summaryrefslogtreecommitdiff
path: root/libjava/javax
diff options
context:
space:
mode:
authorandreast <andreast@138bc75d-0d04-0410-961f-82ee72b054a4>2004-09-21 08:33:35 +0000
committerandreast <andreast@138bc75d-0d04-0410-961f-82ee72b054a4>2004-09-21 08:33:35 +0000
commitef313b81044cf194f9c043983c5aec9657e6028d (patch)
tree9ec0d44b2435653b3e450bf4293546636a609d31 /libjava/javax
parentd447762fb7ea49d2f78c9624065660c34cb6b7ee (diff)
downloadgcc-ef313b81044cf194f9c043983c5aec9657e6028d.tar.gz
2004-09-21 Andreas Tobler <a.tobler@schweiz.ch>
Import the big Crypto/Jessie/Security merge from Classpath. * Makefile.am: Add imported files. * Makefile.in: Regenerate. 2004-08-14 Casey Marshall <csm@gnu.org> The Big Crypto Merge of 2004. * javax/security/auth/x500/X500Principal.java: Replaced with GNU Crypto's version. Files imported from GNU Crypto. * javax/crypto/BadPaddingException.java * javax/crypto/Cipher.java * javax/crypto/CipherInputStream.java * javax/crypto/CipherOutputStream.java * javax/crypto/CipherSpi.java * javax/crypto/EncryptedPrivateKeyInfo.java * javax/crypto/ExemptionMechanism.java * javax/crypto/ExemptionMechanismException.java * javax/crypto/ExemptionMechanismSpi.java * javax/crypto/IllegalBlockSizeException.java * javax/crypto/KeyAgreement.java * javax/crypto/KeyAgreementSpi.java * javax/crypto/KeyGenerator.java * javax/crypto/KeyGeneratorSpi.java * javax/crypto/Mac.java * javax/crypto/MacSpi.java * javax/crypto/Makefile.am * javax/crypto/NoSuchPaddingException.java * javax/crypto/NullCipher.java * javax/crypto/NullCipherImpl.java * javax/crypto/SealedObject.java * javax/crypto/SecretKey.java * javax/crypto/SecretKeyFactory.java * javax/crypto/SecretKeyFactorySpi.java * javax/crypto/ShortBufferException.java * javax/crypto/interfaces/DHKey.java * javax/crypto/interfaces/DHPrivateKey.java * javax/crypto/interfaces/DHPublicKey.java * javax/crypto/interfaces/PBEKey.java * javax/crypto/spec/DESKeySpec.java * javax/crypto/spec/DESedeKeySpec.java * javax/crypto/spec/DHGenParameterSpec.java * javax/crypto/spec/DHParameterSpec.java * javax/crypto/spec/DHPrivateKeySpec.java * javax/crypto/spec/DHPublicKeySpec.java * javax/crypto/spec/IvParameterSpec.java * javax/crypto/spec/PBEKeySpec.java * javax/crypto/spec/PBEParameterSpec.java * javax/crypto/spec/RC2ParameterSpec.java * javax/crypto/spec/RC5ParameterSpec.java * javax/crypto/spec/SecretKeySpec.java * javax/security/auth/AuthPermission.java * javax/security/auth/DestroyFailedException.java * javax/security/auth/Destroyable.java * javax/security/auth/Policy.java * javax/security/auth/PrivateCredentialPermission.java * javax/security/auth/RefreshFailedException.java * javax/security/auth/Refreshable.java * javax/security/auth/Subject.java * javax/security/auth/SubjectDomainCombiner.java * javax/security/auth/callback/Callback.java * javax/security/auth/callback/CallbackHandler.java * javax/security/auth/callback/ChoiceCallback.java * javax/security/auth/callback/ConfirmationCallback.java * javax/security/auth/callback/LanguageCallback.java * javax/security/auth/callback/NameCallback.java * javax/security/auth/callback/PasswordCallback.java * javax/security/auth/callback/TextInputCallback.java * javax/security/auth/callback/TextOutputCallback.java * javax/security/auth/callback/UnsupportedCallbackException.java * javax/security/auth/login/AccountExpiredException.java * javax/security/auth/login/AppConfigurationEntry.java * javax/security/auth/login/Configuration.java * javax/security/auth/login/CredentialExpiredException.java * javax/security/auth/login/FailedLoginException.java * javax/security/auth/login/LoginContext.java * javax/security/auth/login/LoginException.java * javax/security/auth/login/NullConfiguration.java * javax/security/auth/x500/X500PrivateCredential.java * javax/security/sasl/AuthenticationException.java * javax/security/sasl/AuthorizeCallback.java * javax/security/sasl/RealmCallback.java * javax/security/sasl/RealmChoiceCallback.java * javax/security/sasl/Sasl.java * javax/security/sasl/SaslClient.java * javax/security/sasl/SaslClientFactory.java * javax/security/sasl/SaslException.java * javax/security/sasl/SaslServer.java * javax/security/sasl/SaslServerFactory.java * org/ietf/jgss/ChannelBinding.java * org/ietf/jgss/GSSContext.java * org/ietf/jgss/GSSCredential.java * org/ietf/jgss/GSSException.java * org/ietf/jgss/GSSManager.java * org/ietf/jgss/GSSName.java * org/ietf/jgss/MessageProp.java * org/ietf/jgss/Oid.java * org/ietf/jgss/MessagesBundle.properties Files imported from Jessie <http://www.nongnu.org/jessie/> * javax/net/ServerSocketFactory.java * javax/net/SocketFactory.java * javax/net/VanillaServerSocketFactory.java * javax/net/VanillaSocketFactory.java * javax/net/ssl/HandshakeCompletedEvent.java * javax/net/ssl/HandshakeCompletedListener.java * javax/net/ssl/HostnameVerifier.java * javax/net/ssl/HttpsURLConnection.java * javax/net/ssl/KeyManager.java * javax/net/ssl/KeyManagerFactory.java * javax/net/ssl/KeyManagerFactorySpi.java * javax/net/ssl/ManagerFactoryParameters.java * javax/net/ssl/SSLContext.java * javax/net/ssl/SSLContextSpi.java * javax/net/ssl/SSLException.java * javax/net/ssl/SSLHandshakeException.java * javax/net/ssl/SSLKeyException.java * javax/net/ssl/SSLPeerUnverifiedException.java * javax/net/ssl/SSLPermission.java * javax/net/ssl/SSLProtocolException.java * javax/net/ssl/SSLServerSocket.java * javax/net/ssl/SSLServerSocketFactory.java * javax/net/ssl/SSLSession.java * javax/net/ssl/SSLSessionBindingEvent.java * javax/net/ssl/SSLSessionBindingListener.java * javax/net/ssl/SSLSessionContext.java * javax/net/ssl/SSLSocket.java * javax/net/ssl/SSLSocketFactory.java * javax/net/ssl/TrivialHostnameVerifier.java * javax/net/ssl/TrustManager.java * javax/net/ssl/TrustManagerFactory.java * javax/net/ssl/TrustManagerFactorySpi.java * javax/net/ssl/X509KeyManager.java * javax/net/ssl/X509TrustManager.java * javax/security/cert/Certificate.java * javax/security/cert/CertificateEncodingException.java * javax/security/cert/CertificateException.java * javax/security/cert/CertificateExpiredException.java * javax/security/cert/CertificateNotYetValidException.java * javax/security/cert/CertificateParsingException.java * javax/security/cert/X509CertBridge.java * javax/security/cert/X509Certificate.java 2004-08-20 Casey Marshall <csm@gnu.org> * java/security/cert/X509CRLSelector.java: New file. * java/security/cert/X509CertSelector.java: New file. git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@87795 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'libjava/javax')
-rw-r--r--libjava/javax/crypto/BadPaddingException.java79
-rw-r--r--libjava/javax/crypto/Cipher.java1097
-rw-r--r--libjava/javax/crypto/CipherInputStream.java383
-rw-r--r--libjava/javax/crypto/CipherOutputStream.java268
-rw-r--r--libjava/javax/crypto/CipherSpi.java398
-rw-r--r--libjava/javax/crypto/EncryptedPrivateKeyInfo.java284
-rw-r--r--libjava/javax/crypto/ExemptionMechanism.java226
-rw-r--r--libjava/javax/crypto/ExemptionMechanismException.java81
-rw-r--r--libjava/javax/crypto/ExemptionMechanismSpi.java149
-rw-r--r--libjava/javax/crypto/IllegalBlockSizeException.java71
-rw-r--r--libjava/javax/crypto/KeyAgreement.java373
-rw-r--r--libjava/javax/crypto/KeyAgreementSpi.java160
-rw-r--r--libjava/javax/crypto/KeyGenerator.java284
-rw-r--r--libjava/javax/crypto/KeyGeneratorSpi.java112
-rw-r--r--libjava/javax/crypto/Mac.java414
-rw-r--r--libjava/javax/crypto/MacSpi.java145
-rw-r--r--libjava/javax/crypto/NoSuchPaddingException.java71
-rw-r--r--libjava/javax/crypto/NullCipher.java62
-rw-r--r--libjava/javax/crypto/NullCipherImpl.java127
-rw-r--r--libjava/javax/crypto/SealedObject.java355
-rw-r--r--libjava/javax/crypto/SecretKey.java67
-rw-r--r--libjava/javax/crypto/SecretKeyFactory.java249
-rw-r--r--libjava/javax/crypto/SecretKeyFactorySpi.java108
-rw-r--r--libjava/javax/crypto/ShortBufferException.java70
-rw-r--r--libjava/javax/crypto/interfaces/DHKey.java61
-rw-r--r--libjava/javax/crypto/interfaces/DHPrivateKey.java70
-rw-r--r--libjava/javax/crypto/interfaces/DHPublicKey.java69
-rw-r--r--libjava/javax/crypto/interfaces/PBEKey.java91
-rw-r--r--libjava/javax/crypto/spec/DESKeySpec.java220
-rw-r--r--libjava/javax/crypto/spec/DESedeKeySpec.java151
-rw-r--r--libjava/javax/crypto/spec/DHGenParameterSpec.java100
-rw-r--r--libjava/javax/crypto/spec/DHParameterSpec.java135
-rw-r--r--libjava/javax/crypto/spec/DHPrivateKeySpec.java115
-rw-r--r--libjava/javax/crypto/spec/DHPublicKeySpec.java115
-rw-r--r--libjava/javax/crypto/spec/IvParameterSpec.java96
-rw-r--r--libjava/javax/crypto/spec/PBEKeySpec.java176
-rw-r--r--libjava/javax/crypto/spec/PBEParameterSpec.java100
-rw-r--r--libjava/javax/crypto/spec/RC2ParameterSpec.java166
-rw-r--r--libjava/javax/crypto/spec/RC5ParameterSpec.java202
-rw-r--r--libjava/javax/crypto/spec/SecretKeySpec.java154
-rw-r--r--libjava/javax/net/ServerSocketFactory.java122
-rw-r--r--libjava/javax/net/SocketFactory.java157
-rw-r--r--libjava/javax/net/VanillaServerSocketFactory.java82
-rw-r--r--libjava/javax/net/VanillaSocketFactory.java88
-rw-r--r--libjava/javax/net/ssl/HandshakeCompletedEvent.java152
-rw-r--r--libjava/javax/net/ssl/HandshakeCompletedListener.java57
-rw-r--r--libjava/javax/net/ssl/HostnameVerifier.java64
-rw-r--r--libjava/javax/net/ssl/HttpsURLConnection.java256
-rw-r--r--libjava/javax/net/ssl/KeyManager.java51
-rw-r--r--libjava/javax/net/ssl/KeyManagerFactory.java281
-rw-r--r--libjava/javax/net/ssl/KeyManagerFactorySpi.java102
-rw-r--r--libjava/javax/net/ssl/ManagerFactoryParameters.java50
-rw-r--r--libjava/javax/net/ssl/SSLContext.java269
-rw-r--r--libjava/javax/net/ssl/SSLContextSpi.java109
-rw-r--r--libjava/javax/net/ssl/SSLException.java59
-rw-r--r--libjava/javax/net/ssl/SSLHandshakeException.java51
-rw-r--r--libjava/javax/net/ssl/SSLKeyException.java52
-rw-r--r--libjava/javax/net/ssl/SSLPeerUnverifiedException.java51
-rw-r--r--libjava/javax/net/ssl/SSLPermission.java66
-rw-r--r--libjava/javax/net/ssl/SSLProtocolException.java53
-rw-r--r--libjava/javax/net/ssl/SSLServerSocket.java189
-rw-r--r--libjava/javax/net/ssl/SSLServerSocketFactory.java172
-rw-r--r--libjava/javax/net/ssl/SSLSession.java168
-rw-r--r--libjava/javax/net/ssl/SSLSessionBindingEvent.java94
-rw-r--r--libjava/javax/net/ssl/SSLSessionBindingListener.java65
-rw-r--r--libjava/javax/net/ssl/SSLSessionContext.java103
-rw-r--r--libjava/javax/net/ssl/SSLSocket.java229
-rw-r--r--libjava/javax/net/ssl/SSLSocketFactory.java192
-rw-r--r--libjava/javax/net/ssl/TrivialHostnameVerifier.java51
-rw-r--r--libjava/javax/net/ssl/TrustManager.java47
-rw-r--r--libjava/javax/net/ssl/TrustManagerFactory.java279
-rw-r--r--libjava/javax/net/ssl/TrustManagerFactorySpi.java88
-rw-r--r--libjava/javax/net/ssl/X509KeyManager.java108
-rw-r--r--libjava/javax/net/ssl/X509TrustManager.java76
-rw-r--r--libjava/javax/security/auth/AuthPermission.java146
-rw-r--r--libjava/javax/security/auth/DestroyFailedException.java67
-rw-r--r--libjava/javax/security/auth/Destroyable.java64
-rw-r--r--libjava/javax/security/auth/Policy.java79
-rw-r--r--libjava/javax/security/auth/PrivateCredentialPermission.java322
-rw-r--r--libjava/javax/security/auth/RefreshFailedException.java63
-rw-r--r--libjava/javax/security/auth/Refreshable.java65
-rw-r--r--libjava/javax/security/auth/Subject.java559
-rw-r--r--libjava/javax/security/auth/SubjectDomainCombiner.java96
-rw-r--r--libjava/javax/security/auth/callback/Callback.java65
-rw-r--r--libjava/javax/security/auth/callback/CallbackHandler.java156
-rw-r--r--libjava/javax/security/auth/callback/ChoiceCallback.java237
-rw-r--r--libjava/javax/security/auth/callback/ConfirmationCallback.java506
-rw-r--r--libjava/javax/security/auth/callback/LanguageCallback.java101
-rw-r--r--libjava/javax/security/auth/callback/NameCallback.java179
-rw-r--r--libjava/javax/security/auth/callback/PasswordCallback.java169
-rw-r--r--libjava/javax/security/auth/callback/TextInputCallback.java178
-rw-r--r--libjava/javax/security/auth/callback/TextOutputCallback.java141
-rw-r--r--libjava/javax/security/auth/callback/UnsupportedCallbackException.java102
-rw-r--r--libjava/javax/security/auth/login/AccountExpiredException.java64
-rw-r--r--libjava/javax/security/auth/login/AppConfigurationEntry.java135
-rw-r--r--libjava/javax/security/auth/login/Configuration.java109
-rw-r--r--libjava/javax/security/auth/login/CredentialExpiredException.java64
-rw-r--r--libjava/javax/security/auth/login/FailedLoginException.java63
-rw-r--r--libjava/javax/security/auth/login/LoginContext.java44
-rw-r--r--libjava/javax/security/auth/login/LoginException.java65
-rw-r--r--libjava/javax/security/auth/login/NullConfiguration.java64
-rw-r--r--libjava/javax/security/auth/x500/X500PrivateCredential.java148
-rw-r--r--libjava/javax/security/cert/Certificate.java176
-rw-r--r--libjava/javax/security/cert/CertificateEncodingException.java60
-rw-r--r--libjava/javax/security/cert/CertificateException.java60
-rw-r--r--libjava/javax/security/cert/CertificateExpiredException.java60
-rw-r--r--libjava/javax/security/cert/CertificateNotYetValidException.java60
-rw-r--r--libjava/javax/security/cert/CertificateParsingException.java59
-rw-r--r--libjava/javax/security/cert/X509CertBridge.java203
-rw-r--r--libjava/javax/security/cert/X509Certificate.java191
-rw-r--r--libjava/javax/security/sasl/AuthenticationException.java105
-rw-r--r--libjava/javax/security/sasl/AuthorizeCallback.java171
-rw-r--r--libjava/javax/security/sasl/RealmCallback.java75
-rw-r--r--libjava/javax/security/sasl/RealmChoiceCallback.java71
-rw-r--r--libjava/javax/security/sasl/Sasl.java691
-rw-r--r--libjava/javax/security/sasl/SaslClient.java231
-rw-r--r--libjava/javax/security/sasl/SaslClientFactory.java117
-rw-r--r--libjava/javax/security/sasl/SaslException.java185
-rw-r--r--libjava/javax/security/sasl/SaslServer.java226
-rw-r--r--libjava/javax/security/sasl/SaslServerFactory.java114
120 files changed, 18593 insertions, 0 deletions
diff --git a/libjava/javax/crypto/BadPaddingException.java b/libjava/javax/crypto/BadPaddingException.java
new file mode 100644
index 00000000000..d15224f3e52
--- /dev/null
+++ b/libjava/javax/crypto/BadPaddingException.java
@@ -0,0 +1,79 @@
+/* BadPaddingException -- Signals bad padding bytes on decryption.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * This exception is thrown during decryption when the decrypted input
+ * does not have the proper padding bytes that are expected by the padding
+ * mechanism.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class BadPaddingException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = -5315033893984728443L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new bad padding exception with no detail message.
