(pk1, (DSAPublicKey) certPublicKey); + } + else if (anchorPublicKey instanceof RSAPublicKey) + { + RSAPublicKey pk1 = (RSAPublicKey) anchorPublicKey; + if (!(certPublicKey instanceof RSAPublicKey)) + throw new IllegalArgumentException(Messages.getString("ImportCmd.38")); //$NON-NLS-1$ + + sameKey = areEqual(pk1, (RSAPublicKey) certPublicKey); + } + else + throw new IllegalArgumentException( + Messages.getFormattedString("ImportCmd.40", //$NON-NLS-1$ + new String[] { alias, + anchorPublicKey.getClass().getName() })); + if (! sameKey) + throw new IllegalArgumentException(Messages.getString("ImportCmd.41")); //$NON-NLS-1$ + + log.exiting(this.getClass().getName(), "ensureReplyIsOurs"); //$NON-NLS-1$ + } + + private boolean areEqual(DSAPublicKey pk1, DSAPublicKey pk2) + { + if (pk1.getY().compareTo(pk2.getY()) != 0) + return false; + + DSAParams p1 = pk1.getParams(); + DSAParams p2 = pk2.getParams(); + if (p1.getG().compareTo(p2.getG()) != 0) + return false; + + if (p1.getP().compareTo(p2.getP()) != 0) + return false; + + return p1.getQ().compareTo(p2.getQ()) == 0; + } + + private boolean areEqual(RSAPublicKey pk1, RSAPublicKey pk2) + { + if (pk1.getPublicExponent().compareTo(pk2.getPublicExponent()) != 0) + return false; + + return pk1.getModulus().compareTo(pk2.getModulus()) == 0; + } + + /** + * @param chain + * @return the input collection, ordered with own certificate first, and CA's + * self-signed certificate last. + */ + private LinkedList orderChain(Collection chain) + { + log.entering(this.getClass().getName(), "orderChain"); //$NON-NLS-1$ + + LinkedList result = new LinkedList(); + + + log.entering(this.getClass().getName(), "orderChain", result); //$NON-NLS-1$ + return result; + } + + /** + * Given an ordered list of certificates, this method attempts to validate the + * chain, and if successful, updates the key store entry for the designated + * alias. The list of certificates is expected to be ordered as a chain, where + * the first is the alias's own certificate and the last being a self-signed + * CA certificate. + * <p> + * if <code>promptUser</code> is <code>true</code>, then even if no + * anchor trust certificate is found, the user is prompted to approve, or not, + * the import operation. On the other hand if the <code>promptUser</code> + * parameter is <code>false</code> then this method will throw an exception + * if no trust anchor is to be found. + * + * @param reply an ordered certificate path, where the last entry is the CA's + * self-signed certificate. + * @param promptUser a boolean flag indicating whether or not to prompt the + * user for explicit trust in a CA certificate. + * @return <code>true</code> if the validation succeeds; or <code>false</code> + * otherwise. + * @throws NoSuchAlgorithmException + * @throws CertPathValidatorException + * @throws UnsupportedCallbackException + * @throws IOException + * @throws UnrecoverableKeyException + * @throws KeyStoreException + * @throws CertificateEncodingException + */ + private boolean findTrustAndUpdate(LinkedList reply, boolean promptUser) + throws IOException, NoSuchAlgorithmException, CertPathValidatorException, + KeyStoreException, UnrecoverableKeyException, UnsupportedCallbackException, + CertificateEncodingException + { + log.entering(this.getClass().getName(), "findTrustAndUpdate"); //$NON-NLS-1$ + + X509CertPath certPath = new X509CertPath(reply); + CertPathValidator validator = CertPathValidator.getInstance("PKIX"); //$NON-NLS-1$ + PKIXCertPathValidatorResult cpvr = findTrustInStore(certPath, validator); + if (cpvr == null && trustCACerts) + cpvr = findTrustInCACerts(certPath, validator); + + boolean result = false; + if (cpvr == null) + { + if (promptUser) + { + printVerbose((Certificate) reply.getLast()); + ConfirmationCallback ccb; + ccb = new ConfirmationCallback(Messages.getString("ImportCmd.32"), //$NON-NLS-1$ + ConfirmationCallback.INFORMATION, + ConfirmationCallback.YES_NO_OPTION, + ConfirmationCallback.NO); + getCallbackHandler().handle(new Callback[] { ccb }); + int answer = ccb.getSelectedIndex(); + result = answer == ConfirmationCallback.YES; + } + } + else + { + log.fine("Found a chain-of-trust anchored by " + cpvr.getTrustAnchor()); //$NON-NLS-1$ + Certificate trustedCert = cpvr.getTrustAnchor().getTrustedCert(); + reply.addLast(trustedCert); + result = true; + } + + log.entering(this.getClass().getName(), "findTrustAndUpdate", //$NON-NLS-1$ + Boolean.valueOf(result)); + return result; + } + + private PKIXCertPathValidatorResult findTrustInStore(X509CertPath certPath, + CertPathValidator validator) + { + log.entering(this.getClass().getName(), "findTrustInStore"); //$NON-NLS-1$ + + PKIXCertPathValidatorResult result; + try + { + PKIXParameters params = new PKIXParameters(store); + result = (PKIXCertPathValidatorResult) validator.validate(certPath, params); + } + catch (Exception x) + { + log.log(Level.FINE, + "Exception in findTrustInStore(). Ignore + Return NULL", //$NON-NLS-1$ + x); + result = null; + } + + log.exiting(this.getClass().getName(), "findTrustInStore", result); //$NON-NLS-1$ + return result; + } + + private PKIXCertPathValidatorResult findTrustInCACerts(X509CertPath certPath, + CertPathValidator validator) + { + log.entering(this.getClass().getName(), "findTrustInCACerts"); //$NON-NLS-1$ + + FileInputStream stream = null; + PKIXCertPathValidatorResult result = null; + try + { + KeyStore cacerts = KeyStore.getInstance("jks"); //$NON-NLS-1$ + String cacertsPath = SystemProperties.getProperty("java.home"); + String fs = SystemProperties.getProperty("file.separator"); //$NON-NLS-1$ + cacertsPath = new StringBuilder(cacertsPath).append(fs) + .append("lib").append(fs) //$NON-NLS-1$ + .append("security").append(fs) //$NON-NLS-1$ + .append("cacerts").toString(); //$NON-NLS-1$ + stream = new FileInputStream(cacertsPath); + cacerts.load(stream, "changeit".toCharArray()); //$NON-NLS-1$ + PKIXParameters params = new PKIXParameters(cacerts); + result = (PKIXCertPathValidatorResult) validator.validate(certPath, + params); + } + catch (Exception x) + { + log.log(Level.FINE, + "Exception in findTrustInCACerts(). Ignore + Return NULL", //$NON-NLS-1$ + x); + } + finally + { + if (stream != null) + try + { + stream.close(); + } + catch (Exception ignored) + { + } + } + + log.exiting(this.getClass().getName(), "findTrustInCACerts", result); //$NON-NLS-1$ + return result; + } +} diff --git a/tools/gnu/classpath/tools/keytool/KeyCloneCmd.java b/tools/gnu/classpath/tools/keytool/KeyCloneCmd.java new file mode 100644 index 000000000..5936719f7 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/KeyCloneCmd.java @@ -0,0 +1,344 @@ +/* KeyCloneCmd.java -- The keyclone command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import java.io.IOException; +import java.security.Key; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.util.logging.Logger; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextOutputCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +/** + * The <b>-keyclone</b> keytool command handler is used to clone an existing + * key store entry associated with a designated alias, with its private key and + * chain of certificates. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-dest ALIAS</dt> + * <dd>Use this option to specify the new <i>Alias</i> which will be used + * to identify the cloned copy of the <i>Key Entry</i>. + * <p></dd> + * + * <dt>-keypass PASSWORD</dt> + * <dd>Use this option to specify the password which the tool will use to + * unlock the <i>Key Entry</i> associated with the designated <i>Alias</i>. + * <p> + * If this option is omitted, the tool will first attempt to unlock the + * <i>Key Entry</i> using the same password protecting the key store. If + * this fails, you will then be prompted to provide a password. + * <p></dd> + * + * <dt>-new PASSWORD</dt> + * <dd>Use this option to specify the password protecting the private key + * material of the newly cloned copy of the <i>Key Entry</i>. + * <p></dd> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class KeyCloneCmd extends Command +{ + private static final Logger log = Logger.getLogger(KeyCloneCmd.class.getName()); + private String _alias; + private String _destAlias; + private String _password; + private String _newPassword; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private String destinationAlias; + private char[] newKeyPasswordChars; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the existing alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** @param alias the new alias to use. */ + public void setDest(String alias) + { + this._destAlias = alias; + } + + /** @param password the existing (private) key password to use. */ + public void setKeypass(String password) + { + this._password = password; + } + + /** @param password the new (private) key password to use. */ + public void setNew(String password) + { + this._newPassword = password; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS //$NON-NLS-1$ + _alias = args[++i]; + else if ("-dest".equals(opt)) // -dest ALIAS //$NON-NLS-1$ + _destAlias = args[++i]; + else if ("-keypass".equals(opt)) // -keypass PASSWORD //$NON-NLS-1$ + _password = args[++i]; + else if ("-new".equals(opt)) // -new PASSWORD //$NON-NLS-1$ + _newPassword = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ + _providerClassName = args[++i]; + else if ("-v".equals(opt)) //$NON-NLS-1$ + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setAliasParam(_alias); + setKeyPasswordNoPrompt(_password); + setDestinationAlias(_destAlias); +// setNewKeyPassword(_newPassword); + + log.finer("-keyclone handler will use the following options:"); //$NON-NLS-1$ + log.finer(" -alias=" + alias); //$NON-NLS-1$ + log.finer(" -dest=" + destinationAlias); //$NON-NLS-1$ + log.finer(" -keypass=" + _password); //$NON-NLS-1$ + log.finer(" -new=" + _newPassword); //$NON-NLS-1$ + log.finer(" -storetype=" + storeType); //$NON-NLS-1$ + log.finer(" -keystore=" + storeURL); //$NON-NLS-1$ + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); //$NON-NLS-1$ + log.finer(" -provider=" + provider); //$NON-NLS-1$ + log.finer(" -v=" + verbose); //$NON-NLS-1$ + } + + void start() throws KeyStoreException, NoSuchAlgorithmException, IOException, + UnsupportedCallbackException, UnrecoverableKeyException, + CertificateException + { + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ + + if (store.containsAlias(destinationAlias)) + throw new SecurityException(Messages.getString("KeyCloneCmd.23")); //$NON-NLS-1$ + + Key privateKey = getAliasPrivateKey(); + + setNewKeyPassword(_newPassword); + Certificate[] chain = store.getCertificateChain(alias); + + store.setKeyEntry(destinationAlias, privateKey, newKeyPasswordChars, chain); + + saveKeyStore(); + + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ + } + + // own methods -------------------------------------------------------------- + + private void setDestinationAlias(String name) throws IOException, + UnsupportedCallbackException + { + if (name == null || name.trim().length() == 0) // ask user to provide one + { + NameCallback ncb = new NameCallback(Messages.getString("KeyCloneCmd.26")); //$NON-NLS-1$ + getCallbackHandler().handle(new Callback[] { ncb }); + name = ncb.getName(); + if (name == null || name.trim().length() == 0) + throw new IllegalArgumentException(Messages.getString("KeyCloneCmd.27")); //$NON-NLS-1$ + } + + destinationAlias = name.trim(); + } + + private void setNewKeyPassword(String password) throws IOException, + UnsupportedCallbackException + { + if (password != null) // ask user to provide one + newKeyPasswordChars = password.toCharArray(); + else + { + boolean ok = false; + Callback[] prompts = new Callback[1]; + Callback[] errors = new Callback[1]; + for (int i = 0; i < 3; i++) + if (prompt4NewPassword(getCallbackHandler(), prompts, errors)) + { + ok = true; + break; + } + if (! ok) + throw new SecurityException(Messages.getString("StorePasswdCmd.19")); //$NON-NLS-1$ + } + } + + private boolean prompt4NewPassword(CallbackHandler handler, + Callback[] prompts, Callback[] errors) + throws IOException, UnsupportedCallbackException + { + String p = Messages.getFormattedString("KeyCloneCmd.28", //$NON-NLS-1$ + new String[] { destinationAlias, + String.valueOf(keyPasswordChars) }); + PasswordCallback pcb = new PasswordCallback(p, false); + prompts[0] = pcb; + handler.handle(prompts); + char[] pwd1 = pcb.getPassword(); + pcb.clearPassword(); + if (pwd1 == null || pwd1.length == 0) + { + newKeyPasswordChars = (char[]) keyPasswordChars.clone(); + return true; + } + + if (pwd1.length < 6) + { + errors[0] = new TextOutputCallback(TextOutputCallback.ERROR, + Messages.getString("StorePasswdCmd.21")); //$NON-NLS-1$ + handler.handle(errors); + return false; + } + + newKeyPasswordChars = pwd1; + return true; + } +} diff --git a/tools/gnu/classpath/tools/keytool/KeyPasswdCmd.java b/tools/gnu/classpath/tools/keytool/KeyPasswdCmd.java new file mode 100644 index 000000000..9dc7b8164 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/KeyPasswdCmd.java @@ -0,0 +1,339 @@ +/* KeyPasswdCmd.java -- The keypasswd command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.classpath.SystemProperties; + +import java.io.IOException; +import java.security.Key; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.util.Arrays; +import java.util.logging.Logger; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextOutputCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +/** + * The <b>-keypasswd</b> keytool command handler is used to change the password + * protecting the private key associated to a designated alias. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-keypass PASSWORD</dt> + * <dd>Use this option to specify the password which the tool will use to + * unlock the <i>Key Entry</i> associated with the designated <i>Alias</i>. + * <p> + * If this option is omitted, the tool will first attempt to unlock the + * <i>Key Entry</i> using the same password protecting the key store. If + * this fails, you will then be prompted to provide a password. + * <p></dd> + * + * <dt>-new PASSWORD</dt> + * <dd>The new, and different, password which will be used to protect the + * private key material of the designated Key Entry. + * <p></dd> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class KeyPasswdCmd extends Command +{ + private static final Logger log = Logger.getLogger(KeyPasswdCmd.class.getName()); + private String _alias; + private String _password; + private String _newPassword; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private char[] newPasswordChars; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** @param password the existing (private) key password to use. */ + public void setKeypass(String password) + { + this._password = password; + } + + /** @param password the new (private) key password to use. */ + public void setNew(String password) + { + this._newPassword = password; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS //$NON-NLS-1$ + _alias = args[++i]; + else if ("-keypass".equals(opt)) // -keypass PASSWORD //$NON-NLS-1$ + _password = args[++i]; + else if ("-new".equals(opt)) // -new PASSWORD //$NON-NLS-1$ + _newPassword = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ + _providerClassName = args[++i]; + else if ("-v".equals(opt)) //$NON-NLS-1$ + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setAliasParam(_alias); + setKeyPasswordNoPrompt(_password); +// setNewKeyPassword(_newPassword); + + log.finer("-keypasswd handler will use the following options:"); //$NON-NLS-1$ + log.finer(" -alias=" + alias); //$NON-NLS-1$ + log.finer(" -keypass=" + _password); //$NON-NLS-1$ + log.finer(" -new=" + _newPassword); //$NON-NLS-1$ + log.finer(" -storetype=" + storeType); //$NON-NLS-1$ + log.finer(" -keystore=" + storeURL); //$NON-NLS-1$ + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); //$NON-NLS-1$ + log.finer(" -provider=" + provider); //$NON-NLS-1$ + log.finer(" -v=" + verbose); //$NON-NLS-1$ + } + + void start() throws KeyStoreException, NoSuchAlgorithmException, IOException, + UnsupportedCallbackException, UnrecoverableKeyException, + CertificateException + { + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ + + // 1. get the key entry and certificate chain associated to alias + Key privateKey = getAliasPrivateKey(); + Certificate[] chain = store.getCertificateChain(alias); + + // 2. replace the old entry + setNewKeyPassword(_newPassword); + store.setKeyEntry(alias, privateKey, newPasswordChars, chain); + + // 3. persist the key store + saveKeyStore(); + + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ + } + + // own methods -------------------------------------------------------------- + + /** + * Set the new password to use for protecting Alias's private key. + * + * @param password the new key password. if <code>null</code> prompt the + * user to provide one. When prompting, the password is entered twice + * and compared for a match. + * @throws IOException if an I/O related exception occurs during the process. + * @throws UnsupportedCallbackException if no implementation of a password + * callback handler was found. + */ + private void setNewKeyPassword(String password) throws IOException, + UnsupportedCallbackException + { + if (password != null) + newPasswordChars = password.toCharArray(); + else + { + boolean ok = false; + Callback[] prompts = new Callback[1]; + Callback[] errors = new Callback[1]; + for (int i = 0; i < 3; i++) + if (prompt4NewPassword(getCallbackHandler(), prompts, errors)) + { + ok = true; + break; + } + if (! ok) + throw new SecurityException(Messages.getString("StorePasswdCmd.19")); //$NON-NLS-1$ + } + } + + private boolean prompt4NewPassword(CallbackHandler handler, + Callback[] prompts, Callback[] errors) + throws IOException, UnsupportedCallbackException + { + // prompt user (1st time) to provide one + String p = Messages.getFormattedString("KeyPasswdCmd.24", alias); //$NON-NLS-1$ + PasswordCallback pcb = new PasswordCallback(p, false); + prompts[0] = pcb; + handler.handle(prompts); + char[] pwd1 = pcb.getPassword(); + pcb.clearPassword(); + String ls = SystemProperties.getProperty("line.separator"); //$NON-NLS-1$ + if (pwd1 == null || pwd1.length < 6) + { + String m = Messages.getString("StorePasswdCmd.21") + ls; //$NON-NLS-1$ + errors[0] = new TextOutputCallback(TextOutputCallback.ERROR, m); + handler.handle(errors); + return false; + } + + if (Arrays.equals(keyPasswordChars, pwd1)) + { + String m = Messages.getString("StorePasswdCmd.22") + ls; //$NON-NLS-1$ + errors[0] = new TextOutputCallback(TextOutputCallback.ERROR, m); + handler.handle(errors); + return false; + } + + // prompt user (2nd time) for confirmation + p = Messages.getFormattedString("KeyPasswdCmd.28", alias); //$NON-NLS-1$ + pcb = new PasswordCallback(p, false); + prompts[0] = pcb; + handler.handle(prompts); + char[] pwd2 = pcb.getPassword(); + pcb.clearPassword(); + if (! Arrays.equals(pwd1, pwd2)) + { + String m = Messages.getString("StorePasswdCmd.24") + ls; //$NON-NLS-1$ + errors[0] = new TextOutputCallback(TextOutputCallback.ERROR, m); + handler.handle(errors); + return false; + } + + newPasswordChars = pwd2; + return true; + } +} diff --git a/tools/gnu/classpath/tools/keytool/ListCmd.java b/tools/gnu/classpath/tools/keytool/ListCmd.java new file mode 100644 index 000000000..655242785 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/ListCmd.java @@ -0,0 +1,380 @@ +/* ListCmd.java -- The list command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.java.security.util.Base64; + +import java.io.IOException; +import java.io.PrintWriter; +import java.security.KeyStoreException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.util.Enumeration; +import java.util.logging.Logger; + +/** + * The <b>-list</b> keytool command handler is used to output one or all key + * store entries. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-rfc</dt> + * <dd>Use RFC-1421 specifications when encoding the output. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Output the certificate in human-readable format. If both this option + * and the <code>-rfc</code> option are detected on the command line, the + * tool will opt for the human-readable form and will not abort the + * command.</dd> + * </dl> + */ +class ListCmd extends Command +{ + private static final Logger log = Logger.getLogger(ListCmd.class.getName()); + private String _alias; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private boolean rfc; + private boolean all; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + /** + * @param flag whether to use, or not, RFC-1421 format when listing the + * certificate(s). + */ + public void setRfc(String flag) + { + this.rfc = Boolean.valueOf(flag).booleanValue(); + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS //$NON-NLS-1$ + _alias = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ + _providerClassName = args[++i]; + else if ("-v".equals(opt)) //$NON-NLS-1$ + verbose = true; + else if ("-rfc".equals(opt)) //$NON-NLS-1$ + rfc = true; + else + break; + } + + all = _alias == null; + + return i; + } + + void setup() throws Exception + { + setOutputStreamParam(null); // use stdout + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + if (! all) + setAliasParam(_alias); + + if (verbose & rfc) + { + log.warning("Both -v and -rfc options were found on the command line. " //$NON-NLS-1$ + + "Only the former will be considered"); //$NON-NLS-1$ + rfc = false; + } + + log.finer("-list handler will use the following options:"); //$NON-NLS-1$ + log.finer(" -alias=" + alias); //$NON-NLS-1$ + log.finer(" -storetype=" + storeType); //$NON-NLS-1$ + log.finer(" -keystore=" + storeURL); //$NON-NLS-1$ + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); //$NON-NLS-1$ + log.finer(" -provider=" + provider); //$NON-NLS-1$ + log.finer(" -v=" + verbose); //$NON-NLS-1$ + log.finer(" -rfc=" + rfc); //$NON-NLS-1$ + } + + void start() throws KeyStoreException, CertificateEncodingException, + IOException + { + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ + + PrintWriter writer = new PrintWriter(outStream, true); + writer.println(Messages.getFormattedString("ListCmd.21", store.getType())); //$NON-NLS-1$ + writer.println(Messages.getFormattedString("ListCmd.22", //$NON-NLS-1$ + store.getProvider().getName())); + if (all) + { + log.finest("About to list all aliases in key store..."); //$NON-NLS-1$ + writer.println(); + writer.println(Messages.getFormattedString("ListCmd.24", //$NON-NLS-1$ + Integer.valueOf(store.size()))); + for (Enumeration e = store.aliases(); e.hasMoreElements(); ) + { + String anAlias = (String) e.nextElement(); + if (anAlias != null) + list1Alias(anAlias, writer); + } + } + else + list1Alias(alias, writer); + + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ + } + + // own methods -------------------------------------------------------------- + + /** + * Prints the certificate(s) associated with the designated alias. + * + * @param anAlias a non-null string denoting an alias in the key-store. + * @param writer where to print. + * @throws KeyStoreException if an exception occurs while obtaining the + * certificate associated to the designated alias. + * @throws CertificateEncodingException if an exception occurs while obtaining + * the DER encoded form of the certificate. + * @throws IOException if an I/O related exception occurs during the process. + */ + private void list1Alias(String anAlias, PrintWriter writer) + throws KeyStoreException, CertificateEncodingException, IOException + { + log.entering(this.getClass().getName(), "list1Alias", anAlias); //$NON-NLS-1$ + + writer.println(); + writer.println(Messages.getFormattedString("ListCmd.30", anAlias)); //$NON-NLS-1$ + writer.println(Messages.getFormattedString("ListCmd.31", store.getCreationDate(anAlias))); //$NON-NLS-1$ + + if (store.isCertificateEntry(anAlias)) + { + writer.println(Messages.getString("ListCmd.32")); //$NON-NLS-1$ + Certificate certificate = store.getCertificate(anAlias); + print1Certificate(certificate, writer); + } + else if (store.isKeyEntry(anAlias)) + { + writer.println(Messages.getString("ListCmd.33")); //$NON-NLS-1$ + Certificate[] chain = store.getCertificateChain(anAlias); + print1Chain(chain, writer); + } + else + throw new IllegalArgumentException(Messages.getFormattedString("ListCmd.34", //$NON-NLS-1$ + anAlias)); + log.exiting(this.getClass().getName(), "list1Alias"); //$NON-NLS-1$ + } + + /** + * Prints the designated certificate chain, or a fingerprint of the first + * certificate (bottom) in the chain, depending on the values of the flags + * <code>v</code> (for verbose) and <code>rfc</code>. + * <p> + * If both flags are <code>false</code>, only the fingerprint is generated, + * otherwise, if the <code>v</code> flag is set, then a human readable output + * is generated. If <code>rfc</code> is set, then an RFC-1421 like output + * is generated. + * <p>Note that both <code>v</code> and <code>rfc</code> cannot both be + * <code>true</code> at the same time. + * + * @param chain the certificate chain to process. + * @param writer where to print. + * @throws CertificateEncodingException if an exception occurs while obtaining + * the DER encoded form of the certificate. + */ + private void print1Chain(Certificate[] chain, PrintWriter writer) + throws CertificateEncodingException + { + if (!verbose && !rfc) + fingerprint(chain[0], writer); + else + { + int limit = chain.length; + writer.println(Messages.getFormattedString("ListCmd.38", //$NON-NLS-1$ + Integer.valueOf(limit))); + writer.println(Messages.getString("ListCmd.39")); //$NON-NLS-1$ + print1Certificate(chain[0], writer); + for (int i = 1; i < limit; i++) + { + writer.println(); + writer.println(Messages.getFormattedString("ListCmd.40", //$NON-NLS-1$ + Integer.valueOf(i + 1))); + print1Certificate(chain[i], writer); + } + writer.println(); + writer.println(Messages.getString("ListCmd.42")); //$NON-NLS-1$ + } + } + + /** + * Prints the designated certificate, or its fingerprint, depending on the + * values of the flags <code>v</code> (for verbose) and <code>rfc</code>. + * <p> + * If both flags are <code>false</code>, only a fingerprint is generated, + * otherwise, if the <code>v</code> flag is set, then a human readable output + * is generated. If <code>rfc</code> is set, then an RFC-1421 like output + * is generated. + * <p>Note that both <code>v</code> and <code>rfc</code> cannot both be + * <code>true</code> at the same time. + * + * @param certificate the certificate to process. + * @param writer where to print. + * @throws CertificateEncodingException if an exception occurs while obtaining + * the DER encoded form of the certificate. + */ + private void print1Certificate(Certificate certificate, PrintWriter writer) + throws CertificateEncodingException + { + if (verbose) + printVerbose(certificate, writer); + else if (rfc) + printRFC1421(certificate, writer); + else + fingerprint(certificate, writer); + } + + private void printRFC1421(Certificate certificate, PrintWriter writer) + throws CertificateEncodingException + { + byte[] derBytes = certificate.getEncoded(); + String encoded = Base64.encode(derBytes, 0, derBytes.length, true); + writer.println(Messages.getString("ListCmd.43")); //$NON-NLS-1$ + writer.println(encoded); + writer.println(Messages.getString("ListCmd.44")); //$NON-NLS-1$ + } + + private void fingerprint(Certificate certificate, PrintWriter writer) + throws CertificateEncodingException + { + byte[] derBytes = certificate.getEncoded(); + String fingerPrint = digestWithMD5(derBytes); + writer.println(Messages.getFormattedString("ListCmd.45", fingerPrint)); //$NON-NLS-1$ + } +} diff --git a/tools/gnu/classpath/tools/keytool/Main.java b/tools/gnu/classpath/tools/keytool/Main.java new file mode 100644 index 000000000..fb7aa4509 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/Main.java @@ -0,0 +1,219 @@ +/* Main.java -- Implementation of the keytool security tool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.classpath.tools.HelpPrinter; +import gnu.classpath.tools.common.ProviderUtil; +import gnu.java.security.Registry; +import gnu.javax.crypto.jce.GnuCrypto; +import gnu.javax.security.auth.callback.GnuCallbacks; + +import java.util.logging.Logger; + +/** + * The GNU Classpath implementation of the keytool security tool. + * <p> + * Except