diff options
56 files changed, 7735 insertions, 67 deletions
diff --git a/java/security/AccessControlContext.java b/java/security/AccessControlContext.java new file mode 100644 index 000000000..90cb3f261 --- /dev/null +++ b/java/security/AccessControlContext.java @@ -0,0 +1,129 @@ +/* AccessControlContext.java --- Access Control Context Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+
+/**
+ AccessControlContext makes system resource access decsion
+ based on permission rights.
+
+ It is used for a specific context and has only one method
+ checkPermission. It is similar to AccessController except
+ that it makes decsions based on the current context instead
+ of the the current thread.
+
+ It is created by call AccessController.getContext method.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public final class AccessControlContext
+{
+private ProtectionDomain protectionDomain[];
+
+/**
+ Construct a new AccessControlContext with the specified
+ ProtectionDomains. <code>context</code> must not be
+ null and duplicates will be removed.
+
+ @param context The ProtectDomwains to use
+*/
+public AccessControlContext(ProtectionDomain[] context)
+{
+ int i, j, k, count = context.length, count2 = 0;
+ for( i = 0, j = 0; i < count; i++) {
+ for( k = 0; k < i; k++)
+ if( context[k] == protectionDomain[i] )
+ break;
+ if( k != i) //it means previous loop did not complete
+ continue;
+
+ count2++;
+ }
+
+ protectionDomain = new ProtectionDomain[ count2 ];
+ for( i = 0, j = 0; i < count2; i++) {
+ for( k = 0; k < i; k++)
+ if( context[k] == protectionDomain[i] )
+ break;
+ if( k != i) //it means previous loop did not complete
+ continue;
+
+ protectionDomain[j++] = context[i];
+ }
+}
+
+/**
+ Determines whether or not the specific permission is granted
+ depending on the context it is within.
+
+ @param perm A permission to check
+
+ @throws AccessControlException if the permssion is not permitted
+*/
+public void checkPermission(Permission perm) throws AccessControlException
+{
+ for( int i = 0; i < protectionDomain.length; i++)
+ if( protectionDomain[i].implies( perm ) == true )
+ return;
+
+ throw new AccessControlException("Permission not granted");
+}
+
+/**
+ Checks if two AccessControlContexts are equal.
+
+ It first checks if obj is an AccessControlContext class, and
+ then checks if each ProtectionDomain matches.
+
+ @param obj The object to compare this class to
+
+ @return true if equal, false otherwise
+*/
+public boolean equals(Object obj)
+{
+ if( obj instanceof AccessControlContext ) {
+ AccessControlContext acc = (AccessControlContext)obj;
+
+ if( acc.protectionDomain.length != protectionDomain.length)
+ return false;
+
+ for( int i = 0; i < protectionDomain.length; i++)
+ if( acc.protectionDomain[i] != protectionDomain[i])
+ return false;
+ return true;
+ }
+ return false;
+}
+
+/**
+ Computes a hash code of this class
+
+ @return a hash code representing this class
+*/
+public int hashCode()
+{
+ int h = 0;
+ for( int i = 0; i < protectionDomain.length; i++)
+ h ^= protectionDomain[i].hashCode();
+
+ return h;
+}
+
+}
diff --git a/java/security/AlgorithmParameterGenerator.java b/java/security/AlgorithmParameterGenerator.java new file mode 100644 index 000000000..0936c1237 --- /dev/null +++ b/java/security/AlgorithmParameterGenerator.java @@ -0,0 +1,195 @@ +/* AlgorithmParameterGenerator.java --- Algorithm Parameter Generator
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ AlgorithmParameterGenerator is used to generate
+ algorithm parameters for specified algorithms.
+ This class is used to generate the algorithm parameters
+ for a specific algorithm.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class AlgorithmParameterGenerator
+{
+private AlgorithmParameterGeneratorSpi paramGenSpi;
+private Provider provider;
+private String algorithm;
+
+/**
+ Creates an instance of AlgorithmParameters
+
+ @param paramSpi A parameters engine to use
+ @param provider A provider to use
+ @param algorithm The algorithm
+*/
+protected AlgorithmParameterGenerator(AlgorithmParameterGeneratorSpi paramGenSpi, Provider provider, String algorithm)
+{
+ this.paramGenSpi = paramGenSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+}
+
+/**
+ Returns the name of the algorithm used
+
+ @return A string with the name of the algorithm
+*/
+public final String getAlgorithm()
+{
+ return algorithm;
+}
+
+/**
+ Gets an instance of the AlgorithmParameterGenerator class
+ which generates algorithm parameters for the specified algorithm.
+ If the algorithm is not found then, it throws NoSuchAlgorithmException.
+
+ @param algorithm the name of algorithm to choose
+ @return a AlgorithmParameterGenerator repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by providers
+*/
+public static AlgorithmParameterGenerator getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+{
+ Provider[] p = Security.getProviders ();
+
+ for (int i = 0; i < p.length; i++)
+ {
+ String classname = p[i].getProperty ("AlgorithmParameterGenerator." + algorithm);
+ if (classname != null)
+ return getInstance (classname, algorithm, p[i]);
+ }
+
+ throw new NoSuchAlgorithmException (algorithm);
+}
+
+/**
+ Gets an instance of the AlgorithmParameterGenerator class
+ which generates algorithm parameters for the specified algorithm.
+ If the algorithm is not found then, it throws NoSuchAlgorithmException.
+
+ @param algorithm the name of algorithm to choose
+ @param provider the name of the provider to find the algorithm in
+ @return a AlgorithmParameterGenerator repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by the provider
+ @throws NoSuchProviderException if the provider is not found
+*/
+public static AlgorithmParameterGenerator getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+{
+ Provider p = Security.getProvider(provider);
+ if( p == null)
+ throw new NoSuchProviderException();
+
+ return getInstance (p.getProperty ("AlgorithmParameterGenerator." + algorithm),
+ algorithm, p);
+}
+
+private static AlgorithmParameterGenerator getInstance (String classname,
+ String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+{
+
+ try {
+ return new AlgorithmParameterGenerator( (AlgorithmParameterGeneratorSpi )Class.forName( classname ).newInstance(), provider, algorithm );
+ } catch( ClassNotFoundException cnfe) {
+ throw new NoSuchAlgorithmException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new NoSuchAlgorithmException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new NoSuchAlgorithmException("Illegal Access");
+ }
+}
+
+/**
+ Gets the provider that the class is from.
+
+ @return the provider of this class
+*/
+public final Provider getProvider()
+{
+ return provider;
+}
+
+/**
+ Initializes the Algorithm Parameter Generator with the specified
+ size. (Since no source of randomness is supplied, a default
+ one is supplied).
+
+ @param size size (in bits) to use
+*/
+public final void init(int size)
+{
+ init( size, new SecureRandom() );
+}
+
+/**
+ Initializes the Algorithm Parameter Generator with the specified
+ size and source of randomness.
+
+ @param size size (in bits) to use
+ @param random source of randomness to use
+*/
+public final void init(int size, SecureRandom random)
+{
+ paramGenSpi.engineInit( size, random );
+}
+
+/**
+ Initializes the Algorithm Parameter Generator with the specified
+ AlgorithmParameterSpec. (Since no source of randomness is supplied,
+ a default one is supplied).
+
+ @param genParamSpec the AlgorithmParameterSpec class to use
+*/
+public final void init(AlgorithmParameterSpec genParamSpec) throws InvalidAlgorithmParameterException
+{
+ init( genParamSpec, new SecureRandom() );
+}
+
+/**
+ Initializes the Algorithm Parameter Generator with the specified
+ AlgorithmParameterSpec and source of randomness.
+
+ @param genParamSpec the AlgorithmParameterSpec class to use
+ @param random source of randomness to use
+*/
+public final void init(AlgorithmParameterSpec genParamSpec, SecureRandom random) throws InvalidAlgorithmParameterException
+{
+ paramGenSpi.engineInit( genParamSpec, random );
+}
+
+/**
+ Generate a new set of AlgorithmParameters.
+
+ @returns a new set of algorithm parameters
+*/
+public final AlgorithmParameters generateParameters()
+{
+ return paramGenSpi.engineGenerateParameters();
+}
+
+}
diff --git a/java/security/AlgorithmParameterGeneratorSpi.java b/java/security/AlgorithmParameterGeneratorSpi.java new file mode 100644 index 000000000..49e726d6d --- /dev/null +++ b/java/security/AlgorithmParameterGeneratorSpi.java @@ -0,0 +1,73 @@ +/* AlgorithmParameterGeneratorSpi.java --- Algorithm Parameter Generator SPI
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ AlgorithmParameterGeneratorSpi is the Service Provider
+ Interface for the AlgorithmParameterGenerator class.
+ This class is used to generate the algorithm parameters
+ for a specific algorithm.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class AlgorithmParameterGeneratorSpi
+{
+
+/**
+ Constructs a new AlgorithmParameterGeneratorSpi
+*/
+public AlgorithmParameterGeneratorSpi()
+{}
+
+/**
+ Initializes the parameter generator with the specified size
+ and SecureRandom
+
+ @param size the size( in number of bits)
+ @param random the SecureRandom class to use for randomness
+*/
+protected abstract void engineInit(int size, SecureRandom random);
+
+/**
+ Initializes the parameter generator with the specified
+ AlgorithmParameterSpec and SecureRandom classes.
+
+ If genParamSpec is an invalid AlgorithmParameterSpec for this
+ AlgorithmParameterGeneratorSpi then it throws
+ InvalidAlgorithmParameterException
+
+ @param genParamSpec the AlgorithmParameterSpec class to use
+ @param random the SecureRandom class to use for randomness
+
+ @throws InvalidAlgorithmParameterException genParamSpec is invalid
+*/
+protected abstract void engineInit(AlgorithmParameterSpec genParamSpec, SecureRandom random) throws InvalidAlgorithmParameterException;
+
+
+/**
+ Generate a new set of AlgorithmParameters.
+
+ @returns a new set of algorithm parameters
+*/
+protected abstract AlgorithmParameters engineGenerateParameters();
+
+}
diff --git a/java/security/AlgorithmParameters.java b/java/security/AlgorithmParameters.java new file mode 100644 index 000000000..8a318ca1e --- /dev/null +++ b/java/security/AlgorithmParameters.java @@ -0,0 +1,244 @@ +/* AlgorithmParameters.java --- Algorithm Parameters Implementation Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.InvalidParameterSpecException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.io.IOException;
+
+/**
+ AlgorithmParameters is the Algorithm Parameters class which
+ provides an interface through which to modify parameters for
+ classes. This class is used to manage the algorithm parameters.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class AlgorithmParameters
+{
+
+private AlgorithmParametersSpi paramSpi;
+private Provider provider;
+private String algorithm;
+
+/**
+ Creates an instance of AlgorithmParameters
+
+ @param paramSpi A parameters engine to use
+ @param provider A provider to use
+ @param algorithm The algorithm
+*/
+protected AlgorithmParameters(AlgorithmParametersSpi paramSpi, Provider provider, String algorithm)
+{
+ this.paramSpi = paramSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+}
+
+/**
+ Returns the name of the algorithm used
+
+ @return A string with the name of the algorithm
+*/
+public final String getAlgorithm()
+{
+ return algorithm;
+}
+
+/**
+ Gets an instance of the AlgorithmParameters class representing
+ the specified algorithm parameters. If the algorithm is not
+ found then, it throws NoSuchAlgorithmException.
+
+ The returned AlgorithmParameters must still be intialized with
+ init().
+
+ @param algorithm the name of algorithm to choose
+ @return a AlgorithmParameters repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by providers
+*/
+public static AlgorithmParameters getInstance(String algorithm) throws NoSuchAlgorithmException
+{
+ Provider[] p = Security.getProviders ();
+
+ for (int i = 0; i < p.length; i++)
+ {
+ String classname = p[i].getProperty ("AlgorithmParameters." + algorithm);
+ if (classname != null)
+ return getInstance (classname, algorithm, p[i]);
+ }
+
+ throw new NoSuchAlgorithmException (algorithm);
+}
+
+/**
+ Gets an instance of the AlgorithmParameters class representing
+ the specified algorithm parameters from the specified provider.
+ If the algorithm is not found then, it throws
+ NoSuchAlgorithmException. If the provider is not found, then
+ it throws NoSuchProviderException.
+
+ The returned AlgorithmParameters must still be intialized with
+ init().
+
+ @param algorithm the name of algorithm to choose
+ @param provider the name of the provider to find the algorithm in
+ @return a AlgorithmParameters repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by the provider
+ @throws NoSuchProviderException if the provider is not found
+*/
+public static AlgorithmParameters getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
+{
+ Provider p = Security.getProvider(provider);
+ if( p == null)
+ throw new NoSuchProviderException();
+
+ return getInstance (p.getProperty ("AlgorithmParameters." + algorithm),
+ algorithm, p);
+}
+
+private static AlgorithmParameters getInstance (String classname,
+ String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+{
+
+ try {
+ return new AlgorithmParameters( (AlgorithmParametersSpi)Class.forName( classname ).newInstance(), provider, algorithm );
+ } catch( ClassNotFoundException cnfe) {
+ throw new NoSuchAlgorithmException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new NoSuchAlgorithmException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new NoSuchAlgorithmException("Illegal Access");
+ }
+}
+
+/**
+ Gets the provider that the class is from.
+
+ @return the provider of this class
+*/
+public final Provider getProvider()
+{
+ return provider;
+}
+
+/**
+ Initializes the engine with the specified
+ AlgorithmParameterSpec class.
+
+ @param paramSpec A AlgorithmParameterSpec to initialize with
+
+ @throws InvalidParameterSpecException For an inapporiate ParameterSpec class
+*/
+public final void init(AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException
+{
+ paramSpi.engineInit( paramSpec );
+}
+
+/**
+ Initializes the engine with the specified
+ parameters stored in the byte array and decodes them
+ according to the ASN.1 specification. If the ASN.1
+ specification exists then it succeeds or else it throws
+ IOException.
+
+ @param params Parameters to initialize with
+
+ @throws IOException Decoding Error
+*/
+public final void init(byte[] params) throws IOException
+{
+ paramSpi.engineInit( params);
+}
+
+/**
+ Initializes the engine with the specified
+ parameters stored in the byte array and decodes them
+ according to the specified decoding specification.
+ If format is null, then it is decoded using the ASN.1
+ specification if it exists or else it throws
+ IOException.
+
+ @param params Parameters to initialize with
+ @param format Name of decoding format to use
+
+ @throws IOException Decoding Error
+*/
+public final void init(byte[] params, String format) throws IOException
+{
+ paramSpi.engineInit( params, format );
+}
+
+/**
+ Returns a specification of this AlgorithmParameters object.
+ paramSpec identifies the class to return the AlgortihmParameters
+ in.
+
+ @param paramSpec Class to return AlgorithmParameters in
+
+ @return the parameter specification
+
+ @throws InvalidParameterSpecException if the paramSpec is an invalid parameter class
+*/
+public final AlgorithmParameterSpec getParameterSpec(Class paramSpec) throws InvalidParameterSpecException
+{
+ return paramSpi.engineGetParameterSpec( paramSpec );
+}
+
+/**
+ Returns the parameters in the default encoding format.
+ The primary encoding format is ASN.1 format if it exists
+ for the specified type.
+
+ @return byte array representing the parameters
+*/
+public final byte[] getEncoded() throws IOException
+{
+ return paramSpi.engineGetEncoded();
+}
+
+/**
+ Returns the parameters in the specified encoding format.
+ If <code>format</code> is <code>null</code> then the
+ primary encoding format is used, the ASN.1 format,
+ if it exists for the specified type.
+
+ @return byte array representing the parameters
+*/
+public final byte[] getEncoded(String format) throws IOException
+{
+ return paramSpi.engineGetEncoded( format );
+}
+
+/**
+ Returns a string representation of the encoding format
+
+ @return a string containing the string representation
+*/
+public final String toString()
+{
+ return paramSpi.engineToString();
+}
+
+
+}
diff --git a/java/security/AlgorithmParametersSpi.java b/java/security/AlgorithmParametersSpi.java new file mode 100644 index 000000000..154bb697f --- /dev/null +++ b/java/security/AlgorithmParametersSpi.java @@ -0,0 +1,124 @@ +/* AlgorithmParametersSpi.java --- Algorithm Parameters SPI
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.InvalidParameterSpecException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.io.IOException;
+
+/**
+ AlgorithmParametersSpi is the Service Provider Interface
+ for the Algorithm Parameters class. This class is used
+ to manage the algorithm parameters.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class AlgorithmParametersSpi
+{
+
+/**
+ Creates a new instance of AlgorithmParametersSpi
+*/
+public AlgorithmParametersSpi()
+{}
+
+/**
+ Initializes the engine with the specified
+ AlgorithmParameterSpec class.
+
+ @param paramSpec A AlgorithmParameterSpec to initialize with
+
+ @throws InvalidParameterSpecException For an inapporiate ParameterSpec class
+*/
+protected abstract void engineInit(AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException;
+
+
+/**
+ Initializes the engine with the specified
+ parameters stored in the byte array and decodes them
+ according to the ASN.1 specification. If the ASN.1
+ specification exists then it succeeds or else it throws
+ IOException.
+
+ @param params Parameters to initialize with
+
+ @throws IOException Decoding Error
+*/
+protected abstract void engineInit(byte[] params) throws IOException;
+
+/**
+ Initializes the engine with the specified
+ parameters stored in the byte array and decodes them
+ according to the specified decoding specification.
+ If format is null, then it is decoded using the ASN.1
+ specification if it exists or else it throws
+ IOException.
+
+ @param params Parameters to initialize with
+ @param format Name of decoding format to use
+
+ @throws IOException Decoding Error
+*/
+protected abstract void engineInit(byte[] params, String format) throws IOException;
+
+
+/**
+ Returns a specification of this AlgorithmParameters object.
+ paramSpec identifies the class to return the AlgortihmParameters
+ in.
+
+ @param paramSpec Class to return AlgorithmParameters in
+
+ @return the parameter specification
+
+ @throws InvalidParameterSpecException if the paramSpec is an invalid parameter class
+*/
+protected abstract AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) throws InvalidParameterSpecException;
+
+
+/**
+ Returns the parameters in the default encoding format.
+ The primary encoding format is ASN.1 format if it exists
+ for the specified type.
+
+ @return byte array representing the parameters
+*/
+protected abstract byte[] engineGetEncoded() throws IOException;
+
+
+/**
+ Returns the parameters in the specified encoding format.
+ If <code>format</code> is <code>null</code> then the
+ primary encoding format is used, the ASN.1 format,
+ if it exists for the specified type.
+
+ @return byte array representing the parameters
+*/
+protected abstract byte[] engineGetEncoded(String format) throws IOException;
+
+/**
+ Returns a string describing the parameters in the
+ AlgorithmParametersSpi class.
+
+ @return A string representing the format of the parameters.
+*/
+protected abstract String engineToString();
+
+}
diff --git a/java/security/DigestInputStream.java b/java/security/DigestInputStream.java new file mode 100644 index 000000000..ed5978f96 --- /dev/null +++ b/java/security/DigestInputStream.java @@ -0,0 +1,150 @@ +/* DigestInputStream.java --- An Input stream tied to a message digest
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+//import java.security.MessageDigest;
+import java.io.InputStream;
+import java.io.FilterInputStream;
+import java.io.IOException;
+
+/**
+ DigestInputStream is a class that ties an InputStream with a
+ MessageDigest. The Message Digest is used by the class to
+ update it self as bytes are read from the InputStream.
+
+ The updating to the digest depends on the on flag which is set
+ to true by default to tell the class to update the data
+ in the message digest.
+
+ @version 0.0
+
+ @author Mark Benvenuto <ivymccough@worldnet.att.net>
+*/
+public class DigestInputStream extends FilterInputStream
+{
+
+/**
+ The message digest for the DigestInputStream
+*/
+protected MessageDigest digest;
+
+//Manages the on flag
+private boolean state = true;
+
+/**
+ Constructs a new DigestInputStream.
+ It associates a MessageDigest with the stream to
+ compute the stream as data is written.
+
+ @param stream An InputStream to associate this stream with
+ @param digest A MessageDigest to hash the stream with
+*/
+public DigestInputStream(InputStream stream, MessageDigest digest)
+{
+ super(stream);
+ //this.in = stream;
+ this.digest = digest;
+}
+
+/**
+ Returns the MessageDigest associated with this DigestInputStream
+
+ @return The MessageDigest used to hash this stream
+*/
+public MessageDigest getMessageDigest()
+{
+ return digest;
+}
+
+/**
+ Sets the current MessageDigest to current parameter
+
+ @param digest A MessageDigest to associate with this stream
+*/
+public void setMessageDigest(MessageDigest digest)
+{
+ this.digest = digest;
+}
+
+/**
+ Reads a byte from the input stream and updates the digest.
+ This method reads the underlying input stream and if the
+ on flag is true then updates the message digest.
+
+ @return Returns a byte from the input stream, -1 is returned to indicate that
+ the end of stream was reached before this read call
+
+ @throws IOException if an IO error occurs in the underlying input stream,
+ this error is thrown
+*/
+public int read() throws IOException
+{
+ int temp = in.read();
+
+ if( state == true && temp != -1)
+ digest.update((byte)temp);
+
+ return temp;
+}
+
+/**
+ Reads bytes from the input stream and updates the digest.
+ This method reads the underlying input stream and if the
+ on flag is true then updates the message digest.