+ */
+ public BadPaddingException()
+ {
+ super();
+ }
+
+ /**
+ * Creates a new bad padding exception with a detail message.
+ *
+ * @param message The detail message.
+ */
+ public BadPaddingException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/crypto/Cipher.java b/libjava/javax/crypto/Cipher.java
new file mode 100644
index 00000000000..d768d6ad7d3
--- /dev/null
+++ b/libjava/javax/crypto/Cipher.java
@@ -0,0 +1,1097 @@
+/* Cipher.java -- Interface to a cryptographic cipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+import java.util.Enumeration;
+import java.util.StringTokenizer;
+
+import gnu.java.security.Engine;
+
+/**
+ * <p>This class implements a cryptographic cipher for transforming
+ * data.</p>
+ *
+ * <p>Ciphers cannot be instantiated directly; rather one of the
+ * <code>getInstance</code> must be used to instantiate a given
+ * <i>transformation</i>, optionally with a specific provider.</p>
+ *
+ * <p>A transformation is of the form:</p>
+ *
+ * <ul>
+ * <li><i>algorithm</i>/<i>mode</i>/<i>padding</i>, or</li>
+ * <li><i>algorithm</i>
+ * </ul>
+ *
+ * <p>where <i>algorithm</i> is the base name of a cryptographic cipher
+ * (such as "AES"), <i>mode</i> is the abbreviated name of a block
+ * cipher mode (such as "CBC" for cipher block chaining mode), and
+ * <i>padding</i> is the name of a padding scheme (such as
+ * "PKCS5Padding"). If only the algorithm name is supplied, then the
+ * provider-specific default mode and padding will be used.</p>
+ *
+ * <p>An example transformation is:</p>
+ *
+ * <blockquote><code>Cipher c =
+ * Cipher.getInstance("AES/CBC/PKCS5Padding");</code></blockquote>
+ *
+ * <p>Finally, when requesting a block cipher in stream cipher mode
+ * (such as <acronym title="Advanced Encryption Standard">AES</acronym>
+ * in OFB or CFB mode) the number of bits to be processed
+ * at a time may be specified by appending it to the name of the mode;
+ * e.g. <code>"AES/OFB8/NoPadding"</code>. If no such number is
+ * specified a provider-specific default value is used.</p>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @see java.security.KeyGenerator
+ * @see javax.crypto.SecretKey
+ */
+public class Cipher
+{
+
+ // Constants and variables.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "Cipher";
+
+ /**
+ * The decryption operation mode.
+ */
+ public static final int DECRYPT_MODE = 2;
+
+ /**
+ * The encryption operation mode.
+ */
+ public static final int ENCRYPT_MODE = 1;
+
+ /**
+ * Constant for when the key to be unwrapped is a private key.
+ */
+ public static final int PRIVATE_KEY = 2;
+
+ /**
+ * Constant for when the key to be unwrapped is a public key.
+ */
+ public static final int PUBLIC_KEY = 1;
+
+ /**
+ * Constant for when the key to be unwrapped is a secret key.
+ */
+ public static final int SECRET_KEY = 3;
+
+ /**
+ * The key unwrapping operation mode.
+ */
+ public static final int UNWRAP_MODE = 4;
+
+ /**
+ * The key wrapping operation mode.
+ */
+ public static final int WRAP_MODE = 3;
+
+ /**
+ * The uninitialized state. This state signals that any of the
+ * <code>init</code> methods have not been called, and therefore no
+ * transformations can be done.
+ */
+ private static final int INITIAL_STATE = 0;
+
+ /** The underlying cipher service provider interface. */
+ private CipherSpi cipherSpi;
+
+ /** The provider from which this instance came. */
+ private Provider provider;
+
+ /** The transformation requested. */
+ private String transformation;
+
+ /** Our current state (encrypting, wrapping, etc.) */
+ private int state;
+
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * <p>Creates a new cipher instance for the given transformation.</p>
+ *
+ * <p>The installed providers are tried in order for an
+ * implementation, and the first appropriate instance is returned. If
+ * no installed provider can provide the implementation, an
+ * appropriate exception is thrown.</p>
+ *
+ * @param transformation The transformation to create.
+ * @return An appropriate cipher for this transformation.
+ * @throws java.security.NoSuchAlgorithmException If no installed
+ * provider can supply the appropriate cipher or mode.
+ * @throws javax.crypto.NoSuchPaddingException If no installed
+ * provider can supply the appropriate padding.
+ */
+ public static final Cipher getInstance(String transformation)
+ throws NoSuchAlgorithmException, NoSuchPaddingException
+ {
+ Provider[] providers = Security.getProviders();
+ NoSuchPaddingException ex = null;
+ String msg = "";
+ for (int i = 0; i < providers.length; i++)
+ {
+ try
+ {
+ return getInstance(transformation, providers[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ ex = null;
+ }
+ catch (NoSuchPaddingException nspe)
+ {
+ ex = nspe;
+ }
+ }
+ if (ex != null)
+ {
+ throw ex;
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ /**
+ * <p>Creates a new cipher instance for the given transformation and
+ * the named provider.</p>
+ *
+ * @param transformation The transformation to create.
+ * @param provider The name of the provider to use.
+ * @return An appropriate cipher for this transformation.
+ * @throws java.security.NoSuchAlgorithmException If the provider cannot
+ * supply the appropriate cipher or mode.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * is not installed.
+ * @throws javax.crypto.NoSuchPaddingException If the provider cannot
+ * supply the appropriate padding.
+ */
+ public static final Cipher getInstance(String transformation, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ NoSuchPaddingException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(transformation, p);
+ }
+
+ /**
+ * Creates a new cipher instance for the given transform and the given
+ * provider.
+ *
+ * @param transformation The transformation to create.
+ * @param provider The provider to use.
+ * @return An appropriate cipher for this transformation.
+ * @throws java.security.NoSuchAlgorithmException If the given
+ * provider cannot supply the appropriate cipher or mode.
+ * @throws javax.crypto.NoSuchPaddingException If the given
+ * provider cannot supply the appropriate padding scheme.
+ */
+ public static final Cipher getInstance(String transformation, Provider provider)
+ throws NoSuchAlgorithmException, NoSuchPaddingException
+ {
+ CipherSpi result = null;
+ String key = null;
+ String alg = null, mode = null, pad = null;
+ String msg = "";
+ if (transformation.indexOf('/') < 0)
+ {
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, transformation,
+ provider);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ msg = e.getMessage();
+ }
+ }
+ else
+ {
+ StringTokenizer tok = new StringTokenizer(transformation, "/");
+ if (tok.countTokens() != 3)
+ {
+ throw new NoSuchAlgorithmException("badly formed transformation");
+ }
+ alg = tok.nextToken();
+ mode = tok.nextToken();
+ pad = tok.nextToken();
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, transformation,
+ provider);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ msg = e.getMessage();
+ }
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, alg + '/' + mode,
+ provider);
+ result.engineSetPadding(pad);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ if (e instanceof NoSuchPaddingException)
+ {
+ throw (NoSuchPaddingException) e;
+ }
+ msg = e.getMessage();
+ }
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, alg + "//" + pad,
+ provider);
+ result.engineSetMode(mode);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ msg = e.getMessage();
+ }
+ try
+ {
+ result = (CipherSpi) Engine.getInstance(SERVICE, alg, provider);
+ result.engineSetMode(mode);
+ result.engineSetPadding(pad);
+ return new Cipher(result, provider, transformation);
+ }
+ catch (Exception e)
+ {
+ if (e instanceof NoSuchPaddingException)
+ {
+ throw (NoSuchPaddingException) e;
+ }
+ msg = e.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(transformation + ": " + msg);
+ }
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a cipher.
+ *
+ * @param cipherSpi The underlying implementation of the cipher.
+ * @param provider The provider of this cipher implementation.
+ * @param transformation The transformation this cipher performs.
+ */
+ protected
+ Cipher(CipherSpi cipherSpi, Provider provider, String transformation)
+ {
+ this.cipherSpi = cipherSpi;
+ this.provider = provider;
+ this.transformation = transformation;
+ state = INITIAL_STATE;
+ }
+
+ // Public instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the name that this cipher instance was created with; this is
+ * equivalent to the "transformation" argument given to any of the
+ * {@link #getInstance()} methods.
+ *
+ * @return The cipher name.
+ */
+ public final String getAlgorithm()
+ {
+ return transformation;
+ }
+
+ /**
+ * Return the size of blocks, in bytes, that this cipher processes.
+ *
+ * @return The block size.
+ */
+ public final int getBlockSize()
+ {
+ if (cipherSpi != null)
+ {
+ return cipherSpi.engineGetBlockSize();
+ }
+ return 1;
+ }
+
+ /**
+ * Return the currently-operating {@link ExemptionMechanism}.
+ *
+ * @return null, currently.
+ */
+ public final ExemptionMechanism getExemptionMechanism()
+ {
+ return null;
+ }
+
+ /**
+ * Return the <i>initialization vector</i> that this instance was
+ * initialized with.
+ *
+ * @return The IV.
+ */
+ public final byte[] getIV()
+ {
+ if (cipherSpi != null)
+ {
+ return cipherSpi.engineGetIV();
+ }
+ return null;
+ }
+
+ /**
+ * Return the {@link java.security.AlgorithmParameters} that this
+ * instance was initialized with.
+ *
+ * @return The parameters.
+ */
+ public final AlgorithmParameters getParameters()
+ {
+ if (cipherSpi != null) {
+ return cipherSpi.engineGetParameters();
+ }
+ return null;
+ }
+
+ /**
+ * Return this cipher's provider.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Finishes a multi-part transformation, and returns the final
+ * transformed bytes.
+ *
+ * @return The final transformed bytes.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ */
+ public final byte[] doFinal()
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
+ {
+ return doFinal(new byte[0], 0, 0);
+ }
+
+ /**
+ * Finishes a multi-part transformation or does an entire
+ * transformation on the input, and returns the transformed bytes.
+ *
+ * @param input The final input bytes.
+ * @return The final transformed bytes.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ */
+ public final byte[] doFinal(byte[] input)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
+ {
+ return doFinal(input, 0, input.length);
+ }
+
+ /**
+ * Finishes a multi-part transformation or does an entire
+ * transformation on the input, and returns the transformed bytes.
+ *
+ * @param input The final input bytes.
+ * @param inputOffset The index in the input bytes to start.
+ * @param inputLength The number of bytes to read from the input.
+ * @return The final transformed bytes.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ */
+ public final byte[] doFinal(byte[] input, int inputOffset, int inputLength)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException
+ {
+ if (cipherSpi == null)
+ {
+ byte[] b = new byte[inputLength];
+ System.arraycopy(input, inputOffset, b, 0, inputLength);
+ return b;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException("neither encrypting nor decrypting");
+ }
+ state = INITIAL_STATE;
+ return cipherSpi.engineDoFinal(input, inputOffset, inputLength);
+ }
+
+ /**
+ * Finishes a multi-part transformation and stores the transformed
+ * bytes into the given array.
+ *
+ * @param output The destination for the transformed bytes.
+ * @param outputOffset The offset in <tt>output</tt> to start storing
+ * bytes.
+ * @return The number of bytes placed into the output array.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ * @throws javax.crypto.ShortBufferException If the output array is
+ * not large enough to hold the transformed bytes.
+ */
+ public final int doFinal(byte[] output, int outputOffset)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException,
+ ShortBufferException
+ {
+ if (cipherSpi == null)
+ {
+ return 0;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException("neither encrypting nor decrypting");
+ }
+ state = INITIAL_STATE;
+ return cipherSpi.engineDoFinal(new byte[0], 0, 0, output, outputOffset);
+ }
+
+ /**
+ * Finishes a multi-part transformation or transforms a portion of a
+ * byte array, and stores the result in the given byte array.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in <tt>input</tt> to start.
+ * @param inputLength The number of bytes to transform.
+ * @param output The output buffer.
+ * @param outputOffset The index in <tt>output</tt> to start.
+ * @return The number of bytes placed into the output array.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input is not a multiple of this cipher's
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is
+ * decrypting and the padding bytes do not match this
+ * instance's padding scheme.
+ * @throws javax.crypto.ShortBufferException If the output array is
+ * not large enough to hold the transformed bytes.
+ */
+ public final int doFinal(byte[] input, int inputOffset, int inputLength,
+ byte[] output, int outputOffset)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException,
+ ShortBufferException
+ {
+ if (cipherSpi == null)
+ {
+ if (inputLength > output.length - outputOffset)
+ {
+ throw new ShortBufferException();
+ }
+ System.arraycopy(input, inputOffset, output, outputOffset, inputLength);
+ return inputLength;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException("neither encrypting nor decrypting");
+ }
+ state = INITIAL_STATE;
+ return cipherSpi.engineDoFinal(input, inputOffset, inputLength,
+ output, outputOffset);
+ }
+
+ public final int doFinal(byte[] input, int inputOffset, int inputLength,
+ byte[] output)
+ throws IllegalStateException, IllegalBlockSizeException, BadPaddingException,
+ ShortBufferException
+ {
+ return doFinal(input, inputOffset, inputLength, output, 0);
+ }
+
+ /**
+ * Returns the size an output buffer needs to be if this cipher is
+ * updated with a number of bytes.
+ *
+ * @param inputLength The input length.
+ * @return The output length given this input length.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized, or if a <tt>doFinal</tt> call has already
+ * been made.
+ */
+ public final int getOutputSize(int inputLength) throws IllegalStateException
+ {
+ if (cipherSpi == null)
+ {
+ return inputLength;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException("neither encrypting nor decrypting");
+ }
+ return cipherSpi.engineGetOutputSize(inputLength);
+ }
+
+ /**
+ * <p>Initialize this cipher with the public key from the given
+ * certificate.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>As per the Java 1.4 specification, if <code>cert</code> is an
+ * instance of an {@link java.security.cert.X509Certificate} and its
+ * <i>key usage</i> extension field is incompatible with
+ * <code>opmode</code> then an {@link
+ * java.security.InvalidKeyException} is thrown.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) than the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param certificate The certificate.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the certificate's public key, or if the
+ * public key cannot be used as described above.