for the <code>-identitydb</code> command, available for importing + * JDK 1.1 <i>identities</i> into a key store, this implementation is intended + * to be compatible with the behaviour described in the public documentation of + * the same tool included in JDK 1.4. + */ +public class Main +{ + private static final Logger log = Logger.getLogger(Main.class.getName()); + /** The relative file path to the command tool's help text. */ + private static final String HELP_PATH = "keytool/keytool.txt"; //$NON-NLS-1$ + /** The Preferences key name for the last issued certificate serial nbr. */ + static final String LAST_SERIAL_NUMBER = "lastSerialNumber"; //$NON-NLS-1$ + /** Constant denoting the X.509 certificate type. */ + static final String X_509 = "X.509"; //$NON-NLS-1$ + + /** Whether we have already printed the help text or not. */ + private boolean helpPrinted; + /** The new position of GnuCRYPTO provider if it is not already installed. */ + private int gnuCryptoProviderNdx = -2; + /** The new position of GNU Callbacks provider if it is not already installed. */ + private int gnuCallbacksNdx = -2; + + private Main() + { + super(); + } + + public static final void main(String[] args) + { + log.entering(Main.class.getName(), "main", args); //$NON-NLS-1$ + + Main tool = new Main(); + try + { + tool.setup(); + tool.start(args); + } + catch (SecurityException x) + { + log.throwing(Main.class.getName(), "main", x); //$NON-NLS-1$ + System.err.println(Messages.getString("Main.6") + x.getMessage()); //$NON-NLS-1$ + } + catch (Exception x) + { + log.throwing(Main.class.getName(), "main", x); //$NON-NLS-1$ + System.err.println(Messages.getString("Main.8") + x); //$NON-NLS-1$ + } + finally + { + tool.teardown(); + } + + log.exiting(Main.class.getName(), "main"); //$NON-NLS-1$ + // System.exit(0); + } + + // helper methods ----------------------------------------------------------- + + private void start(String[] args) throws Exception + { + log.entering(this.getClass().getName(), "start", args); //$NON-NLS-1$ + + if (args == null) + args = new String[0]; + + int limit = args.length; + log.finest("args.length=" + limit); //$NON-NLS-1$ + int i = 0; + String opt; + Command cmd; + while (i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + cmd = null; + if ("-genkey".equals(opt)) //$NON-NLS-1$ + cmd = new GenKeyCmd(); + else if ("-import".equals(opt)) //$NON-NLS-1$ + cmd = new ImportCmd(); + else if ("-selfcert".equals(opt)) //$NON-NLS-1$ + cmd = new SelfCertCmd(); + else if ("-identitydb".equals(opt)) //$NON-NLS-1$ + cmd = new IdentityDBCmd(); + else if ("-certreq".equals(opt)) //$NON-NLS-1$ + cmd = new CertReqCmd(); + else if ("-export".equals(opt)) //$NON-NLS-1$ + cmd = new ExportCmd(); + else if ("-list".equals(opt)) //$NON-NLS-1$ + cmd = new ListCmd(); + else if ("-printcert".equals(opt)) //$NON-NLS-1$ + cmd = new PrintCertCmd(); + else if ("-keyclone".equals(opt)) //$NON-NLS-1$ + cmd = new KeyCloneCmd(); + else if ("-storepasswd".equals(opt)) //$NON-NLS-1$ + cmd = new StorePasswdCmd(); + else if ("-keypasswd".equals(opt)) //$NON-NLS-1$ + cmd = new KeyPasswdCmd(); + else if ("-delete".equals(opt)) //$NON-NLS-1$ + cmd = new DeleteCmd(); + else if ("-help".equals(opt)) //$NON-NLS-1$ + { + printHelp(); + i++; + } + else + { + log.fine("Unknown command [" + opt + "] at index #" + i //$NON-NLS-1$ //$NON-NLS-2$ + + ". Arguments from that token onward will be ignored"); //$NON-NLS-1$ + break; + } + + if (cmd != null) + { + i = cmd.processArgs(args, i); + cmd.doCommand(); + } + } + + // the -help command is the default; i.e. + // keytool + // is equivalent to: + // keytool -help + if (i == 0) + printHelp(); + + if (i < limit) // more options than needed + log.fine("Last recognized argument is assumed at index #" + (i - 1) //$NON-NLS-1$ + + ". Remaining arguments (" + args[i] + "...) will be ignored"); //$NON-NLS-1$ //$NON-NLS-2$ + + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ + } + + private void setup() + { + log.entering(this.getClass().getName(), "setup"); //$NON-NLS-1$ + + gnuCryptoProviderNdx = ProviderUtil.addProvider(new GnuCrypto()); + gnuCallbacksNdx = ProviderUtil.addProvider(new GnuCallbacks()); + + log.exiting(this.getClass().getName(), "setup"); //$NON-NLS-1$ + } + + private void teardown() + { + log.entering(this.getClass().getName(), "teardown"); //$NON-NLS-1$ + + // if we added our own providers remove them + if (gnuCryptoProviderNdx > 0) + ProviderUtil.removeProvider(Registry.GNU_CRYPTO); + + if (gnuCallbacksNdx > 0) + ProviderUtil.removeProvider("GNU-CALLBACKS"); //$NON-NLS-1$ + + log.exiting(this.getClass().getName(), "teardown"); //$NON-NLS-1$ + } + + private void printHelp() + { + if (helpPrinted) + return; + + HelpPrinter.printHelp(HELP_PATH); + helpPrinted = true; + } +} diff --git a/tools/gnu/classpath/tools/keytool/Messages.java b/tools/gnu/classpath/tools/keytool/Messages.java new file mode 100644 index 000000000..e3308e021 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/Messages.java @@ -0,0 +1,115 @@ +/* Messages.java -- I18N related helper class + Copyright (C) 2006 Free Software Foundation, Inc. + + This file is part of GNU Classpath. + + GNU Classpath is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + GNU Classpath is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNU Classpath; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.Map; +import java.util.MissingResourceException; +import java.util.ResourceBundle; +import java.util.logging.Logger; + +/** + * An initially generated Eclipse helper class to ease the use of localized + * messages. + * <p> + * Enriched to handle localized message formats. + */ +class Messages +{ + private static final Logger log = Logger.getLogger(Messages.class.getName()); + private static final String BUNDLE_NAME = "gnu.classpath.tools.keytool.MessageBundle"; //$NON-NLS-1$ + private static final ResourceBundle RESOURCE_BUNDLE = ResourceBundle.getBundle(BUNDLE_NAME); + private static final Map CACHED_FORMATS = new HashMap(5); + + private Messages() + { + super(); + } + + public static String getString(String key) + { + try + { + return RESOURCE_BUNDLE.getString(key); + } + catch (MissingResourceException e) + { + return constructMessage(key, null); + } + } + + public static String getFormattedString(String key, Object args) + { + MessageFormat mf = (MessageFormat) CACHED_FORMATS.get(key); + if (mf == null) + { + String formatString = getString(key); + if (formatString.startsWith("!")) + return constructMessage(key, args); + + mf = new MessageFormat(formatString); + CACHED_FORMATS.put(key, mf); + } + + // if the argument is not an array, then build one consisiting of the + // sole argument before passing it to the format() method + try + { + if (args instanceof Object[]) + return mf.format(args); + + return mf.format(new Object[] { args }); + } + catch (IllegalArgumentException x) + { + log.fine("Exception while rendering a message format keyed by [" + + key + "]: " + mf.toPattern()); + return constructMessage(mf.toPattern(), args); + } + } + + private static final String constructMessage(String m, Object args) + { + if (args == null) + return '!' + m + '!'; + + return '!' + m + '!' + String.valueOf(args) + '!'; + } +} diff --git a/tools/gnu/classpath/tools/keytool/PrintCertCmd.java b/tools/gnu/classpath/tools/keytool/PrintCertCmd.java new file mode 100644 index 000000000..9ba1d5970 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/PrintCertCmd.java @@ -0,0 +1,123 @@ +/* PrintCertCmd.java -- The printcert command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import java.io.PrintWriter; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.util.logging.Logger; + +/** + * The <b>-printcert</b> keytool command handler is used to read a certificate + * from a designated file, and print its contents in a human-readable format. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-file FILE_NAME</dt> + * <dd>The fully qualified path of the file to read the certificate from. + * If this option is omitted, the tool will process STDIN. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class PrintCertCmd extends Command +{ + private static final Logger log = Logger.getLogger(PrintCertCmd.class.getName()); + private String _certFileName; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param pathName the fully qualified path name of the file to process. */ + public void setFile(String pathName) + { + this._certFileName = pathName; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); + if (opt == null || opt.length() == 0) + continue; + + if ("-file".equals(opt)) // -file FILE_NAME + _certFileName = args[++i]; + else if ("-v".equals(opt)) + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setInputStreamParam(_certFileName); + + log.finer("-printcert handler will use the following options:"); + log.finer(" -file=" + _certFileName); + log.finer(" -v=" + verbose); + } + + void start() throws CertificateException + { + log.entering(getClass().getName(), "start"); + + CertificateFactory x509Factory = CertificateFactory.getInstance(Main.X_509); + Certificate certificate = x509Factory.generateCertificate(inStream); + PrintWriter writer = new PrintWriter(System.out, true); + writer.println(); + printVerbose(certificate, writer); + + log.exiting(getClass().getName(), "start"); + } +} diff --git a/tools/gnu/classpath/tools/keytool/SelfCertCmd.java b/tools/gnu/classpath/tools/keytool/SelfCertCmd.java new file mode 100644 index 000000000..db7d45994 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/SelfCertCmd.java @@ -0,0 +1,371 @@ +/* SelfCertCmd.java -- The selfcert command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.java.security.x509.X500DistinguishedName; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SignatureException; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.logging.Logger; + +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.x500.X500Principal; + +/** + * The <b>-selfcert</b> keytool command handler is used to generate a self- + * signed X.509 version 1 certificate using key store credentials stored under a + * designated alias. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-alias ALIAS</dt> + * <dd>Every entry, be it a <i>Key Entry</i> or a <i>Trusted + * Certificate</i>, in a key store is uniquely identified by a user-defined + * <i>Alias</i> string. Use this option to specify the <i>Alias</i> to use + * when referring to an entry in the key store. Unless specified otherwise, + * a default value of <code>mykey</code> shall be used when this option is + * omitted from the command line. + * <p></dd> + * + * <dt>-sigalg ALGORITHM</dt> + * <dd>The canonical name of the digital signature algorithm to use for + * signing the certificate. If this option is omitted, a default value will + * be chosen based on the type of the private key associated with the + * designated <i>Alias</i>. If the private key is a <code>DSA</code> one, + * the value for the signature algorithm will be <code>SHA1withDSA</code>. + * If on the other hand the private key is an <code>RSA</code> one, then + * the tool will use <code>MD5withRSA</code> as the signature algorithm. + * <p></dd> + * + * <dt>-dname NAME</dt> + * <dd>Use this option to specify the <i>Distinguished Name</i> of the + * newly generated self-signed certificate. If this option is omitted, the + * existing <i>Distinguished Name</i> of the base certificate in the chain + * associated with the designated <i>Alias</i> will be used instead. + * <p> + * The syntax of a valid value for this option MUST follow RFC-2253 + * specifications. Namely the following components (with their accepted + * meaning) will be recognized. Note that the component name is case- + * insensitive: + * <dl> + * <dt>CN</dt> + * <dd>The Common Name; e.g. "host.domain.com"</dd> + * + * <dt>OU</dt> + * <dd>The Organizational Unit; e.g. "IT Department"</dd> + * + * <dt>O</dt> + * <dd>The Organization Name; e.g. "The Sample Company"</dd> + * + * <dt>L</dt> + * <dd>The Locality Name; e.g. "Sydney"</dd> + * + * <dt>ST</dt> + * <dd>The State Name; e.g. "New South Wales"</dd> + * + * <dt>C</dt> + * <dd>The 2-letter Country identifier; e.g. "AU"</dd> + * </dl> + * <p> + * When specified with a <code>-dname</code> option, each pair of component + * / value will be separated from the other with a comma. Each component + * and value pair MUST be separated by an equal sign. For example, the + * following is a valid DN value: + * <pre> + * CN=host.domain.com, O=The Sample Company, L=Sydney, ST=NSW, C=AU + * </pre> + * <p></dd> + * + * <dt>-validity DAY_COUNT</dt> + * + * <dt>-keypass PASSWORD</dt> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class SelfCertCmd extends Command +{ + private static final Logger log = Logger.getLogger(SelfCertCmd.class.getName()); + private String _alias; + private String _sigAlgorithm; + private String _dName; + private String _password; + private String _validityStr; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private X500DistinguishedName distinguishedName; + private int validityInDays; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param alias the alias to use. */ + public void setAlias(String alias) + { + this._alias = alias; + } + + /** + * @param algorithm the canonical name of the digital signature algorithm to + * use. + */ + public void setSigalg(String algorithm) + { + this._sigAlgorithm = algorithm; + } + + /** + * @param name the distiniguished name of both the issuer and subject (since + * we are dealing with a self-signed certificate) to use. + */ + public void setDname(String name) + { + this._dName = name; + } + + /** + * @param days the string representation of the number of days (a decimal, + * positive integer) to assign to the generated (self-signed) + * certificate. + */ + public void setValidity(String days) + { + this._validityStr = days; + } + + /** @param password the (private) key password to use. */ + public void setKeypass(String password) + { + this._password = password; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); + if (opt == null || opt.length() == 0) + continue; + + if ("-alias".equals(opt)) // -alias ALIAS + _alias = args[++i]; + else if ("-sigalg".equals(opt)) // -sigalg ALGORITHM + _sigAlgorithm = args[++i]; + else if ("-dname".equals(opt)) // -dname NAME + _dName = args[++i]; + else if ("-keypass".equals(opt)) // -keypass PASSWORD + _password = args[++i]; + else if ("-validity".equals(opt)) // -validity DAY_COUNT + _validityStr = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME + _providerClassName = args[++i]; + else if ("-v".equals(opt)) + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setAliasParam(_alias); + setKeyPasswordNoPrompt(_password); +// setDName(_dName); + setValidityParam(_validityStr); +// setSignatureAlgorithm(_sigAlgorithm); + + log.finer("-selfcert handler will use the following options:"); + log.finer(" -alias=" + alias); + log.finer(" -sigalg=" + _sigAlgorithm); + log.finer(" -dname=" + _dName); + log.finer(" -keypass=" + _password); + log.finer(" -validity=" + validityInDays); + log.finer(" -storetype=" + storeType); + log.finer(" -keystore=" + storeURL); + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); + log.finer(" -provider=" + provider); + log.finer(" -v=" + verbose); + } + + void start() throws KeyStoreException, NoSuchAlgorithmException, + UnrecoverableKeyException, IOException, UnsupportedCallbackException, + InvalidKeyException, SignatureException, CertificateException + { + log.entering(getClass().getName(), "start"); + + // 1. get the key entry and certificate chain associated to alias + Key privateKey = getAliasPrivateKey(); + Certificate[] chain = store.getCertificateChain(alias); + + // 2. if the user has not supplied a DN use one from the certificate chain + X509Certificate bottomCertificate = (X509Certificate) chain[0]; + X500Principal defaultPrincipal = bottomCertificate.getIssuerX500Principal(); + setDName(_dName, defaultPrincipal); + + // 4. get alias's public key from certificate's SubjectPublicKeyInfo + PublicKey publicKey = bottomCertificate.getPublicKey(); + + // 5. issue the self-signed certificate + setSignatureAlgorithmParam(_sigAlgorithm, privateKey); + + byte[] derBytes = getSelfSignedCertificate(distinguishedName, + publicKey, + (PrivateKey) privateKey); + CertificateFactory x509Factory = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream bais = new ByteArrayInputStream(derBytes); + Certificate certificate = x509Factory.generateCertificate(bais); + + // 6. store it, w/ its private key, associating them to alias + chain = new Certificate[] { certificate }; + store.setKeyEntry(alias, privateKey, keyPasswordChars, chain); + + // 7. persist the key store + saveKeyStore(); + + log.exiting(getClass().getName(), "start"); + } + + // own methods -------------------------------------------------------------- + + private void setDName(String name, X500Principal defaultName) + { + if (name != null && name.trim().length() > 0) + name = name.trim(); + else + { + // If dname is supplied at the command line, it is used as the X.500 + // Distinguished Name for both the issuer and subject of the certificate. + // Otherwise, the X.500 Distinguished Name associated with alias (at the + // bottom of its existing certificate chain) is used. + name = defaultName.toString().trim(); + } + + distinguishedName = new X500DistinguishedName(name); + } +} diff --git a/tools/gnu/classpath/tools/keytool/StorePasswdCmd.java b/tools/gnu/classpath/tools/keytool/StorePasswdCmd.java new file mode 100644 index 000000000..1eb053c1c --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/StorePasswdCmd.java @@ -0,0 +1,275 @@ +/* StorePasswdCmd.java -- The storepasswd command handler of the keytool + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.classpath.tools.keytool; + +import gnu.classpath.SystemProperties; + +import java.io.IOException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.Arrays; +import java.util.logging.Logger; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.TextOutputCallback; +import javax.security.auth.callback.UnsupportedCallbackException; + +/** + * The <b>-storepasswd</b> keytool command handler is used to change the + * password which protects the integrity of the key store. + * <p> + * Possible options for this command are: + * <p> + * <dl> + * <dt>-new PASSWORD</dt> + * <dd>The new, and different, password which will be used to protect the + * designated key store. + * <p></dd> + * + * <dt>-storetype STORE_TYP}</dt> + * <dd>Use this option to specify the type of the key store to use. The + * default value, if this option is omitted, is that of the property + * <code>keystore.type</code> in the security properties file, which is + * obtained by invoking the {@link java.security.KeyStore#getDefaultType()} + * static method. + * <p></dd> + * + * <dt>-keystore URL</dt> + * <dd>Use this option to specify the location of the key store to use. + * The default value is a file {@link java.net.URL} referencing the file + * named <code>.keystore</code> located in the path returned by the call to + * {@link java.lang.System#getProperty(String)} using <code>user.home</code> + * as argument. + * <p> + * If a URL was specified, but was found to be malformed --e.g. missing + * protocol element-- the tool will attempt to use the URL value as a file- + * name (with absolute or relative path-name) of a key store --as if the + * protocol was <code>file:</code>. + * <p></dd> + * + * <dt>-storepass PASSWORD</dt> + * <dd>Use this option to specify the password protecting the key store. If + * this option is omitted from the command line, you will be prompted to + * provide a password. + * <p></dd> + * + * <dt>-provider PROVIDER_CLASS_NAME</dt> + * <dd>A fully qualified class name of a Security Provider to add to the + * current list of Security Providers already installed in the JVM in-use. + * If a provider class is specified with this option, and was successfully + * added to the runtime --i.e. it was not already installed-- then the tool + * will attempt to removed this Security Provider before exiting. + * <p></dd> + * + * <dt>-v</dt> + * <dd>Use this option to enable more verbose output.