+
+ @param b a byte array to store the data from the input stream
+ @param off an offset to start at in the array
+ @param len length of data to read
+ @return Returns count of bytes read, -1 is returned to indicate that
+ the end of stream was reached before this read call
+
+ @throws IOException if an IO error occurs in the underlying input stream,
+ this error is thrown
+*/
+public int read(byte[] b, int off, int len) throws IOException
+{
+ int temp = in.read(b, off, len);
+
+ if( state == true && temp != -1)
+ digest.update(b, off, len);
+
+ return temp;
+}
+
+/**
+ Sets the flag specifing if this DigestInputStream updates the
+ digest in the write() methods. The default is on;
+
+ @param on True means it digests stream, false means it does not
+*/
+public void on(boolean on)
+{
+ state = on;
+}
+
+/**
+ Converts the input stream and underlying message digest to a string.
+
+ @return A string representing the input stream and message digest.
+*/
+public String toString()
+{
+ return "[Digest Input Stream] " + digest.toString();
+}
+
+}
\ No newline at end of file diff --git a/java/security/DummyKeyPairGenerator.java b/java/security/DummyKeyPairGenerator.java new file mode 100644 index 000000000..4d542304e --- /dev/null +++ b/java/security/DummyKeyPairGenerator.java @@ -0,0 +1,23 @@ +package java.security;
+
+final class DummyKeyPairGenerator extends KeyPairGenerator
+{
+private KeyPairGeneratorSpi kpgSpi = null;
+
+public DummyKeyPairGenerator( KeyPairGeneratorSpi kpgSpi, String algorithm )
+{
+ super( algorithm );
+ this.kpgSpi = kpgSpi;
+}
+
+public void initialize(int keysize, SecureRandom random)
+{
+ kpgSpi.initialize( keysize, random );
+}
+
+public KeyPair generateKeyPair()
+{
+ return kpgSpi.generateKeyPair();
+}
+
+}
diff --git a/java/security/DummyMessageDigest.java b/java/security/DummyMessageDigest.java new file mode 100644 index 000000000..137c2cb51 --- /dev/null +++ b/java/security/DummyMessageDigest.java @@ -0,0 +1,37 @@ +package java.security;
+
+import java.security.MessageDigest;
+import java.security.MessageDigestSpi;
+import java.security.DigestException;
+
+final class DummyMessageDigest extends MessageDigest
+{
+private MessageDigestSpi mdSpi = null;
+
+public DummyMessageDigest( MessageDigestSpi mdSpi, String algorithm )
+{
+ super( algorithm );
+ this.mdSpi = mdSpi;
+}
+
+protected void engineUpdate (byte input)
+{
+ mdSpi.engineUpdate( input );
+}
+
+protected void engineUpdate (byte[] input, int offset, int len)
+{
+ mdSpi.engineUpdate(input, offset, len);
+}
+
+protected byte[] engineDigest()
+{
+ return mdSpi.engineDigest();
+}
+
+protected void engineReset()
+{
+ mdSpi.engineReset();
+}
+
+}
diff --git a/java/security/DummySignature.java b/java/security/DummySignature.java new file mode 100644 index 000000000..b59cdb572 --- /dev/null +++ b/java/security/DummySignature.java @@ -0,0 +1,60 @@ +package java.security;
+
+final class DummySignature extends Signature
+{
+private SignatureSpi sigSpi = null;
+
+public DummySignature( SignatureSpi sigSpi, String algorithm )
+{
+ super( algorithm );
+ this.sigSpi = sigSpi;
+}
+
+protected void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException
+{
+ sigSpi.engineInitVerify( publicKey);
+}
+
+protected void engineInitSign(PrivateKey privateKey)
+ throws InvalidKeyException
+{
+ sigSpi.engineInitSign( privateKey);
+}
+
+protected void engineUpdate(byte b)
+ throws SignatureException
+{
+ sigSpi.engineUpdate(b );
+}
+
+protected void engineUpdate(byte[] b, int off, int len)
+ throws SignatureException
+{
+ sigSpi.engineUpdate(b, off, len);
+}
+
+protected byte[] engineSign() throws SignatureException
+{
+ return sigSpi.engineSign();
+}
+
+protected boolean engineVerify(byte[] sigBytes)
+ throws SignatureException
+{
+ return sigSpi.engineVerify( sigBytes);
+}
+
+protected void engineSetParameter(String param, Object value)
+ throws InvalidParameterException
+{
+ sigSpi.engineSetParameter( param, value);
+}
+
+protected Object engineGetParameter(String param)
+ throws InvalidParameterException
+{
+ return sigSpi.engineGetParameter( param);
+}
+
+}
diff --git a/java/security/Identity.java b/java/security/Identity.java new file mode 100644 index 000000000..e0a27034e --- /dev/null +++ b/java/security/Identity.java @@ -0,0 +1,345 @@ +/* Identity.java --- Identity Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.io.Serializable;
+import java.util.Vector;
+
+/**
+ The Identity class is used to repsent people and companies that
+ can be authenticated using public key encryption. The identities
+ can also be abstract objects such as smart cards.
+
+ Identity object store a name and public key for each identity.
+ The names cannot be changed and the identities can be scoped.
+ Each identity (name and public key) within a scope is unique
+ to that scope.
+
+ Each identity has a set of ceritificates which all specify the
+ same public key but not necessarily the same name.
+
+ The Identity class can be subclassed to allow additional
+ information to be attached to it.
+
+ @since JDK 1.1
+
+ @deprecated Use java.security.KeyStore, the java.security.cert
+ package, and java.security.Principal.
+
+ @author Mark Benvenuto
+*/
+public abstract class Identity implements Principal, Serializable
+{
+private String name;
+private IdentityScope scope;
+private PublicKey publicKey;
+private String info;
+private Vector certificates;
+
+/**
+ Creates a new instance of Identity from Serialized Data
+*/
+protected Identity()
+{}
+
+/**
+ Creates a new instance of Identity with the specified name
+ and IdentityScope.
+
+ @param name the name to use
+ @param scope the scope to use
+
+ @throws KeyManagementException if the identity is already
+ present
+*/
+public Identity(String name, IdentityScope scope)
+ throws KeyManagementException
+{
+ this.name = name;
+ this.scope = scope;
+}
+
+/**
+ Creates a new instance of Identity with the specified name
+ and no scope.
+
+ @param name the name to use
+*/
+public Identity(String name)
+{
+ this.name = name;
+ this.scope = null;
+}
+
+/**
+ Gets the name for this Identity.
+
+ @return the name
+*/
+public final String getName()
+{
+ return name;
+}
+
+/**
+ Gets the scope for this Identity.
+
+ @return the scope
+*/
+public final IdentityScope getScope()
+{
+ return scope;
+}
+
+/**
+ Gets the public key for this identity.
+
+ @return the public key
+*/
+public PublicKey getPublicKey()
+{
+ return publicKey;
+}
+
+/**
+ Sets the public key for this identity.
+ The old key and all certificates are removed.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "setIdentityPublicKey".
+
+ @param key the public key to use
+
+ @throws KeyManagementException if this public key is used by
+ another identity in the current scope.
+ @throws SecurityException - if the security manager denies
+ access to "setIdentityPublicKey"
+*/
+public void setPublicKey(PublicKey key)
+ throws KeyManagementException
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "setIdentityPublicKey" );
+
+ this.publicKey = key;
+}
+
+/**
+ Sets the general information string.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "setIdentityInfo".
+
+ @param info the general information string.
+
+ @throws SecurityException - if the security manager denies
+ access to "setIdentityInfo"
+*/
+public void setInfo(String info)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "setIdentityInfo" );
+
+ this.info = info;
+}
+
+/**
+ Gets the general information string.
+
+ @return the string
+*/
+public String getInfo()
+{
+ return info;
+}
+
+/**
+ Adds a certificate to the list of ceritificates for this
+ identity. The public key in this certificate must match the
+ existing public key if it exists.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "addIdentityCertificate".
+
+ @param certificate the certificate to add
+
+ @throws KeyManagementException if the certificate is invalid
+ or the public key conflicts
+ @throws SecurityException - if the security manager denies
+ access to "addIdentityCertificate"
+*/
+public void addCertificate(java.security.Certificate certificate)
+ throws KeyManagementException
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "addIdentityCertificate" );
+
+ //Check public key of this certificate against the first one
+ //in the vector
+ if( certificates.size() > 0 ) {
+ if( ((Certificate)certificates.firstElement()).getPublicKey() != publicKey )
+ throw new KeyManagementException("Public key does not match");
+ }
+ certificates.addElement( certificate );
+}
+
+/**
+ Removes a certificate from the list of ceritificates for this
+ identity.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "removeIdentityCertificate".
+
+ @param certificate the certificate to add
+
+ @throws KeyManagementException if the certificate is invalid
+ @throws SecurityException - if the security manager denies
+ access to "removeIdentityCertificate"
+*/
+public void removeCertificate(Certificate certificate)
+ throws KeyManagementException
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "removeIdentityCertificate" );
+
+ if( certificates.contains( certificate ) == false )
+ throw new KeyManagementException("Certificate not found");
+
+ certificates.removeElement( certificate );
+}
+
+/**
+ Returns an array of certificates for this identity.
+
+ @returns array of certificates
+*/
+public Certificate[] certificates()
+{
+ Certificate certs[] = new Certificate[ certificates.size() ];
+ int max = certificates.size();
+ for( int i = 0; i < max; i++)
+ certs[i] = (Certificate)certificates.elementAt( i );
+ return certs;
+}
+
+/**
+ Checks for equality between this Identity and the specified
+ object. If first checks if they are the same object, then
+ if the name and scope matches and returns true if successful.
+ If these tests fail, identityEquals is called.
+
+ @return true if they are equal, false otherwise
+*/
+public final boolean equals(Object identity)
+{
+ if( identity instanceof Identity ) {
+ if( identity == this ) return true;
+
+ if( ( ((Identity)identity).getName() == this.name ) &&
+ ( ((Identity)identity).getScope() == this.scope ) )
+ return true;
+
+ return identityEquals( (Identity)identity );
+ }
+ return false;
+}
+
+/**
+ Checks for equality between this Identity and the specified
+ object. A subclass should override this method. The default
+ behavior is to return true if the public key and names match.
+
+ @return true if they are equal, false otherwise
+*/
+protected boolean identityEquals(Identity identity)
+{
+ return (( identity.getName() == this.name ) &&
+ ( identity.getPublicKey() == this.publicKey) );
+}
+
+/**
+ Returns a string representing this Identity.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "printIdentity".
+
+ @returns a string representing this Identity.
+
+ @throws SecurityException - if the security manager denies
+ access to "printIdentity"
+*/
+public String toString()
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "printIdentity" );
+
+ /* TODO: Insert proper format here */
+ return (name + ":@" + scope + " Public Key: " + publicKey );
+}
+
+/**
+ Returns a detailed string representing this Identity.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "printIdentity".
+
+ @param detailed indicates whether or not to provide detailed
+ information
+
+ @returns a string representing this Identity.
+
+ @throws SecurityException - if the security manager denies
+ access to "printIdentity"
+*/
+public String toString(boolean detailed)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "printIdentity" );
+
+ if( detailed ) {
+ /* TODO: Insert proper detailed format here */
+ return (name + ":@" + scope + " Public Key: " + publicKey );
+ } else {
+ /* TODO: Insert proper format here */
+ return (name + ":@" + scope + " Public Key: " + publicKey );
+ }
+}
+
+/**
+ Gets the hashcode for this Identity.
+
+ @returns the hashcode
+*/
+public int hashCode()
+{
+ int ret = name.hashCode();
+ if( publicKey != null) ret|= publicKey.hashCode();
+ if( scope != null) ret|= scope.hashCode();
+ if( info != null) ret|= info.hashCode();
+ if( certificates != null) ret|= certificates.hashCode();
+
+ return ret;
+}
+
+}
diff --git a/java/security/IdentityScope.java b/java/security/IdentityScope.java new file mode 100644 index 000000000..a957f98c2 --- /dev/null +++ b/java/security/IdentityScope.java @@ -0,0 +1,198 @@ +/* Identity.java --- Identity Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.util.Enumeration;
+
+/**
+ IdentityScope represents a scope of an identity. IdentityScope
+ is also an Identity and can have a name and scope along with
+ the other qualitites identities posses.
+
+ An IdentityScope contains other Identity objects. All Identity
+ objects are manipulated in the scope the same way. The scope
+ is suppose to apply different scope to different type of
+ Identities.
+
+ No identity within the same scope can have the same public key.
+
+ @since JDK 1.1
+
+ @deprecated Use java.security.KeyStore, the java.security.cert
+ package, and java.security.Principal.
+
+ @author Mark Benvenuto
+*/
+public abstract class IdentityScope extends Identity
+{
+private static IdentityScope systemScope = null;
+
+/**
+ Creates a new instance of IdentityScope from Serialized Data
+*/
+protected IdentityScope()
+{
+ super();
+}
+
+/**
+ Creates a new instance of IdentityScope with the specified name
+ and no scope.
+
+ @param name the name to use
+*/
+public IdentityScope(String name)
+{
+ super( name );
+}
+
+/**
+ Creates a new instance of IdentityScope with the specified name
+ and IdentityScope.
+
+ @param name the name to use
+ @param scope the scope to use
+
+ @throws KeyManagementException if the identity scope is already
+ present
+*/
+public IdentityScope(String name, IdentityScope scope)
+ throws KeyManagementException
+{
+ super( name, scope );
+}
+
+/**
+ Gets the system's Scope.
+*/
+public static IdentityScope getSystemScope()
+{
+ if( systemScope == null )
+ {
+ //Load it
+ //systemScope;
+ }
+ return systemScope;
+}
+
+/**
+ Sets the scope of the system.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "setSystemScope".
+
+ @param scope the new sustem scope
+
+ @throws SecurityException - if the security manager denies
+ access to "setSystemScope"
+*/
+protected static void setSystemScope(IdentityScope scope)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "setSystemScope" );
+
+ systemScope = scope;
+}
+
+/**
+ Gets the number of entries within this IdentityScope.
+
+ @returns the number of entries
+*/
+public abstract int size();
+
+/**
+ Gets the specified Identity within this scope
+ by specified name.
+
+ @param name name of Identity to get
+
+ @returns an identity representing the name or null if it
+ cannot be found
+*/
+public abstract Identity getIdentity(String name);
+
+/**
+ Gets the specified Identity within this scope
+ by the specified Principal.
+
+ @param principal The Principal of the Identity to get
+
+ @returns an identity representing the principal or null if it
+ cannot be found
+*/
+public Identity getIdentity(Principal principal)
+{
+ return getIdentity( principal.getName() );
+}
+
+/**
+ Gets the specified Identity within this scope
+ by the specified public key.
+
+ @param key the PublicKey of the Identity to get
+
+ @returns an identity representing the public key or null if it
+ cannot be found
+*/
+public abstract Identity getIdentity(PublicKey key);
+
+/**
+ Adds an identity to his scope.
+
+ @param identity the identity to add
+
+ @throws KeyManagementException if it is an invalid identity,
+ an identity with the same key exists, or another error
+ occurs.
+*/
+public abstract void addIdentity(Identity identity)
+ throws KeyManagementException;
+
+/**
+ Removes an identity to his scope.
+
+ @param identity the identity to remove
+
+ @throws KeyManagementException if it is a missing identity,
+ or another error occurs.
+*/
+public abstract void removeIdentity(Identity identity)
+ throws KeyManagementException;
+
+/**
+ Returns an Enumeration of identities.
+
+ @returns an enumeration of the identities.
+*/
+public abstract Enumeration identities();
+
+/**
+ Returns a string representing this IdentityScope.
+ It includes the name, the scope name, and number of identities.
+
+ @returns a string representing this IdentityScope.
+*/
+public String toString()
+{
+ return ( super.getName() + " " + super.getScope().getName()
+ + " " + size() );
+}
+
+}
diff --git a/java/security/KeyFactory.java b/java/security/KeyFactory.java new file mode 100644 index 000000000..fd882bcd8 --- /dev/null +++ b/java/security/KeyFactory.java @@ -0,0 +1,216 @@ +/* KeyFactory.java --- Key Factory Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+
+/**
+ Key factories are used to convert keys (opaque cryptographic
+ keys of type Key) into key specifications (transparent
+ representations of the underlying key material).
+
+ Key factories are bi-directional. They allow a key class
+ to be converted into a key specification (key material) and
+ back again.
+
+ For example DSA public keys can be specified as
+ DSAPublicKeySpec or X509EncodedKeySpec. The key factory
+ translate these key specifications.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class KeyFactory
+{
+
+private KeyFactorySpi keyFacSpi;
+private Provider provider;
+private String algorithm;
+
+/**
+ Constructs a new keyFactory with the specified parameters.
+
+ @param keyFacSpi Key Factory SPI to use
+ @param provider the provider of the Key Factory SPI
+ @param algorithm the name of the key algorithm for this key factory
+*/
+protected KeyFactory(KeyFactorySpi keyFacSpi, Provider provider, String algorithm)
+{
+ this.keyFacSpi = keyFacSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+}
+
+/**
+ Gets an instance of the KeyFactory class representing
+ the specified key factory. If the algorithm is not
+ found then, it throws NoSuchAlgorithmException.
+
+ @param algorithm the name of algorithm to choose
+ @return a KeyFactory repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by providers
+*/
+public static KeyFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+{
+ Provider[] p = Security.getProviders ();
+
+ for (int i = 0; i < p.length; i++)
+ {
+ String classname = p[i].getProperty ("KeyFactory." + algorithm);
+ if (classname != null)
+ return getInstance (classname, algorithm, p[i]);
+ }
+
+ throw new NoSuchAlgorithmException (algorithm);
+}
+
+/**
+ Gets an instance of the KeyFactory class representing
+ the specified key factory from the specified provider.
+ If the algorithm is not found then, it throws
+ NoSuchAlgorithmException. If the provider is not found, then
+ it throws NoSuchProviderException.
+
+ @param algorithm the name of algorithm to choose
+ @param provider the name of the provider to find the algorithm in
+ @return a KeyFactory repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by the provider
+ @throws NoSuchProviderException if the provider is not found
+*/
+public static KeyFactory getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+{
+ Provider p = Security.getProvider(provider);
+ if( p == null)
+ throw new NoSuchProviderException();
+
+ return getInstance (p.getProperty ("KeyFactory." + algorithm),
+ algorithm, p);
+}
+
+private static KeyFactory getInstance (String classname,
+ String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+{
+
+ try {
+ return new KeyFactory( (KeyFactorySpi)Class.forName( classname ).newInstance(), provider, algorithm );
+ } catch( ClassNotFoundException cnfe) {
+ throw new NoSuchAlgorithmException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new NoSuchAlgorithmException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new NoSuchAlgorithmException("Illegal Access");
+ }
+}
+
+/**
+ Gets the provider that the class is from.
+
+ @return the provider of this class
+*/
+public final Provider getProvider()
+{
+ return provider;
+}
+
+/**
+ Returns the name of the algorithm used
+
+ @return A string with the name of the algorithm
+*/
+public final String getAlgorithm()
+{
+ return algorithm;
+}
+
+/**
+ Generates a public key from the provided key specification.
+
+ @param keySpec key specification
+
+ @return the public key
+
+ @throws InvalidKeySpecException invalid key specification for
+ this key factory to produce a public key
+*/
+public final PublicKey generatePublic(KeySpec keySpec) throws InvalidKeySpecException
+{
+ return keyFacSpi.engineGeneratePublic( keySpec );
+}
+
+/**
+ Generates a private key from the provided key specification.
+
+ @param keySpec key specification
+
+ @return the private key
+
+ @throws InvalidKeySpecException invalid key specification for
+ this key factory to produce a private key
+*/
+public final PrivateKey generatePrivate(KeySpec keySpec) throws InvalidKeySpecException
+{
+ return keyFacSpi.engineGeneratePrivate( keySpec );
+}
+
+/**
+ Returns a key specification for the given key. keySpec
+ identifies the specification class to return the key
+ material in.
+
+ @param key the key
+ @param keySpec the specification class to return the
+ key material in.
+
+ @return the key specification in an instance of the requested
+ specification class
+
+ @throws InvalidKeySpecException the requested key specification
+ is inappropriate for this key or the key is
+ unrecognized.
+*/
+public final KeySpec getKeySpec(Key key, Class keySpec)
+ throws InvalidKeySpecException
+{
+ return keyFacSpi.engineGetKeySpec( key, keySpec );
+}
+
+/**
+ Translates the key from an unknown or untrusted provider
+ into a key for this key factory.
+
+ @param the key from an unknown or untrusted provider
+
+ @return the translated key
+
+ @throws InvalidKeySpecException if the key cannot be
+ processed by this key factory
+*/
+public final Key translateKey(Key key) throws InvalidKeyException
+{
+ return keyFacSpi.engineTranslateKey( key );
+}
+
+}
diff --git a/java/security/KeyFactorySpi.java b/java/security/KeyFactorySpi.java new file mode 100644 index 000000000..bab78e15a --- /dev/null +++ b/java/security/KeyFactorySpi.java @@ -0,0 +1,115 @@ +/* KeyFactorySpi.java --- Key Factory Service Provider Interface
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+
+/**
+ KeyFactorySpi is the Service Provider Interface (SPI) for the
+ KeyFactory class. This is the interface for providers to
+ supply to implement a key factory for an algorithm.
+
+ Key factories are used to convert keys (opaque cryptographic
+ keys of type Key) into key specifications (transparent
+ representations of the underlying key material).
+
+ Key factories are bi-directional. They allow a key class
+ to be converted into a key specification (key material) and
+ back again.
+
+ For example DSA public keys can be specified as
+ DSAPublicKeySpec or X509EncodedKeySpec. The key factory
+ translate these key specifications.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class KeyFactorySpi
+{
+
+/**
+ Constucts a new KeyFactorySpi.
+*/
+public KeyFactorySpi()
+{}
+
+/**
+ Generates a public key from the provided key specification.
+
+ @param keySpec key specification
+
+ @return the public key
+
+ @throws InvalidKeySpecException invalid key specification for
+ this key factory to produce a public key
+*/
+protected abstract PublicKey engineGeneratePublic(KeySpec keySpec)
+ throws InvalidKeySpecException;
+
+
+/**
+ Generates a private key from the provided key specification.