+ */
+ public final void init(int opmode, Certificate certificate)
+ throws InvalidKeyException
+ {
+ init(opmode, certificate, new SecureRandom());
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) than the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ */
+ public final void init(int opmode, Key key) throws InvalidKeyException
+ {
+ state = opmode;
+ if (cipherSpi != null)
+ {
+ cipherSpi.engineInit(opmode, key, new SecureRandom());
+ }
+ }
+
+ /**
+ * <p>Initialize this cipher with the public key from the given
+ * certificate and the specified source of randomness.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>As per the Java 1.4 specification, if <code>cert</code> is an
+ * instance of an {@link java.security.cert.X509Certificate} and its
+ * <i>key usage</i> extension field is incompatible with
+ * <code>opmode</code> then an {@link
+ * java.security.InvalidKeyException} is thrown.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) than the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param certificate The certificate.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the certificate's public key, or if the
+ * public key cannot be used as described above.
+ */
+ public final void
+ init(int opmode, Certificate certificate, SecureRandom random)
+ throws InvalidKeyException
+ {
+ if (certificate instanceof X509Certificate)
+ {
+ boolean[] keyInfo = ((X509Certificate) certificate).getKeyUsage();
+ if (keyInfo != null)
+ {
+ switch (opmode)
+ {
+ case DECRYPT_MODE:
+ if (!keyInfo[3])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key cannot be used for transforming data");
+ }
+ if (keyInfo[7])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key can only be used for encryption");
+ }
+ break;
+
+ case ENCRYPT_MODE:
+ if (!keyInfo[3])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key cannot be used for transforming data");
+ }
+ if (keyInfo[8])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key can only be used for decryption");
+ }
+ break;
+
+ case UNWRAP_MODE:
+ if (!keyInfo[2] || keyInfo[7])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key cannot be used for key unwrapping");
+ }
+ break;
+
+ case WRAP_MODE:
+ if (!keyInfo[2] || keyInfo[8])
+ {
+ throw new InvalidKeyException(
+ "the certificate's key cannot be used for key wrapping");
+ }
+ break;
+ }
+ }
+ }
+ init(opmode, certificate.getPublicKey(), random);
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key and source of
+ * randomness.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ */
+ public final void init(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException
+ {
+ state = opmode;
+ if (cipherSpi != null)
+ {
+ cipherSpi.engineInit(opmode, key, random);
+ }
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key and parameters.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) then the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param params The algorithm parameters to initialize this instance
+ * with.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate for this cipher.
+ */
+ public final void init(int opmode, Key key, AlgorithmParameters params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ init(opmode, key, params, new SecureRandom());
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key and parameters.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>If this cipher requires any random bytes (for example for an
+ * initilization vector) then the {@link java.security.SecureRandom}
+ * with the highest priority is used as the source of these bytes.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param params The algorithm parameters to initialize this instance
+ * with.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate for this cipher.
+ */
+ public final void init(int opmode, Key key, AlgorithmParameterSpec params)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ init(opmode, key, params, new SecureRandom());
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key, parameters, and
+ * source of randomness.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param params The algorithm parameters to initialize this instance
+ * with.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate for this cipher.
+ */
+ public final void init(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ state = opmode;
+ if (cipherSpi != null)
+ {
+ cipherSpi.engineInit(opmode, key, params, random);
+ }
+ }
+
+ /**
+ * <p>Initialize this cipher with the supplied key, parameters, and
+ * source of randomness.</p>
+ *
+ * <p>The cipher will be initialized for encryption, decryption, key
+ * wrapping, or key unwrapping, depending upon whether the
+ * <code>opmode</code> argument is {@link #ENCRYPT_MODE}, {@link
+ * #DECRYPT_MODE}, {@link #WRAP_MODE}, or {@link #UNWRAP_MODE},
+ * respectively.</p>
+ *
+ * <p>A call to any of the <code>init</code> methods overrides the
+ * state of the instance, and is equivalent to creating a new instance
+ * and calling its <code>init</code> method.</p>
+ *
+ * @param opmode The operation mode to use.
+ * @param key The key.
+ * @param params The algorithm parameters to initialize this instance
+ * with.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidKeyException If the underlying cipher
+ * instance rejects the given key.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate for this cipher.
+ */
+ public final void init(int opmode, Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidKeyException, InvalidAlgorithmParameterException
+ {
+ state = opmode;
+ if (cipherSpi != null)
+ {
+ cipherSpi.engineInit(opmode, key, params, random);
+ }
+ }
+
+ /**
+ * Unwrap a previously-wrapped key.
+ *
+ * @param wrappedKey The wrapped key.
+ * @param wrappedKeyAlgorithm The algorithm with which the key was
+ * wrapped.
+ * @param wrappedKeyType The type of key (public, private, or
+ * secret) that this wrapped key respresents.
+ * @return The unwrapped key.
+ * @throws java.lang.IllegalStateException If this instance has not be
+ * initialized for unwrapping.
+ * @throws java.security.InvalidKeyException If <code>wrappedKey</code>
+ * is not a wrapped key, if the algorithm cannot unwrap this
+ * key, or if the unwrapped key's type differs from the
+ * specified type.
+ * @throws java.security.NoSuchAlgorithmException If
+ * <code>wrappedKeyAlgorithm</code> is not a valid algorithm
+ * name.
+ */
+ public final Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws IllegalStateException, InvalidKeyException, NoSuchAlgorithmException
+ {
+ if (cipherSpi == null)
+ {
+ return null;
+ }
+ if (state != UNWRAP_MODE)
+ {
+ throw new IllegalStateException("instance is not for unwrapping");
+ }
+ return cipherSpi.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+ wrappedKeyType);
+ }
+
+ /**
+ * Continue a multi-part transformation on an entire byte array,
+ * returning the transformed bytes.
+ *
+ * @param input The input bytes.
+ * @return The transformed bytes.
+ * @throws java.lang.IllegalStateException If this cipher was not
+ * initialized for encryption or decryption.
+ */
+ public final byte[] update(byte[] input) throws IllegalStateException
+ {
+ return update(input, 0, input.length);
+ }
+
+ /**
+ * Continue a multi-part transformation on part of a byte array,
+ * returning the transformed bytes.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input to start.
+ * @param inputLength The number of bytes to transform.
+ * @return The transformed bytes.
+ * @throws java.lang.IllegalStateException If this cipher was not
+ * initialized for encryption or decryption.
+ */
+ public final byte[] update(byte[] input, int inputOffset, int inputLength)
+ throws IllegalStateException
+ {
+ if (cipherSpi == null)
+ {
+ byte[] b = new byte[inputLength];
+ System.arraycopy(input, inputOffset, b, 0, inputLength);
+ return b;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException(
+ "cipher is not for encrypting or decrypting");
+ }
+ return cipherSpi.engineUpdate(input, inputOffset, inputLength);
+ }
+
+ /**
+ * Continue a multi-part transformation on part of a byte array,
+ * placing the transformed bytes into the given array.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input to start.
+ * @param inputLength The number of bytes to transform.
+ * @param output The output byte array.
+ * @return The number of transformed bytes.
+ * @throws java.lang.IllegalStateException If this cipher was not
+ * initialized for encryption or decryption.
+ * @throws javax.security.ShortBufferException If there is not enough
+ * room in the output array to hold the transformed bytes.
+ */
+ public final int update(byte[] input, int inputOffset, int inputLength,
+ byte[] output)
+ throws IllegalStateException, ShortBufferException
+ {
+ return update(input, inputOffset, inputLength, output, 0);
+ }
+
+ /**
+ * Continue a multi-part transformation on part of a byte array,
+ * placing the transformed bytes into the given array.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input to start.
+ * @param inputLength The number of bytes to transform.
+ * @param output The output byte array.
+ * @param outputOffset The index in the output array to start.
+ * @return The number of transformed bytes.
+ * @throws java.lang.IllegalStateException If this cipher was not
+ * initialized for encryption or decryption.
+ * @throws javax.security.ShortBufferException If there is not enough
+ * room in the output array to hold the transformed bytes.
+ */
+ public final int update(byte[] input, int inputOffset, int inputLength,
+ byte[] output, int outputOffset)
+ throws IllegalStateException, ShortBufferException
+ {
+ if (cipherSpi == null)
+ {
+ if (inputLength > output.length - outputOffset)
+ {
+ throw new ShortBufferException();
+ }
+ System.arraycopy(input, inputOffset, output, outputOffset, inputLength);
+ return inputLength;
+ }
+ if (state != ENCRYPT_MODE && state != DECRYPT_MODE)
+ {
+ throw new IllegalStateException(
+ "cipher is not for encrypting or decrypting");
+ }
+ return cipherSpi.engineUpdate(input, inputOffset, inputLength,
+ output, outputOffset);
+ }
+
+ /**
+ * Wrap a key.
+ *
+ * @param key The key to wrap.
+ * @return The wrapped key.
+ * @throws java.lang.IllegalStateException If this instance was not
+ * initialized for key wrapping.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the key is not a multiple of the block size.
+ * @throws java.security.InvalidKeyException If this instance cannot
+ * wrap this key.
+ */
+ public final byte[] wrap(Key key)
+ throws IllegalStateException, IllegalBlockSizeException, InvalidKeyException
+ {
+ if (cipherSpi == null)
+ {
+ return null;
+ }
+ if (state != WRAP_MODE)
+ {
+ throw new IllegalStateException("instance is not for key wrapping");
+ }
+ return cipherSpi.engineWrap(key);
+ }
+}
diff --git a/libjava/javax/crypto/CipherInputStream.java b/libjava/javax/crypto/CipherInputStream.java
new file mode 100644
index 00000000000..c01cb47ac4c
--- /dev/null
+++ b/libjava/javax/crypto/CipherInputStream.java
@@ -0,0 +1,383 @@
+/* CipherInputStream.java -- Filters input through a cipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * This is an {@link java.io.InputStream} that filters its data
+ * through a {@link Cipher} before returning it. The <code>Cipher</code>
+ * argument must have been initialized before it is passed to the
+ * constructor.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class CipherInputStream extends FilterInputStream
+{
+
+ // Constants and variables.
+ // ------------------------------------------------------------------------
+
+ /**
+ * The underlying {@link Cipher} instance.
+ */
+ private Cipher cipher;
+
+ /**
+ * Data that has been transformed but not read.
+ */
+ private byte[] outBuffer;
+
+ /**
+ * The offset into {@link #outBuffer} where valid data starts.
+ */
+ private int outOffset;
+
+ /**
+ * The number of valid bytes in the {@link #outBuffer}.
+ */
+ private int outLength;
+
+ /**
+ * Byte buffer that is filled with raw data from the underlying input
+ * stream.
+ */
+ private byte[][] inBuffer;
+
+ /**
+ * The amount of bytes in inBuffer[0] that may be input to the cipher.
+ */
+ private int inLength;
+
+ /**
+ * We set this when the cipher block size is 1, meaning that we can
+ * transform any amount of data.
+ */
+ private boolean isStream;
+
+ private static final int VIRGIN = 0; // I am born.
+ private static final int LIVING = 1; // I am nailed to the hull.
+ private static final int DYING = 2; // I am eaten by sharks.
+ private static final int DEAD = 3;
+ private int state;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new input stream with a source input stream and cipher.
+ *
+ * @param in The underlying input stream.
+ * @param cipher The cipher to filter data through.
+ */
+ public CipherInputStream(InputStream in, Cipher cipher)
+ {
+ this(in);
+ this.cipher = cipher;
+ if (!(isStream = cipher.getBlockSize() == 1))
+ {
+ inBuffer = new byte[2][];
+ inBuffer[0] = new byte[cipher.getBlockSize()];
+ inBuffer[1] = new byte[cipher.getBlockSize()];
+ inLength = 0;
+ outBuffer = new byte[cipher.getBlockSize()];
+ outOffset = outLength = 0;
+ state = VIRGIN;
+ }
+ }
+
+ /**
+ * Creates a new input stream without a cipher. This constructor is
+ * <code>protected</code> because this class does not work without an
+ * underlying cipher.
+ *
+ * @param in The underlying input stream.
+ */
+ protected CipherInputStream(InputStream in)
+ {
+ super(in);
+ }
+
+ // Instance methods overriding java.io.FilterInputStream.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the number of bytes available without blocking. The value
+ * returned by this method is never greater than the underlying
+ * cipher's block size.
+ *
+ * @return The number of bytes immediately available.
+ * @throws java.io.IOException If an I/O exception occurs.
+ */
+ public int available() throws IOException
+ {
+ if (isStream)
+ return super.available();
+ return outLength - outOffset;
+ }
+
+ /**
+ * Close this input stream. This method merely calls the {@link
+ * java.io.InputStream#close()} method of the underlying input stream.
+ *
+ * @throws java.io.IOException If an I/O exception occurs.
+ */
+ public void close() throws IOException
+ {
+ super.close();
+ }
+
+ /**
+ * Read a single byte from this input stream; returns -1 on the
+ * end-of-file.
+ *
+ * @return The byte read, or -1 if there are no more bytes.
+ * @throws java.io.IOExcpetion If an I/O exception occurs.
+ */
+ public int read() throws IOException
+ {
+ if (isStream)
+ {
+ byte[] buf = new byte[1];
+ int in = super.read();
+ if (in == -1)
+ return -1;
+ buf[0] = (byte) in;
+ try
+ {
+ cipher.update(buf, 0, 1, buf, 0);
+ }
+ catch (ShortBufferException shouldNotHappen)
+ {
+ throw new IOException(shouldNotHappen.getMessage());
+ }
+ return buf[0] & 0xFF;
+ }
+ if (state == DEAD) return -1;
+ if (available() == 0) nextBlock();
+ if (state == DEAD) return -1;
+ return outBuffer[outOffset++] & 0xFF;
+ }
+
+ /**
+ * Read bytes into an array, returning the number of bytes read or -1
+ * on the end-of-file.
+ *
+ * @param buf The byte array to read into.
+ * @param off The offset in <code>buf</code> to start.
+ * @param len The maximum number of bytes to read.
+ * @return The number of bytes read, or -1 on the end-of-file.
+ * @throws java.io.IOException If an I/O exception occurs.
+ */
+ public int read(byte[] buf, int off, int len) throws IOException
+ {
+ if (isStream)
+ {
+ len = super.read(buf, off, len);
+ try
+ {
+ cipher.update(buf, off, len, buf, off);
+ }
+ catch (ShortBufferException shouldNotHappen)
+ {
+ throw new IOException(shouldNotHappen.getMessage());
+ }
+ return len;
+ }
+
+ int count = 0;
+ while (count < len)
+ {
+ if (available() == 0)
+ nextBlock();
+ if (state == DEAD)
+ {
+ if (count > 0) return count;
+ else return -1;
+ }
+ int l = Math.min(available(), len - count);
+ System.arraycopy(outBuffer, outOffset, buf, count+off, l);
+ count += l;
+ outOffset = outLength = 0;
+ }
+ return count;
+ }
+
+ /**
+ * Read bytes into an array, returning the number of bytes read or -1
+ * on the end-of-file.
+ *
+ * @param buf The byte arry to read into.
+ * @return The number of bytes read, or -1 on the end-of-file.
+ * @throws java.io.IOException If an I/O exception occurs.
+ */
+ public int read(byte[] buf) throws IOException
+ {
+ return read(buf, 0, buf.length);
+ }
+
+ /**
+ * Skip a number of bytes. This class only supports skipping as many
+ * bytes as are returned by {@link #available()}, which is the number
+ * of transformed bytes currently in this class's internal buffer.
+ *
+ * @param bytes The number of bytes to skip.
+ * @return The number of bytes skipped.
+ */
+ public long skip(long bytes) throws IOException
+ {
+ if (isStream)
+ {
+ return super.skip(bytes);
+ }
+ long ret = 0;
+ if (bytes > 0 && available() > 0)
+ {
+ ret = available();
+ outOffset = outLength = 0;
+ }
+ return ret;
+ }
+
+ /**
+ * Returns whether or not this input stream supports the {@link
+ * #mark(long)} and {@link #reset()} methods; this input stream does
+ * not, however, and invariably returns <code>false</code>.
+ *
+ * @return <code>false</code>
+ */
+ public boolean markSupported()
+ {
+ return false;
+ }
+
+ /**
+ * Set the mark. This method is unsupported and is empty.
+ *
+ * @param mark Is ignored.
+ */
+ public void mark(long mark)
+ {
+ }
+
+ /**
+ * Reset to the mark. This method is unsupported and is empty.