</dd> + * </dl> + */ +class StorePasswdCmd extends Command +{ + private static final Logger log = Logger.getLogger(StorePasswdCmd.class.getName()); + private String _newPassword; + private String _ksType; + private String _ksURL; + private String _ksPassword; + private String _providerClassName; + private char[] newStorePasswordChars; + + // default 0-arguments constructor + + // public setters ----------------------------------------------------------- + + /** @param password the new key-store password to use. */ + public void setNew(String password) + { + this._newPassword = password; + } + + /** @param type the key-store type to use. */ + public void setStoretype(String type) + { + this._ksType = type; + } + + /** @param url the key-store URL to use. */ + public void setKeystore(String url) + { + this._ksURL = url; + } + + /** @param password the key-store password to use. */ + public void setStorepass(String password) + { + this._ksPassword = password; + } + + /** @param className a security provider fully qualified class name to use. */ + public void setProvider(String className) + { + this._providerClassName = className; + } + + // life-cycle methods ------------------------------------------------------- + + int processArgs(String[] args, int i) + { + int limit = args.length; + String opt; + while (++i < limit) + { + opt = args[i]; + log.finest("args[" + i + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ + if (opt == null || opt.length() == 0) + continue; + + if ("-new".equals(opt)) // -new PASSWORD //$NON-NLS-1$ + _newPassword = args[++i]; + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ + _ksType = args[++i]; + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ + _ksURL = args[++i]; + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ + _ksPassword = args[++i]; + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ + _providerClassName = args[++i]; + else if ("-v".equals(opt)) //$NON-NLS-1$ + verbose = true; + else + break; + } + + return i; + } + + void setup() throws Exception + { + setKeyStoreParams(_providerClassName, _ksType, _ksPassword, _ksURL); + setNewKeystorePassword(_newPassword); + + log.finer("-storepasswd handler will use the following options:"); //$NON-NLS-1$ + log.finer(" -new=" + String.valueOf(newStorePasswordChars)); //$NON-NLS-1$ + log.finer(" -storetype=" + storeType); //$NON-NLS-1$ + log.finer(" -keystore=" + storeURL); //$NON-NLS-1$ + log.finer(" -storepass=" + String.valueOf(storePasswordChars)); //$NON-NLS-1$ + log.finer(" -provider=" + provider); //$NON-NLS-1$ + log.finer(" -v=" + verbose); //$NON-NLS-1$ + } + + void start() throws KeyStoreException, NoSuchAlgorithmException, + CertificateException, IOException + { + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ + + saveKeyStore(newStorePasswordChars); + + log.exiting(getClass().getName(), "start"); //$NON-NLS-1$ + } + + // own methods -------------------------------------------------------------- + + protected void setNewKeystorePassword(String password) throws IOException, + UnsupportedCallbackException + { + if (password != null) + newStorePasswordChars = password.toCharArray(); + else + { + boolean ok = false; + Callback[] prompts = new Callback[1]; + Callback[] errors = new Callback[1]; + for (int i = 0; i < 3; i++) + if (prompt4NewPassword(getCallbackHandler(), prompts, errors)) + { + ok = true; + break; + } + if (! ok) + throw new SecurityException(Messages.getString("StorePasswdCmd.19")); //$NON-NLS-1$ + } + } + + private boolean prompt4NewPassword(CallbackHandler handler, + Callback[] prompts, Callback[] errors) + throws IOException, UnsupportedCallbackException + { + // prompt user (1st time) to provide one + String p = Messages.getString("StorePasswdCmd.20"); //$NON-NLS-1$ + PasswordCallback pcb = new PasswordCallback(p, false); + prompts[0] = pcb; + handler.handle(prompts); + char[] pwd1 = pcb.getPassword(); + pcb.clearPassword(); + String ls = SystemProperties.getProperty("line.separator"); //$NON-NLS-1$ + if (pwd1 == null || pwd1.length < 6) + { + String m = Messages.getString("StorePasswdCmd.21") + ls; //$NON-NLS-1$ + errors[0] = new TextOutputCallback(TextOutputCallback.ERROR, m); + handler.handle(errors); + return false; + } + + if (Arrays.equals(storePasswordChars, pwd1)) + { + String m = Messages.getString("StorePasswdCmd.22") + ls; //$NON-NLS-1$ + errors[0] = new TextOutputCallback(TextOutputCallback.ERROR, m); + handler.handle(errors); + return false; + } + + // prompt user (2nd time) for confirmation + pcb = new PasswordCallback(Messages.getString("StorePasswdCmd.23"), false); //$NON-NLS-1$ + prompts[0] = pcb; + handler.handle(prompts); + char[] pwd2 = pcb.getPassword(); + pcb.clearPassword(); + if (! Arrays.equals(pwd1, pwd2)) + { + String m = Messages.getString("StorePasswdCmd.24") + ls; //$NON-NLS-1$ + errors[0] = new TextOutputCallback(TextOutputCallback.ERROR, m); + handler.handle(errors); + return false; + } + + newStorePasswordChars = pwd2; + return true; + } +} diff --git a/tools/gnu/classpath/tools/keytool/keytool.txt b/tools/gnu/classpath/tools/keytool/keytool.txt new file mode 100644 index 000000000..15f9b96f9 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/keytool.txt @@ -0,0 +1,616 @@ +NAME + keytool - manage private keys and public certificates + +SYNOPSIS + keytool [COMMAND]... + +DESCRIPTION + A Java-based tool for managing both Key Entries as well as Trusted + Certificates. + + Multiple COMMANDs may be specified at once, each complete with its own + options. keytool will parse all the arguments, before processing, and + executing, each COMMAND. If an exception occurs while executing one + COMMAND keytool will abort. + + A COMMAND can be one of the followings: + + -genkey [OPTION]... + Generate a new Key Entry, eventually creating a new key store. + + -import [OPTION]... + Add, to a key store, Key Entries (private keys and certificate + chains authenticating the public keys) and Trusted Certificates + (3rd party certificates which can be used as Trust anchors when + building chains-of-trust). + + -selfcert [OPTION]... + Generate a new self-signed Trusted Certificate. + + -identitydb [OPTION]... + NOT IMPLEMENTED YET. + Import a JDK 1.1 style Identity Database. + + -certreq [OPTION]... + Issue a Certificate Signing Request (CSR) which can be then sent + to a Certification Authority (CA) to issue a certificate signed + (by the CA) and authenticating the Subject of the request. + + -export [OPTION]... + Export a Certificate from a key store. + + -list [OPTION]... + Print one or all Certificates in a key store to STDOUT. + + -printcert [OPTION]... + Print a human-readable form of a Certificate in a designated + file to STDOUT. + + -keyclone [OPTION]... + Clone a Key Entry in a key store. + + -storepasswd [OPTION]... + Change the password protecting a key store. + + -keypasswd [OPTION]... + Change the password protecting a Key Entry in a key store. + + -delete [OPTION]... + Delete a Key Entry or a Trusted Certificate from a key store. + + -help Display this text. + +OPTIONS COMMON TO MORE THAN ONE COMMAND + The following OPTIONs are used in more than one COMMAND. They are + described here to reduce redundancy. + + -alias ALIAS + Every entry, be it a Key Entry or a Trusted Certificate, in a + key store is uniquely identified by a user-defined Alias string. + Use this option to specify the Alias to use when referring to an + entry in the key store. Unless specified otherwise, a default + value of "mykey" (all lower case, without the enclosing quotes) + shall be used when this option is omitted from the command line. + + -keyalg ALGORITHM + Use this option to specify the canonical name of the key-pair + generation algorithm. The default value for this option is + "DSS" (a synonym for the Digital Signature Algorithm also known + as DSA). + + -keysize SIZE + Use this option to specify the number of bits of the shared + modulus (for both the public and private keys) to use when + generating new keys. A default value of 1024 will be used if + this option is omitted from the command line. + + -validity DAY_COUNT + Use this option to specify the number of days a newly generated + certificate will be valid for. The default value is 90 (days) + if this option is omitted from the command line. + + -storetype STORE_TYPE + Use this option to specify the type of the key store to use. + The default value, if this option is omitted, is that of the + property "keystore.type" in the security properties file, which + is obtained by invoking the static method call getDefaultType() + in java.security.KeyStore. + + -storepass PASSWORD + Use this option to specify the password protecting the key + store. If this option is omitted from the command line, you + will be prompted to provide a password. + + -keystore URL + Use this option to specify the location of the key store to use. + The default value is a file URL referencing the file named + ".keystore" (all lower case and without the enclosing quotes) + located in the path returned by the call to + java.lang.System#getProperty(String) using "user.home" as + argument. + + If a URL was specified, but was found to be malformed --e.g. + missing protocol element-- the tool will attempt to use the URL + value as a file-name (with absolute or relative path-name) of a + key store --as if the protocol was "file:". + + -provider PROVIDER_CLASS_NAME + A fully qualified class name of a Security Provider to add to + the current list of Security Providers already installed in the + JVM in-use. If a provider class is specified with this option, + and was successfully added to the runtime --i.e. it was not + already installed-- then the tool will attempt to remove this + Security Provider before exiting. + + -file FILE_NAME + Use this option to designate a file to use with a command. When + specified with this option, the value is expected to be the + fully qualified path of a file accessible by the File System. + Depending on the command, the file may be used as input or as + output. When this option is omitted from the command line, + STDIN will be used instead, as the source of input, and STDOUT + will be used instead as the output destination. + + -v Unless specified otherwise, use this option to enable more + verbose output. + +X.500 DISTINGUISHED NAME + A Distinguished Name (or DN) MUST be supplied with some of the COMMANDs + using a -dname option. The syntax of a valid value for this option MUST + follow RFC-2253 specifications. Namely the following components (with + their accepted meaning) will be recognized. Note that the component + name is case-insensitive: + + CN The Common Name; e.g. "host.domain.com" + OU The Organizational Unit; e.g. "IT Department" + O The Organization Name; e.g. "The Sample Company" + L The Locality Name; e.g. "Sydney" + ST The State Name; e.g. "New South Wales" + C The 2-letter Country identifier; e.g. "AU" + + When specified with a -dname option, each pair of component/value will + be separated from the other with a comma. Each component and value pair + MUST be separated by an equal sign. For example, the following is + a valid DN value: + + CN=host.domain.com, O=The Sample Company, L=Sydney, ST=NSW, C=AU + + If the Distinguished Name is required, and no valid default value can be + used, the tool will prompt you to enter the information through the + console. + +-genkey COMMAND + Generate a new key-pair (both private and public keys), and save these + credentials in the key store as a Key Entry, associated with the + designated (if was specified in the -alias option) or default (if the + -alias option is omitted) Alias. + + The private key material will be protected with a user-defined password + (see -keypass option). The public key on the other hand will be part + of a self-signed X.509 certificate, which will form a 1-element chain + and will be saved in the key store. + + -alias ALIAS + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keyalg ALGORITHM + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keysize KEY_SIZE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -sigalg ALGORITHM + The canonical name of the digital signature algorithm to use for + signing certificates. If this option is omitted, a default + value will be chosen based on the type of the key-pair; i.e. the + algorithm that ends up being used by the -keyalg option. If the + key-pair generation algorithm is "DSA", the value for the + signature algorithm will be "SHA1withDSA". If on the other hand + the key-pair generation algorithm is "RSA", then the tool will + use "MD5withRSA" as the signature algorithm. + + -dname NAME + This a mandatory value for the command. If no value is + specified --i.e. the -dname option is omitted-- the tool will + prompt you to enter a Distinguished Name to use as both the + Owner and Issuer of the generated self-signed certificate. + + (see X.500 DISTINGUISHED NAME) + + -keypass PASSWORD + Use this option to specify the password which the tool will use + to protect the newly created Key Entry. + + If this option is omitted, you will be prompted to provide a + password. + + -validity DAY_COUNT + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +-import COMMAND + Read an X.509 certificate, or a PKCS#7 Certificate Reply from a + designated input source and incorporate the certificates into the key + store. + + If the Alias does not already exist in the key store, the tool treats + the certificate read from the input source as a new Trusted Certificate. + It then attempts to discover a chain-of-trust, starting from that + certificate and ending at another Trusted Certificate, already stored in + the key store. If the -trustcacerts option is present, an additional + key store, of type "JKS" named "cacerts", and assumed to be present in + ${JAVA_HOME}/lib/security will also be consulted if found --${JAVA_HOME} + refers to the location of an installed Java Runtime Environment (JRE). + If no chain-of-trust can be established, and unless the -noprompt option + has been specified, the certificate is printed to STDOUT and the user is + prompted for a confirmation. + + If Alias exists in the key store, the tool will treat the certificate(s) + read from the input source as a Certificate Reply, which can be a chain + of certificates, that eventually would replace the chain of certificates + associated with the Key Entry of that Alias. The substitution of the + certificates only occurs if a chain-of-trust can be established between + the bottom certificate of the chain read from the input file and the + Trusted Certificates already present in the key store. Again, if the + -trustcacerts option is specified, additional Trusted Certificates in + the same "cacerts" key store will be considered. If no chain-of-trust + can be established, the operation will abort. + + -alias ALIAS + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -file FILE_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keypass PASSWORD + Use this option to specify the password which the tool will use + to protect the Key Entry associated with the designated Alias, + when replacing this Alias' chain of certificates with that found + in the certificate reply. + + If this option is omitted, and the chain-of-trust for the + certificate reply has been established, the tool will first + attempt to unlock the Key Entry using the same password + protecting the key store. If this fails, you will then be + prompted to provide a password. + + -noprompt + Use this option to prevent the tool from prompting the user. + + -trustcacerts + Use this option to indicate to the tool that a key store, of + type "JKS", named "cacerts", and usually located in lib/security + in an installed Java Runtime Environment should be considered + when trying to establish chain-of-trusts. + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +-selfcert COMMAND + Generate a self-signed X.509 version 1 certificate. The newly generated + certificate will form a chain of one element which will replace the + previous chain associated with the designated Alias (if -alias option + was specified), or the default Alias (if -alias option was omitted). + + -alias ALIAS + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -sigalg ALGORITHM + The canonical name of the digital signature algorithm to use for + signing the certificate. If this option is omitted, a default + value will be chosen based on the type of the private key + associated with the designated Alias. If the private key is a + "DSA" one, the value for the signature algorithm will be + "SHA1withDSA". If on the other hand the private key is an "RSA" + one, then the tool will use "MD5withRSA" as the signature + algorithm. + + -dname NAME + Use this option to specify the Distinguished Name of the newly + generated self-signed certificate. If this option is omitted, + the existing Distinguished Name of the base certificate in the + chain associated with the designated Alias will be used instead. + + (see X.500 DISTINGUISHED NAME) + + -validity DAY_COUNT + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keypass PASSWORD + Use this option to specify the password which the tool will use + to unlock the Key Entry associated with the designated Alias. + + If this option is omitted, the tool will first attempt to unlock + the Key Entry using the same password protecting the key store. + If this fails, you will then be prompted to provide a password. + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +-identitydb COMMAND + NOT IMPLEMENTED YET. + + Import a JDK 1.1 style Identity Database. + + -file