+
+ @param keySpec key specification
+
+ @return the private key
+
+ @throws InvalidKeySpecException invalid key specification for
+ this key factory to produce a private key
+*/
+protected abstract PrivateKey engineGeneratePrivate(KeySpec keySpec)
+ throws InvalidKeySpecException;
+
+/**
+ Returns a key specification for the given key. keySpec
+ identifies the specification class to return the key
+ material in.
+
+ @param key the key
+ @param keySpec the specification class to return the
+ key material in.
+
+ @return the key specification in an instance of the requested
+ specification class
+
+ @throws InvalidKeySpecException the requested key specification
+ is inappropriate for this key or the key is
+ unrecognized.
+*/
+protected abstract KeySpec engineGetKeySpec(Key key, Class keySpec)
+ throws InvalidKeySpecException;
+
+
+/**
+ Translates the key from an unknown or untrusted provider
+ into a key for this key factory.
+
+ @param the key from an unknown or untrusted provider
+
+ @return the translated key
+
+ @throws InvalidKeySpecException if the key cannot be
+ processed by this key factory
+*/
+protected abstract Key engineTranslateKey(Key key)
+ throws InvalidKeyException;
+
+
+}
diff --git a/java/security/KeyPair.java b/java/security/KeyPair.java new file mode 100644 index 000000000..3366d7014 --- /dev/null +++ b/java/security/KeyPair.java @@ -0,0 +1,68 @@ +/* KeyPair.java --- Key Pair Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.io.Serializable;
+
+/**
+ KeyPair serves as a simple container for public and private keys.
+ If properly initialized, this class should be treated like the
+ private key since it contains it and take approriate security
+ measures.
+
+ @author Mark Benvenuto
+*/
+public final class KeyPair implements Serializable
+{
+
+private PublicKey publicKey;
+private PrivateKey privateKey;
+
+/**
+ Initializes the KeyPair with a pubilc and private key.
+
+ @param publicKey Public Key to store
+ @param privateKey Private Key to store
+*/
+public KeyPair(PublicKey publicKey, PrivateKey privateKey)
+{
+ this.publicKey = publicKey;
+ this.privateKey = privateKey;
+}
+
+/**
+ Returns the public key stored in the KeyPair
+
+ @return The public key
+*/
+public PublicKey getPublic()
+{
+ return publicKey;
+}
+
+/**
+ Returns the private key stored in the KeyPair
+
+ @return The private key
+*/
+public PrivateKey getPrivate()
+{
+ return privateKey;
+}
+
+}
diff --git a/java/security/KeyPairGenerator.java b/java/security/KeyPairGenerator.java new file mode 100644 index 000000000..6b3526fe1 --- /dev/null +++ b/java/security/KeyPairGenerator.java @@ -0,0 +1,211 @@ +/* KeyPairGenerator.java --- Key Pair Generator Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ KeyPairGenerator is the class used to generate key pairs
+ for a security algorithm.
+
+ The KeyPairGenerator is created with the getInstance()
+ methods. The class is used to generate public and private
+ keys for an algorithm and associate it with
+ algorithm parameters.
+
+ @author Mark Benvenuto
+*/
+public abstract class KeyPairGenerator extends KeyPairGeneratorSpi
+{
+
+private Provider provider;
+private String algorithm;
+
+/**
+ Constructs a new KeyPairGenerator
+
+ @param algorithm the algorithm to use
+*/
+protected KeyPairGenerator(String algorithm)
+{
+ this.algorithm = algorithm;
+ this.provider = null;
+}
+
+/**
+ Returns the name of the algorithm used
+
+ @return A string with the name of the algorithm
+*/
+public String getAlgorithm()
+{
+ return algorithm;
+}
+
+/**
+ Gets an instance of the KeyPairGenerator class
+ which generates key pairs for the specified algorithm.
+ If the algorithm is not found then, it throws NoSuchAlgorithmException.
+
+ @param algorithm the name of algorithm to choose
+ @return a AlgorithmParameterGenerator repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by providers
+*/
+public static KeyPairGenerator getInstance(String algorithm) throws NoSuchAlgorithmException
+{
+ Provider[] p = Security.getProviders ();
+
+ for (int i = 0; i < p.length; i++)
+ {
+ String classname = p[i].getProperty ("KeyPairGenerator." + algorithm);
+ if (classname != null)
+ return getInstance (classname, algorithm, p[i]);
+ }
+
+ throw new NoSuchAlgorithmException (algorithm);
+
+}
+
+/**
+ Gets an instance of the KeyPairGenerator class
+ which generates key pairs for the specified algorithm.
+ If the algorithm is not found then, it throws NoSuchAlgorithmException.
+
+ @param algorithm the name of algorithm to choose
+ @param provider the name of the provider to find the algorithm in
+ @return a AlgorithmParameterGenerator repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by the provider
+ @throws NoSuchProviderException if the provider is not found
+*/
+public static KeyPairGenerator getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
+{
+ Provider p = Security.getProvider(provider);
+ if( p == null)
+ throw new NoSuchProviderException();
+
+ return getInstance (p.getProperty ("KeyPairGenerator." + algorithm),
+ algorithm, p);
+}
+
+private static KeyPairGenerator getInstance (String classname,
+ String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+{
+ try {
+ Object o = Class.forName( classname ).newInstance();
+ KeyPairGenerator kpg;
+ if( o instanceof KeyPairGeneratorSpi )
+ kpg = (KeyPairGenerator)(new DummyKeyPairGenerator( (KeyPairGeneratorSpi)o , algorithm ));
+ else
+ {
+ kpg = (KeyPairGenerator)o;
+ kpg.algorithm = algorithm;
+ }
+
+ kpg.provider = provider;
+ return kpg;
+ } catch( ClassNotFoundException cnfe) {
+ throw new NoSuchAlgorithmException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new NoSuchAlgorithmException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new NoSuchAlgorithmException("Illegal Access");
+ }
+}
+
+/**
+ Gets the provider that the class is from.
+
+ @return the provider of this class
+*/
+public final Provider getProvider()
+{
+ return provider;
+}
+
+/**
+ Initializes the KeyPairGenerator for the specified key size.
+ (Since no source of randomness is specified, a default one is
+ provided.)
+
+ @param keysize Size of key to generate
+*/
+public void initialize(int keysize)
+{
+ initialize( keysize, new SecureRandom() );
+}
+
+/**
+ Initializes the KeyPairGenerator for the specified key size
+ and specified SecureRandom.
+
+ @param keysize Size of key to generate
+ @param random SecureRandom to use
+
+ @since JDK 1.2
+*/
+public void initialize(int keysize, SecureRandom random)
+{
+ initialize( keysize, random );
+}
+
+/**
+ Initializes the KeyPairGenerator with the specified
+ AlgorithmParameterSpec class.
+ (Since no source of randomness is specified, a default one is
+ provided.)
+
+ @param params AlgorithmParameterSpec to initialize with
+
+ @since JDK 1.2
+*/
+public void initialize(AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException
+{
+ initialize( params, new SecureRandom() );
+}
+
+/**
+ Initializes the KeyPairGenerator with the specified
+ AlgorithmParameterSpec class and specified SecureRandom.
+
+ @param params AlgorithmParameterSpec to initialize with
+ @param random SecureRandom to use
+
+ @since JDK 1.2
+*/
+public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException
+{
+ super.initialize( params, random );
+}
+
+/**
+ Generates a KeyPair according the rules for the algorithm.
+ Unless intialized, algorithm defaults will be used. It
+ creates a unique key pair each time.
+
+ @return a key pair
+*/
+public final KeyPair genKeyPair()
+{
+ return generateKeyPair();
+}
+
+}
diff --git a/java/security/KeyPairGeneratorSpi.java b/java/security/KeyPairGeneratorSpi.java new file mode 100644 index 000000000..53247095d --- /dev/null +++ b/java/security/KeyPairGeneratorSpi.java @@ -0,0 +1,75 @@ +/* KeyPairGeneratorSpi.java --- Key Pair Generator SPI Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ KeyPairGeneratorSpi is the interface used to generate key pairs
+ for security algorithms.
+
+ @author Mark Benvenuto
+*/
+public abstract class KeyPairGeneratorSpi
+{
+
+/**
+ Constructs a new KeyPairGeneratorSpi
+*/
+public KeyPairGeneratorSpi()
+{}
+
+
+/**
+ Initialize the KeyPairGeneratorSpi with the specified
+ key size and source of randomness
+
+ @param keysize size of the key to generate
+ @param random A SecureRandom source of randomness
+*/
+public abstract void initialize(int keysize, SecureRandom random);
+
+/**
+ Initialize the KeyPairGeneratorSpi with the specified
+ AlgorithmParameterSpec and source of randomness
+
+ This is a concrete method. It may be overridden by the provider
+ and if the AlgorithmParameterSpec class is invalid
+ throw InvalidAlgorithmParameterException. By default this
+ method just throws UnsupportedOperationException.
+
+ @param params A AlgorithmParameterSpec to intialize with
+ @param random A SecureRandom source of randomness
+
+ @throws InvalidAlgorithmParameterException
+*/
+public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException
+{
+ throw new java.lang.UnsupportedOperationException();
+}
+
+/**
+ Generates a KeyPair according the rules for the algorithm.
+ Unless intialized, algorithm defaults will be used. It
+ creates a unique key pair each time.
+
+ @return a key pair
+*/
+public abstract KeyPair generateKeyPair();
+
+}
diff --git a/java/security/KeyStore.java b/java/security/KeyStore.java new file mode 100644 index 000000000..8b29dea9a --- /dev/null +++ b/java/security/KeyStore.java @@ -0,0 +1,435 @@ +/* KeyStore.java --- Key Store Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.io.InputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.cert.CertificateException;
+import java.util.Date;
+import java.util.Enumeration ;
+
+/**
+ Keystore represents an in-memory collection of keys and
+ certificates. There are two types of entries:
+
+ * Key Entry
+
+ This type of keystore entry store sensitive crytographic key
+ information in a protected format.Typically this is a secret
+ key or a private key with a certificate chain.
+
+
+ * Trusted Ceritificate Entry
+
+ This type of keystore entry contains a single public key
+ certificate belonging to annother entity. It is called trusted
+ because the keystore owner trusts that the certificates
+ belongs to the subject (owner) of the certificate.
+
+ The keystore contains an "alias" string for each entry.
+
+ The structure and persistentence of the key store is not
+ specified. Any method could be used to protect sensitive
+ ( private or secret) keys. Smart cards or integrated
+ cryptographic engines could be used or the keystore could
+ be simply stored in a file.
+*/
+public class KeyStore
+{
+
+private KeyStoreSpi keyStoreSpi;
+private Provider provider;
+private String type;
+
+/**
+ Creates an instance of KeyStore
+
+ @param keyStoreSpi A KeyStore engine to use
+ @param provider A provider to use
+ @param type The type of KeyStore
+*/
+protected KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type)
+{
+ this.keyStoreSpi = keyStoreSpi;
+ this.provider = provider;
+ this.type = type;
+}
+
+/**
+ Gets an instance of the KeyStore class representing
+ the specified keystore. If the type is not
+ found then, it throws CertificateException.
+
+ @param type the type of certificate to choose
+
+ @return a KeyStore repesenting the desired type
+
+ @throws KeyStoreException if the type of keystore is not implemented by providers
+*/
+public static KeyStore getInstance(String type)
+ throws KeyStoreException
+{
+ Provider[] p = Security.getProviders ();
+
+ for (int i = 0; i < p.length; i++)
+ {
+ String classname = p[i].getProperty ("KeyStore." + type);
+ if (classname != null)
+ return getInstance (classname, type, p[i]);
+ }
+
+ throw new KeyStoreException(type);
+}
+
+/**
+ Gets an instance of the KeyStore class representing
+ the specified key store from the specified provider.
+ If the type is not found then, it throws CertificateException.
+ If the provider is not found, then it throws
+ NoSuchProviderException.
+
+ @param type the type of certificate to choose
+
+ @return a KeyStore repesenting the desired type
+
+ @throws KeyStoreException if the type of keystore is not implemented by providers
+ @throws NoSuchProviderException if the provider is not found
+*/
+public static KeyStore getInstance(String type, String provider)
+ throws KeyStoreException, NoSuchProviderException
+{
+ Provider p = Security.getProvider(provider);
+ if( p == null)
+ throw new NoSuchProviderException();
+
+ return getInstance (p.getProperty ("KeyStore." + type),
+ type, p);
+}
+
+private static KeyStore getInstance (String classname,
+ String type,
+ Provider provider)
+ throws KeyStoreException
+{
+ try {
+ return new KeyStore( (KeyStoreSpi)Class.forName( classname ).newInstance(), provider, type );
+ } catch( ClassNotFoundException cnfe) {
+ throw new KeyStoreException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new KeyStoreException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new KeyStoreException("Illegal Access");
+ }
+}
+
+
+/**
+ Gets the provider that the class is from.
+
+ @return the provider of this class
+*/
+public final Provider getProvider()
+{
+ return provider;
+}
+
+/**
+ Returns the type of the KeyStore supported
+
+ @return A string with the type of KeyStore
+*/
+public final String getType()
+{
+ return type;
+}
+
+/**
+ Returns the key associated with given alias using the
+ supplied password.
+
+ @param alias an alias for the key to get
+ @param password password to access key with
+
+ @return the requested key, or null otherwise
+
+ @throws NoSuchAlgorithmException if there is no algorithm
+ for recovering the key
+ @throws UnrecoverableKeyException key cannot be reocovered
+ (wrong password).
+*/
+public final Key getKey(String alias, char[] password)
+ throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException
+{
+ return keyStoreSpi.engineGetKey( alias, password);
+}
+
+/**
+ Gets a Certificate chain for the specified alias.
+
+ @param alias the alias name
+
+ @return a chain of Certificates ( ordered from the user's
+ certificate to the Certificate Authority's ) or
+ null if the alias does not exist or there is no
+ certificate chain for the alias ( the alias refers
+ to a trusted certificate entry or there is no entry).
+*/
+public final java.security.cert.Certificate[] getCertificateChain(String alias)
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineGetCertificateChain( alias );
+}
+
+/**
+ Gets a Certificate for the specified alias.
+
+ If there is a trusted certificate entry then that is returned.
+ it there is a key entry with a certificate chain then the
+ first certificate is return or else null.
+
+ @param alias the alias name
+
+ @return a Certificate or null if the alias does not exist
+ or there is no certificate for the alias
+*/
+public final java.security.cert.Certificate getCertificate(String alias)
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineGetCertificate( alias );
+}
+
+/**
+ Gets entry creation date for the specified alias.
+
+ @param alias the alias name
+
+ @returns the entry creation date or null
+*/
+public final Date getCreationDate(String alias)
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineGetCreationDate( alias );
+}
+
+/**
+ Assign the key to the alias in the keystore, protecting it
+ with the given password. It will overwrite an existing
+ entry and if the key is a PrivateKey, also add the
+ certificate chain representing the corresponding public key.
+
+ @param alias the alias name
+ @param key the key to add
+ @password the password to protect with
+ @param chain the certificate chain for the corresponding
+ public key
+
+ @throws KeyStoreException if it fails
+*/
+public final void setKeyEntry(String alias, Key key, char[] password, java.security.cert.Certificate[] chain)
+ throws KeyStoreException
+{
+ keyStoreSpi.engineSetKeyEntry( alias, key, password, chain );
+}
+
+/**
+ Assign the key to the alias in the keystore. It will overwrite
+ an existing entry and if the key is a PrivateKey, also
+ add the certificate chain representing the corresponding
+ public key.
+
+ @param alias the alias name
+ @param key the key to add
+ @param chain the certificate chain for the corresponding
+ public key
+
+ @throws KeyStoreException if it fails
+*/
+public final void setKeyEntry(String alias, byte[] key, java.security.cert.Certificate[] chain)
+ throws KeyStoreException
+{
+ keyStoreSpi.engineSetKeyEntry( alias, key, chain);
+}
+
+/**
+ Assign the certificate to the alias in the keystore. It
+ will overwrite an existing entry.
+
+ @param alias the alias name
+ @param cert the certificate to add
+
+ @throws KeyStoreException if it fails
+*/
+public final void setCertificateEntry(String alias, java.security.cert.Certificate cert)
+ throws KeyStoreException
+{
+ keyStoreSpi.engineSetCertificateEntry(alias, cert);
+}
+
+/**
+ Deletes the entry for the specified entry.
+
+ @param alias the alias name
+
+ @throws KeyStoreException if it fails
+*/
+public final void deleteEntry(String alias)
+ throws KeyStoreException
+{
+ keyStoreSpi.engineDeleteEntry( alias );
+}
+
+/**
+ Generates a list of all the aliases in the keystore.
+
+ @return an Enumeration of the aliases
+*/
+public final Enumeration aliases()
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineAliases();
+}
+
+/**
+ Determines if the keystore contains the specified alias.
+
+ @param alias the alias name
+
+ @return true if it contains the alias, false otherwise
+*/
+public final boolean containsAlias(String alias)
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineContainsAlias( alias );
+}
+
+/**
+ Returns the number of entries in the keystore.
+
+ @returns the number of keystore entries.
+*/
+public final int size()
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineSize();
+}
+
+/**
+ Determines if the keystore contains a key entry for
+ the specified alias.
+
+ @param alias the alias name
+
+ @return true if it is a key entry, false otherwise
+*/
+public final boolean isKeyEntry(String alias)
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineIsKeyEntry( alias );
+}
+
+
+/**
+ Determines if the keystore contains a certificate entry for
+ the specified alias.
+
+ @param alias the alias name
+
+ @return true if it is a certificate entry, false otherwise
+*/
+public final boolean isCertificateEntry(String alias)
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineIsCertificateEntry( alias );
+}
+
+/**
+ Determines if the keystore contains the specified certificate
+ entry and returns the alias.
+
+ It checks every entry and for a key entry checks only the
+ first certificate in the chain.
+
+ @param cert Certificate to look for
+
+ @return alias of first matching certificate, null if it
+ does not exist.
+*/
+public final String getCertificateAlias(java.security.cert.Certificate cert)
+ throws KeyStoreException
+{
+ return keyStoreSpi.engineGetCertificateAlias( cert );
+}
+
+/**
+ Stores the keystore in the specified output stream and it
+ uses the specified key it keep it secure.
+
+ @param stream the output stream to save the keystore to
+ @param password the password to protect the keystore integrity with
+
+ @throws IOException if an I/O error occurs.
+ @throws NoSuchAlgorithmException the data integrity algorithm
+ used cannot be found.
+ @throws CertificateException if any certificates could not be
+ stored in the output stream.
+*/
+public final void store(OutputStream stream, char[] password)
+ throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
+{
+ keyStoreSpi.engineStore( stream, password);
+}
+
+/**
+ Loads the keystore from the specified input stream and it
+ uses the specified password to check for integrity if supplied.
+
+ @param stream the input stream to load the keystore from
+ @param password the password to check the keystore integrity with
+
+ @throws IOException if an I/O error occurs.
+ @throws NoSuchAlgorithmException the data integrity algorithm
+ used cannot be found.
+ @throws CertificateException if any certificates could not be
+ stored in the output stream.
+*/
+public final void load(InputStream stream, char[] password)
+ throws IOException, NoSuchAlgorithmException, CertificateException
+{
+ keyStoreSpi.engineLoad( stream, password);
+}
+
+/**
+ Returns the default KeyStore type. This method looks up the
+ type in <JAVA_HOME>/lib/security/java.security with the
+ property "keystore.type" or if that fails then "jks" .
+*/
+public static final String getDefaultType()
+{
+ String tmp;
+ //Security reads every property in java.security so it
+ //will return this property if it exists.
+ tmp = Security.getProperty( "keystore.type" );
+
+ if( tmp == null)
+ tmp = "jks";
+
+ return tmp;
+}
+
+}
diff --git a/java/security/KeyStoreSpi.java b/java/security/KeyStoreSpi.java new file mode 100644 index 000000000..bf5e37405 --- /dev/null +++ b/java/security/KeyStoreSpi.java @@ -0,0 +1,246 @@ +/* KeyStoreSpi.java --- Key Store Service Provider Interface
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.io.InputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.cert.CertificateException;
+import java.util.Date;
+import java.util.Enumeration ;
+
+/**
+ KeyStoreSpi is the Service Provider Interface (SPI) for the
+ KeyStore class. This is the interface for providers to
+ supply to implement a keystore for a particular keystore
+ type.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class KeyStoreSpi
+{
+
+/**
+ Constructs a new KeyStoreSpi
+*/
+public KeyStoreSpi()
+{}
+
+/**
+ Returns the key associated with given alias using the
+ supplied password.
+
+ @param alias an alias for the key to get
+ @param password password to access key with
+
+ @return the requested key, or null otherwise
+
+ @throws NoSuchAlgorithmException if there is no algorithm
+ for recovering the key
+ @throws UnrecoverableKeyException key cannot be reocovered
+ (wrong password).
+*/
+public abstract Key engineGetKey(String alias, char[] password)
+ throws NoSuchAlgorithmException,
+ UnrecoverableKeyException;
+
+/**
+ Gets a Certificate chain for the specified alias.
+
+ @param alias the alias name
+
+ @return a chain of Certificates ( ordered from the user's
+ certificate to the Certificate Authority's ) or
+ null if the alias does not exist or there is no
+ certificate chain for the alias ( the alias refers
+ to a trusted certificate entry or there is no entry).
+*/
+public abstract java.security.cert.Certificate[] engineGetCertificateChain(String alias);
+
+
+/**
+ Gets a Certificate for the specified alias.
+
+ If there is a trusted certificate entry then that is returned.