+ */
+ public void reset() throws IOException
+ {
+ throw new IOException("reset not supported");
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private void nextBlock() throws IOException
+ {
+ byte[] temp = inBuffer[0];
+ inBuffer[0] = inBuffer[1];
+ inBuffer[1] = temp;
+ int count = 0;
+ boolean eof = false;
+
+ if (state == VIRGIN || state == LIVING)
+ {
+ do
+ {
+ int l = in.read(inBuffer[1], count, inBuffer[1].length - count);
+ if (l == -1)
+ {
+ eof = true;
+ break;
+ }
+ count += l;
+ }
+ while (count < inBuffer[1].length);
+ }
+
+ try
+ {
+ switch (state)
+ {
+ case VIRGIN:
+ state = LIVING;
+ nextBlock();
+ break;
+ case LIVING:
+ if (eof)
+ {
+ if (count > 0)
+ {
+ outOffset = cipher.update(inBuffer[0], 0, inLength, outBuffer, 0);
+ state = DYING;
+ }
+ else
+ {
+ outOffset = cipher.doFinal(inBuffer[0], 0, inLength, outBuffer, 0);
+ state = DEAD;
+ }
+ }
+ else
+ {
+ outOffset = cipher.update(inBuffer[0], 0, inLength, outBuffer, 0);
+ }
+ break;
+ case DYING:
+ outOffset = cipher.doFinal(inBuffer[0], 0, inLength, outBuffer, 0);
+ state = DEAD;
+ break;
+ case DEAD:
+ }
+ }
+ catch (ShortBufferException sbe)
+ {
+ throw new IOException(sbe.toString());
+ }
+ catch (BadPaddingException bpe)
+ {
+ throw new IOException(bpe.toString());
+ }
+ catch (IllegalBlockSizeException ibse)
+ {
+ throw new IOException(ibse.toString());
+ }
+ inLength = count;
+ }
+}
diff --git a/libjava/javax/crypto/CipherOutputStream.java b/libjava/javax/crypto/CipherOutputStream.java
new file mode 100644
index 00000000000..7eb09c1d08c
--- /dev/null
+++ b/libjava/javax/crypto/CipherOutputStream.java
@@ -0,0 +1,268 @@
+/* CipherOutputStream.java -- Filters output through a cipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * A filtered output stream that transforms data written to it with a
+ * {@link Cipher} before sending it to the underlying output stream.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class CipherOutputStream extends FilterOutputStream
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The underlying cipher. */
+ private Cipher cipher;
+
+ private byte[][] inBuffer;
+
+ private int inLength;
+
+ private byte[] outBuffer;
+
+ private static final int FIRST_TIME = 0;
+ private static final int SECOND_TIME = 1;
+ private static final int SEASONED = 2;
+ private int state;
+
+ /** True if the cipher is a stream cipher (blockSize == 1) */
+ private boolean isStream;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new cipher output stream. The cipher argument must have
+ * already been initialized.
+ *
+ * @param out The sink for transformed data.
+ * @param cipher The cipher to transform data with.
+ */
+ public CipherOutputStream(OutputStream out, Cipher cipher)
+ {
+ super(out);
+ if (cipher != null)
+ {
+ this.cipher = cipher;
+ if (!(isStream = cipher.getBlockSize() == 1))
+ {
+ inBuffer = new byte[2][];
+ inBuffer[0] = new byte[cipher.getBlockSize()];
+ inBuffer[1] = new byte[cipher.getBlockSize()];
+ inLength = 0;
+ state = FIRST_TIME;
+ }
+ }
+ else
+ this.cipher = new NullCipher();
+ }
+
+ /**
+ * Create a cipher output stream with no cipher.
+ *
+ * @param out The sink for transformed data.
+ */
+ protected CipherOutputStream(OutputStream out)
+ {
+ super(out);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Close this output stream, and the sink output stream.
+ *
+ * <p>This method will first invoke the {@link Cipher#doFinal()}
+ * method of the underlying {@link Cipher}, and writes the output of
+ * that method to the sink output stream.
+ *
+ * @throws java.io.IOException If an I/O error occurs, or if an error
+ * is caused by finalizing the transformation.
+ */
+ public void close() throws IOException
+ {
+ try
+ {
+ int len;
+ if (state != FIRST_TIME)
+ {
+ len = cipher.update(inBuffer[0], 0, inBuffer[0].length, outBuffer);
+ out.write(outBuffer, 0, len);
+ }
+ len = cipher.doFinal(inBuffer[0], 0, inLength, outBuffer);
+ out.write(outBuffer, 0, len);
+ }
+ catch (javax.crypto.IllegalBlockSizeException ibse)
+ {
+ throw new IOException(ibse.toString());
+ }
+ catch (javax.crypto.BadPaddingException bpe)
+ {
+ throw new IOException(bpe.toString());
+ }
+ catch (ShortBufferException sbe)
+ {
+ throw new IOException(sbe.toString());
+ }
+ out.flush();
+ out.close();
+ }
+
+ /**
+ * Flush any pending output.
+ *
+ * @throws java.io.IOException If an I/O error occurs.
+ */
+ public void flush() throws IOException
+ {
+ out.flush();
+ }
+
+ /**
+ * Write a single byte to the output stream.
+ *
+ * @param b The next byte.
+ * @throws java.io.IOException If an I/O error occurs, or if the
+ * underlying cipher is not in the correct state to transform
+ * data.
+ */
+ public void write(int b) throws IOException
+ {
+ if (isStream)
+ {
+ byte[] buf = new byte[] { (byte) b };
+ try
+ {
+ cipher.update(buf, 0, 1, buf, 0);
+ }
+ catch (ShortBufferException sbe)
+ {
+ throw new IOException(sbe.toString());
+ }
+ out.write(buf);
+ return;
+ }
+ inBuffer[1][inLength++] = (byte) b;
+ if (inLength == inBuffer[1].length)
+ process();
+ }
+
+ /**
+ * Write a byte array to the output stream.
+ *
+ * @param buf The next bytes.
+ * @throws java.io.IOException If an I/O error occurs, or if the
+ * underlying cipher is not in the correct state to transform
+ * data.
+ */
+ public void write(byte[] buf) throws IOException
+ {
+ write(buf, 0, buf.length);
+ }
+
+ /**
+ * Write a portion of a byte array to the output stream.
+ *
+ * @param buf The next bytes.
+ * @param off The offset in the byte array to start.
+ * @param len The number of bytes to write.
+ * @throws java.io.IOException If an I/O error occurs, or if the
+ * underlying cipher is not in the correct state to transform
+ * data.
+ */
+ public void write(byte[] buf, int off, int len) throws IOException
+ {
+ if (isStream)
+ {
+ out.write(cipher.update(buf, off, len));
+ return;
+ }
+ int count = 0;
+ while (count < len)
+ {
+ int l = Math.min(inBuffer[1].length - inLength, len - count);
+ System.arraycopy(buf, off+count, inBuffer[1], inLength, l);
+ count += l;
+ inLength += l;
+ if (inLength == inBuffer[1].length)
+ process();
+ }
+ }
+
+ // Own method.
+ // -------------------------------------------------------------------------
+
+ private void process() throws IOException
+ {
+ if (state == SECOND_TIME)
+ {
+ state = SEASONED;
+ }
+ else
+ {
+ byte[] temp = inBuffer[0];
+ inBuffer[0] = inBuffer[1];
+ inBuffer[1] = temp;
+ }
+ if (state == FIRST_TIME)
+ {
+ inLength = 0;
+ state = SECOND_TIME;
+ return;
+ }
+ try
+ {
+ cipher.update(inBuffer[0], 0, inBuffer[0].length, outBuffer);
+ }
+ catch (ShortBufferException sbe)
+ {
+ throw new IOException(sbe.toString());
+ }
+ out.write(outBuffer);
+ inLength = 0;
+ }
+}
diff --git a/libjava/javax/crypto/CipherSpi.java b/libjava/javax/crypto/CipherSpi.java
new file mode 100644
index 00000000000..06ea534f4f6
--- /dev/null
+++ b/libjava/javax/crypto/CipherSpi.java
@@ -0,0 +1,398 @@
+/* CipherSpi.java -- The cipher service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * <p>This class represents the <i>Service Provider Interface</i>
+ * (<b>SPI</b>) for cryptographic ciphers.</p>
+ *
+ * <p>Providers of cryptographic ciphers must subclass this for every
+ * cipher they implement, implementing the abstract methods as
+ * appropriate, then provide an entry that points to the subclass in
+ * their implementation of {@link java.security.Provider}.</p>
+ *
+ * <p>CipherSpi objects are instantiated along with {@link Cipher}s when
+ * the {@link Cipher#getInstance(java.lang.String)} methods are invoked.
+ * Particular ciphers are referenced by a <i>transformation</i>, which
+ * is a String consisting of the cipher's name or the ciper's name
+ * followed by a mode and a padding. Transformations all follow the
+ * general form:</p>
+ *
+ * <ul>
+ * <li><i>algorithm</i>, or</li>
+ * <li><i>algorithm</i>/<i>mode</i>/<i>padding</i>
+ * </ul>
+ *
+ * <p>Cipher names in the master {@link java.security.Provider} class
+ * may be:</p>
+ *
+ * <ol>
+ * <li>The algorithm's name, which uses a pluggable mode and padding:
+ * <code>Cipher.<i>algorithm</i></code></li>
+ * <li>The algorithm's name and the mode, which uses pluggable padding:
+ * <code>Cipher.<i>algorithm</i>/<i>mode</i></code></li>
+ * <li>The algorithm's name and the padding, which uses a pluggable
+ * mode: <code>Cipher.<i>algorithm</i>//<i>padding</i></code></li>
+ * <li>The algorihtm's name, the mode, and the padding:
+ * <code>Cipher.<i>algorithm</i>/<i>mode</i>/<i>padding</i></code></li>
+ * </ol>
+ *
+ * <p>When any {@link Cipher#getInstance(java.lang.String)} method is
+ * invoked, the following happens if the transformation is simply
+ * <i>algorithm</i>:</p>
+ *
+ * <ol>
+ * <li>If the provider defines a <code>CipherSpi</code> implementation
+ * for "<i>algorithm</i>", return it. Otherwise throw a {@link
+ * java.security.NoSuchAlgorithmException}.</li>
+ * </ol>
+ *
+ * <p>If the transformation is of the form
+ * <i>algorithm</i>/<i>mode</i>/<i>padding</i>:</p>
+ *
+ * <ol>
+ * <li>If the provider defines a <code>CipherSpi</code> subclass for
+ * "<i>algorithm</i>/<i>mode</i>/<i>padding</i>", return it. Otherwise
+ * go to step 2.</li>
+ *
+ * <li>If the provider defines a <code>CipherSpi</code> subclass for
+ * "<i>algorithm</i>/<i>mode</i>", instatiate it, call {@link
+ * #engineSetPadding(java.lang.String)} for the padding name, and return
+ * it. Otherwise go to step 3.</li>
+ *
+ * <li>If the provider defines a <code>CipherSpi</code> subclass for
+ * "<i>algorithm</i>//<i>padding</i>", instatiate it, call {@link
+ * #engineSetMode(java.lang.String)} for the mode name, and return
+ * it. Otherwise go to step 4.</li>
+ *
+ * <li>If the provider defines a <code>CipherSpi</code> subclass for
+ * "<i>algorithm</i>", instatiate it, call {@link
+ * #engineSetMode(java.lang.String)} for the mode name, call {@link
+ * #engineSetPadding(java.lang.String)} for the padding name, and return
+ * it. Otherwise throw a {@link java.security.NoSuchAlgorithmException}.</li>
+ * </ol>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public abstract class CipherSpi
+{
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new CipherSpi.
+ */
+ public CipherSpi()
+ {
+ }
+
+ // Abstract methods to be implemented by providers.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Finishes a multi-part transformation or transforms a portion of a
+ * byte array, and returns the transformed bytes.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input at which to start.
+ * @param inputLength The number of bytes to transform.
+ * @return The transformed bytes in a new array.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input size is not a multiple of the
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is being
+ * used for decryption and the padding is not appropriate for
+ * this instance's padding scheme.
+ */
+ protected abstract byte[]
+ engineDoFinal(byte[] input, int inputOffset, int inputLength)
+ throws IllegalBlockSizeException, BadPaddingException;
+
+ /**
+ * Finishes a multi-part transformation or transforms a portion of a
+ * byte array, and stores the transformed bytes in the supplied array.
+ *
+ * @param input The input bytes.
+ * @param inputOffset The index in the input at which to start.
+ * @param inputLength The number of bytes to transform.
+ * @param output The output byte array.
+ * @param outputOffset The index in the output array at which to start.
+ * @return The number of transformed bytes stored in the output array.
+ * @throws javax.crypto.IllegalBlockSizeException If this instance has
+ * no padding and the input size is not a multiple of the
+ * block size.
+ * @throws javax.crypto.BadPaddingException If this instance is being
+ * used for decryption and the padding is not appropriate for
+ * this instance's padding scheme.
+ * @throws javax.crypto.ShortBufferException If there is not enough
+ * space in the output array for the transformed bytes.
+ */
+ protected abstract int
+ engineDoFinal(byte[] input, int inputOffset, int inputLength,
+ byte[] output, int outputOffset)
+ throws IllegalBlockSizeException, BadPaddingException, ShortBufferException;
+
+ /**
+ * Returns the block size of the underlying cipher.
+ *
+ * @return The block size.
+ */
+ protected abstract int engineGetBlockSize();
+
+ /**
+ * Returns the initializaiton vector this cipher was initialized with,
+ * if any.
+ *
+ * @return The IV, or null if this cipher uses no IV or if this
+ * instance has not been initialized yet.
+ */
+ protected abstract byte[] engineGetIV();
+
+ /**
+ * <p>Return the length of the given key in bits.</p>
+ *
+ * <p>For compatibility this method is not declared
+ * <code>abstract</code>, and the default implementation will throw an
+ * {@link java.lang.UnsupportedOperationException}. Concrete
+ * subclasses should override this method to return the correct
+ * value.</p>
+ *
+ * @param key The key to get the size for.
+ * @return The size of the key, in bits.
+ * @throws java.security.InvalidKeyException If the key's length
+ * cannot be determined by this implementation.
+ */
+ protected int engineGetKeySize(Key key) throws InvalidKeyException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * <p>Returns the size, in bytes, an output buffer must be for a call
+ * to {@link #engineUpdate(byte[],int,int,byte[],int)} or {@link
+ * #engineDoFinal(byte[],int,int,byte[],int)} to succeed.</p>
+ *
+ * <p>The actual output length may be smaller than the value returned
+ * by this method, as it considers the padding length as well. The
+ * length considered is the argument plus the length of any buffered,
+ * unprocessed bytes.</p>
+ *
+ * @param inputLength The input length, in bytes.
+ * @return The size an output buffer must be.
+ */
+ protected abstract int engineGetOutputSize(int inputLength);
+
+ /**
+ * Returns the parameters that this cipher is using. This may be the
+ * parameters used to initialize this cipher, or it may be parameters
+ * that have been initialized with random values.
+ *
+ * @return This cipher's parameters, or <code>null</code> if this
+ * cipher does not use parameters.
+ */
+ protected abstract AlgorithmParameters engineGetParameters();
+
+ /**
+ * Initializes this cipher with an operation mode, key, and source of
+ * randomness. If this cipher requires any other initializing data,
+ * for example an initialization vector, then it should generate it
+ * from the provided source of randomness.
+ *
+ * @param opmode The operation mode, one of {@link
+ * Cipher#DECRYPT_MODE}, {@link Cipher#ENCRYPT_MODE}, {@link
+ * Cipher#UNWRAP_MODE}, or {@link Cipher#WRAP_MODE}.
+ * @param key The key to initialize this cipher with.
+ * @param random The source of random bytes to use.
+ * @throws java.security.InvalidKeyException If the given key is not
+ * acceptable for this implementation.
+ */
+ protected abstract void engineInit(int opmode, Key key, SecureRandom random)
+ throws InvalidKeyException;
+
+ /**
+ * Initializes this cipher with an operation mode, key, parameters,
+ * and source of randomness. If this cipher requires any other
+ * initializing data, for example an initialization vector, then it should
+ * generate it from the provided source of randomness.