FILE_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +-certreq COMMAND + Generate a PKCS#10 Certificate Signing Request (CSR) and writes it to + a designated output destination. The contents of the destination + should look something like the following: + + -----BEGIN NEW CERTIFICATE REQUEST----- + MIICYTCCAiECAQAwXzEUMBIGA1UEAwwLcnNuQGdudS5vcmcxGzAZBgNVBAoMElUg + Q29tcGFueTEPMA0GA1UEBwwGU3lkbmV5MQwwCgYDVQQIDANOU1cxCzAJBgNVBACC + ... + FCTlKlok8KwGuIVwNVOfQLRX+O5kAhQ/a4RTZme2L8PnpvgRwrf7Eg8D6w== + -----END NEW CERTIFICATE REQUEST----- + + IMPORTANT: Some documentation (e.g. RSA examples) claims that the + Attributes field, in the CSR is OPTIONAL while RFC-2986 implies the + opposite. This implementation considers this field, by default, as + OPTIONAL, unless the option -attributes is specified on the command + line. + + -alias ALIAS + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -sigalg ALGORITHM + The canonical name of the digital signature algorithm to use for + signing the certificate. If this option is omitted, a default + value will be chosen based on the type of the private key + associated with the designated Alias. If the private key is a + "DSA" one, the value for the signature algorithm will be + "SHA1withDSA". If on the other hand the private key is an "RSA" + one, then the tool will use "MD5withRSA" as the signature + algorithm. + + -file FILE_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keypass PASSWORD + Use this option to specify the password which the tool will use + to unlock the Key Entry associated with the designated Alias. + + If this option is omitted, the tool will first attempt to unlock + the Key Entry using the same password protecting the key store. + If this fails, you will then be prompted to provide a password. + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -attributes + Use this option to force the tool to encode a NULL DER value in + the CSR as the value of the Attributes field. + +-export COMMAND + Export a certificate stored in the key store to a designated output + destination, either in binary format (if the -v option is specified), + or in RFC-1421 compliant encoding (if the -rfc option is specified + instead). + + -alias ALIAS + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -file FILE_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -rfc Use RFC-1421 specifications when encoding the output. + + -v Output the certificate in binary DER encoding. This is the + default output format of the command if neither -rfc nor -v + options were detected on the command line. If both this option + and the -rfc option are detected on the command line, the tool + will opt for the RFC-1421 style encoding. + +-list COMMAND + Print one or all of the key store entries to STDOUT. Usually this + command will only print a fingerprint of the certificate, unless either + the -rfc or the -v option is specified. + + -alias ALIAS + If this option is omitted, the tool will print ALL the entries + found in the key store. + + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -rfc Use RFC-1421 specifications when encoding the output. + + -v Output the certificate in human-readable format. If both this + option and the -rfc option are detected on the command line, + the tool will opt for the human-readable form and will not + abort the command. + +-printcert COMMAND + Read a certificate from a designated input source and print it to STDOUT + in a human-readable form. + + -file FILE_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +-keyclone COMMAND + Clone an existing Key Entry and store it under a new (different) Alias + protecting, its private key material with possibly a new password. + + -alias ALIAS + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -dest ALIAS + Use this option to specify the new Alias which will be used to + identify the cloned copy of the Key Entry. + + -keypass PASSWORD + Use this option to specify the password which the tool will use + to unlock the Key Entry associated with the designated Alias. + + If this option is omitted, the tool will first attempt to unlock + the Key Entry using the same password protecting the key store. + If this fails, you will then be prompted to provide a password. + + -new PASSWORD + Use this option to specify the password protecting the private + key material of the newly cloned copy of the Key Entry. + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +-storepasswd COMMAND + Change the password protecting a key store. + + -new PASSWORD + The new, and different, password which will be used to protect + the designated key store. + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +-keypasswd COMMAND + Change the password protecting the private key material of a designated + Key Entry. + + -alias ALIAS + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keypass PASSWORD + Use this option to specify the password which the tool will use + to unlock the Key Entry associated with the designated Alias. + + If this option is omitted, the tool will first attempt to unlock + the Key Entry using the same password protecting the key store. + If this fails, you will then be prompted to provide a password. + + -new PASSWORD + The new, and different, password which will be used to protect + the private key material of the designated Key Entry. + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +-delete COMMAND + Delete a designated key store entry. + + -alias ALIAS + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storetype STORE_TYPE + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -keystore URL + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -storepass PASSWORD + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -provider PROVIDER_CLASS_NAME + (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + + -v (see OPTIONS COMMON TO MORE THAN ONE COMMAND) + +REPORTING BUGS + Please report bugs at http://www.gnu.org/software/classpath/bugs.html + +COPYRIGHT + Copyright (C) 2006 Free Software Foundation, Inc. + This is free software; see the source for copying conditions. There is + NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. diff --git a/tools/gnu/classpath/tools/keytool/package.html b/tools/gnu/classpath/tools/keytool/package.html new file mode 100644 index 000000000..c447b8d01 --- /dev/null +++ b/tools/gnu/classpath/tools/keytool/package.html @@ -0,0 +1,65 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in gnu.classpath.tools.keytool + +Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head> +<title>GNU Classpath - gnu.classpath.tools.keytool</title> +</head> + +<body> +This package contains the classes that provide an implementation of the +Security Tool: <code>keytool</code>. The behaviour of these classes should +match that of the same tool provided in the RI version 1.4.2, except for the +following: + +<ul> + <li>The RI tool accepts -J<i>javaoption</i> options which it then passes to + the underlying JVM. This is because the RI tool acts as a <i>wrapper</i> + around the JVM launcher. + <p> + This implementation DOES NOT support these options. + </li> + + <li>The RI tool is capable of importing JDK-1.1 style <i>identities</i>. + <p> + This implementation does not offer this feature. + </li> +</ul> +</body> +</html> diff --git a/tools/keytool.sh.in b/tools/keytool.sh.in new file mode 100644 index 000000000..6c11dc407 --- /dev/null +++ b/tools/keytool.sh.in @@ -0,0 +1,63 @@ +#!/bin/sh + +## Copyright (C) 2006 Free Software Foundation, Inc. +## +## This file is a part of GNU Classpath. +## +## GNU Classpath is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or (at +## your option) any later version. +## +## GNU Classpath is distributed in the hope that it will be useful, but +## WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with GNU Classpath; if not, write to the Free Software +## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +## USA. +## +## Linking this library statically or dynamically with other modules is +## making a combined work based on this library. Thus, the terms and +## conditions of the GNU General Public License cover the whole +## combination. +## +## As a special exception, the copyright holders of this library give you +## permission to link this library with independent modules to produce an +## executable, regardless of the license terms of these independent +## modules, and to copy and distribute the resulting executable under +## terms of your choice, provided that you also meet, for each linked +## independent module, the terms and conditions of the license of that +## module. An independent module is a module which is not derived from +## or based on this library. If you modify this library, you may extend +## this exception to your version of the library, but you are not +## obligated to do so. If you do not wish to do so, delete this +## exception statement from your version. +## +## +## A simple shell script to launch the GNU Classpath keytool tool. +## + +prefix=@prefix@ +tools_dir=@datadir@/@PACKAGE@ +tools_cp=${tools_dir}/tools.zip + +# find the java executable... +if [ -z "${JAVA}" ] ; then + if [ -n "${JAVA_HOME}" ] ; then + if [ -x "${JAVA_HOME}/jre/sh/java" ] ; then + JAVA="${JAVA_HOME}/jre/sh/java" + else + JAVA="${JAVA_HOME}/bin/java" + fi + else + JAVA=`which java 2> /dev/null ` + if [ -z "${JAVA}" ] ; then + JAVA=java + fi + fi +fi + +exec "${JAVA}" -Xbootclasspath/p:"${tools_cp}" gnu.classpath.tools.keytool.Main $@ |