+ it there is a key entry with a certificate chain then the
+ first certificate is return or else null.
+
+ @param alias the alias name
+
+ @return a Certificate or null if the alias does not exist
+ or there is no certificate for the alias
+*/
+public abstract java.security.cert.Certificate engineGetCertificate(String alias);
+
+/**
+ Gets entry creation date for the specified alias.
+
+ @param alias the alias name
+
+ @returns the entry creation date or null
+*/
+public abstract Date engineGetCreationDate(String alias);
+
+/**
+ Assign the key to the alias in the keystore, protecting it
+ with the given password. It will overwrite an existing
+ entry and if the key is a PrivateKey, also add the
+ certificate chain representing the corresponding public key.
+
+ @param alias the alias name
+ @param key the key to add
+ @password the password to protect with
+ @param chain the certificate chain for the corresponding
+ public key
+
+ @throws KeyStoreException if it fails
+*/
+public abstract void engineSetKeyEntry(String alias, Key key, char[] password, java.security.cert.Certificate[] chain)
+ throws KeyStoreException;
+
+/**
+ Assign the key to the alias in the keystore. It will overwrite
+ an existing entry and if the key is a PrivateKey, also
+ add the certificate chain representing the corresponding
+ public key.
+
+ @param alias the alias name
+ @param key the key to add
+ @param chain the certificate chain for the corresponding
+ public key
+
+ @throws KeyStoreException if it fails
+*/
+public abstract void engineSetKeyEntry(String alias, byte[] key, java.security.cert.Certificate[] chain)
+ throws KeyStoreException;
+
+
+/**
+ Assign the certificate to the alias in the keystore. It
+ will overwrite an existing entry.
+
+ @param alias the alias name
+ @param cert the certificate to add
+
+ @throws KeyStoreException if it fails
+*/
+public abstract void engineSetCertificateEntry(String alias, java.security.cert.Certificate cert)
+ throws KeyStoreException;
+
+/**
+ Deletes the entry for the specified entry.
+
+ @param alias the alias name
+
+ @throws KeyStoreException if it fails
+*/
+public abstract void engineDeleteEntry(String alias)
+ throws KeyStoreException;
+
+/**
+ Generates a list of all the aliases in the keystore.
+
+ @return an Enumeration of the aliases
+*/
+public abstract Enumeration engineAliases();
+
+/**
+ Determines if the keystore contains the specified alias.
+
+ @param alias the alias name
+
+ @return true if it contains the alias, false otherwise
+*/
+public abstract boolean engineContainsAlias(String alias);
+
+/**
+ Returns the number of entries in the keystore.
+
+ @returns the number of keystore entries.
+*/
+public abstract int engineSize();
+
+/**
+ Determines if the keystore contains a key entry for
+ the specified alias.
+
+ @param alias the alias name
+
+ @return true if it is a key entry, false otherwise
+*/
+public abstract boolean engineIsKeyEntry(String alias);
+
+/**
+ Determines if the keystore contains a certificate entry for
+ the specified alias.
+
+ @param alias the alias name
+
+ @return true if it is a certificate entry, false otherwise
+*/
+public abstract boolean engineIsCertificateEntry(String alias);
+
+/**
+ Determines if the keystore contains the specified certificate
+ entry and returns the alias.
+
+ It checks every entry and for a key entry checks only the
+ first certificate in the chain.
+
+ @param cert Certificate to look for
+
+ @return alias of first matching certificate, null if it
+ does not exist.
+*/
+public abstract String engineGetCertificateAlias(java.security.cert.Certificate cert);
+
+/**
+ Stores the keystore in the specified output stream and it
+ uses the specified key it keep it secure.
+
+ @param stream the output stream to save the keystore to
+ @param password the password to protect the keystore integrity with
+
+ @throws IOException if an I/O error occurs.
+ @throws NoSuchAlgorithmException the data integrity algorithm
+ used cannot be found.
+ @throws CertificateException if any certificates could not be
+ stored in the output stream.
+*/
+public abstract void engineStore(OutputStream stream, char[] password)
+ throws IOException, NoSuchAlgorithmException, CertificateException;
+
+
+/**
+ Loads the keystore from the specified input stream and it
+ uses the specified password to check for integrity if supplied.
+
+ @param stream the input stream to load the keystore from
+ @param password the password to check the keystore integrity with
+
+ @throws IOException if an I/O error occurs.
+ @throws NoSuchAlgorithmException the data integrity algorithm
+ used cannot be found.
+ @throws CertificateException if any certificates could not be
+ stored in the output stream.
+*/
+public abstract void engineLoad(InputStream stream, char[] password)
+ throws IOException, NoSuchAlgorithmException, CertificateException;
+}
diff --git a/java/security/Policy.java b/java/security/Policy.java new file mode 100644 index 000000000..ea7b3b925 --- /dev/null +++ b/java/security/Policy.java @@ -0,0 +1,138 @@ +/* Policy.java --- Policy Manager Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+
+/**
+ Policy is an abstract class for managing the system security
+ policy for the Java application environment. It specifies
+ which permissions are available for code from various
+ sources. The security policy is represented through a
+ subclass of Policy.
+
+ Only one Policy is in effect at any time. ProtectionDomain
+ initializes itself with information from this class on the
+ set of permssions to grant.
+
+ The location for the actual Policy could be anywhere in any
+ form because it depends on the Policy implementation. The
+ default system is in a flat ASCII file or it could be in a
+ database.
+
+ The current installed Policy can be accessed with getPolicy
+ and changed with setPolicy if the code has the correct
+ permissions.
+
+ The refresh method causes the Policy class to refresh/reload
+ its configuration. The method used to refresh depends on the
+ Policy implementation.
+
+ When a protection domain initializes its permissions it uses
+ code like:
+ <code>
+ policy = Policy.getPolicy();
+ permissionCollection perms = policy.getPermissions(MyCodeSource)
+ </code>
+ The protection domain passes the Policy handler a CodeSource
+ object which contains the codebase URL and public key. The
+ Policy implementation then returns the proper set of
+ permissions for the CodeSource.
+
+ The default Policy implementation can be changed by setting
+ the "policy.provider" security provider in java.security
+ to the correct Policy implementation class.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class Policy
+{
+
+static private Policy currentPolicy = null;
+/**
+ Constructs a new Policy class.
+*/
+public Policy()
+{}
+
+/**
+ Gets the currently installed Policy handler. The value should
+ not be cached as it can be changed by setPolicy. This
+ function first calls <code>SecurityManager.checkPermission</code>
+ with <code>SecurityPermission("getPolicy")</code> to check
+ if the caller has Permission to get the current Policy.
+
+ @return the current Policy
+
+ @throws SecurityException if the security manager exists
+ the caller does not have permission to
+ <code>getPolicy</code>.
+*/
+public static Policy getPolicy()
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission( new SecurityPermission("getPolicy") );
+
+ return currentPolicy;
+}
+
+/**
+ Sets the currently installed Policy handler. This
+ function first calls <code>SecurityManager.checkPermission</code>
+ with <code>SecurityPermission("setPolicy")</code> to check
+ if the caller has Permission to get the current Policy.
+
+ @param policy the new Policy to use
+
+ @throws SecurityException if the security manager exists
+ the caller does not have permission to
+ <code>getPolicy</code>.
+*/
+public static void setPolicy(Policy policy)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkPermission( new SecurityPermission("setPolicy") );
+
+ currentPolicy = policy;
+}
+
+
+/**
+ Evalutes the global policy and returns a set of Permissions
+ allowed for the specified CodeSource.
+
+ @param codesource The CodeSource to get Permission for
+
+ @return a set of permissions for codesource specified by
+ the current policy
+
+ @throws SecurityException if the current thread does not
+ have permission to call <code>getPermissions</code>
+*/
+public abstract PermissionCollection getPermissions(CodeSource codesource);
+
+/**
+ Refreshes and/or reloads the current Policy. The actual
+ behavior of this method depends on the implementation.
+*/
+public abstract void refresh();
+
+}
diff --git a/java/security/SecureClassLoader.java b/java/security/SecureClassLoader.java new file mode 100644 index 000000000..08070e3e4 --- /dev/null +++ b/java/security/SecureClassLoader.java @@ -0,0 +1,117 @@ +/* SecureClassLoader.java --- A Secure Class Loader
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+
+/**
+ A Secure Class Loader for loading classes with additional
+ support for specifying code source and permissions when
+ they are retrieved by the system policy handler.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class SecureClassLoader extends ClassLoader
+{
+
+private ClassLoader parent;
+
+/**
+ Creates a new SecureClassLoader specifying the parent to make
+ calls back to.
+
+ If there is a security manager it first calls,
+ checkCreateClassLoader to ensure creation of the class loader
+ is allowed.
+
+ @param ClassLoader parent class loader
+
+ @throws SecurityException if security manager exists and denies
+ access.
+*/
+protected SecureClassLoader(ClassLoader parent)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkCreateClassLoader()
+ this.parent = parent;
+}
+
+/**
+ Creates a new SecureClassLoader using the default parent to make
+ calls back to.
+
+ If there is a security manager it first calls,
+ checkCreateClassLoader to ensure creation of the class loader
+ is allowed.
+
+ @throws SecurityException if security manager exists and denies
+ access.
+*/
+protected SecureClassLoader()
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkCreateClassLoader()
+ this.parent = ClassLoader.getSystemClassLoader();
+}
+
+/**
+ Creates a class using an array of bytes and a
+ CodeSource.
+
+ @param name the name to give the class. null if unknown.
+ @param b the data representing the classfile, in classfile format.
+ @param off the offset into the data where the classfile starts.
+ @param len the length of the classfile data in the array.
+ @param cs the CodeSource for the class
+
+ @return the class that was defined and optional CodeSource.
+
+ @exception ClassFormatError if the byte array is not in proper classfile format.
+*/
+protected final Class defineClass(String name, byte[] b, int off, int len, CodeSource cs)
+{
+ ProtectionDomain protectionDomain = new ProtectionDomain( codesource, getPermissions( codesource ) );
+ try {
+
+ Class c = parent.defineClass(name, b, off, len, protectionDomain);
+ return c;
+ } catch( ClassFormatError cfe ) {
+ return null;
+ }
+}
+
+/**
+ Returns a PermissionCollection for the specified CodeSource.
+ The default implmentation invokes
+ java.security.Policy.getPermissions.
+
+ This method is called by defineClass that takes a CodeSource
+ arguement to build a proper ProtectionDomain for the class
+ being defined.
+
+*/
+protected PermissionCollection getPermissions(CodeSource codesource)
+{
+ Policy policy = Policy.getPolicy();
+ return policy.getPermissions( codesource );
+}
+
+}
diff --git a/java/security/SecureRandom.java b/java/security/SecureRandom.java new file mode 100644 index 000000000..8960bde50 --- /dev/null +++ b/java/security/SecureRandom.java @@ -0,0 +1,309 @@ +/* SecureRandom.java --- Secure Random class implmentation
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.io.Serializable;
+import java.util.Random;
+import java.util.Enumeration;
+
+/**
+ SecureRandom is the class interface for using SecureRandom
+ providers. It provides an interface to the SecureRandomSpi
+ engine so that programmers can generate pseudo-random numbers.
+
+ @author Mark Benvenuto <ivymccough@worldnet.att.net>
+*/
+
+public class SecureRandom extends Random
+{
+//Serialized Field
+long counter = 0; //Serialized
+MessageDigest digest = null;
+Provider provider = null;
+byte[] randomBytes = null; //Always null
+int randomBytesUsed = 0;
+SecureRandomSpi secureRandomSpi = null;
+byte[] state = null;
+
+/**
+ Default constructor for SecureRandom. It constructs a
+ new SecureRandom by instantating the first SecureRandom
+ algorithm in the default security provier.
+
+ It is not seeded and should be seeded using setseed or else
+ on the first call to getnextBytes it will force a seed.
+
+ It is maintained for backwards compatability and programs
+ should use getInstance.
+*/
+public SecureRandom()
+{
+ Provider p[] = Security.getProviders();
+
+ //Format of Key: SecureRandom.algname
+ String key;
+
+ String classname = null;
+ int i, flag = 0;
+ Enumeration e;
+ for(i = 0; i < p.length; i++) {
+ e = p[i].propertyNames();
+ while( e.hasMoreElements() ) {
+ key = (String)e.nextElement();
+ if( key.startsWith("SecureRandom.") )
+ if( ( classname = p[i].getProperty( key )) != null)
+ break;
+ }
+ if( classname != null) break;
+ }
+
+ //if( classname == null)
+ // throw new NoSuchAlgorithmException();
+
+ try {
+ this.secureRandomSpi = (SecureRandomSpi)Class.forName( classname ).newInstance();
+
+ //s.algorithm = algorithm;
+ this.provider = p[i];
+ } catch( ClassNotFoundException cnfe) {
+ //throw new NoSuchAlgorithmException("Class not found");
+ } catch( InstantiationException ie) {
+ //throw new NoSuchAlgorithmException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ //throw new NoSuchAlgorithmException("Illegal Access");
+ }
+}
+
+/**
+ A constructor for SecureRandom. It constructs a new
+ SecureRandom by instantating the first SecureRandom algorithm
+ in the default security provier.
+
+ It is seeded with the passed function and is useful if the user
+ has access to hardware random device (like a radiation detector).
+
+ It is maintained for backwards compatability and programs
+ should use getInstance.
+
+ @param seed Seed bytes for class
+*/
+public SecureRandom(byte[] seed)
+{
+ this();
+ setSeed(seed);
+}
+
+/**
+ A constructor for SecureRandom. It constructs a new
+ SecureRandom using the specified SecureRandomSpi from
+ the specified security provier.
+
+ @param secureRandomSpi A SecureRandomSpi class
+ @param provider A Provider class
+*/
+protected SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider)
+{
+ this.secureRandomSpi = secureRandomSpi;
+ this.provider = provider;
+}
+
+/**
+ Returns an instance of a SecureRandom. It creates the class
+ for the specified algorithm if it exists from a provider.
+
+ @param algorithm A SecureRandom algorithm to use
+
+ @return Returns a new SecureRandom implmenting the chosen algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm cannot be found
+*/
+public static SecureRandom getInstance(String algorithm) throws NoSuchAlgorithmException
+{
+ Provider p[] = Security.getProviders();
+
+ //Format of Key: SecureRandom.algname
+ StringBuffer key = new StringBuffer("SecureRandom.");
+ key.append(algorithm);
+
+ String classname = null;
+ int i;
+ for(i = 0; i < p.length; i++) {
+ if( ( classname = p[i].getProperty( key.toString() ) ) != null)
+ break;
+ }
+
+ if( classname == null)
+ throw new NoSuchAlgorithmException();
+
+ try {
+ return new SecureRandom( (SecureRandomSpi)Class.forName( classname ).newInstance(), p[i] );
+ } catch( ClassNotFoundException cnfe) {
+ throw new NoSuchAlgorithmException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new NoSuchAlgorithmException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new NoSuchAlgorithmException("Illegal Access");
+ }
+
+}
+
+/**
+ Returns an instance of a SecureRandom. It creates the class
+ for the specified algorithm from the specified provider.
+
+ @param algorithm A SecureRandom algorithm to use
+ @param provider A security provider to use
+
+ @return Returns a new SecureRandom implmenting the chosen algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm cannot be found
+ @throws NoSuchProviderException if the provider cannot be found
+*/
+public static SecureRandom getInstance(String algorithm, String provider) throws NoSuchAlgorithmException, NoSuchProviderException
+{
+ Provider p = Security.getProvider(provider);
+ if( p == null)
+ throw new NoSuchProviderException();
+
+ //Format of Key: SecureRandom.algName
+ StringBuffer key = new StringBuffer("SecureRandom.");
+ key.append(algorithm);
+
+ String classname = p.getProperty( key.toString() );
+ if( classname == null)
+ throw new NoSuchAlgorithmException();
+
+ try {
+ return new SecureRandom( (SecureRandomSpi)Class.forName( classname ).newInstance(), p );
+ } catch( ClassNotFoundException cnfe) {
+ throw new NoSuchAlgorithmException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new NoSuchAlgorithmException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new NoSuchAlgorithmException("Illegal Access");
+ }
+
+}
+
+/**
+ Returns the provider being used by the current SecureRandom class.
+
+ @return The provider from which this SecureRandom was attained
+*/
+public final Provider getProvider()
+{
+ return provider;
+}
+
+/**
+ Seeds the SecureRandom. The class is re-seeded for each call and
+ each seed builds on the previous seed so as not to weaken security.
+
+ @param seed seed bytes to seed with
+*/
+public void setSeed(byte[] seed)
+{
+ secureRandomSpi.engineSetSeed( seed );
+}
+
+/**
+ Seeds the SecureRandom. The class is re-seeded for each call and
+ each seed builds on the previous seed so as not to weaken security.
+
+ @param seed 8 seed bytes to seed with
+*/
+public void setSeed(long seed)
+{
+ byte tmp[] = { (byte)( 0xff & (seed >> 56)), (byte)( 0xff & (seed >> 48)),
+ (byte)( 0xff & (seed >> 40)), (byte)( 0xff & (seed >> 32)),
+ (byte)( 0xff & (seed >> 24)), (byte)( 0xff & (seed >> 16)),
+ (byte)( 0xff & (seed >> 8)), (byte)( 0xff & seed ) };
+ secureRandomSpi.engineSetSeed( tmp );
+}
+
+/**
+ Generates a user specified number of bytes. This function
+ is the basis for all the random functions.
+
+ @param bytes array to store generated bytes in
+*/
+public void nextBytes(byte[] bytes)
+{
+ randomBytesUsed += bytes.length;
+ counter++;
+ secureRandomSpi.engineNextBytes( bytes );
+}
+
+/**
+ Generates an integer containing the user specified
+ number of random bits. It is right justified and padded
+ with zeros.
+
+ @param numBits number of random bits to get, 0 <= numBits <= 32;
+
+ @return the random bits
+*/
+protected final int next(int numBits)
+{
+ if( numBits == 0 )
+ return 0;
+
+ byte tmp[] = new byte[ numBits / 8 + (1 * (numBits % 8)) ];
+
+ secureRandomSpi.engineNextBytes( tmp );
+ randomBytesUsed += tmp.length;
+ counter++;
+
+ int ret = 0;
+
+ for( int i = 0; i < tmp.length; i++)
+ ret |= tmp[i] << (8 * i);
+
+ return ret;
+}
+
+/**
+ Returns the given number of seed bytes. This method is
+ maintained only for backwards capability.
+
+ @param numBytes number of seed bytes to get
+
+ @return an array containing the seed bytes
+*/
+public static byte[] getSeed(int numBytes)
+{
+ byte tmp[] = new byte[numBytes];
+
+ new Random().nextBytes( tmp );
+ return tmp;
+ //return secureRandomSpi.engineGenerateSeed( numBytes );
+}
+
+/**
+ Returns the specified number of seed bytes.
+
+ @param numBytes number of seed bytes to get
+
+ @return an array containing the seed bytes
+*/
+public byte[] generateSeed(int numBytes)
+{
+ return secureRandomSpi.engineGenerateSeed( numBytes );
+}
+
+}
diff --git a/java/security/SecureRandomSpi.java b/java/security/SecureRandomSpi.java new file mode 100644 index 000000000..46cd4935e --- /dev/null +++ b/java/security/SecureRandomSpi.java @@ -0,0 +1,68 @@ +/* SecureRandomSpi.java --- Secure Random Service Provider Interface
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.io.Serializable;
+//import SecureRandom;
+/**
+ SecureRandomSpi is the Service Provider Interface for SecureRandom
+ providers. It provides an interface for providers to the
+ SecureRandom engine to write their own pseudo-random number
+ generator.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto <ivymccough@worldnet.att.net>
+*/
+
+public abstract class SecureRandomSpi implements Serializable
+{
+
+/**
+ Default Constructor for SecureRandomSpi
+*/
+public SecureRandomSpi()
+{}
+
+/**
+ Updates the seed for SecureRandomSpi but does not reset seed.
+ It does to this so repeated called never decrease randomness.
+*/
+protected abstract void engineSetSeed(byte[] seed);
+
+
+/**
+ Gets a user specified number of bytes depending on the length
+ of the array?
+
+ @param bytes array to fill with random bytes
+*/
+protected abstract void engineNextBytes(byte[] bytes);
+
+/**
+ Gets a user specified number of bytes specified by the
+ parameter.
+
+ @param numBytes number of random bytes to generate
+
+ @return an array full of random bytes
+*/
+protected abstract byte[] engineGenerateSeed(int numBytes);
+
+
+}
\ No newline at end of file diff --git a/java/security/Security.java b/java/security/Security.java index 6f26270d7..70459b22f 100644 --- a/java/security/Security.java +++ b/java/security/Security.java @@ -1,67 +1,302 @@ - -package java.security; - -// This is just intended to get the ball rolling. - -public final class Security -{ - public static int addProvider (Provider p) - { - throw new Error ("Unimplemented."); - } - - /** - @deprecated - */ - public static String getAlgorithmProperty (String alg, String prop) - { - throw new Error ("Unimplemented."); - } - - public static String getProperty (String prop) - { - throw new Error ("Unimplemented."); - } - - public static Provider getProvider (String p) - { - return provider; - } - - public static Provider[] getProviders () - { - return new Provider [] {provider}; - } - - public static int insertProviderAt (Provider p, int i) - { - throw new Error ("Unimplemented."); - } - - public static void removeProvider (String p) - { - throw new Error ("Unimplemented."); - } - - public static void setProperty (String key, String datum) - { - throw new Error ("Unimplemented."); - } - - private static Provider provider = new GNUProvider (); -} - -class GNUProvider extends Provider -{ - GNUProvider () - { - super ("GNU", 0.0, "???"); - } - - public String getProperty (String name) - { - return name.startsWith ("MessageDigest.") - ? "gnu.java.security.provider." + name.substring (14) - : null; - } -} +/* Security.java --- Java base security class implmentation
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.FileNotFoundException;
+import java.security.Provider;
+import java.util.Vector;
+import java.util.Enumeration;
+import java.util.Properties;
+
+/**
+ Security class that loads the Providers and provides an
+ interface to security properties.