+ *
+ * @param opmode The operation mode, one of {@link
+ * Cipher#DECRYPT_MODE}, {@link Cipher#ENCRYPT_MODE}, {@link
+ * Cipher#UNWRAP_MODE}, or {@link Cipher#WRAP_MODE}.
+ * @param key The key to initialize this cipher with.
+ * @param params The algorithm parameters to initialize with.
+ * @param random The source of random bytes to use.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * given parameters are not appropriate for this
+ * implementation.
+ * @throws java.security.InvalidKeyException If the given key is not
+ * acceptable for this implementation.
+ */
+ protected abstract void
+ engineInit(int opmode, Key key, AlgorithmParameters params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException, InvalidKeyException;
+
+ /**
+ * Initializes this cipher with an operation mode, key, parameters,
+ * and source of randomness. If this cipher requires any other
+ * initializing data, for example an initialization vector, then it should
+ * generate it from the provided source of randomness.
+ *
+ * @param opmode The operation mode, one of {@link
+ * Cipher#DECRYPT_MODE}, {@link Cipher#ENCRYPT_MODE}, {@link
+ * Cipher#UNWRAP_MODE}, or {@link Cipher#WRAP_MODE}.
+ * @param key The key to initialize this cipher with.
+ * @param params The algorithm parameters to initialize with.
+ * @param random The source of random bytes to use.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * given parameters are not appropriate for this
+ * implementation.
+ * @throws java.security.InvalidKeyException If the given key is not
+ * acceptable for this implementation.
+ */
+ protected abstract void
+ engineInit(int opmode, Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException, InvalidKeyException;
+
+ /**
+ * Set the mode in which this cipher is to run.
+ *
+ * @param mode The name of the mode to use.
+ * @throws java.security.NoSuchAlgorithmException If the mode is
+ * not supported by this cipher's provider.
+ */
+ protected abstract void engineSetMode(String mode)
+ throws NoSuchAlgorithmException;
+
+ /**
+ * Set the method with which the input is to be padded.
+ *
+ * @param padding The name of the padding to use.
+ * @throws javax.crypto.NoSuchPaddingException If the padding is not
+ * supported by this cipher's provider.
+ */
+ protected abstract void engineSetPadding(String padding)
+ throws NoSuchPaddingException;
+
+ /**
+ * <p>Unwraps a previously-wrapped key.</p>
+ *
+ * <p>For compatibility this method is not declared
+ * <code>abstract</code>, and the default implementation will throw an
+ * {@link java.lang.UnsupportedOperationException}.</p>
+ *
+ * @param wrappedKey The wrapped key.
+ * @param wrappedKeyAlgorithm The name of the algorithm used to wrap
+ * this key.
+ * @param wrappedKeyType The type of wrapped key; one of
+ * {@link Cipher#PRIVATE_KEY},
+ * {@link Cipher#PUBLIC_KEY}, or
+ * {@link Cipher#SECRET_KEY}.
+ * @return The unwrapped key.
+ * @throws java.security.InvalidKeyException If the key cannot be
+ * unwrapped, or if <code>wrappedKeyType</code> is an
+ * inappropriate type for the unwrapped key.
+ * @throws java.security.NoSuchAlgorithmException If the
+ * <code>wrappedKeyAlgorithm</code> is unknown.
+ */
+ protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+ int wrappedKeyType)
+ throws InvalidKeyException, NoSuchAlgorithmException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Continue with a multi-part transformation, returning a new array of
+ * the transformed bytes.
+ *
+ * @param input The next input bytes.
+ * @param inputOffset The index in the input array from which to start.
+ * @param inputLength The number of bytes to input.
+ * @return The transformed bytes.
+ */
+ protected abstract byte[]
+ engineUpdate(byte[] input, int inputOffset, int inputLength);
+
+ /**
+ * Continue with a multi-part transformation, storing the transformed
+ * bytes into the specified array.
+ *
+ * @param input The next input bytes.
+ * @param inputOffset The index in the input from which to start.
+ * @param inputLength The number of bytes to input.
+ * @param output The output buffer.
+ * @param outputOffset The index in the output array from which to start.
+ * @return The transformed bytes.
+ * @throws javax.crypto.ShortBufferException If there is not enough
+ * space in the output array to store the transformed bytes.
+ */
+ protected abstract int
+ engineUpdate(byte[] input, int inputOffset, int inputLength,
+ byte[] output, int outputOffset)
+ throws ShortBufferException;
+
+ /**
+ * <p>Wrap a key.</p>
+ *
+ * <p>For compatibility this method is not declared
+ * <code>abstract</code>, and the default implementation will throw an
+ * {@link java.lang.UnsupportedOperationException}.</p>
+ *
+ * @param key The key to wrap.
+ * @return The wrapped key.
+ * @throws java.security.InvalidKeyException If the key cannot be
+ * wrapped.
+ */
+ protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException
+ {
+ throw new UnsupportedOperationException();
+ }
+}
diff --git a/libjava/javax/crypto/EncryptedPrivateKeyInfo.java b/libjava/javax/crypto/EncryptedPrivateKeyInfo.java
new file mode 100644
index 00000000000..b64fbd6af5c
--- /dev/null
+++ b/libjava/javax/crypto/EncryptedPrivateKeyInfo.java
@@ -0,0 +1,284 @@
+/* EncryptedPrivateKeyInfo.java -- As in PKCS #8.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.IOException;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+/**
+ * An implementation of the <code>EncryptedPrivateKeyInfo</code> ASN.1
+ * type as specified in <a
+ * href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-8/">PKCS #8 -
+ * Private-Key Information Syntax Standard</a>.
+ *
+ * <p>The ASN.1 type <code>EncryptedPrivateKeyInfo</code> is:
+ *
+ * <blockquote>
+ * <pre>EncryptedPrivateKeyInfo ::= SEQUENCE {
+ * encryptionAlgorithm EncryptionAlgorithmIdentifier,
+ * encryptedData EncryptedData }
+ *
+ * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * EncrytpedData ::= OCTET STRING
+ *
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL }</pre>
+ * </blockquote>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see java.security.spec.PKCS8EncodedKeySpec
+ */
+public class EncryptedPrivateKeyInfo
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The encrypted data. */
+ private byte[] encryptedData;
+
+ /** The encoded, encrypted key. */
+ private byte[] encoded;
+
+ /** The OID of the encryption algorithm. */
+ private OID algOid;
+
+ /** The encryption algorithm's parameters. */
+ private AlgorithmParameters params;
+
+ /** The encoded ASN.1 algorithm parameters. */
+ private byte[] encodedParams;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new <code>EncryptedPrivateKeyInfo</code> object from raw
+ * encrypted data and the parameters used for encryption.
+ *
+ * <p>The <code>encryptedData</code> array is cloned.
+ *
+ * @param params The encryption algorithm parameters.
+ * @param encryptedData The encrypted key data.
+ * @throws java.lang.IllegalArgumentException If the
+ * <code>encryptedData</code> array is empty (zero-length).
+ * @throws java.security.NoSuchAlgorithmException If the algorithm
+ * specified in the parameters is not supported.
+ * @throws java.lang.NullPointerException If <code>encryptedData</code>
+ * is null.
+ */
+ public EncryptedPrivateKeyInfo(AlgorithmParameters params,
+ byte[] encryptedData)
+ throws IllegalArgumentException, NoSuchAlgorithmException
+ {
+ if (encryptedData.length == 0)
+ {
+ throw new IllegalArgumentException("0-length encryptedData");
+ }
+ this.params = params;
+ algOid = new OID(params.getAlgorithm());
+ this.encryptedData = (byte[]) encryptedData.clone();
+ }
+
+ /**
+ * Create a new <code>EncryptedPrivateKeyInfo</code> from an encoded
+ * representation, parsing the ASN.1 sequence.
+ *
+ * @param encoded The encoded info.
+ * @throws java.io.IOException If parsing the encoded data fails.
+ * @throws java.lang.NullPointerException If <code>encoded</code> is
+ * null.
+ */
+ public EncryptedPrivateKeyInfo(byte[] encoded)
+ throws IOException
+ {
+ this.encoded = (byte[]) encoded.clone();
+ decode();
+ }
+
+ /**
+ * Create a new <code>EncryptedPrivateKeyInfo</code> from the cipher
+ * name and the encrytpedData.
+ *
+ * <p>The <code>encryptedData</code> array is cloned.
+ *
+ * @param algName The name of the algorithm (as an object identifier).
+ * @param encryptedData The encrypted key data.
+ * @throws java.lang.IllegalArgumentException If the
+ * <code>encryptedData</code> array is empty (zero-length).
+ * @throws java.security.NoSuchAlgorithmException If algName is not
+ * the name of a supported algorithm.
+ * @throws java.lang.NullPointerException If <code>encryptedData</code>
+ * is null.
+ */
+ public EncryptedPrivateKeyInfo(String algName, byte[] encryptedData)
+ throws IllegalArgumentException, NoSuchAlgorithmException,
+ NullPointerException
+ {
+ if (encryptedData.length == 0)
+ {
+ throw new IllegalArgumentException("0-length encryptedData");
+ }
+ this.algOid = new OID(algName);
+ this.encryptedData = (byte[]) encryptedData.clone();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the name of the cipher used to encrypt this key.
+ *
+ * @return The algorithm name.
+ */
+ public String getAlgName()
+ {
+ return algOid.toString();
+ }
+
+ public AlgorithmParameters getAlgParameters()
+ {
+ if (params == null && encodedParams != null)
+ {
+ try
+ {
+ params = AlgorithmParameters.getInstance(getAlgName());
+ params.init(encodedParams);
+ }
+ catch (NoSuchAlgorithmException ignore)
+ {
+ }
+ catch (IOException ignore)
+ {
+ }
+ }
+ return params;
+ }
+
+ public synchronized byte[] getEncoded() throws IOException
+ {
+ if (encoded == null) encode();
+ return (byte[]) encoded.clone();
+ }
+
+ public byte[] getEncryptedData()
+ {
+ return encryptedData;
+ }
+
+ public PKCS8EncodedKeySpec getKeySpec(Cipher cipher)
+ throws InvalidKeySpecException
+ {
+ try
+ {
+ return new PKCS8EncodedKeySpec(cipher.doFinal(encryptedData));
+ }
+ catch (Exception x)
+ {
+ throw new InvalidKeySpecException(x.toString());
+ }
+ }
+
+ // Own methods.
+ // -------------------------------------------------------------------------
+
+ private void decode() throws IOException
+ {
+ DERReader der = new DERReader(encoded);
+ DERValue val = der.read();
+ if (val.getTag() != DER.SEQUENCE)
+ throw new IOException("malformed EncryptedPrivateKeyInfo");
+ val = der.read();
+ if (val.getTag() != DER.SEQUENCE)
+ throw new IOException("malformed AlgorithmIdentifier");
+ int algpLen = val.getLength();
+ DERValue oid = der.read();
+ if (oid.getTag() != DER.OBJECT_IDENTIFIER)
+ throw new IOException("malformed AlgorithmIdentifier");
+ algOid = (OID) oid.getValue();
+ if (algpLen == 0)
+ {
+ val = der.read();
+ if (val.getTag() != 0)
+ {
+ encodedParams = val.getEncoded();
+ der.read();
+ }
+ }
+ else if (oid.getEncodedLength() < val.getLength())
+ {
+ val = der.read();
+ encodedParams = val.getEncoded();
+ }
+ val = der.read();
+ if (val.getTag() != DER.OCTET_STRING)
+ throw new IOException("malformed AlgorithmIdentifier");
+ encryptedData = (byte[]) val.getValue();
+ }
+
+ private void encode() throws IOException
+ {
+ List algId = new ArrayList(2);
+ algId.add(new DERValue(DER.OBJECT_IDENTIFIER, algOid));
+ getAlgParameters();
+ if (params != null)
+ {
+ algId.add(DERReader.read(params.getEncoded()));
+ }
+ List epki = new ArrayList(2);
+ epki.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, algId));
+ epki.add(new DERValue(DER.OCTET_STRING, encryptedData));
+ encoded = new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, epki).getEncoded();
+ }
+}
diff --git a/libjava/javax/crypto/ExemptionMechanism.java b/libjava/javax/crypto/ExemptionMechanism.java
new file mode 100644
index 00000000000..7fa658e9e37
--- /dev/null
+++ b/libjava/javax/crypto/ExemptionMechanism.java
@@ -0,0 +1,226 @@
+/* ExemptionMechanism.java -- Generic crypto-weakening mechanism.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import gnu.java.security.Engine;
+
+/**
+ * An exemption mechanism, which will conditionally allow cryptography
+ * where it is not normally allowed, implements things such as <i>key
+ * recovery</i>, <i>key weakening</i>, or <i>key escrow</i>.
+ *
+ * <p><b>Implementation note</b>: this class is present for
+ * API-compatibility only; it is not actually used anywhere in this library
+ * and this library does not, in general, support crypto weakening.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class ExemptionMechanism
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "ExemptionMechanism";
+ private ExemptionMechanismSpi emSpi;
+ private Provider provider;
+ private String mechanism;
+ private boolean virgin;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ protected ExemptionMechanism(ExemptionMechanismSpi emSpi, Provider provider,
+ String mechanism)
+ {
+ this.emSpi = emSpi;
+ this.provider = provider;
+ this.mechanism = mechanism;
+ virgin = true;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ public static final ExemptionMechanism getInstance(String mechanism)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ String msg = "";
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(mechanism, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ public static final ExemptionMechanism getInstance(String mechanism,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(mechanism, p);
+ }
+
+ public static final ExemptionMechanism getInstance(String mechanism,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new ExemptionMechanism((ExemptionMechanismSpi)
+ Engine.getInstance(SERVICE, mechanism, provider),
+ provider, mechanism);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ else
+ throw new NoSuchAlgorithmException(mechanism);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(mechanism);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ public final byte[] genExemptionBlob()
+ throws IllegalStateException, ExemptionMechanismException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return emSpi.engineGenExemptionBlob();
+ }
+
+ public final int genExemptionBlob(byte[] output)
+ throws IllegalStateException, ExemptionMechanismException,
+ ShortBufferException
+ {
+ return genExemptionBlob(output, 0);
+ }
+
+ public final int genExemptionBlob(byte[] output, int outputOffset)
+ throws IllegalStateException, ExemptionMechanismException,
+ ShortBufferException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return emSpi.engineGenExemptionBlob(output, outputOffset);
+ }
+
+ public final String getName()
+ {
+ return mechanism;
+ }
+
+ public final int getOutputSize(int inputLength) throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return emSpi.engineGetOutputSize(inputLength);
+ }
+
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ public final void init(Key key)
+ throws ExemptionMechanismException, InvalidKeyException
+ {
+ emSpi.engineInit(key);
+ virgin = false;
+ }
+
+ public final void init(Key key, AlgorithmParameters params)
+ throws ExemptionMechanismException, InvalidAlgorithmParameterException,
+ InvalidKeyException
+ {
+ emSpi.engineInit(key, params);
+ virgin = false;
+ }
+
+ public final void init(Key key, AlgorithmParameterSpec params)
+ throws ExemptionMechanismException, InvalidAlgorithmParameterException,
+ InvalidKeyException
+ {
+ emSpi.engineInit(key, params);
+ virgin = false;
+ }
+
+ public final boolean isCryptoAllowed(Key key)
+ throws ExemptionMechanismException
+ {
+ return true;
+ }
+}
diff --git a/libjava/javax/crypto/ExemptionMechanismException.java b/libjava/javax/crypto/ExemptionMechanismException.java
new file mode 100644
index 00000000000..42e1c5e9b77
--- /dev/null
+++ b/libjava/javax/crypto/ExemptionMechanismException.java
@@ -0,0 +1,81 @@
+/* ExemptionMechanismException -- An error in an exemption mechanism.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with GNU Classpath; if not, write to the
+
+ Free Software Foundation, Inc.,
+ 59 Temple Place, Suite 330,
+ Boston, MA 02111-1307
+ USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under terms
+of your choice, provided that you also meet, for each linked independent
+module, the terms and conditions of the license of that module. An
+independent module is a module which is not derived from or based on
+this library. If you modify this library, you may extend this exception
+to your version of the library, but you are not obligated to do so. If
+you do not wish to do so, delete this exception statement from your
+version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Signals a general exception in an {@link ExemptionMechanism}.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class ExemptionMechanismException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Compatible with JDK1.4. */
+ private static final long serialVersionUID = 1572699429277957109L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new exception with no detail message.