+
+ @author Mark Benvenuto <ivymccough@worldnet.att.net>
+*/
+
+public final class Security extends Object
+{
+
+private static Vector providers;
+private static int providerCount;
+private static Properties secprops;
+
+static //Security()
+{
+ //System.out.println("Creating Security...");
+ loadProviders();
+}
+
+private static void loadProviders()
+{
+ String secfilestr = System.getProperty("java.home") +
+ System.getProperty("file.separator") +
+ "lib" +
+ System.getProperty("file.separator") +
+ "security" +
+ System.getProperty("file.separator") +
+ "classpath.security";
+
+ providerCount = 0;
+ try {
+ File secFile = new File( secfilestr );
+ FileInputStream fin = new FileInputStream( secFile );
+ secprops = new Properties();
+ secprops.load(fin);
+
+ int i = 1;
+ String tmp;
+ StringBuffer pname = new StringBuffer("security.provider.");
+
+ providers = new Vector(1,1);
+ //System.out.println("Loading stuff");
+ while( (tmp = secprops.getProperty( pname.append(i).toString() )) != null ) {
+ //System.out.println(tmp);
+ try {
+ providers.addElement( Class.forName( tmp ).newInstance() );
+ providerCount++;
+ i++;
+ } catch( ClassNotFoundException cnfe) {
+ cnfe.printStackTrace();
+ } catch( InstantiationException ie) {
+ ie.printStackTrace();
+ } catch( IllegalAccessException iae) {
+ iae.printStackTrace();
+ }
+ }
+
+ } catch (FileNotFoundException fnfe) {
+ System.out.println("java.security not found: " + fnfe);
+ fnfe.printStackTrace();
+ } catch (IOException ioe) {
+ System.out.println("IOException with java.security: " + ioe);
+ ioe.printStackTrace();
+ }
+
+}
+
+/**
+ Gets a specific property for an algorithm. This is used to produce specialized
+ algorithm parsers.
+
+ @deprecated it used to a return the value of a propietary property
+ for the "SUN" Cryptographic Service Provider to obtain
+ algorithm-specific parameters. Used AlogorithmParameters and
+ KeyFactory instead.
+
+ @param algName name of algorithm to get property of
+ @param propName name of property to check
+
+ @return a string containing the value of the property
+*/
+public static String getAlgorithmProperty(String algName, String propName)
+{
+ /* TODO: Figure out what this actually does */
+ return null;
+}
+
+/**
+ Adds a new provider at the specified position. This allows dynamic loading
+ of providers. It will check for duplication of providers.
+
+ This class checks the security manager with the call checkSecurityAccess
+ with "insertProvider."+provider.getName() to see if the user can add this
+ provider.
+
+ @param provider the provider to add
+ @param position position to add the provider at
+
+ @return the position the provider was added at, or -1 if a duplicate provider
+ was found
+
+ @throws SecurityException - if the security manager denies access to add a
+ new provider
+*/
+public static int insertProviderAt(Provider provider, int position)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "insertProvider." + provider.getName() );
+
+ for(int i = 0; i < providerCount; i++) {
+ if( ((Provider)providers.elementAt( i )).getName() == provider.getName())
+ return -1;
+ }
+
+ if( position < 0 )
+ position = 0;
+ if( position > providerCount)
+ position = providerCount;
+
+ providers.insertElementAt(provider, position);
+ providerCount++;
+
+ return position;
+}
+
+
+/**
+ Adds a new provider. This allows dynamic loading
+ of providers. It will check for duplication of providers.
+
+ This method checks the security manager with the call checkSecurityAccess
+ with "insertProvider."+provider.getName() to see if the user can add this
+ provider.
+
+ @param provider the provider to add
+
+ @return the position the provider was added at, or -1 if a duplicate provider
+ was found
+
+ @throws SecurityException - if the security manager denies access to add a
+ new provider
+*/
+public static int addProvider(Provider provider)
+{
+ SecurityManager sm = System.getSecurityManager();
+
+ if(sm != null)
+ sm.checkSecurityAccess( "insertProvider." + provider.getName() );
+
+ for(int i = 0; i < providerCount; i++) {
+ if( ((Provider)providers.elementAt( i )).getName() == provider.getName())
+ return -1;
+ }
+
+ providers.addElement(provider);
+ providerCount++;
+
+ return providerCount - 1;
+}
+
+/**
+ Removes a provider. This allows dynamic unloading
+ of providers. It will automatically shift up providers to a higher
+ ranking. If the provider is not installed, it fails silently.
+
+ This method checks the security manager with the call checkSecurityAccess
+ with "removeProvider."+provider.getName() to see if the user can remove this
+ provider.
+
+ @param name name of the provider to add
+
+ @throws SecurityException - if the security manager denies access to remove a
+ new provider
+*/
+public static void removeProvider(String name)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "removeProvider." + name );
+
+ Provider p = null;
+ for(int i = 0; i < providerCount; i++) {
+ if( ((Provider)providers.elementAt( i )).getName() == name) {
+ p = (Provider)providers.elementAt( i );
+ break;
+ }
+ }
+
+ if( p != null)
+ if( providers.removeElement( p ) )
+ providerCount--;
+
+}
+
+/**
+ Returns array containing all the providers. It is in the preference order
+ of the providers.
+
+ @return an array of installed providers
+*/
+public static Provider[] getProviders()
+{
+ Provider array[] = new Provider[providerCount];
+ for(int i = 0; i < providerCount; i++)
+ array[i] = (Provider)providers.elementAt( i );
+ return array;
+}
+
+/**
+ Returns the provider with the specified name. It will return null
+ if the provider cannot be found.
+
+ @param name name of the requested provider
+
+ @return requested provider
+*/
+public static Provider getProvider(String name)
+{
+ Provider p = null;
+ for(int i = 0; i < providerCount; i++) {
+ p = (Provider)providers.elementAt( i );
+ if(p.getName() == name)
+ break;
+ }
+ return p;
+}
+
+/**
+ Gets the value of a security property.
+
+ This method checks the security manager with the call checkSecurityAccess
+ with "getProperty."+key to see if the user can get this property.
+
+ @param key property to get
+
+ @return value of the property
+
+ @throws SecurityException - if the security manager denies access to
+ getting a property
+*/
+public static String getProperty(String key)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "getProperty." + key );
+
+ return secprops.getProperty(key);
+}
+
+
+/**
+ Sets the value of a security property.
+
+ This method checks the security manager with the call checkSecurityAccess
+ with "setProperty."+key to see if the user can get this property.
+
+ @param key property to set
+ @param datnum new value of property
+
+ @throws SecurityException - if the security manager denies access to
+ setting a property
+*/
+public static void setProperty(String key, String datnum)
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "setProperty." + key );
+
+ secprops.put(key,datnum);
+}
+
+}
diff --git a/java/security/Signature.java b/java/security/Signature.java new file mode 100644 index 000000000..9629209ef --- /dev/null +++ b/java/security/Signature.java @@ -0,0 +1,454 @@ +/* Signature.java --- Signature Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ Signature is used to provide an interface to digital signature
+ algorithms. Digital signatures provide authentication and data
+ integrity of digital data.
+
+ The GNU provider provides the NIST standard DSA which uses DSA
+ and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its
+ OID. If the RSA signature algorithm is provided then
+ it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must
+ be specified because there is no default.
+
+ Signature provides implementation-independent algorithms which
+ are requested by the user through getInstance. It can be
+ requested by specifying just the algorithm name or by
+ specifying both the algorithm name and provider name.
+
+ The three phases of using Signature are:
+
+ 1. Initialing
+
+ * It must be initialized with a private key for
+ signing.
+ * It must be initialized with a public key for
+ verifying.
+
+ 2. Updating
+
+ Update the bytes for signing or verifying with calls
+ to update.
+
+ 3. Signing or Verify the signature on the currently stored
+ bytes by calling sign or verify.
+
+ @author Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ @since JDK 1.1
+*/
+public abstract class Signature extends SignatureSpi
+{
+/**
+ Possible state variable which signifies if it has not been
+ initialized.
+*/
+protected static final int UNINITIALIZED = 1;
+
+/**
+ Possible state variable which signifies if it has been
+ initialized for signing.
+*/
+protected static final int SIGN = 2;
+
+/**
+ Possible state variable which signifies if it has been
+ initialized for verifying.
+*/
+protected static final int VERIFY = 3;
+
+/**
+ State of this Signature class.
+*/
+protected int state = UNINITIALIZED;
+
+private String algorithm;
+private Provider provider;
+
+/**
+ Creates a new signature for this algorithm.
+
+ @param algorithm the algorithm to use
+*/
+protected Signature(String algorithm)
+{
+ this.algorithm = algorithm;
+ state = UNINITIALIZED;
+}
+
+/**
+ Gets an instance of the Signature class representing
+ the specified signature. If the algorithm is not found then,
+ it throws NoSuchAlgorithmException.
+
+ @param algorithm the name of signature algorithm to choose
+ @return a Signature repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by providers
+*/
+public static Signature getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+{
+ Provider[] p = Security.getProviders ();
+
+ for (int i = 0; i < p.length; i++)
+ {
+ String classname = p[i].getProperty ("Signature." + algorithm);
+ if (classname != null)
+ return getInstance (classname, algorithm, p[i]);
+ }
+
+ throw new NoSuchAlgorithmException (algorithm);
+}
+
+/**
+ Gets an instance of the Signature class representing
+ the specified signature from the specified provider. If the
+ algorithm is not found then, it throws NoSuchAlgorithmException.
+ If the provider is not found, then it throws
+ NoSuchProviderException.
+
+ @param algorithm the name of signature algorithm to choose
+ @param provider the name of the provider to find the algorithm in
+ @return a Signature repesenting the desired algorithm
+
+ @throws NoSuchAlgorithmException if the algorithm is not implemented by the provider
+ @throws NoSuchProviderException if the provider is not found
+*/
+public static Signature getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+{
+ Provider p = Security.getProvider(provider);
+ if( p == null)
+ throw new NoSuchProviderException();
+
+ return getInstance (p.getProperty ("Signature." + algorithm),
+ algorithm, p);
+}
+
+private static Signature getInstance (String classname,
+ String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+{
+ try {
+ Object o = Class.forName( classname ).newInstance();
+ Signature sig;
+ if( o instanceof SignatureSpi )
+ sig = (Signature)(new DummySignature( (SignatureSpi)o , algorithm ));
+ else
+ {
+ sig = (Signature)o;
+ sig.algorithm = algorithm;
+ }
+
+ sig.provider = provider;
+ return sig;
+ } catch( ClassNotFoundException cnfe) {
+ throw new NoSuchAlgorithmException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new NoSuchAlgorithmException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new NoSuchAlgorithmException("Illegal Access");
+ }
+}
+
+
+
+
+
+/**
+ Gets the provider that the Signature is from.
+
+ @return the provider the this Signature
+*/
+public final Provider getProvider()
+{
+ return provider;
+}
+
+/**
+ Initializes this class with the public key for
+ verification purposes.
+
+ @param publicKey the public key to verify with
+
+ @throws InvalidKeyException invalid key
+*/
+public final void initVerify(PublicKey publicKey)
+ throws InvalidKeyException
+{
+ state = VERIFY;
+ engineInitVerify( publicKey );
+}
+
+/**
+ Initializes this class with the private key for
+ signing purposes.
+
+ @param privateKey the private key to sign with
+
+ @throws InvalidKeyException invalid key
+*/
+public final void initSign(PrivateKey privateKey)
+ throws InvalidKeyException
+{
+ state = SIGN;
+ engineInitSign( privateKey );
+}
+
+/**
+ Initializes this class with the private key and source
+ of randomness for signing purposes.
+
+ @param privateKey the private key to sign with
+ @param random Source of randomness
+
+ @throws InvalidKeyException invalid key
+
+ @since JDK 1.2
+*/
+public final void initSign(PrivateKey privateKey, SecureRandom random)
+ throws InvalidKeyException
+{
+ state = SIGN;
+ engineInitSign( privateKey, random );
+}
+
+
+/**
+ Returns the signature bytes of all the data fed to this class.
+ The format of the output depends on the underlying signature
+ algorithm.
+
+ @return the signature
+
+ @throws SignatureException engine not properly initialized
+*/
+public final byte[] sign()
+ throws SignatureException
+{
+ if( state == SIGN ) {
+ state = UNINITIALIZED;
+ return engineSign();
+ } else
+ throw new SignatureException();
+}
+
+/**
+ Generates signature bytes of all the data fed to this class
+ and outputs it to the passed array. The format of the
+ output depends on the underlying signature algorithm.
+
+ After calling this method, the signature is reset to its
+ initial state and can be used to generate additional
+ signatures.
+
+ @param outbuff array of bytes
+ @param offset the offset to start at in the array
+ @param len the length of the bytes to put into the array.
+ Neither this method or the GNU provider will
+ return partial digests. If len is less than the
+ signature length, this method will throw
+ SignatureException. If it is greater than or equal
+ then it is ignored.
+
+ @return number of bytes in outbuf
+
+ @throws SignatureException engine not properly initialized
+
+ @since JDK 1.2
+*/
+public final int sign(byte[] outbuf, int offset, int len)
+ throws SignatureException
+{
+ if( state == SIGN ) {
+ state = UNINITIALIZED;
+ return engineSign( outbuf, offset, len );
+ } else
+ throw new SignatureException();
+}
+
+/**
+ Verifies the passed signature.
+
+ @param signature the signature bytes to verify
+
+ @return true if verified, false otherwise
+
+ @throws SignatureException engine not properly initialized
+ or wrong signature
+*/
+public final boolean verify(byte[] signature)
+ throws SignatureException
+{
+ if( state == VERIFY ) {
+ state = UNINITIALIZED;
+ return engineVerify( signature );
+ } else
+ throw new SignatureException();
+}
+
+/**
+ Updates the data to be signed or verified with the specified
+ byte.
+
+ @param b byte to update with
+
+ @throws SignatureException Engine not properly initialized
+*/
+public final void update(byte b)
+ throws SignatureException
+{
+ if( state != UNINITIALIZED)
+ engineUpdate( b );
+ else
+ throw new SignatureException();
+}
+
+/**
+ Updates the data to be signed or verified with the specified
+ bytes.
+
+ @param data array of bytes
+
+ @throws SignatureException engine not properly initialized
+*/
+public final void update(byte[] data)
+ throws SignatureException
+{
+ if( state != UNINITIALIZED)
+ engineUpdate( data, 0, data.length);
+ else
+ throw new SignatureException();
+}
+
+/**
+ Updates the data to be signed or verified with the specified
+ bytes.
+
+ @param data array of bytes
+ @param off the offset to start at in the array
+ @param len the length of the bytes to use in the array
+
+ @throws SignatureException engine not properly initialized
+*/
+public final void update(byte[] data, int off, int len)
+ throws SignatureException
+{
+ if( state != UNINITIALIZED)
+ engineUpdate( data, off, len);
+ else
+ throw new SignatureException();
+}
+
+/**
+ Gets the name of the algorithm currently used.
+ The names of algorithms are usually SHA/DSA or SHA/RSA.
+
+ @return name of algorithm.
+*/
+public final String getAlgorithm()
+{
+ return algorithm;
+}
+
+/**
+ Returns a representation of the Signature as a String
+
+ @return a string representing the signature
+*/
+public String toString()
+{
+ return (algorithm + " Signature");
+}
+
+/**
+ Sets the specified algorithm parameter to the specified value.
+
+ @param param parameter name
+ @param value parameter value
+
+ @throws InvalidParameterException invalid parameter, parameter
+ already set and cannot set again, a security exception,
+ etc.
+
+ @deprecated use the other setParameter
+*/
+public final void setParameter(String param, Object value)
+ throws InvalidParameterException
+{
+ engineSetParameter( param, value);
+}
+
+/**
+ Sets the signature engine with the specified
+ AlgorithmParameterSpec;
+
+ By default this always throws UnsupportedOperationException
+ if not overridden;
+
+ @param params the parameters
+
+ @throws InvalidParameterException invalid parameter, parameter
+ already set and cannot set again, a security exception,
+ etc.
+*/
+public final void setParameter(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException
+{
+ engineSetParameter( params );
+}
+
+/**
+ Gets the value for the specified algorithm parameter.
+
+ @param param parameter name
+
+ @return parameter value
+
+ @throws InvalidParameterException invalid parameter
+
+ @deprecated use the other getParameter
+*/
+public final Object getParameter(String param)
+ throws InvalidParameterException
+{
+ return engineGetParameter( param );
+}
+
+/**
+ Returns a clone if cloneable.
+
+ @return a clone if cloneable.
+
+ @throws CloneNotSupportedException if the implementation does
+ not support cloning
+*/
+public Object clone()
+ throws CloneNotSupportedException
+{
+ throw new CloneNotSupportedException();
+}
+
+}
+
diff --git a/java/security/SignatureSpi.java b/java/security/SignatureSpi.java new file mode 100644 index 000000000..db7ecc98f --- /dev/null +++ b/java/security/SignatureSpi.java @@ -0,0 +1,240 @@ +/* SignatureSpi.java --- Signature Service Provider Interface
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ SignatureSpi defines the Service Provider Interface (SPI)
+ for the Signature class. The signature class provides an
+ interface to a digital signature algorithm. Digital signatures
+ are used for authentication and integrity of data.
+
+ @author Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ @since JDK 1.2
+*/
+public abstract class SignatureSpi
+{
+
+/**
+ Source of randomness
+*/
+protected SecureRandom appRandom;
+
+/**
+ Creates a new instance of SignatureSpi.
+*/
+public SignatureSpi()
+{
+ appRandom = null;
+}
+
+/**
+ Initializes this class with the public key for
+ verification purposes.
+
+ @param publicKey the public key to verify with
+
+ @throws InvalidKeyException invalid key
+*/
+protected abstract void engineInitVerify(PublicKey publicKey)
+ throws InvalidKeyException;
+
+/**
+ Initializes this class with the private key for
+ signing purposes.
+
+ @param privateKey the private key to sign with
+
+ @throws InvalidKeyException invalid key
+*/
+protected abstract void engineInitSign(PrivateKey privateKey)
+ throws InvalidKeyException;
+
+/**
+ Initializes this class with the private key and source
+ of randomness for signing purposes.
+
+ This cannot be abstract backward compatibility reasons
+
+ @param privateKey the private key to sign with
+ @param random Source of randomness
+
+ @throws InvalidKeyException invalid key
+
+ @since JDK 1.2
+*/
+protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
+ throws InvalidKeyException
+{
+ appRandom = random;
+ engineInitSign( privateKey );
+}
+
+/**
+ Updates the data to be signed or verified with the specified
+ byte.
+
+ @param b byte to update with
+
+ @throws SignatureException Engine not properly initialized
+*/
+protected abstract void engineUpdate(byte b)
+ throws SignatureException;
+
+/**
+ Updates the data to be signed or verified with the specified
+ bytes.
+
+ @param b array of bytes
+ @param off the offset to start at in the array
+ @param len the length of the bytes to use in the array
+
+ @throws SignatureException engine not properly initialized
+*/
+protected abstract void engineUpdate(byte[] b, int off, int len)
+ throws SignatureException;
+
+/**
+ Returns the signature bytes of all the data fed to this class.
+ The format of the output depends on the underlying signature
+ algorithm.
+
+ @return the signature
+
+ @throws SignatureException engine not properly initialized
+*/
+protected abstract byte[] engineSign() throws SignatureException;
+
+/**
+ Generates signature bytes of all the data fed to this class
+ and outputs it to the passed array. The format of the
+ output depends on the underlying signature algorithm.
+
+ This cannot be abstract backward compatibility reasons.
+ After calling this method, the signature is reset to its
+ initial state and can be used to generate additional
+ signatures.
+
+ @param outbuff array of bytes
+ @param offset the offset to start at in the array
+ @param len the length of the bytes to put into the array.
+ Neither this method or the GNU provider will
+ return partial digests. If len is less than the
+ signature length, this method will throw
+ SignatureException. If it is greater than or equal
+ then it is ignored.
+
+ @return number of bytes in outbuf
+
+ @throws SignatureException engine not properly initialized
+
+ @since JDK 1.2
+*/
+protected int engineSign(byte[] outbuf, int offset, int len)
+ throws SignatureException
+{
+ byte tmp[] = engineSign();
+
+ if( tmp.length > len )
+ throw new SignatureException("Invalid Length");
+
+ System.arraycopy( outbuf, offset, tmp, 0, tmp.length );
+
+ return tmp.length;
+}
+
+/**
+ Verifies the passed signature.
+
+ @param sigBytes the signature bytes to verify
+
+ @return true if verified, false otherwise
+
+ @throws SignatureException engine not properly initialized
+ or wrong signature
+*/
+protected abstract boolean engineVerify(byte[] sigBytes)
+ throws SignatureException;
+
+/**
+ Sets the specified algorithm parameter to the specified value.
+
+ @param param parameter name
+ @param value parameter value
+
+ @throws InvalidParameterException invalid parameter, parameter
+ already set and cannot set again, a security exception,
+ etc.
+
+ @deprecated use the other setParameter
+*/
+protected abstract void engineSetParameter(String param, Object value)
+ throws InvalidParameterException;
+
+/**
+ Sets the signature engine with the specified
+ AlgorithmParameterSpec;
+
+ This cannot be abstract backward compatibility reasons
+ By default this always throws UnsupportedOperationException
+ if not overridden;
+
+ @param params the parameters
+
+ @throws InvalidParameterException invalid parameter, parameter
+ already set and cannot set again, a security exception,
+ etc.