+ */
+ public ExemptionMechanismException()
+ {
+ super();
+ }
+
+ /**
+ * Create a new exception with a detail message.
+ *
+ * @param message The detail message.
+ */
+ public ExemptionMechanismException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/crypto/ExemptionMechanismSpi.java b/libjava/javax/crypto/ExemptionMechanismSpi.java
new file mode 100644
index 00000000000..78997ee0704
--- /dev/null
+++ b/libjava/javax/crypto/ExemptionMechanismSpi.java
@@ -0,0 +1,149 @@
+/* ExemptionMechanismSpi.java -- Exemption mechanism service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for the {@link
+ * ExemptionMechanism} class.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public abstract class ExemptionMechanismSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new exemption mechanism SPI.
+ */
+ public ExemptionMechanismSpi()
+ {
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return a key blob for the key that this mechanism was initialized
+ * with.
+ *
+ * @return The key blob.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ */
+ protected abstract byte[] engineGenExemptionBlob()
+ throws ExemptionMechanismException;
+
+ /**
+ * Generate a key blob for the key that this mechanism was initialized
+ * with, storing it into the given byte array.
+ *
+ * @param output The destination for the key blob.
+ * @param outputOffset The index in the output array to start.
+ * @return The size of the key blob.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ * @throws javax.crypto.ShortBufferException If the output array is
+ * not large enough for the key blob.
+ */
+ protected abstract int engineGenExemptionBlob(byte[] output, int outputOffset)
+ throws ExemptionMechanismException, ShortBufferException;
+
+ /**
+ * Get the size of the output blob given an input key size. The actual
+ * blob may be shorter than the value returned by this method. Both
+ * values are in bytes.
+ *
+ * @param inputLength The input size.
+ * @return The output size.
+ */
+ protected abstract int engineGetOutputSize(int inputLength);
+
+ /**
+ * Initialize this mechanism with a key.
+ *
+ * @param key The key.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used.
+ */
+ protected abstract void engineInit(Key key)
+ throws ExemptionMechanismException, InvalidKeyException;
+
+ /**
+ * Initialize this mechanism with a key and parameters.
+ *
+ * @param key The key.
+ * @param params The parameters.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ * @throws java.security.InvalidAlgorithmParameterExceptin If the
+ * supplied parameters are inappropriate.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used.
+ */
+ protected abstract void engineInit(Key key, AlgorithmParameters params)
+ throws ExemptionMechanismException, InvalidAlgorithmParameterException,
+ InvalidKeyException;
+
+ /**
+ * Initialize this mechanism with a key and parameters.
+ *
+ * @param key The key.
+ * @param params The parameters.
+ * @throws javax.crypto.ExemptionMechanismException If generating the
+ * blob fails.
+ * @throws java.security.InvalidAlgorithmParameterExceptin If the
+ * supplied parameters are inappropriate.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used.
+ */
+ protected abstract void engineInit(Key key, AlgorithmParameterSpec params)
+ throws ExemptionMechanismException, InvalidAlgorithmParameterException,
+ InvalidKeyException;
+}
diff --git a/libjava/javax/crypto/IllegalBlockSizeException.java b/libjava/javax/crypto/IllegalBlockSizeException.java
new file mode 100644
index 00000000000..1e442833c76
--- /dev/null
+++ b/libjava/javax/crypto/IllegalBlockSizeException.java
@@ -0,0 +1,71 @@
+/* IllegalBlockSizeException.java -- Signals illegal block sizes.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * This exception is thrown when finishing encryption without padding or
+ * decryption and the input is not a multiple of the cipher's block
+ * size.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class IllegalBlockSizeException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = -1965144811953540392L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ public IllegalBlockSizeException()
+ {
+ super();
+ }
+
+ public IllegalBlockSizeException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/crypto/KeyAgreement.java b/libjava/javax/crypto/KeyAgreement.java
new file mode 100644
index 00000000000..6f6ed34e04f
--- /dev/null
+++ b/libjava/javax/crypto/KeyAgreement.java
@@ -0,0 +1,373 @@
+/* KeyAgreement.java -- Engine for key agreement methods.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import gnu.java.security.Engine;
+
+/**
+ * Key agreement is a method in which two or more parties may agree on a
+ * secret key for symmetric cryptography or message authentication
+ * without transmitting any secrets in the clear. Key agreement
+ * algorithms typically use a public/private <i>key pair</i>, and the
+ * public key (along with some additional information) is sent across
+ * untrusted networks.
+ *
+ * <p>The most common form of key agreement used today is the
+ * <i>Diffie-Hellman key exchange algorithm</i>, described in <a
+ * href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/">PKCS #3 -
+ * Diffie Hellman Key Agreement Standard</a>.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see KeyGenerator
+ * @see SecretKey
+ */
+public class KeyAgreement
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "KeyAgreement";
+
+ /** The underlying key agreement implementation. */
+ private KeyAgreementSpi kaSpi;
+
+ /** The provider of this implementation. */
+ private Provider provider;
+
+ /** The name of this instance's algorithm. */
+ private String algorithm;
+
+ /** Singnals whether or not this instance has been initialized. */
+ private boolean virgin;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ protected KeyAgreement(KeyAgreementSpi kaSpi, Provider provider,
+ String algorithm)
+ {
+ this.kaSpi = kaSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ virgin = true;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get an implementation of an algorithm from the first provider that
+ * implements it.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @return The proper KeyAgreement instacne, if found.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm is not implemented by any installed provider.
+ */
+ public static final KeyAgreement getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ String msg = algorithm;
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ /**
+ * Get an implementation of an algorithm from a named provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The name of the provider from which to get the
+ * implementation.
+ * @return The proper KeyAgreement instance, if found.
+ * @throws java.security.NoSuchAlgorithmException If the named provider
+ * does not implement the algorithm.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public static final KeyAgreement getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Get an implementation of an algorithm from a specific provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The provider from which to get the implementation.
+ * @return The proper KeyAgreement instance, if found.
+ * @throws java.security.NoSuchAlgorithmException If this provider
+ * does not implement the algorithm.
+ */
+ public static final KeyAgreement getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new KeyAgreement((KeyAgreementSpi)
+ Engine.getInstance(SERVICE, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() == null)
+ throw new NoSuchAlgorithmException(algorithm);
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Do a phase in the key agreement. The number of times this method is
+ * called depends upon the algorithm and the number of parties
+ * involved, but must be called at least once with the
+ * <code>lastPhase</code> flag set to <code>true</code>.
+ *
+ * @param key The key for this phase.
+ * @param lastPhase Should be <code>true</code> if this will be the
+ * last phase before generating the shared secret.
+ * @return The intermediate result, or <code>null</code> if there is
+ * no intermediate result.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ * @throws java.security.InvalidKeyException If the key is
+ * inappropriate for this algorithm.
+ */
+ public final Key doPhase(Key key, boolean lastPhase)
+ throws IllegalStateException, InvalidKeyException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return kaSpi.engineDoPhase(key, lastPhase);
+ }
+
+ /**
+ * Generate the shared secret in a new byte array.
+ *
+ * @return The shared secret.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized, or if not enough calls to
+ * <code>doPhase</code> have been made.
+ */
+ public final byte[] generateSecret() throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return kaSpi.engineGenerateSecret();
+ }
+
+ /**
+ * Generate the shared secret and store it into the supplied array.
+ *
+ * @param sharedSecret The array in which to store the secret.
+ * @param offset The index in <code>sharedSecret</code> to start
+ * storing data.
+ * @return The length of the shared secret, in bytes.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized, or if not enough calls to
+ * <code>doPhase</code> have been made.
+ * @throws javax.crypto.ShortBufferException If the supplied array is
+ * not large enough to store the result.
+ */
+ public final int generateSecret(byte[] sharedSecret, int offset)
+ throws IllegalStateException, ShortBufferException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return kaSpi.engineGenerateSecret(sharedSecret, offset);
+ }
+
+ /**
+ * Generate the shared secret and return it as an appropriate {@link
+ * SecretKey}.
+ *
+ * @param algorithm The secret key's algorithm.
+ * @return The shared secret as a secret key.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized, or if not enough calls to
+ * <code>doPhase</code> have been made.
+ * @throws java.security.InvalidKeyException If the shared secret
+ * cannot be used to make a {@link SecretKey}.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm does not exist.
+ */
+ public final SecretKey generateSecret(String algorithm)
+ throws IllegalStateException, InvalidKeyException, NoSuchAlgorithmException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ return kaSpi.engineGenerateSecret(algorithm);
+ }
+
+ /**
+ * Return the name of this key-agreement algorithm.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this key agreement with a key. This method will use the
+ * highest-priority {@link java.security.SecureRandom} as its source
+ * of randomness.
+ *
+ * @param key The key, usually the user's private key.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ public final void init(Key key) throws InvalidKeyException
+ {
+ init(key, new SecureRandom());
+ }
+
+ /**
+ * Initialize this key agreement with a key and a source of
+ * randomness.
+ *
+ * @param key The key, usually the user's private key.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ public final void init(Key key, SecureRandom random)
+ throws InvalidKeyException
+ {
+ kaSpi.engineInit(key, random);
+ virgin = false; // w00t!
+ }
+
+ /**
+ * Initialize this key agreement with a key and parameters. This
+ * method will use the highest-priority {@link
+ * java.security.SecureRandom} as its source of randomness.
+ *
+ * @param key The key, usually the user's private key.
+ * @param params The algorithm parameters.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are not appropriate.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ public final void init(Key key, AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException, InvalidKeyException
+ {
+ init(key, params, new SecureRandom());
+ }
+
+ /**
+ * Initialize this key agreement with a key, parameters, and source of
+ * randomness.
+ *
+ * @param key The key, usually the user's private key.
+ * @param params The algorithm parameters.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are not appropriate.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ public final void init(Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException, InvalidKeyException
+ {
+ kaSpi.engineInit(key, params, random);
+ virgin = false; // w00t!
+ }
+}
diff --git a/libjava/javax/crypto/KeyAgreementSpi.java b/libjava/javax/crypto/KeyAgreementSpi.java
new file mode 100644
index 00000000000..231f112794b
--- /dev/null
+++ b/libjava/javax/crypto/KeyAgreementSpi.java
@@ -0,0 +1,160 @@
+/* KeyAgreementSpi.java -- The key agreement service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * This is the <i>Service Provider Interface</i> (<b>SPI</b>) for the
+ * {@link javax.crypto.KeyAgreement} class.
+ *
+ * <p>Providers wishing to implement a key agreement algorithm must
+ * subclass this and provide an appropriate implementation for all the
+ * abstract methods below, and provide an appropriate entry in the
+ * master {@link java.security.Provider} class (the service name for key
+ * agreement algorithms is <code>"KeyAgreement"</code>).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see KeyAgreement
+ * @see SecretKey
+ */
+public abstract class KeyAgreementSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new KeyAgreementSpi instance.
+ */
+ public KeyAgreementSpi()
+ {
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Do a phase in the key agreement.
+ *
+ * @param key The key to use for this phase.
+ * @param lastPhase <code>true</code> if this call should be the last
+ * phase.
+ * @return The intermediate result, or <code>null</code> if there is
+ * no intermediate result.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * not appropriate.
+ */
+ protected abstract Key engineDoPhase(Key key, boolean lastPhase)
+ throws IllegalStateException, InvalidKeyException;
+
+ /**
+ * Generate the shared secret in a new byte array.
+ *
+ * @return The shared secret in a new byte array.
+ * @throws java.lang.IllegalStateException If this key agreement is
+ * not ready to generate the secret.
+ */
+ protected abstract byte[] engineGenerateSecret()
+ throws IllegalStateException;
+
+ /**
+ * Generate the shared secret, storing it into the specified array.
+ *
+ * @param sharedSecret The byte array in which to store the secret.
+ * @param offset The offset into the byte array to start.
+ * @return The size of the shared secret.
+ * @throws java.lang.IllegalStateException If this key agreement is
+ * not ready to generate the secret.
+ * @throws javax.crypto.ShortBufferException If there is not enough
+ * space in the supplied array for the shared secret.
+ */
+ protected abstract int engineGenerateSecret(byte[] sharedSecret, int offset)
+ throws IllegalStateException, ShortBufferException;
+
+ /**
+ * Generate the shared secret and return it as a {@link SecretKey}.
+ *
+ * @param algorithm The algorithm with which to generate the secret key.
+ * @return The shared secret as a secret key.
+ * @throws java.lang.IllegalStateException If this key agreement is
+ * not ready to generate the secret.
+ * @throws java.security.InvalidKeyException If the shared secret
+ * cannot be made into a {@link SecretKey}.
+ * @throws java.security.NoSuchAlgorithmException If
+ * <code>algorithm</code> cannot be found.
+ */
+ protected abstract SecretKey engineGenerateSecret(String algorithm)
+ throws IllegalStateException, InvalidKeyException, NoSuchAlgorithmException;
+
+ /**
+ * Initialize this key agreement with a key, parameters, and source of
+ * randomness.
+ *
+ * @param key The key to initialize with, usually a private key.
+ * @param params The parameters to initialize with.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inappropriate.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * inappropriate.
+ */
+ protected abstract void engineInit(Key key, AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException, InvalidKeyException;
+
+ /**
+ * Initialize this key agreement with a key and source of randomness.
+ *
+ * @param key The key to initialize with, usually a private key.
+ * @param random The source of randomness to use.
+ * @throws java.security.InvalidKeyException If the supplied key is
+ * inappropriate.
+ */
+ protected abstract void engineInit(Key key, SecureRandom random)
+ throws InvalidKeyException;
+}
diff --git a/libjava/javax/crypto/KeyGenerator.java b/libjava/javax/crypto/KeyGenerator.java
new file mode 100644
index 00000000000..35753b036de
--- /dev/null
+++ b/libjava/javax/crypto/KeyGenerator.java
@@ -0,0 +1,284 @@
+/* KeyGenerator.java -- Interface to a symmetric key generator.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import gnu.java.security.Engine;
+
+/**
+ * A generic producer of keys for symmetric cryptography. The keys
+ * returned may be simple wrappers around byte arrays, or, if the
+ * target cipher requires them, more complex objects.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see Cipher
+ * @see Mac
+ */
+public class KeyGenerator
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "KeyGenerator";
+
+ /** The underlying generator implementation. */
+ private KeyGeneratorSpi kgSpi;
+
+ /** The provider of the implementation. */
+ private Provider provider;
+
+ /** The name of the algorithm. */
+ private String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new key generator.
+ *
+ * @param kgSpi The underlying generator.
+ * @param provider The provider of this implementation.
+ * @param algorithm The algorithm's name.
+ */
+ protected KeyGenerator(KeyGeneratorSpi kgSpi, Provider provider,
+ String algorithm)
+ {
+ this.kgSpi = kgSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new key generator, returning the first available
+ * implementation.
+ *
+ * @param algorithm The generator algorithm name.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm does not exist.
+ */
+ public static final KeyGenerator getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ String msg = algorithm;
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ /**
+ * Create a new key generator from the named provider.
+ *
+ * @param algorithm The generator algorithm name.
+ * @param provider The name of the provider to use.
+ * @return An appropriate key generator, if found.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm is not implemented by the named provider.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public static final KeyGenerator getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Create a new key generator from the supplied provider.
+ *
+ * @param algorithm The generator algorithm name.
+ * @param provider The provider to use.
+ * @return An appropriate key generator, if found.
+ * @throws java.security.NoSuchAlgorithmException If the specified
+ * algorithm is not implemented by the provider.
+ */
+ public static final KeyGenerator getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new KeyGenerator((KeyGeneratorSpi)
+ Engine.getInstance(SERVICE, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() == null)
+ throw new NoSuchAlgorithmException(algorithm);
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Generate a key.