+*/
+protected void engineSetParameter(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException
+{
+ throw new UnsupportedOperationException();
+}
+
+/**
+ Gets the value for the specified algorithm parameter.
+
+ @param param parameter name
+
+ @return parameter value
+
+ @throws InvalidParameterException invalid parameter
+
+ @deprecated use the other getParameter
+*/
+protected abstract Object engineGetParameter(String param)
+ throws InvalidParameterException;
+
+/**
+ Returns a clone if cloneable.
+
+ @return a clone if cloneable.
+
+ @throws CloneNotSupportedException if the implementation does
+ not support cloning
+*/
+public Object clone()
+ throws CloneNotSupportedException
+{
+ throw new CloneNotSupportedException();
+}
+
+}
+
diff --git a/java/security/SignedObject.java b/java/security/SignedObject.java new file mode 100644 index 000000000..fdda9acb0 --- /dev/null +++ b/java/security/SignedObject.java @@ -0,0 +1,158 @@ +/* SignedObject.java --- Signed Object Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+/**
+ SignedObject is used for storing rutime objects whose integrity
+ cannot be compromised without being detected.
+
+ SignedObject contains a Serializable object which is yet to be
+ signed and its signature.
+
+ The signed copy is a "deep copy" (in serialized form) of the
+ original object. Any changes to the original will not affect
+ the original.
+
+ Several things to note are that, first there is no need to
+ initialize the signature engine as this class will handle that
+ automatically. Second, verification will only succeed if the
+ public key corresponds to the private key used to generate
+ the SignedObject.
+
+ For fexibility, the signature engine can be specified in the
+ constructor or the verify method. The programmer who writes
+ code that verifies the SignedObject has not changed should be
+ aware of the Signature engine they use. A malicious Signature
+ may choose to always return true on verification and
+ bypass the secrity check.
+
+ The GNU provider provides the NIST standard DSA which uses DSA
+ and SHA-1. It can be specified by SHA/DSA, SHA-1/DSA or its
+ OID. If the RSA signature algorithm is provided then
+ it could be MD2/RSA. MD5/RSA, or SHA-1/RSA. The algorithm must
+ be specified because there is no default.
+
+ @author Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ @since JDK 1.2
+*/
+public final class SignedObject implements Serializable
+{
+private byte[] content;
+private byte[] signature;
+private String thealgorithm;
+
+/**
+ Constructs a new SignedObject from a Serializeable object. The
+ object is signed with private key and signature engine
+
+ @param object the object to sign
+ @param signingKey the key to sign with
+ @param signingEngine the signature engine to use
+
+ @throws IOException serialization error occured
+ @throws InvalidKeyException invalid key
+ @throws SignatureException signing error
+*/
+public SignedObject(Serializable object, PrivateKey signingKey, Signature signingEngine)
+ throws IOException, InvalidKeyException, SignatureException
+{
+ thealgorithm = signingEngine.getAlgorithm();
+
+ ByteArrayOutputStream ostream = new ByteArrayOutputStream();
+ ObjectOutputStream p = new ObjectOutputStream(ostream);
+ p.writeObject(object);
+ p.flush();
+
+ content = ostream.toByteArray();
+
+ signingEngine.initSign( signingKey );
+ signingEngine.update( content );
+ signature = signingEngine.sign();
+}
+
+/**
+ Returns the encapsulated object. The object is
+ de-serialized before being returned.
+
+ @return the encapsulated object
+
+ @throws IOException de-serialization error occured
+ @throws ClassNotFoundException de-serialization error occured
+*/
+public Object getObject()
+ throws IOException, ClassNotFoundException
+{
+ ByteArrayInputStream istream = new ByteArrayInputStream( content );
+
+ return new ObjectInputStream( istream ).readObject();
+}
+
+/**
+ Returns the signature of the encapsulated object.
+
+ @return a byte array containing the signature
+*/
+public byte[] getSignature()
+{
+ return signature;
+}
+
+/**
+ Returns the name of the signature algorithm.
+
+ @return the name of the signature algorithm.
+*/
+public String getAlgorithm()
+{
+ return thealgorithm;
+}
+
+/**
+ Verifies the SignedObject by checking that the signature that
+ this class contains for the encapsulated object.
+
+ @param verificationKey the public key to use
+ @param verificationEngine the signature engine to use
+
+ @return true if signature is correct, false otherwise
+
+ @throws InvalidKeyException invalid key
+ @throws SignatureException signature verification failed
+*/
+public boolean verify(PublicKey verificationKey, Signature verificationEngine)
+ throws InvalidKeyException, SignatureException
+{
+ verificationEngine.initVerify( verificationKey );
+ verificationEngine.update( content );
+ return verificationEngine.verify( signature );
+}
+
+// readObject is called to restore the state of the SignedObject from a
+// stream.
+//private void readObject(ObjectInputStream s)
+// throws IOException, ClassNotFoundException
+
+}
diff --git a/java/security/Signer.java b/java/security/Signer.java new file mode 100644 index 000000000..9af438b62 --- /dev/null +++ b/java/security/Signer.java @@ -0,0 +1,130 @@ +/* Signer.java --- Signer Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security;
+
+/**
+ Signer is a subclass used to store a digital signature key with
+ an Identity.
+
+ @author Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ @since JDK 1.1
+*/
+public abstract class Signer extends Identity
+{
+private PrivateKey privateKey = null;
+/**
+ Constructs a new Signer.
+*/
+protected Signer()
+{}
+
+/**
+ Constructs a new Signer with the specified name.
+
+ @param name the name of the identity.
+*/
+public Signer(String name)
+{
+ super(name);
+}
+
+/**
+ Constructs a new Signer with the specifid name and
+ IdentityScope.
+
+ @param name the name of the identity.
+ @scope the IdentityScope to use
+
+ @throws KeyManagementException if duplicate identity name
+ within scope
+*/
+public Signer(String name, IdentityScope scope)
+ throws KeyManagementException
+{
+ super( name, scope);
+}
+
+/**
+ Returns the private key for this signer.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "getSignerPrivateKey".
+
+ @returns the private key for the signer
+
+ @throws SecurityException - if the security manager denies
+ access to "getSignerPrivateKey"
+*/
+public PrivateKey getPrivateKey()
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "getSignerPrivateKey" );
+
+ return privateKey;
+}
+
+/**
+ Specifies the KeyPair associated with this Signer.
+
+ This class checks the security manager with the call
+ checkSecurityAccess with "setSignerKeyPair".
+
+ @param pair the keyPair
+
+ @throws InvalidParameterException invalidly intialized key pair
+ @throws KeyException another key error
+ @throws SecurityException - if the security manager denies
+ access to "getSignerPrivateKey"
+*/
+public final void setKeyPair(KeyPair pair)
+ throws InvalidParameterException, KeyException
+{
+ SecurityManager sm = System.getSecurityManager();
+ if(sm != null)
+ sm.checkSecurityAccess( "setSignerKeyPair" );
+
+ try {
+ if( pair.getPublic() != null)
+ setPublicKey( pair.getPublic() );
+ else
+ throw new InvalidParameterException();
+
+ } catch ( KeyManagementException kme ) {
+ throw new KeyException();
+ }
+
+ if( pair.getPrivate() != null)
+ privateKey = pair.getPrivate();
+ else
+ throw new InvalidParameterException();
+}
+
+/**
+ Returns a string representing this Signer.
+
+ @returns a string representing this Signer.
+*/
+public String toString()
+{
+ return (getName() + ": " + privateKey);
+}
+
+}
diff --git a/java/security/cert/CRL.java b/java/security/cert/CRL.java new file mode 100644 index 000000000..35b60b987 --- /dev/null +++ b/java/security/cert/CRL.java @@ -0,0 +1,78 @@ +/* CRL.java --- Certificate Revocation List
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+
+/**
+ Certificate Revocation List class for managing CRLs that
+ have different formats but the same general use. They
+ all serve as lists of revoked certificates and can
+ be queried for a given certificate.
+
+ Specialized CRLs extend this class.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class CRL
+{
+
+private String type;
+
+/**
+ Creates a new CRL for the specified type. An example
+ is "X.509".
+
+ @param type the standard name for the CRL type.
+*/
+protected CRL(String type)
+{
+ this.type = type;
+}
+
+/**
+ Returns the CRL type.
+
+ @return a string representing the CRL type
+*/
+public final String getType()
+{
+ return type;
+}
+
+/**
+ Returns a string representing the CRL.
+
+ @return a string representing the CRL.
+*/
+public abstract String toString();
+
+/**
+ Determines whether or not the specified Certificate
+ is revoked.
+
+ @param cert A certificate to check if it is revoked
+
+ @return true if the certificate is revoked,
+ false otherwise.
+*/
+public abstract boolean isRevoked(Certificate cert);
+
+
+}
diff --git a/java/security/cert/CRLException.java b/java/security/cert/CRLException.java new file mode 100644 index 000000000..124d906ee --- /dev/null +++ b/java/security/cert/CRLException.java @@ -0,0 +1,50 @@ +/* CRLException.java --- Certificate Revocation List Exception
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.security.GeneralSecurityException;
+
+/**
+ Exception for a Certificate Revocation List.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class CRLException extends GeneralSecurityException
+{
+
+/**
+ Constructs an CRLExceptionwithout a message string.
+*/
+public CRLException()
+{
+ super();
+}
+
+/**
+ Constructs an CRLException with a message string.
+
+ @param msg A message to display with exception
+*/
+public CRLException(String msg)
+{
+ super( msg );
+}
+
+}
diff --git a/java/security/cert/Certificate.java b/java/security/cert/Certificate.java new file mode 100644 index 000000000..4a977b436 --- /dev/null +++ b/java/security/cert/Certificate.java @@ -0,0 +1,182 @@ +/* Certificate.java --- Certificate class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.security.PublicKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+
+/**
+ The Certificate class is an abstract class used to manage
+ identity certificates. An identity certificate is a
+ combination of a principal and a public key which is
+ certified by another principal. This is the puprose of
+ Certificate Authorities (CA).
+
+ This class is used to manage different types of certificates
+ but have important common puposes. Different types of
+ certificates like X.509 and OpenPGP share general certificate
+ functions ( like encoding and verifying) and information like
+ public keys.
+
+ X.509, OpenPGP, and SDSI can be implemented by subclassing this
+ class even though they differ in storage methods and information
+ stored.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class Certificate
+{
+
+private String type;
+/**
+ Constructs a new certificate of the specified type. An example
+ is "X.509".
+
+ @param type a valid standard name for a certificate.
+*/
+protected Certificate(String type)
+{
+ this.type = type;
+}
+
+/**
+ Returns the Certificate type.
+
+ @return a string representing the Certificate type
+*/
+public final String getType()
+{
+ return type;
+}
+
+/**
+ Compares this Certificate to other. It checks if the
+ object if instanceOf Certificate and then checks if
+ the encoded form matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+*/
+public boolean equals(Object other)
+{
+ if( other instanceof Certificate ) {
+ try {
+ Certificate x = (Certificate) other;
+ if( getEncoded().length != x.getEncoded().length )
+ return false;
+
+ byte b1[] = getEncoded();
+ byte b2[] = x.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CertificateEncodingException cee ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+}
+
+/**
+ Returns a hash code for this Certificate in its encoded
+ form.
+
+ @return A hash code of this class
+*/
+public int hashCode()
+{
+ return super.hashCode();
+}
+
+/**
+ Gets the DER ASN.1 encoded format for this Certificate.
+ It assumes each certificate has only one encoding format.
+ Ex: X.509 is encoded as ASN.1 DER
+
+ @return byte array containg encoded form
+
+ @throws CertificateEncodingException if an error occurs
+*/
+public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+/**
+ Verifies that this Certificate was properly signed with the
+ PublicKey that corresponds to its private key.
+
+ @param key PublicKey to verify with
+
+ @throws CertificateException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException no provider
+ @throws SignatureException signature error
+*/
+public abstract void verify(PublicKey key)
+ throws CertificateException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+/**
+ Verifies that this Certificate was properly signed with the
+ PublicKey that corresponds to its private key and uses
+ the signature engine provided by the provider.
+
+ @param key PublicKey to verify with
+ @param sigProvider Provider to use for signature algorithm
+
+ @throws CertificateException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException incorrect provider
+ @throws SignatureException signature error
+*/
+public abstract void verify(PublicKey key,
+ String sigProvider)
+ throws CertificateException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+/**
+ Returns a string representing the Certificate.
+
+ @return a string representing the Certificate.
+*/
+public abstract String toString();
+
+
+/**
+ Returns the public key stored in the Certificate.
+
+ @return The public key
+*/
+public abstract PublicKey getPublicKey();
+
+}
diff --git a/java/security/cert/CertificateEncodingException.java b/java/security/cert/CertificateEncodingException.java new file mode 100644 index 000000000..7dbab3e63 --- /dev/null +++ b/java/security/cert/CertificateEncodingException.java @@ -0,0 +1,49 @@ +/* CertificateEncodingException.java --- Certificate Encoding Exception
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+
+/**
+ Exception for a Certificate Encoding.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class CertificateEncodingException extends CertificateException
+{
+
+/**
+ Constructs an CertificateEncodingException without a message string.
+*/
+public CertificateEncodingException()
+{
+ super();
+}
+
+/**
+ Constructs an CertificateEncodingException with a message string.
+
+ @param msg A message to display with exception
+*/
+public CertificateEncodingException(String msg)
+{
+ super( msg );
+}
+
+}
diff --git a/java/security/cert/CertificateException.java b/java/security/cert/CertificateException.java new file mode 100644 index 000000000..1e1ab4f83 --- /dev/null +++ b/java/security/cert/CertificateException.java @@ -0,0 +1,50 @@ +/* CertificateException.java --- Certificate Exception
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.security.GeneralSecurityException;
+
+/**
+ Exception for a Certificate.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class CertificateException extends GeneralSecurityException
+{
+
+/**
+ Constructs an CertificateException without a message string.
+*/
+public CertificateException()
+{
+ super();
+}
+
+/**
+ Constructs an CertificateException with a message string.
+
+ @param msg A message to display with exception
+*/
+public CertificateException(String msg)
+{
+ super( msg );
+}
+
+}
diff --git a/java/security/cert/CertificateExpiredException.java b/java/security/cert/CertificateExpiredException.java new file mode 100644 index 000000000..bf40ab029 --- /dev/null +++ b/java/security/cert/CertificateExpiredException.java @@ -0,0 +1,49 @@ +/* CertificateExpiredException.java --- Certificate Expired Exception
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+
+/**
+ Exception for a Certificate Expiring.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class CertificateExpiredException extends CertificateException
+{
+
+/**
+ Constructs an CertificateExpiredException without a message string.
+*/
+public CertificateExpiredException()
+{
+ super();
+}
+
+/**
+ Constructs an CertificateExpiredException with a message string.
+
+ @param msg A message to display with exception
+*/
+public CertificateExpiredException(String msg)
+{
+ super( msg );
+}
+
+}
diff --git a/java/security/cert/CertificateFactory.java b/java/security/cert/CertificateFactory.java new file mode 100644 index 000000000..023a34c60 --- /dev/null +++ b/java/security/cert/CertificateFactory.java @@ -0,0 +1,250 @@ +/* CertificateFactory.java --- Certificate Factory Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.io.InputStream;
+import java.util.Collection;
+
+/**
+ This class implments the CertificateFactory class interface
+ used to generate certificates and certificate revocation
+ list (CRL) objects from their encodings.
+
+ A certifcate factory for X.509 returns certificates of the
+ java.security.cert.X509Certificate class, and CRLs of the
+ java.security.cert.X509CRL class.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class CertificateFactory
+{
+
+private CertificateFactorySpi certFacSpi;
+private Provider provider;
+private String type;
+
+/**
+ Creates an instance of CertificateFactory
+
+ @param certFacSpi A CertificateFactory engine to use
+ @param provider A provider to use
+ @param type The type of Certificate
+*/
+protected CertificateFactory(CertificateFactorySpi certFacSpi, Provider provider, String type)
+{
+ this.certFacSpi = certFacSpi;
+ this.provider = provider;
+ this.type = type;
+}
+
+
+/**
+ Gets an instance of the CertificateFactory class representing
+ the specified certificate factory. If the type is not
+ found then, it throws CertificateException.
+
+ @param type the type of certificate to choose
+
+ @return a CertificateFactory repesenting the desired type
+
+ @throws CertificateException if the type of certificate is not implemented by providers
+*/
+public static final CertificateFactory getInstance(String type) throws CertificateException
+{
+ Provider[] p = Security.getProviders ();
+
+ for (int i = 0; i < p.length; i++)
+ {
+ String classname = p[i].getProperty ("CertificateFactory." + type);
+ if (classname != null)
+ return getInstance (classname, type, p[i]);
+ }
+
+ throw new CertificateException(type);
+}
+
+
+
+/**
+ Gets an instance of the CertificateFactory class representing
+ the specified certificate factory from the specified provider.
+ If the type is not found then, it throws CertificateException.
+ If the provider is not found, then it throws
+ NoSuchProviderException.
+
+ @param type the type of certificate to choose
+
+ @return a CertificateFactory repesenting the desired type
+
+ @throws CertificateException if the type of certificate is not implemented by providers
+ @throws NoSuchProviderException if the provider is not found
+*/
+public static final CertificateFactory getInstance(String type, String provider)
+ throws CertificateException, NoSuchProviderException
+{
+ Provider p = Security.getProvider(provider);
+ if( p == null)
+ throw new NoSuchProviderException();
+
+ return getInstance (p.getProperty ("CertificateFactory." + type),
+ type, p);
+}
+
+private static CertificateFactory getInstance (String classname,
+ String type,
+ Provider provider)
+ throws CertificateException
+{
+ try {
+ return new CertificateFactory( (CertificateFactorySpi)Class.forName( classname ).newInstance(), provider, type );
+ } catch( ClassNotFoundException cnfe) {
+ throw new CertificateException("Class not found");
+ } catch( InstantiationException ie) {
+ throw new CertificateException("Class instantiation failed");
+ } catch( IllegalAccessException iae) {
+ throw new CertificateException("Illegal Access");
+ }
+}
+
+
+/**
+ Gets the provider that the class is from.
+
+ @return the provider of this class
+*/
+public final Provider getProvider()
+{
+ return provider;
+}
+
+/**
+ Returns the type of the certificate supported
+
+ @return A string with the type of certificate
+*/
+public final String getType()
+{
+ return type;
+}
+
+/**
+ Generates a Certificate based on the encoded data read
+ from the InputStream.
+
+ The input stream must contain only one certificate.
+
+ If there exists a specialized certificate class for the
+ certificate format handled by the certificate factory
+ then the return Ceritificate should be a typecast of it.
+ Ex: A X.509 CertificateFactory should return X509Certificate.
+
+ For X.509 certificates, the certificate in inStream must be
+ DER encoded and supplied in binary or printable (Base64)
+ encoding. If the certificate is in Base64 encoding, it must be
+ bounded by -----BEGINCERTIFICATE-----, and
+ -----END CERTIFICATE-----.
+
+ @param inStream an input stream containing the certificate data
+
+ @return a certificate initialized with InputStream data.
+
+ @throws CertificateException Certificate parsing error
+*/
+public final Certificate generateCertificate(InputStream inStream)
+ throws CertificateException
+{
+ return certFacSpi.engineGenerateCertificate( inStream );
+}
+
+/**
+ Returns a collection of certificates that were read from the
+ input stream. It may be empty, have only one, or have
+ multiple certificates.
+
+ For a X.509 certificate factory, the stream may contain a
+ single DER encoded certificate or a PKCS#7 certificate
+ chain. This is a PKCS#7 <I>SignedData</I> object with the
+ most significant field being <I>certificates</I>. If no
+ CRLs are present, then an empty collection is returned.
+
+ @param inStream an input stream containing the certificates
+
+ @return a collection of certificates initialized with
+ the InputStream data.
+
+ @throws CertificateException Certificate parsing error
+*/
+public final Collection generateCertificates(InputStream inStream)
+ throws CertificateException
+{
+ return certFacSpi.engineGenerateCertificates( inStream );
+}
+
+/**
+ Generates a CRL based on the encoded data read
+ from the InputStream.
+
+ The input stream must contain only one CRL.
+
+ If there exists a specialized CRL class for the
+ CRL format handled by the certificate factory
+ then the return CRL should be a typecast of it.
+ Ex: A X.509 CertificateFactory should return X509CRL.
+
+ @param inStream an input stream containing the CRL data
+
+ @return a CRL initialized with InputStream data.
+
+ @throws CRLException CRL parsing error
+*/
+public final CRL generateCRL(InputStream inStream)
+ throws CRLException
+{
+ return certFacSpi.engineGenerateCRL( inStream );
+}
+
+
+/**
+ Generates CRLs based on the encoded data read
+ from the InputStream.
+
+ For a X.509 certificate factory, the stream may contain a
+ single DER encoded CRL or a PKCS#7 CRL set. This is a
+ PKCS#7 <I>SignedData</I> object with the most significant
+ field being <I>crls</I>. If no CRLs are present, then an
+ empty collection is returned.
+
+ @param inStream an input stream containing the CRLs
+
+ @return a collection of CRLs initialized with
+ the InputStream data.
+
+ @throws CRLException CRL parsing error
+*/
+public final Collection generateCRLs(InputStream inStream)
+ throws CRLException
+{
+ return certFacSpi.engineGenerateCRLs( inStream );
+}
+
+}
diff --git a/java/security/cert/CertificateFactorySpi.java b/java/security/cert/CertificateFactorySpi.java new file mode 100644 index 000000000..c9a94c027 --- /dev/null +++ b/java/security/cert/CertificateFactorySpi.java @@ -0,0 +1,133 @@ +/* CertificateFactorySpi.java --- Certificate Factory Class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.io.InputStream;
+import java.util.Collection;
+
+/**
+ CertificateFactorySpi is the abstract class Service Provider
+ Interface (SPI) for the CertificateFactory class. A provider
+ must implment all the abstract methods if they wish to
+ supply a certificate factory for a particular certificate
+ type. Ex: X.509
+
+ Certificate factories are used to generate certificates and
+ certificate revocation lists (CRL) from their encoding.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class CertificateFactorySpi
+{
+
+/**
+ Constructs a new CertificateFactorySpi
+*/
+public CertificateFactorySpi()
+{}
+
+/**
+ Generates a Certificate based on the encoded data read
+ from the InputStream.
+
+ The input stream must contain only one certificate.
+
+ If there exists a specialized certificate class for the
+ certificate format handled by the certificate factory
+ then the return Ceritificate should be a typecast of it.
+ Ex: A X.509 CertificateFactory should return X509Certificate.
+
+ For X.509 certificates, the certificate in inStream must be
+ DER encoded and supplied in binary or printable (Base64)
+ encoding. If the certificate is in Base64 encoding, it must be
+ bounded by -----BEGINCERTIFICATE-----, and
+ -----END CERTIFICATE-----.
+
+ @param inStream an input stream containing the certificate data
+
+ @return a certificate initialized with InputStream data.
+
+ @throws CertificateException Certificate parsing error
+*/
+public abstract Certificate engineGenerateCertificate(InputStream inStream)
+ throws CertificateException;
+
+/**
+ Returns a collection of certificates that were read from the
+ input stream. It may be empty, have only one, or have
+ multiple certificates.
+
+ For a X.509 certificate factory, the stream may contain a
+ single DER encoded certificate or a PKCS#7 certificate
+ chain. This is a PKCS#7 <I>SignedData</I> object with the
+ most significant field being <I>certificates</I>. If no
+ CRLs are present, then an empty collection is returned.
+
+ @param inStream an input stream containing the certificates
+
+ @return a collection of certificates initialized with
+ the InputStream data.
+
+ @throws CertificateException Certificate parsing error
+*/
+public abstract Collection engineGenerateCertificates(InputStream inStream)
+ throws CertificateException;
+
+/**
+ Generates a CRL based on the encoded data read
+ from the InputStream.
+
+ The input stream must contain only one CRL.
+
+ If there exists a specialized CRL class for the
+ CRL format handled by the certificate factory
+ then the return CRL should be a typecast of it.
+ Ex: A X.509 CertificateFactory should return X509CRL.
+
+ @param inStream an input stream containing the CRL data
+
+ @return a CRL initialized with InputStream data.
+
+ @throws CRLException CRL parsing error
+*/
+public abstract CRL engineGenerateCRL(InputStream inStream)
+ throws CRLException;
+
+/**
+ Generates CRLs based on the encoded data read
+ from the InputStream.
+
+ For a X.509 certificate factory, the stream may contain a
+ single DER encoded CRL or a PKCS#7 CRL set. This is a
+ PKCS#7 <I>SignedData</I> object with the most significant
+ field being <I>crls</I>. If no CRLs are present, then an
+ empty collection is returned.
+
+ @param inStream an input stream containing the CRLs
+
+ @return a collection of CRLs initialized with
+ the InputStream data.
+
+ @throws CRLException CRL parsing error
+*/
+public abstract Collection engineGenerateCRLs(InputStream inStream)
+ throws CRLException;
+}
+
diff --git a/java/security/cert/CertificateNotYetValidException.java b/java/security/cert/CertificateNotYetValidException.java new file mode 100644 index 000000000..01ef5854d --- /dev/null +++ b/java/security/cert/CertificateNotYetValidException.java @@ -0,0 +1,49 @@ +/* CertificateNotYetValidException.java --- Certificate Not Yet Valid Exception
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+
+/**
+ Exception for a Certificate being not yet valid.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class CertificateNotYetValidException extends CertificateException
+{
+
+/**
+ Constructs an CertificateNotYetValidException without a message string.
+*/
+public CertificateNotYetValidException()
+{
+ super();
+}
+
+/**
+ Constructs an CertificateNotYetValidException with a message string.
+
+ @param msg A message to display with exception
+*/
+public CertificateNotYetValidException(String msg)
+{
+ super( msg );
+}
+
+}
diff --git a/java/security/cert/CertificateParsingException.java b/java/security/cert/CertificateParsingException.java new file mode 100644 index 000000000..58b1cd8a3 --- /dev/null +++ b/java/security/cert/CertificateParsingException.java @@ -0,0 +1,49 @@ +/* CertificateParsingException.java --- Certificate Parsing Exception
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+
+/**
+ Exception for a Certificate Parsing.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class CertificateParsingException extends CertificateException
+{
+
+/**
+ Constructs an CertificateParsingException without a message string.
+*/
+public CertificateParsingException()
+{
+ super();
+}
+
+/**
+ Constructs an CertificateParsingException with a message string.
+
+ @param msg A message to display with exception
+*/
+public CertificateParsingException(String msg)
+{
+ super( msg );
+}
+
+}
diff --git a/java/security/cert/Collection.java b/java/security/cert/Collection.java new file mode 100644 index 000000000..3470078eb --- /dev/null +++ b/java/security/cert/Collection.java @@ -0,0 +1,7 @@ +package java.util;
+
+public abstract class Collection
+{
+Collection(){}
+
+}
\ No newline at end of file diff --git a/java/security/cert/Set.java b/java/security/cert/Set.java new file mode 100644 index 000000000..36cd6aba2 --- /dev/null +++ b/java/security/cert/Set.java @@ -0,0 +1,7 @@ +package java.util;
+
+public abstract class Set
+{
+Set(){}
+
+}
\ No newline at end of file diff --git a/java/security/cert/X509CRL.java b/java/security/cert/X509CRL.java new file mode 100644 index 000000000..9d030cd78 --- /dev/null +++ b/java/security/cert/X509CRL.java @@ -0,0 +1,361 @@ +/* X509CRL.java --- X.509 Certificate Revocation List
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.util.Date;
+import java.util.Set;
+
+/**
+ The X509CRL class is the abstract class used to manage
+ X.509 Certificate Revocation Lists. The CRL is a list of
+ time stamped entries which indicate which lists have been
+ revoked. The list is signed by a Certificate Authority (CA)
+ and made publically available in a repository.
+
+ Each revoked certificate in the CRL is identified by its
+ certificate serial number. When a piece of code uses a
+ certificate, the certificates validity is checked by
+ validating its signature and determing that it is not
+ only a recently acquired CRL. The recently aquired CRL
+ is depends on the local policy in affect. The CA issues
+ a new CRL periodically and entries are removed as the
+ certificate expiration date is reached
+
+
+ A description of the X.509 v2 CRL follows below from rfc2459.
+
+ "The X.509 v2 CRL syntax is as follows. For signature calculation,
+ the data that is to be signed is ASN.1 DER encoded. ASN.1 DER
+ encoding is a tag, length, value encoding system for each element.
+
+ CertificateList ::= SEQUENCE {
+ tbsCertList TBSCertList,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING }
+
+ TBSCertList ::= SEQUENCE {
+ version Version OPTIONAL,
+ -- if present, shall be v2
+ signature AlgorithmIdentifier,
+ issuer Name,
+ thisUpdate Time,
+ nextUpdate Time OPTIONAL,
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, shall be v2
+ } OPTIONAL,
+ crlExtensions [0] EXPLICIT Extensions OPTIONAL
+ -- if present, shall be v2
+ }"
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class X509CRL extends CRL implements X509Extension
+{
+
+/**
+ Constructs a new X509CRL.
+*/
+protected X509CRL()
+{
+ super("X.509");
+}
+
+/**
+ Compares this X509CRL to other. It checks if the
+ object if instanceOf X509CRL and then checks if
+ the encoded form matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+*/
+public boolean equals(Object other)
+{
+ if( other instanceof X509CRL ) {
+ try {
+ X509CRL x = (X509CRL) other;
+ if( getEncoded().length != x.getEncoded().length )
+ return false;
+
+ byte b1[] = getEncoded();
+ byte b2[] = x.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CRLException crle ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+}
+
+/**
+ Returns a hash code for this X509CRL in its encoded
+ form.
+
+ @return A hash code of this class
+*/
+public int hashCode()
+{
+ return super.hashCode();
+}
+
+/**
+ Gets the DER ASN.1 encoded format for this X.509 CRL.
+
+ @return byte array containg encoded form
+
+ @throws CRLException if an error occurs
+*/
+public abstract byte[] getEncoded() throws CRLException;
+
+/**
+ Verifies that this CRL was properly signed with the
+ PublicKey that corresponds to its private key.
+
+ @param key PublicKey to verify with
+
+ @throws CRLException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException no provider
+ @throws SignatureException signature error
+*/
+public abstract void verify(PublicKey key)
+ throws CRLException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+/**
+ Verifies that this CRL was properly signed with the
+ PublicKey that corresponds to its private key and uses
+ the signature engine provided by the provider.
+
+ @param key PublicKey to verify with
+ @param sigProvider Provider to use for signature algorithm
+
+ @throws CRLException encoding error
+ @throws NoSuchAlgorithmException unsupported algorithm
+ @throws InvalidKeyException incorrect key
+ @throws NoSuchProviderException incorrect provider
+ @throws SignatureException signature error
+*/
+public abstract void verify(PublicKey key,
+ String sigProvider)
+ throws CRLException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ NoSuchProviderException,
+ SignatureException;
+
+/**
+ Gets the version of this CRL.
+
+ The ASN.1 encoding is:
+
+ version Version OPTIONAL,
+ -- if present, shall be v2
+
+ Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+ Consult rfc2459 for more information.
+
+ @return the version number, Ex: 1 or 2
+*/
+public abstract int getVersion();
+
+/**
+ Returns the issuer (issuer distinguished name) of the CRL.
+ The issuer is the entity who signed and issued the
+ Certificate Revocation List.
+
+ The ASN.1 DER encoding is:
+
+ issuer Name,
+
+ Name ::= CHOICE {
+ RDNSequence }
+
+ RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+ RelativeDistinguishedName ::=
+ SET OF AttributeTypeAndValue
+
+ AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+ AttributeType ::= OBJECT IDENTIFIER
+
+ AttributeValue ::= ANY DEFINED BY AttributeType
+
+ DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1.. MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+*/
+public abstract Principal getIssuerDN();
+
+/**
+ Returns the thisUpdate date of the CRL.
+
+ The ASN.1 DER encoding is:
+
+ thisUpdate Time,
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the thisUpdate date
+*/
+public abstract Date getThisUpdate();
+
+/*
+ Gets the nextUpdate field
+
+ The ASN.1 DER encoding is:
+
+ nextUpdate Time OPTIONAL,
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the nextUpdate date
+*/
+public abstract Date getNextUpdate();
+
+/**
+ Gets the requeste dX509Entry for the specified
+ certificate serial number.
+
+ @return a X509CRLEntry representing the X.509 CRL entry
+*/
+public abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber);
+
+/**
+ Returns a Set of revoked certificates.
+
+ @return a set of revoked certificates.
+*/
+public abstract Set getRevokedCertificates();
+
+/**
+ Returns the DER ASN.1 encoded tbsCertList which is
+ the basic information of the list and associated certificates
+ in the encoded state. See top for more information.
+
+ The ASN.1 DER encoding is:
+
+ tbsCertList TBSCertList,
+
+ Consult rfc2459 for more information.
+
+ @return byte array representing tbsCertList
+*/
+public abstract byte[] getTBSCertList() throws CRLException;
+
+
+/**
+ Returns the signature for the CRL.
+
+ The ASN.1 DER encoding is:
+
+ signatureValue BIT STRING
+
+ Consult rfc2459 for more information.
+*/
+public abstract byte[] getSignature();
+
+/**
+ Returns the signature algorithm used to sign the CRL.
+ An examples is "SHA-1/DSA".
+
+ The ASN.1 DER encoding is:
+
+ signatureAlgorithm AlgorithmIdentifier,
+
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ The algorithm name is determined from the OID.
+
+ @return a string with the signature algorithm name
+*/
+public abstract String getSigAlgName();
+
+/**
+ Returns the OID for the signature algorithm used.
+ Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+ The ASN.1 DER encoding for the example is:
+
+ id-dsa-with-sha1 ID ::= {
+ iso(1) member-body(2) us(840) x9-57 (10040)
+ x9cm(4) 3 }
+
+ Consult rfc2459 for more information.
+
+ @return a string containing the OID.
+*/
+public abstract String getSigAlgOID();
+
+/**
+ Returns the AlgorithmParameters in the encoded form
+ for the signature algorithm used.
+
+ If access to the parameters is need, create an
+ instance of AlgorithmParameters.
+
+ @return byte array containing algorithm parameters, null
+ if no parameters are present in CRL
+*/
+public abstract byte[] getSigAlgParams();
+
+}
diff --git a/java/security/cert/X509CRLEntry.java b/java/security/cert/X509CRLEntry.java new file mode 100644 index 000000000..a88e0b2db --- /dev/null +++ b/java/security/cert/X509CRLEntry.java @@ -0,0 +1,148 @@ +/* X509CRLEntry.java --- X.509 Certificate Revocation List Entry
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.math.BigInteger;
+import java.util.Date;
+
+/**
+ Abstract class for entries in the CRL (Certificate Revocation
+ List). The ASN.1 definition for <I>revokedCertificates</I> is
+
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, shall be v2
+ } OPTIONAL,
+
+ CertificateSerialNumber ::= INTEGER
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+ Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING }
+
+ For more information consult rfc2459.
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract class X509CRLEntry implements X509Extension
+{
+
+/**
+ Creates a new X509CRLEntry
+*/
+public X509CRLEntry()
+{}
+
+/**
+ Compares this X509CRLEntry to other. It checks if the
+ object if instanceOf X509CRLEntry and then checks if
+ the encoded form( the inner SEQUENCE) matches.
+
+ @param other An Object to test for equality
+
+ @return true if equal, false otherwise
+*/
+public boolean equals(Object other)
+{
+ if( other instanceof X509CRLEntry ) {
+ try {
+ X509CRLEntry xe = (X509CRLEntry) other;
+ if( getEncoded().length != xe.getEncoded().length )
+ return false;
+
+ byte b1[] = getEncoded();
+ byte b2[] = xe.getEncoded();
+
+ for( int i = 0; i < b1.length; i++ )
+ if( b1[i] != b2[i] )
+ return false;
+
+ } catch( CRLException crle ) {
+ return false;
+ }
+ return true;
+ }
+ return false;
+}
+
+/**
+ Returns a hash code for this X509CRLEntry in its encoded
+ form.
+
+ @return A hash code of this class
+*/
+public int hashCode()
+{
+ return super.hashCode();
+}
+
+/**
+ Gets the DER ASN.1 encoded format for this CRL Entry,
+ the inner SEQUENCE.
+
+ @return byte array containg encoded form
+
+ @throws CRLException if an error occurs
+*/
+public abstract byte[] getEncoded() throws CRLException;
+
+/**
+ Gets the serial number for <I>userCertificate</I> in
+ this X509CRLEntry.
+
+ @return the serial number for this X509CRLEntry.
+*/
+public abstract BigInteger getSerialNumber();
+
+
+/**
+ Gets the revocation date in <I>revocationDate</I> for
+ this X509CRLEntry.
+
+ @return the revocation date for this X509CRLEntry.
+*/
+public abstract Date getRevocationDate();
+
+
+/**
+ Checks if this X509CRLEntry has extensions.
+
+ @return true if it has extensions, false otherwise
+*/
+public abstract boolean hasExtensions();
+
+
+/**
+ Returns a string that represents this X509CRLEntry.
+
+ @return a string representing this X509CRLEntry.
+*/
+public abstract String toString();
+
+}
diff --git a/java/security/cert/X509Certificate.java b/java/security/cert/X509Certificate.java new file mode 100644 index 000000000..8d01204a5 --- /dev/null +++ b/java/security/cert/X509Certificate.java @@ -0,0 +1,435 @@ +/* X509Certificate.java --- X.509 Certificate class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.util.Date;
+
+/**
+ X509Certificate is the abstract class for X.509 certificates.
+ This provides a stanard class interface for accessing all
+ the attributes of X.509 certificates.
+
+ In June 1996, the basic X.509 v3 format was finished by
+ ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
+
+ Certificate ::= SEQUENCE {
+ tbsCertificate TBSCertificate,
+ signatureAlgorithm AlgorithmIdentifier,
+ signatureValue BIT STRING }
+
+ These certificates are widely used in various Internet
+ protocols to support authentication. It is used in
+ Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
+ Secure Sockets Layer (SSL), code signing for trusted software
+ distribution, and Secure Electronic Transactions (SET).
+
+ The certificates are managed and vouched for by
+ <I>Certificate Authorities</I> (CAs). CAs are companies or
+ groups that create certificates by placing the data in the
+ X.509 certificate format and signing it with their private
+ key. CAs serve as trusted third parties by certifying that
+ the person or group specified in the certificate is who
+ they say they are.
+
+ The ASN.1 defintion for <I>tbsCertificate</I> is
+
+ TBSCertificate ::= SEQUENCE {
+ version [0] EXPLICIT Version DEFAULT v1,
+ serialNumber CertificateSerialNumber,
+ signature AlgorithmIdentifier,
+ issuer Name,
+ validity Validity,
+ subject Name,
+ subjectPublicKeyInfo SubjectPublicKeyInfo,
+ issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+ subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+ extensions [3] EXPLICIT Extensions OPTIONAL
+ -- If present, version shall be v3
+ }
+
+ Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+ CertificateSerialNumber ::= INTEGER
+
+ Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ UniqueIdentifier ::= BIT STRING
+
+ SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING }
+
+ Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+ Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING }
+
+
+ Certificates are created with the CertificateFactory.
+ For more information about X.509 certificates, consult
+ rfc2459.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class X509Certificate extends Certificate implements X509Extension
+{
+
+/**
+ Constructs a new certificate of the specified type.
+*/
+protected X509Certificate()
+{
+ super( "X.509" );
+}
+
+/**
+ Checks the validity of the X.509 certificate. It is valid
+ if the current date and time are within the period specified
+ by the certificate.
+
+ The ASN.1 DER encoding is:
+
+ validity Validity,
+
+ Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @throws CertificateExpiredException if the certificate expired
+ @throws CertificateNotYetValidException if the certificate is
+ not yet valid
+*/
+public abstract void checkValidity()
+ throws CertificateExpiredException,
+ CertificateNotYetValidException;
+
+/**
+ Checks the validity of the X.509 certificate for the
+ specified time and date. It is valid if the specified
+ date and time are within the period specified by
+ the certificate.
+
+ @throws CertificateExpiredException if the certificate expired
+ based on the date
+ @throws CertificateNotYetValidException if the certificate is
+ not yet valid based on the date
+*/
+public abstract void checkValidity(Date date)
+ throws CertificateExpiredException,
+ CertificateNotYetValidException;
+
+/**
+ Returns the version of this certificate.
+
+ The ASN.1 DER encoding is:
+
+ version [0] EXPLICIT Version DEFAULT v1,
+
+ Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+ Consult rfc2459 for more information.
+
+ @return version number of certificate
+*/
+public abstract int getVersion();
+
+/**
+ Gets the serial number for serial Number in
+ this Certifcate. It must be a unique number
+ unique other serial numbers from the granting CA.
+
+ The ASN.1 DER encoding is:
+
+ serialNumber CertificateSerialNumber,
+
+ CertificateSerialNumber ::= INTEGER
+
+ Consult rfc2459 for more information.
+
+ @return the serial number for this X509CRLEntry.
+*/
+public abstract BigInteger getSerialNumber();
+
+/**
+ Returns the issuer (issuer distinguished name) of the
+ Certificate. The issuer is the entity who signed
+ and issued the Certificate.
+
+ The ASN.1 DER encoding is:
+
+ issuer Name,
+
+ Name ::= CHOICE {
+ RDNSequence }
+
+ RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+ RelativeDistinguishedName ::=
+ SET OF AttributeTypeAndValue
+
+ AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+ AttributeType ::= OBJECT IDENTIFIER
+
+ AttributeValue ::= ANY DEFINED BY AttributeType
+
+ DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1.. MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+*/
+public abstract Principal getIssuerDN();
+
+/**
+ Returns the subject (subject distinguished name) of the
+ Certificate. The subject is the entity who the Certificate
+ identifies.
+
+ The ASN.1 DER encoding is:
+
+ subject Name,
+
+ Consult rfc2459 for more information.
+
+ @return the issuer in the Principal class
+*/
+public abstract Principal getSubjectDN();
+
+/**
+ Returns the date that this certificate is not to be used
+ before, <I>notBefore</I>.
+
+ The ASN.1 DER encoding is:
+
+ validity Validity,
+
+ Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+ Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+ Consult rfc2459 for more information.
+
+ @return the date <I>notBefore</I>
+*/
+public abstract Date getNotBefore();
+
+/**
+ Returns the date that this certificate is not to be used
+ after, <I>notAfter</I>.
+
+ @return the date <I>notAfter</I>
+*/
+public abstract Date getNotAfter();
+
+
+/**
+ Returns the <I>tbsCertificate</I> from the certificate.
+
+ @return the DER encoded tbsCertificate
+
+ @throws CertificateEncodingException if encoding error occured
+*/
+public abstract byte[] getTBSCertificate() throws CertificateEncodingException;
+
+/**
+ Returns the signature in its raw DER encoded format.
+
+ The ASN.1 DER encoding is:
+
+ signatureValue BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return byte array representing signature
+*/
+public abstract byte[] getSignature();
+
+/**
+ Returns the signature algorithm used to sign the CRL.
+ An examples is "SHA-1/DSA".
+
+ The ASN.1 DER encoding is:
+
+ signatureAlgorithm AlgorithmIdentifier,
+
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ The algorithm name is determined from the OID.