+ *
+ * @return The new key.
+ */
+ public final SecretKey generateKey()
+ {
+ return kgSpi.engineGenerateKey();
+ }
+
+ /**
+ * Return the name of this key generator.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this key generator with a set of parameters; the
+ * highest-priority {@link java.security.SecureRandom} implementation
+ * will be used.
+ *
+ * @param params The algorithm parameters.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inapproprate.
+ */
+ public final void init(AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException
+ {
+ init(params, new SecureRandom());
+ }
+
+ /**
+ * Initialize this key generator with a set of parameters and a source
+ * of randomness.
+ *
+ * @param params The algorithm parameters.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * supplied parameters are inapproprate.
+ */
+ public final void init(AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidAlgorithmParameterException
+ {
+ kgSpi.engineInit(params, random);
+ }
+
+ /**
+ * Initialize this key generator with a key size (in bits); the
+ * highest-priority {@link java.security.SecureRandom} implementation
+ * will be used.
+ *
+ * @param keySize The target key size, in bits.
+ * @throws java.security.InvalidParameterException If the
+ * key size is unsupported.
+ */
+ public final void init(int keySize)
+ {
+ init(keySize, new SecureRandom());
+ }
+
+ /**
+ * Initialize this key generator with a key size (in bits) and a
+ * source of randomness.
+ *
+ * @param keySize The target key size, in bits.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * key size is unsupported.
+ */
+ public final void init(int keySize, SecureRandom random)
+ {
+ kgSpi.engineInit(keySize, random);
+ }
+
+ /**
+ * Initialize this key generator with a source of randomness. The
+ * implementation-specific default parameters (such as key size) will
+ * be used.
+ *
+ * @param random The source of randomness.
+ */
+ public final void init(SecureRandom random)
+ {
+ kgSpi.engineInit(random);
+ }
+}
diff --git a/libjava/javax/crypto/KeyGeneratorSpi.java b/libjava/javax/crypto/KeyGeneratorSpi.java
new file mode 100644
index 00000000000..fcf229b955c
--- /dev/null
+++ b/libjava/javax/crypto/KeyGeneratorSpi.java
@@ -0,0 +1,112 @@
+/* KeyGeneratorSpi.java -- The key generator service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for the {@link
+ * KeyGenerator} class.
+ *
+ * <p>Providers wishing to implement a key generator must subclass this
+ * and provide an appropriate implementation for all the abstract
+ * methods below, and provide an appropriate entry in the master {@link
+ * java.security.Provider} class (the service name for key generators is
+ * <code>"KeyGenerator"</code>).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see KeyGenerator
+ */
+public abstract class KeyGeneratorSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /** Create a new key generator SPI. */
+ public KeyGeneratorSpi()
+ {
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Generate a key, returning it as a {@link SecretKey}.
+ *
+ * @return The generated key.
+ */
+ protected abstract SecretKey engineGenerateKey();
+
+ /**
+ * Initialize this key generator with parameters and a source of
+ * randomness.
+ *
+ * @param params The parameters.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * parameters are inappropriate for this instance.
+ */
+ protected abstract void engineInit(AlgorithmParameterSpec params,
+ SecureRandom random)
+ throws InvalidAlgorithmParameterException;
+
+ /**
+ * Initialize this key generator with a key size (in bits) and a
+ * source of randomness.
+ *
+ * @param keySize The target key size, in bits.
+ * @param random The source of randomness.
+ * @throws java.security.InvalidParameterException If the
+ * key size is illogical or unsupported.
+ */
+ protected abstract void engineInit(int keySize, SecureRandom random);
+
+ /**
+ * Initialize this key generator with a source of randomness; the
+ * implementation should use reasonable default parameters (such as
+ * generated key size).
+ *
+ * @param random The source of randomness.
+ */
+ protected abstract void engineInit(SecureRandom random);
+}
diff --git a/libjava/javax/crypto/Mac.java b/libjava/javax/crypto/Mac.java
new file mode 100644
index 00000000000..55f5be61b17
--- /dev/null
+++ b/libjava/javax/crypto/Mac.java
@@ -0,0 +1,414 @@
+/* Mac.java -- The message authentication code interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import gnu.java.security.Engine;
+
+/**
+ * This class implements a "message authentication code" (MAC), a method
+ * to ensure the integrity of data transmitted between two parties who
+ * share a common secret key.
+ *
+ * <p>The best way to describe a MAC is as a <i>keyed one-way hash
+ * function</i>, which looks like:
+ *
+ * <blockquote><p><code>D = MAC(K, M)</code></blockquote>
+ *
+ * <p>where <code>K</code> is the key, <code>M</code> is the message,
+ * and <code>D</code> is the resulting digest. One party will usually
+ * send the concatenation <code>M || D</code> to the other party, who
+ * will then verify <code>D</code> by computing <code>D'</code> in a
+ * similar fashion. If <code>D == D'</code>, then the message is assumed
+ * to be authentic.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class Mac implements Cloneable
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "Mac";
+
+ /** The underlying MAC implementation. */
+ private MacSpi macSpi;
+
+ /** The provider we got our implementation from. */
+ private Provider provider;
+
+ /** The name of the algorithm. */
+ private String algorithm;
+
+ /** Whether or not we've been initialized. */
+ private boolean virgin;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new Mac instance.
+ *
+ * @param macSpi The underlying MAC implementation.
+ * @param provider The provider of this implementation.
+ * @param algorithm The name of this MAC algorithm.
+ */
+ protected Mac(MacSpi macSpi, Provider provider, String algorithm)
+ {
+ this.macSpi = macSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ virgin = true;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get an instance of the named algorithm from the first provider with
+ * an appropriate implementation.
+ *
+ * @param algorithm The name of the algorithm.
+ * @return An appropriate Mac instance, if the specified algorithm
+ * is implemented by a provider.
+ * @throws java.security.NoSuchAlgorithmException If no implementation
+ * of the named algorithm is installed.
+ */
+ public static final Mac getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ String msg = "";
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ msg = nsae.getMessage();
+ }
+ }
+ throw new NoSuchAlgorithmException(msg);
+ }
+
+ /**
+ * Get an instance of the named algorithm from the named provider.
+ *
+ * @param algorithm The name of the algorithm.
+ * @param provider The name of the provider.
+ * @return An appropriate Mac instance, if the specified algorithm is
+ * implemented by the named provider.
+ * @throws java.security.NoSuchAlgorithmException If the named provider
+ * has no implementation of the algorithm.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public static final Mac getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Get an instance of the named algorithm from a provider.
+ *
+ * @param algorithm The name of the algorithm.
+ * @param provider The provider.
+ * @return An appropriate Mac instance, if the specified algorithm is
+ * implemented by the provider.
+ * @throws java.security.NoSuchAlgorithmException If the provider
+ * has no implementation of the algorithm.
+ */
+ public static final Mac getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new Mac((MacSpi) Engine.getInstance(SERVICE, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() == null)
+ throw new NoSuchAlgorithmException(algorithm);
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Finishes the computation of a MAC and returns the digest.
+ *
+ * <p>After this method succeeds, it may be used again as just after a
+ * call to <code>init</code>, and can compute another MAC using the
+ * same key and parameters.
+ *
+ * @return The message authentication code.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized.
+ */
+ public final byte[] doFinal() throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ byte[] digest = macSpi.engineDoFinal();
+ reset();
+ return digest;
+ }
+
+ /**
+ * Finishes the computation of a MAC with a final byte array (or
+ * computes a MAC over those bytes only) and returns the digest.
+ *
+ * <p>After this method succeeds, it may be used again as just after a
+ * call to <code>init</code>, and can compute another MAC using the
+ * same key and parameters.
+ *
+ * @param input The bytes to add.
+ * @return The message authentication code.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized.
+ */
+ public final byte[] doFinal(byte[] input) throws IllegalStateException
+ {
+ update(input);
+ byte[] digest = macSpi.engineDoFinal();
+ reset();
+ return digest;
+ }
+
+ /**
+ * Finishes the computation of a MAC and places the result into the
+ * given array.
+ *
+ * <p>After this method succeeds, it may be used again as just after a
+ * call to <code>init</code>, and can compute another MAC using the
+ * same key and parameters.
+ *
+ * @param output The destination for the result.
+ * @param outOffset The index in the output array to start.
+ * @return The message authentication code.
+ * @throws java.lang.IllegalStateException If this instnace has not
+ * been initialized.
+ * @throws javax.crypto.ShortBufferException If <code>output</code> is
+ * not large enough to hold the result.
+ */
+ public final void doFinal(byte[] output, int outOffset)
+ throws IllegalStateException, ShortBufferException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ if (output.length - outOffset < getMacLength())
+ {
+ throw new ShortBufferException();
+ }
+ byte[] mac = macSpi.engineDoFinal();
+ System.arraycopy(mac, 0, output, outOffset, getMacLength());
+ reset();
+ }
+
+ /**
+ * Returns the name of this MAC algorithm.
+ *
+ * @return The MAC name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Get the size of the MAC. This is the size of the array returned by
+ * {@link #doFinal()} and {@link #doFinal(byte[])}, and the minimum
+ * number of bytes that must be available in the byte array passed to
+ * {@link #doFinal(byte[],int)}.
+ *
+ * @return The MAC length.
+ */
+ public int getMacLength()
+ {
+ return macSpi.engineGetMacLength();
+ }
+
+ /**
+ * Get the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this MAC with a key and no parameters.
+ *
+ * @param key The key to initialize this instance with.
+ * @throws java.security.InvalidKeyException If the key is
+ * unacceptable.
+ */
+ public final void init(Key key) throws InvalidKeyException
+ {
+ try
+ {
+ init(key, null);
+ }
+ catch (InvalidAlgorithmParameterException iape)
+ {
+ throw new IllegalArgumentException(algorithm + " needs parameters");
+ }
+ }
+
+ /**
+ * Initialize this MAC with a key and parameters.
+ *
+ * @param key The key to initialize this instance with.
+ * @param params The algorithm-specific parameters.
+ * @throws java.security.InvalidAlgorithmParameterException If the
+ * algorithm parameters are unacceptable.
+ * @throws java.security.InvalidKeyException If the key is
+ * unacceptable.
+ */
+ public final void init(Key key, AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException, InvalidKeyException
+ {
+ macSpi.engineInit(key, params);
+ virgin = false; // w00t!
+ }
+
+ /**
+ * Reset this instance. A call to this method returns this instance
+ * back to the state it was in just after it was initialized.
+ */
+ public final void reset()
+ {
+ macSpi.engineReset();
+ }
+
+ /**
+ * Update the computation with a single byte.
+ *
+ * @param input The next byte.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ */
+ public final void update(byte input) throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ macSpi.engineUpdate(input);
+ }
+
+ /**
+ * Update the computation with a byte array.
+ *
+ * @param input The next bytes.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ */
+ public final void update(byte[] input) throws IllegalStateException
+ {
+ update(input, 0, input.length);
+ }
+
+ /**
+ * Update the computation with a portion of a byte array.
+ *
+ * @param input The next bytes.
+ * @param offset The index in <code>input</code> to start.
+ * @param length The number of bytes to update.
+ * @throws java.lang.IllegalStateException If this instance has not
+ * been initialized.
+ */
+ public final void update(byte[] input, int offset, int length)
+ throws IllegalStateException
+ {
+ if (virgin)
+ {
+ throw new IllegalStateException("not initialized");
+ }
+ macSpi.engineUpdate(input, offset, length);
+ }
+
+ /**
+ * Clone this instance, if the underlying implementation supports it.
+ *
+ * @return A clone of this instance.
+ * @throws java.lang.CloneNotSupportedException If the underlying
+ * implementation is not cloneable.
+ */
+ public Object clone() throws CloneNotSupportedException
+ {
+ Mac result = new Mac((MacSpi) macSpi.clone(), provider, algorithm);
+ result.virgin = virgin;
+ return result;
+ }
+}
diff --git a/libjava/javax/crypto/MacSpi.java b/libjava/javax/crypto/MacSpi.java
new file mode 100644
index 00000000000..3bee392f49d
--- /dev/null
+++ b/libjava/javax/crypto/MacSpi.java
@@ -0,0 +1,145 @@
+/* MacSpi.java -- The MAC service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * This is the <i>Service Provider Interface</i> (<b>SPI</b>) for the
+ * {@link Mac} class.
+ *
+ * <p>Providers wishing to implement a Mac must subclass this class and
+ * provide appropriate implementations of all its abstract methods,
+ * then provide an entry pointing to this implementation in the master
+ * {@link java.security.Provider} class.
+ *
+ * <p>Implemetations may optionally implement the {@link
+ * java.lang.Cloneable} interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public abstract class MacSpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new MacSpi instance.
+ */
+ public MacSpi()
+ {
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns a clone of this instance if cloning is supported.
+ *
+ * @return A clone of this instance.
+ * @throws java.lang.CloneNotSupportedException If this instance does
+ * not support cloneing.
+ */
+ public Object clone() throws CloneNotSupportedException
+ {
+ throw new CloneNotSupportedException();
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Finalize the computation of this MAC and return the result as a
+ * byte array.
+ *
+ * @return The MAC.
+ */
+ protected abstract byte[] engineDoFinal();
+
+ /**
+ * Return the total length, in bytes, of the computed MAC (the length
+ * of the byte array returned by {@link #doFinal()}.
+ *
+ * @return The MAC length.
+ */
+ protected abstract int engineGetMacLength();
+
+ /**
+ * Initialize (or re-initialize) this instance.
+ *
+ * @param key The key to use.
+ * @param params The parameters to use.
+ * @throws java.security.InvalidAlgorithmParameterException If this
+ * instance rejects the specified parameters.
+ * @throws java.security.InvalidKeyException If this instance rejects
+ * the specified key.
+ */
+ protected abstract void engineInit(Key key, AlgorithmParameterSpec params)
+ throws InvalidAlgorithmParameterException, InvalidKeyException;
+
+ /**
+ * Reset this instance. After this method succeeds, the state of this
+ * instance should be the same as it was before any data was input
+ * (possibly after a call to {@link
+ * #init(java.security.Key,java.security.spec.AlgorithmParameterSpec)},
+ * possibly not).
+ */
+ protected abstract void engineReset();
+
+ /**
+ * Update this MAC with a single byte.
+ *
+ * @param input The next byte.
+ */
+ protected abstract void engineUpdate(byte input);
+
+ /**
+ * Update this MAC with a portion of a byte array.
+ *
+ * @param input The next bytes.
+ * @param offset The index in <code>input</code> at which to start.
+ * @param length The number of bytes to update.
+ */
+ protected abstract void engineUpdate(byte[] input, int offset, int length);
+}
diff --git a/libjava/javax/crypto/NoSuchPaddingException.java b/libjava/javax/crypto/NoSuchPaddingException.java
new file mode 100644
index 00000000000..3acd7ae68f6
--- /dev/null
+++ b/libjava/javax/crypto/NoSuchPaddingException.java
@@ -0,0 +1,71 @@
+/* NoSuchPaddingException.java -- Signals an unknown padding scheme.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * This exception is thrown when a particular padding scheme is
+ * requested but is not available.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class NoSuchPaddingException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = -4572885201200175466L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ public NoSuchPaddingException()
+ {
+ super();
+ }
+
+ public NoSuchPaddingException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/crypto/NullCipher.java b/libjava/javax/crypto/NullCipher.java
new file mode 100644
index 00000000000..95f3a8e8f2d
--- /dev/null
+++ b/libjava/javax/crypto/NullCipher.java
@@ -0,0 +1,62 @@
+/* NullCipher.java -- The identity cipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+/**
+ * Trivial subclass of Cipher that implements the <i>identity
+ * transformation</i>, where the input is always copied to the output
+ * unchanged. Null ciphers can be instantiated with the public
+ * constructor.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class NullCipher extends Cipher
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new identity cipher.
+ */
+ public NullCipher()
+ {
+ super(new NullCipherImpl(), null, "NULL");
+ }
+}
diff --git a/libjava/javax/crypto/NullCipherImpl.java b/libjava/javax/crypto/NullCipherImpl.java
new file mode 100644
index 00000000000..b203d24bf78
--- /dev/null
+++ b/libjava/javax/crypto/NullCipherImpl.java
@@ -0,0 +1,127 @@
+/* NullCipherImpl.java -- implementation of NullCipher.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.Key;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * Implementation of the identity cipher.