+
+ @return a string with the signature algorithm name
+*/
+public abstract String getSigAlgName();
+
+
+/**
+ Returns the OID for the signature algorithm used.
+ Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
+
+ The ASN.1 DER encoding for the example is:
+
+ id-dsa-with-sha1 ID ::= {
+ iso(1) member-body(2) us(840) x9-57 (10040)
+ x9cm(4) 3 }
+
+ Consult rfc2459 for more information.
+
+ @return a string containing the OID.
+*/
+public abstract String getSigAlgOID();
+
+
+/**
+ Returns the AlgorithmParameters in the encoded form
+ for the signature algorithm used.
+
+ If access to the parameters is need, create an
+ instance of AlgorithmParameters.
+
+ @return byte array containing algorithm parameters, null
+ if no parameters are present in certificate
+*/
+public abstract byte[] getSigAlgParams();
+
+
+/**
+ Returns the issuer unique ID for this certificate.
+
+ The ASN.1 DER encoding is:
+
+ issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+
+ UniqueIdentifier ::= BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>issuerUniqueID</I>
+*/
+public abstract boolean[] getIssuerUniqueID();
+
+/**
+ Returns the subject unique ID for this certificate.
+
+ The ASN.1 DER encoding is:
+
+ subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+
+ UniqueIdentifier ::= BIT STRING
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>subjectUniqueID</I>
+*/
+public abstract boolean[] getSubjectUniqueID();
+
+/**
+ Returns a boolean array representing the <I>KeyUsage</I>
+ extension for the certificate. The KeyUsage (OID = 2.5.29.15)
+ defines the purpose of the key in the certificate.
+
+ The ASN.1 DER encoding is:
+
+ id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
+
+ KeyUsage ::= BIT STRING {
+ digitalSignature (0),
+ nonRepudiation (1),
+ keyEncipherment (2),
+ dataEncipherment (3),
+ keyAgreement (4),
+ keyCertSign (5),
+ cRLSign (6),
+ encipherOnly (7),
+ decipherOnly (8) }
+
+ Consult rfc2459 for more information.
+
+ @return bit representation of <I>KeyUsage</I>
+*/
+public abstract boolean[] getKeyUsage();
+
+/**
+ Returns the certificate constraints path length from the
+ critical BasicConstraints extension, (OID = 2.5.29.19).
+
+ The basic constraints extensions is used to determine if
+ the subject of the certificate is a Certificate Authority (CA)
+ and how deep the certification path may exist. The
+ <I>pathLenConstraint</I> only takes affect if <I>cA</I>
+ is set to true. "A value of zero indicates that only an
+ end-entity certificate may follow in the path." (rfc2459)
+
+ The ASN.1 DER encoding is:
+
+ id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
+
+ BasicConstraints ::= SEQUENCE {
+ cA BOOLEAN DEFAULT FALSE,
+ pathLenConstraint INTEGER (0..MAX) OPTIONAL }
+
+ Consult rfc2459 for more information.
+
+ @return the length of the path constraint if BasicConstraints
+ is present and cA is TRUE. Otherwise returns -1.
+*/
+public abstract int getBasicConstraints();
+
+
+}
\ No newline at end of file diff --git a/java/security/cert/X509Extension.java b/java/security/cert/X509Extension.java new file mode 100644 index 000000000..071be7e8f --- /dev/null +++ b/java/security/cert/X509Extension.java @@ -0,0 +1,93 @@ +/* X509Extension.java --- X.509 Extension
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.cert;
+import java.util.Set;
+
+/**
+ Public abstract interface for the X.509 Extension.
+
+ This is used for X.509 v3 Certificates and CRL v2 (Certificate
+ Revocation Lists) for managing attributes assoicated with
+ Certificates, for managing the hierarchy of certificates,
+ and for managing the distribution of CRL. This extension
+ format is used to define private extensions.
+
+ Each extensions for a certificate or CRL must be marked
+ either critical or non-critical. If the certificate/CRL
+ system encounters a critical extension not recognized then
+ it must reject the certificate. A non-critical extension
+ may be just ignored if not recognized.
+
+
+ The ASN.1 definition for this class is:
+
+ Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+ Extension ::= SEQUENCE {
+ extnId OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING
+ -- contains a DER encoding of a value
+ -- of the type registered for use with
+ -- the extnId object identifier value
+ }
+
+ @author Mark Benvenuto
+
+ @since JDK 1.2
+*/
+public abstract interface X509Extension
+{
+
+/**
+ Returns true if the certificate contains a critical extension
+ that is not supported.
+
+ @return true if has unsupported extension, false otherwise
+*/
+public boolean hasUnsupportedCriticalExtension();
+
+/**
+ Returns a set of the CRITICAL extension OIDs from the
+ certificate/CRL that the object implementing this interface
+ manages.
+
+ @return A Set containing the OIDs. If there are no CRITICAL
+ extensions or extensions at all this returns null.
+*/
+public Set getCriticalExtensionOIDs();
+
+/**
+ Returns a set of the NON-CRITICAL extension OIDs from the
+ certificate/CRL that the object implementing this interface
+ manages.
+
+ @return A Set containing the OIDs. If there are no NON-CRITICAL
+ extensions or extensions at all this returns null.
+*/
+public Set getNonCriticalExtensionOIDs();
+
+/**
+ Returns the DER encoded OCTET string for the specified
+ extension value identified by a OID. The OID is a string
+ of number seperated by periods. Ex: 12.23.45.67
+*/
+public byte[] getExtensionValue(String oid);
+
+}
diff --git a/java/security/spec/AlgorithmParameterSpec.java b/java/security/spec/AlgorithmParameterSpec.java new file mode 100644 index 000000000..997575b78 --- /dev/null +++ b/java/security/spec/AlgorithmParameterSpec.java @@ -0,0 +1,32 @@ +/* AlgorithmParameterSpec.java --- Algorithm Parameter Spec Interface
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+
+/**
+ A transparent interface for Algorithm Parameter Specifications.
+ It contains no member functions. It is used to group
+ algorithm parameter classes.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract interface AlgorithmParameterSpec
+{
+}
diff --git a/java/security/spec/DSAParameterSpec.java b/java/security/spec/DSAParameterSpec.java new file mode 100644 index 000000000..5bf5949f2 --- /dev/null +++ b/java/security/spec/DSAParameterSpec.java @@ -0,0 +1,80 @@ +/* DSAParameterSpec.java --- DSA Parameter Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+import java.security.interfaces.DSAParams;
+import java.math.BigInteger;
+
+/**
+ DSA Parameter class Specification. Used to maintain the DSA
+ Parameters.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class DSAParameterSpec extends Object implements AlgorithmParameterSpec, DSAParams
+{
+private BigInteger p = null;
+private BigInteger q = null;
+private BigInteger g = null;
+
+/**
+ Constructs a new DSAParameterSpec with the specified p, q, and g.
+
+ @param p the prime
+ @param q the sub-prime
+ @param g the base
+*/
+public DSAParameterSpec(BigInteger p, BigInteger q, BigInteger g)
+{
+ this.p = p;
+ this.q = q;
+ this.g = g;
+}
+/**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getP()
+{
+ return this.q;
+}
+
+/**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getQ()
+{
+ return this.q;
+}
+
+/**
+ Returns g for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getG()
+{
+ return this.g;
+}
+
+}
diff --git a/java/security/spec/DSAPrivateKeySpec.java b/java/security/spec/DSAPrivateKeySpec.java new file mode 100644 index 000000000..28a95a716 --- /dev/null +++ b/java/security/spec/DSAPrivateKeySpec.java @@ -0,0 +1,93 @@ +/* DSAPrivateKeySpec.java --- DSA Private Key Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ DSA Private Key class Specification. Used to maintain the DSA
+ Private Keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class DSAPrivateKeySpec extends Object implements KeySpec
+{
+private BigInteger x = null;
+private BigInteger p = null;
+private BigInteger q = null;
+private BigInteger g = null;
+
+/**
+ Constructs a new DSAPrivateKeySpec with the specified x, p, q, and g.
+
+ @param x the private key
+ @param p the prime
+ @param q the sub-prime
+ @param g the base
+*/
+public DSAPrivateKeySpec(BigInteger x, BigInteger p, BigInteger q, BigInteger g)
+{
+ this.x = x;
+ this.p = p;
+ this.q = q;
+ this.g = g;
+}
+
+/**
+ Returns private key x for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getX()
+{
+ return this.x;
+}
+
+/**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getP()
+{
+ return this.q;
+}
+
+/**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getQ()
+{
+ return this.q;
+}
+
+/**
+ Returns g for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getG()
+{
+ return this.g;
+}
+
+}
diff --git a/java/security/spec/DSAPublicKeySpec.java b/java/security/spec/DSAPublicKeySpec.java new file mode 100644 index 000000000..5d5cd26c7 --- /dev/null +++ b/java/security/spec/DSAPublicKeySpec.java @@ -0,0 +1,93 @@ +/* DSAPublicKeySpec.java --- DSA Public Key Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ DSA Public Key class Specification. Used to maintain the DSA
+ Public Keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class DSAPublicKeySpec extends Object implements KeySpec
+{
+private BigInteger y = null;
+private BigInteger p = null;
+private BigInteger q = null;
+private BigInteger g = null;
+
+/**
+ Constructs a new DSAPublicKeySpec with the specified y, p, q, and g.
+
+ @param y the public key
+ @param p the prime
+ @param q the sub-prime
+ @param g the base
+*/
+public DSAPublicKeySpec(BigInteger x, BigInteger p, BigInteger q, BigInteger g)
+{
+ this.y = y;
+ this.p = p;
+ this.q = q;
+ this.g = g;
+}
+
+/**
+ Returns public key y for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getY()
+{
+ return this.y;
+}
+
+/**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getP()
+{
+ return this.q;
+}
+
+/**
+ Returns p for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getQ()
+{
+ return this.q;
+}
+
+/**
+ Returns g for the DSA algorithm.
+
+ @return Returns the requested BigInteger
+*/
+public BigInteger getG()
+{
+ return this.g;
+}
+
+}
diff --git a/java/security/spec/EncodedKeySpec.java b/java/security/spec/EncodedKeySpec.java new file mode 100644 index 000000000..0827bc3d6 --- /dev/null +++ b/java/security/spec/EncodedKeySpec.java @@ -0,0 +1,65 @@ +/* EncodedKeySpec.java --- Encoded Key Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+
+/**
+ Encoded Key Specification class which is used to store
+ byte encoded keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract class EncodedKeySpec
+{
+
+private byte[] encodedKey;
+
+/**
+ Constructs a new EncodedKeySpec with the specified encoded key.
+
+ @param encodedKey A key to store
+*/
+public EncodedKeySpec(byte[] encodedKey)
+{
+ this.encodedKey = encodedKey;
+}
+
+/**
+ Gets the encoded key in byte format.
+
+ @returns the encoded key
+*/
+public byte[] getEncoded()
+{
+ return this.encodedKey;
+}
+
+/**
+ Returns the name of the key format used.
+
+ This name is the format such as "PKCS#8" or "X.509" which
+ if it matches a Key class name of the same type can be
+ transformed using the apporiate KeyFactory.
+
+ @return a string representing the name
+*/
+public abstract String getFormat();
+
+}
diff --git a/java/security/spec/InvalidKeySpecException.java b/java/security/spec/InvalidKeySpecException.java new file mode 100644 index 000000000..1a9298048 --- /dev/null +++ b/java/security/spec/InvalidKeySpecException.java @@ -0,0 +1,50 @@ +/* InvalidKeySpecException.java --- Invalid KeySpec Exception
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+import java.security.GeneralSecurityException;
+
+/**
+ Exception for an invalid key specification.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class InvalidKeySpecException extends GeneralSecurityException
+{
+
+/**
+ Constructs an InvalidKeySpecException without a message string.
+*/
+public InvalidKeySpecException()
+{
+ super();
+}
+
+/**
+ Constructs an InvalidKeySpecException with a message string.
+
+ @param msg A message to display with exception
+*/
+public InvalidKeySpecException(String msg)
+{
+ super( msg );
+}
+
+}
diff --git a/java/security/spec/InvalidParameterSpecException.java b/java/security/spec/InvalidParameterSpecException.java new file mode 100644 index 000000000..f53b3939d --- /dev/null +++ b/java/security/spec/InvalidParameterSpecException.java @@ -0,0 +1,50 @@ +/* InvalidParameterSpecException.java --- Invalid ParameterSpec Exception
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+import java.security.GeneralSecurityException;
+
+/**
+ Exception for an invalid algorithm specification.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class InvalidParameterSpecException extends GeneralSecurityException
+{
+
+/**
+ Constructs an InvalidParameterSpecException without a message string.
+*/
+public InvalidParameterSpecException()
+{
+ super();
+}
+
+/**
+ Constructs an InvalidParameterSpecException with a message string.
+
+ @param msg A message to display with exception
+*/
+public InvalidParameterSpecException(String msg)
+{
+ super( msg );
+}
+
+}
diff --git a/java/security/spec/KeySpec.java b/java/security/spec/KeySpec.java new file mode 100644 index 000000000..80867c293 --- /dev/null +++ b/java/security/spec/KeySpec.java @@ -0,0 +1,32 @@ +/* KeySpec.java --- Key Specification interface
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+
+/**
+ A transparent interface for Key Specifications.
+ It contains no member functions. It is used to group
+ key classes.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public abstract interface KeySpec
+{
+}
diff --git a/java/security/spec/PKCS8EncodedKeySpec.java b/java/security/spec/PKCS8EncodedKeySpec.java new file mode 100644 index 000000000..ad5d0c3b9 --- /dev/null +++ b/java/security/spec/PKCS8EncodedKeySpec.java @@ -0,0 +1,61 @@ +/* PKCS8EncodedKeySpec.java --- PKCS8 Encoded Key Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+
+/**
+ PKCS8 Encoded Key Specification class which is used to store
+ "PKCS#8" byte encoded keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class PKCS8EncodedKeySpec extends EncodedKeySpec
+{
+/**
+ Constructs a new PKCS8EncodedKeySpec with the specified encoded key.
+
+ @param encodedKey A key to store, assumed to be "PKCS#8"
+*/
+public PKCS8EncodedKeySpec(byte[] encodedKey)
+{
+ super( encodedKey );
+}
+
+/**
+ Gets the encoded key in byte format.
+
+ @returns the encoded key
+*/
+public byte[] getEncoded()
+{
+ return super.getEncoded();
+}
+
+/**
+ Returns the name of the key format used which is "PKCS#8"
+
+ @return a string representing the name
+*/
+public String getFormat()
+{
+ return "PKCS#8";
+}
+
+}
diff --git a/java/security/spec/RSAPrivateCrtKeySpec.java b/java/security/spec/RSAPrivateCrtKeySpec.java new file mode 100644 index 000000000..354461155 --- /dev/null +++ b/java/security/spec/RSAPrivateCrtKeySpec.java @@ -0,0 +1,131 @@ +/* RSAPrivateCrtKeySpec.java --- RSA Private Certificate Key Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ RSA Private Certificate Key class Specification. Used to
+ maintain the RSA Private Certificate Keys with the
+ <I>Chinese Remainder Theorem</I>(CRT) as specified by PKCS#1.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class RSAPrivateCrtKeySpec extends RSAPrivateKeySpec
+{
+private BigInteger publicExponent;
+private BigInteger primeP;
+private BigInteger primeQ;
+private BigInteger primeExponentP;
+private BigInteger primeExponentQ;
+private BigInteger crtCoefficient;
+
+/**
+ Constructs a new RSAPrivateKeySpec with the specified
+ variables.
+
+ @param modulus the RSA modulus
+ @param publicExponent the public key exponent
+ @param privateExponent the private key exponent
+ @param primeP the prime P
+ @param primeQ the prime Q
+ @param primeExponentP the prime exponent P
+ @param primeExponentQ the prime exponent P
+ @param crtCoefficient the CRT coefficient
+*/
+public RSAPrivateCrtKeySpec(BigInteger modulus,
+ BigInteger publicExponent,
+ BigInteger privateExponent,
+ BigInteger primeP,
+ BigInteger primeQ,
+ BigInteger primeExponentP,
+ BigInteger primeExponentQ,
+ BigInteger crtCoefficient)
+{
+ super( modulus, privateExponent);
+ this.publicExponent = publicExponent;
+ this.primeP = primeP;
+ this.primeQ = primeQ;
+ this.primeExponentP = primeExponentP;
+ this.primeExponentQ = primeExponentQ;
+ this.crtCoefficient = crtCoefficient;
+}
+
+/**
+ Gets the RSA public exponent.
+
+ @return the RSA public exponent
+*/
+public BigInteger getPublicExponent()
+{
+ return this.publicExponent;
+}
+
+/**
+ Gets the RSA prime P.
+
+ @return the RSA prime P
+*/
+public BigInteger getPrimeP()
+{
+ return this.primeP;
+}
+
+/**
+ Gets the RSA prime Q.
+
+ @return the RSA prime Q
+*/
+public BigInteger getPrimeQ()
+{
+ return this.primeQ;
+}
+
+/**
+ Gets the RSA prime exponent P.
+
+ @return the RSA prime exponent P
+*/
+public BigInteger getPrimeExponentP()
+{
+ return this.primeExponentP;
+}
+
+/**
+ Gets the RSA prime exponent P.
+
+ @return the RSA prime exponent Q
+*/
+public BigInteger getPrimeExponentQ()
+{
+ return this.primeExponentQ;
+}
+
+/**
+ Gets the RSA CRT coefficient.
+
+ @return the RSA CRT coefficient
+*/
+public BigInteger getCrtCoefficient()
+{
+ return this.crtCoefficient;
+}
+
+}
diff --git a/java/security/spec/RSAPrivateKeySpec.java b/java/security/spec/RSAPrivateKeySpec.java new file mode 100644 index 000000000..4e6cd54a2 --- /dev/null +++ b/java/security/spec/RSAPrivateKeySpec.java @@ -0,0 +1,68 @@ +/* RSAPrivateKeySpec.java --- RSA Private Key Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ RSA Private Key class Specification. Used to maintain the RSA
+ Private Keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class RSAPrivateKeySpec implements KeySpec
+{
+private BigInteger modulus;
+private BigInteger privateExponent;
+
+/**
+ Constructs a new RSAPrivateKeySpec with the specified
+ modulus and privateExponent.
+
+ @param modulus the RSA modulus
+ @param privateExponent the private key exponent
+*/
+public RSAPrivateKeySpec(BigInteger modulus, BigInteger privateExponent)
+{
+ this.modulus = modulus;
+ this.privateExponent = privateExponent;
+}
+
+/**
+ Gets the RSA modulus.
+
+ @return the RSA modulus
+*/
+public BigInteger getModulus()
+{
+ return this.modulus;
+}
+
+/**
+ Gets the RSA private exponent.
+
+ @return the RSA private exponent
+*/
+public BigInteger getPrivateExponent()
+{
+ return this.privateExponent;
+}
+
+}
diff --git a/java/security/spec/RSAPublicKeySpec.java b/java/security/spec/RSAPublicKeySpec.java new file mode 100644 index 000000000..f50b01ed4 --- /dev/null +++ b/java/security/spec/RSAPublicKeySpec.java @@ -0,0 +1,68 @@ +/* RSAPublicKeySpec.java --- RSA Public Key Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+import java.math.BigInteger;
+
+/**
+ RSA Public Key class Specification. Used to maintain the RSA
+ Public Keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class RSAPublicKeySpec implements KeySpec
+{
+private BigInteger modulus;
+private BigInteger publicExponent;
+
+/**
+ Constructs a new RSAPublicKeySpec with the specified
+ modulus and publicExponent.
+
+ @param modulus the RSA modulus
+ @param publicExponent the public key exponent
+*/
+public RSAPublicKeySpec(BigInteger modulus, BigInteger publicExponent)
+{
+ this.modulus = modulus;
+ this.publicExponent = publicExponent;
+}
+
+/**
+ Gets the RSA modulus.
+
+ @return the RSA modulus
+*/
+public BigInteger getModulus()
+{
+ return this.modulus;
+}
+
+/**
+ Gets the RSA public exponent.
+
+ @return the RSA public exponent
+*/
+public BigInteger getPublicExponent()
+{
+ return this.publicExponent;
+}
+
+}
diff --git a/java/security/spec/X509EncodedKeySpec.java b/java/security/spec/X509EncodedKeySpec.java new file mode 100644 index 000000000..4c2d5b729 --- /dev/null +++ b/java/security/spec/X509EncodedKeySpec.java @@ -0,0 +1,62 @@ +/* X509EncodedKeySpec.java --- X.509 Encoded Key Specificaton class
+
+ Copyright (c) 1999 by Free Software Foundation, Inc.
+ Written by Mark Benvenuto <ivymccough@worldnet.att.net>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Library General Public License as published
+ by the Free Software Foundation, version 2. (see COPYING.LIB)
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation
+ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307 USA. */
+
+package java.security.spec;
+
+/**
+ X.509 Encoded Key Specification class which is used to store
+ "X.509" byte encoded keys.
+
+ @since JDK 1.2
+
+ @author Mark Benvenuto
+*/
+public class X509EncodedKeySpec extends EncodedKeySpec
+{
+
+/**
+ Constructs a new X509EncodedKeySpec with the specified encoded key.
+
+ @param encodedKey A key to store, assumed to be "X.509"
+*/
+public X509EncodedKeySpec(byte[] encodedKey)
+{
+ super( encodedKey );
+}
+
+/**
+ Gets the encoded key in byte format.
+
+ @returns the encoded key
+*/
+public byte[] getEncoded()
+{
+ return super.getEncoded();
+}
+
+/**
+ Returns the name of the key format used which is "X.509"
+
+ @return a string representing the name
+*/
+public String getFormat()
+{
+ return "X.509";
+}
+
+}
|