+ */
+final class NullCipherImpl extends CipherSpi
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ NullCipherImpl()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ protected void engineSetMode(String mode) { }
+ protected void engineSetPadding(String padding) { }
+
+ protected int engineGetBlockSize()
+ {
+ return 1;
+ }
+
+ protected int engineGetOutputSize(int inputLen)
+ {
+ return inputLen;
+ }
+
+ protected byte[] engineGetIV()
+ {
+ return null;
+ }
+
+ protected AlgorithmParameters engineGetParameters()
+ {
+ return null;
+ }
+
+ protected void engineInit(int mode, Key key, SecureRandom random) { }
+ protected void engineInit(int mode, Key key, AlgorithmParameterSpec spec, SecureRandom random) { }
+ protected void engineInit(int mode, Key key, AlgorithmParameters params, SecureRandom random) { }
+
+ protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
+ {
+ if (input == null)
+ return new byte[0];
+ if (inputOffset < 0 || inputLen < 0 || inputOffset + inputLen > input.length)
+ throw new ArrayIndexOutOfBoundsException();
+ byte[] output = new byte[inputLen];
+ System.arraycopy(input, inputOffset, output, 0, inputLen);
+ return output;
+ }
+
+ protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException
+ {
+ if (input == null)
+ return 0;
+ if (inputOffset < 0 || inputLen < 0 || inputOffset + inputLen > input.length
+ || outputOffset < 0)
+ throw new ArrayIndexOutOfBoundsException();
+ if (output.length - outputOffset < inputLen)
+ throw new ShortBufferException();
+ System.arraycopy(input, inputOffset, output, outputOffset, inputLen);
+ return inputLen;
+ }
+
+ protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
+ {
+ return engineUpdate(input, inputOffset, inputLen);
+ }
+
+ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
+ byte[] output, int outputOffset)
+ throws ShortBufferException
+ {
+ return engineUpdate(input, inputOffset, inputLen, output, outputOffset);
+ }
+}
diff --git a/libjava/javax/crypto/SealedObject.java b/libjava/javax/crypto/SealedObject.java
new file mode 100644
index 00000000000..9bbbe29be01
--- /dev/null
+++ b/libjava/javax/crypto/SealedObject.java
@@ -0,0 +1,355 @@
+/* SealedObject.java -- An encrypted Serializable object.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+
+/**
+ * This class allows any {@link java.io.Serializable} object to be
+ * stored in an encrypted form.
+ *
+ * <p>When the sealed object is ready to be unsealed (and deserialized)
+ * the caller may use either
+ *
+ * <ol>
+ * <li>{@link #getObject(javax.crypto.Cipher)}, which uses an
+ * already-initialized {@link javax.crypto.Cipher}.<br>
+ * <br>
+ * or,</li>
+ *
+ * <li>{@link #getObject(java.security.Key)} or {@link
+ * #getObject(java.security.Key,java.lang.String)}, which will
+ * initialize a new cipher instance with the {@link #encodedParams} that
+ * were stored with this sealed object (this is so parameters, such as
+ * the IV, don't need to be known by the one unsealing the object).</li>
+ * </ol>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class SealedObject implements Serializable
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** The encoded algorithm parameters. */
+ protected byte[] encodedParams;
+
+ /** The serialized, encrypted object. */
+ private byte[] encryptedContent;
+
+ /** The algorithm used to seal the object. */
+ private String sealAlg;
+
+ /** The parameter type. */
+ private String paramsAlg;
+
+ /** The cipher that decrypts when this object is unsealed. */
+ private transient Cipher sealCipher;
+
+ /** Compatible with JDK1.4. */
+ private static final long serialVersionUID = 4482838265551344752L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new sealed object from a {@link java.io.Serializable}
+ * object and a cipher.
+ *
+ * @param object The object to seal.
+ * @param cipher The cipher to encrypt with.
+ * @throws java.io.IOException If serializing the object fails.
+ * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+ * padding and the size of the serialized representation of the
+ * object is not a multiple of the cipher's block size.
+ */
+ public SealedObject(Serializable object, Cipher cipher)
+ throws IOException, IllegalBlockSizeException
+ {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ ObjectOutputStream oos = new ObjectOutputStream(baos);
+ oos.writeObject(object);
+ oos.flush();
+ try
+ {
+ encryptedContent = cipher.doFinal(baos.toByteArray());
+ }
+ catch (IllegalStateException ise)
+ {
+ throw new IOException("cipher not in proper state");
+ }
+ catch (BadPaddingException bpe)
+ {
+ throw new IOException(
+ "encrypting but got javax.crypto.BadPaddingException");
+ }
+ sealAlg = cipher.getAlgorithm();
+ encodedParams = cipher.getParameters().getEncoded();
+ paramsAlg = cipher.getParameters().getAlgorithm();
+ }
+
+ /**
+ * Create a new sealed object from another sealed object.
+ *
+ * @param so The other sealed object.
+ */
+ protected SealedObject(SealedObject so)
+ {
+ this.encodedParams = (byte[]) so.encodedParams.clone();
+ this.encryptedContent = (byte[]) so.encryptedContent.clone();
+ this.sealAlg = so.sealAlg;
+ this.paramsAlg = so.paramsAlg;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the name of the algorithm used to seal this object.
+ *
+ * @return The algorithm's name.
+ */
+ public final String getAlgorithm()
+ {
+ return sealAlg;
+ }
+
+ /**
+ * Unseal and deserialize this sealed object with a specified (already
+ * initialized) cipher.
+ *
+ * @param cipher The cipher to decrypt with.
+ * @return The original object.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.lang.ClassNotFoundException If deserialization fails.
+ * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+ * padding and the encrypted data is not a multiple of the
+ * cipher's block size.
+ * @throws javax.crypto.BadPaddingException If the padding bytes are
+ * incorrect.
+ */
+ public final Object getObject(Cipher cipher)
+ throws IOException, ClassNotFoundException, IllegalBlockSizeException,
+ BadPaddingException
+ {
+ sealCipher = cipher;
+ return unseal();
+ }
+
+ /**
+ * Unseal and deserialize this sealed object with the specified key.
+ *
+ * @param key The key to decrypt with.
+ * @return The original object.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.lang.ClassNotFoundException If deserialization fails.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used to unseal this object.
+ * @throws java.security.NoSuchAlgorithmException If the algorithm
+ * used to originally seal this object is not available.
+ */
+ public final Object getObject(Key key)
+ throws IOException, ClassNotFoundException, InvalidKeyException,
+ NoSuchAlgorithmException
+ {
+ try
+ {
+ if (sealCipher == null)
+ sealCipher = Cipher.getInstance(sealAlg);
+ }
+ catch (NoSuchPaddingException nspe)
+ {
+ throw new NoSuchAlgorithmException(nspe.getMessage());
+ }
+ AlgorithmParameters params = null;
+ if (encodedParams != null)
+ {
+ params = AlgorithmParameters.getInstance(paramsAlg);
+ params.init(encodedParams);
+ }
+ try
+ {
+ sealCipher.init(Cipher.DECRYPT_MODE, key, params);
+ return unseal();
+ }
+ catch (InvalidAlgorithmParameterException iape)
+ {
+ throw new IOException("bad parameters");
+ }
+ catch (IllegalBlockSizeException ibse)
+ {
+ throw new IOException("illegal block size");
+ }
+ catch (BadPaddingException bpe)
+ {
+ throw new IOException("bad padding");
+ }
+ }
+
+ /**
+ * Unseal and deserialize this sealed object with the specified key,
+ * using a cipher from the named provider.
+ *
+ * @param key The key to decrypt with.
+ * @param provider The name of the provider to use.
+ * @return The original object.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.lang.ClassNotFoundException If deserialization fails.
+ * @throws java.security.InvalidKeyException If the supplied key
+ * cannot be used to unseal this object.
+ * @throws java.security.NoSuchAlgorithmException If the algorithm
+ * used to originally seal this object is not available from
+ * the named provider.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public final Object getObject(Key key, String provider)
+ throws IOException, ClassNotFoundException, InvalidKeyException,
+ NoSuchAlgorithmException, NoSuchProviderException
+ {
+ try
+ {
+ sealCipher = Cipher.getInstance(sealAlg, provider);
+ }
+ catch (NoSuchPaddingException nspe)
+ {
+ throw new NoSuchAlgorithmException(nspe.getMessage());
+ }
+ AlgorithmParameters params = null;
+ if (encodedParams != null)
+ {
+ params = AlgorithmParameters.getInstance(paramsAlg, provider);
+ params.init(encodedParams);
+ }
+ try
+ {
+ sealCipher.init(Cipher.DECRYPT_MODE, key, params);
+ return unseal();
+ }
+ catch (InvalidAlgorithmParameterException iape)
+ {
+ throw new IOException("bad parameters");
+ }
+ catch (IllegalBlockSizeException ibse)
+ {
+ throw new IOException("illegal block size");
+ }
+ catch (BadPaddingException bpe)
+ {
+ throw new IOException("bad padding");
+ }
+ }
+
+ // Own methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Deserialize this object.
+ *
+ * @param ois The input stream.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.lang.ClassNotFoundException If reading fails.
+ */
+ private void readObject(ObjectInputStream ois)
+ throws IOException, ClassNotFoundException
+ {
+ encodedParams = (byte[]) ois.readObject();
+ encryptedContent = (byte[]) ois.readObject();
+ sealAlg = (String) ois.readObject();
+ paramsAlg = (String) ois.readObject();
+ }
+
+ /**
+ * Serialize this object.
+ *
+ * @param oos The output stream.
+ * @throws java.io.IOException If writing fails.
+ */
+ private void writeObject(ObjectOutputStream oos)
+ throws IOException
+ {
+ oos.writeObject(encodedParams);
+ oos.writeObject(encryptedContent);
+ oos.writeObject(sealAlg);
+ oos.writeObject(paramsAlg);
+ }
+
+ /**
+ * Unseal this object, returning it.
+ *
+ * @return The unsealed, deserialized Object.
+ * @throws java.io.IOException If reading fails.
+ * @throws java.io.ClassNotFoundException If reading fails.
+ * @throws javax.crypto.IllegalBlockSizeException If the cipher has no
+ * padding and the encrypted data is not a multiple of the
+ * cipher's block size.
+ * @throws javax.crypto.BadPaddingException If the padding bytes are
+ * incorrect.
+ */
+ private Object unseal()
+ throws IOException, ClassNotFoundException, IllegalBlockSizeException,
+ BadPaddingException
+ {
+ ByteArrayInputStream bais = null;
+ try
+ {
+ bais = new ByteArrayInputStream(sealCipher.doFinal(encryptedContent));
+ }
+ catch (IllegalStateException ise)
+ {
+ throw new IOException("cipher not initialized");
+ }
+ ObjectInputStream ois = new ObjectInputStream(bais);
+ return ois.readObject();
+ }
+}
diff --git a/libjava/javax/crypto/SecretKey.java b/libjava/javax/crypto/SecretKey.java
new file mode 100644
index 00000000000..85529b94de2
--- /dev/null
+++ b/libjava/javax/crypto/SecretKey.java
@@ -0,0 +1,67 @@
+/* SecretKey.java -- A key for symmetric cryptography.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License along
+with GNU Classpath; if not, write to the
+
+ Free Software Foundation, Inc.,
+ 59 Temple Place, Suite 330,
+ Boston, MA 02111-1307
+ USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under terms
+of your choice, provided that you also meet, for each linked independent
+module, the terms and conditions of the license of that module. An
+independent module is a module which is not derived from or based on
+this library. If you modify this library, you may extend this exception
+to your version of the library, but you are not obligated to do so. If
+you do not wish to do so, delete this exception statement from your
+version. */
+
+
+package javax.crypto;
+
+import java.security.Key;
+
+/**
+ * A secret key for symmetric cryptography.
+ *
+ * <p>This interface defines no new methods over {@link
+ * java.security.Key}, but rather is intended to be a <i>marker
+ * interface</i> and to provide type safety for secret keys.</p>
+ *
+ * <p>The format of secret keys should be <code>RAW</code>, as returned
+ * by {@link java.security.Key#getFormat()}.</p>
+ *
+ * <p>Concrete implementations of this interface should override the
+ * {@link java.lang.Object#equals} and {@link java.lang.Object#hashCode}
+ * methods of {@link java.lang.Object} to use the actual key data rather
+ * than the identity-based default methods.</p>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @see javax.crypto.SecretKeyFactory
+ * @see javax.crypto.Cipher
+ */
+public interface SecretKey extends Key
+{
+}
diff --git a/libjava/javax/crypto/SecretKeyFactory.java b/libjava/javax/crypto/SecretKeyFactory.java
new file mode 100644
index 00000000000..92f18ec6659
--- /dev/null
+++ b/libjava/javax/crypto/SecretKeyFactory.java
@@ -0,0 +1,249 @@
+/* SecretKeyFactory.java -- Factory for creating secret keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+
+import gnu.java.security.Engine;
+
+/**
+ * A secret key factory translates {@link SecretKey} objects to and from
+ * {@link java.security.spec.KeySpec} objects, and can translate between
+ * different vendors' representations of {@link SecretKey} objects (for
+ * security or semantics; whichever applies).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see SecretKey
+ */
+public class SecretKeyFactory
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ private static final String SERVICE = "SecretKeyFactory";
+
+ /** The underlying factory implementation. */
+ private SecretKeyFactorySpi skfSpi;
+
+ /** The provider of the implementation. */
+ private Provider provider;
+
+ /** The name of the algorithm. */
+ private String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new secret key factory.
+ *
+ * @param skfSpi The underlying factory implementation.
+ * @param provider The provider.
+ * @param algorithm The algorithm name.
+ */
+ protected SecretKeyFactory(SecretKeyFactorySpi skfSpi, Provider provider,
+ String algorithm)
+ {
+ this.skfSpi = skfSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new secret key factory from the first appropriate
+ * instance.
+ *
+ * @param algorithm The algorithm name.
+ * @return The appropriate key factory, if found.
+ * @throws java.security.NoSuchAlgorithmException If no provider
+ * implements the specified algorithm.
+ */
+ public static final SecretKeyFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ }
+ }
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Create a new secret key factory from the named provider.
+ *
+ * @param algorithm The algorithm name.
+ * @param provider The provider name.
+ * @return The appropriate key factory, if found.
+ * @throws java.security.NoSuchAlgorithmException If the named
+ * provider does not implement the algorithm.
+ * @throws java.security.NoSuchProviderException If the named provider
+ * does not exist.
+ */
+ public static final SecretKeyFactory getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Create a new secret key factory from the specified provider.
+ *
+ * @param algorithm The algorithm name.
+ * @param provider The provider.
+ * @return The appropriate key factory, if found.
+ * @throws java.security.NoSuchAlgorithmException If the provider
+ * does not implement the algorithm.
+ */
+ public static final SecretKeyFactory getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new SecretKeyFactory((SecretKeyFactorySpi)
+ Engine.getInstance(SERVICE, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ if (ite.getCause() == null)
+ throw new NoSuchAlgorithmException(algorithm);
+ if (ite.getCause() instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) ite.getCause();
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Generate a secret key from a key specification, if possible.
+ *
+ * @param keySpec The key specification.
+ * @return The secret key.
+ * @throws java.security.InvalidKeySpecException If the key specification
+ * cannot be transformed into a secret key.
+ */
+ public final SecretKey generateSecret(KeySpec keySpec)
+ throws InvalidKeySpecException
+ {
+ return skfSpi.engineGenerateSecret(keySpec);
+ }
+
+ /**
+ * Get the algorithm name.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Get the key specification from a secret key.
+ *
+ * @param key The secret key.
+ * @param keySpec The target key specification class.
+ * @return The key specification.
+ * @throws java.security.spec.InvalidKeySpecException If the secret key cannot
+ * be transformed into the specified key specification.
+ */
+ public final KeySpec getKeySpec(SecretKey key, Class keySpec)
+ throws InvalidKeySpecException
+ {
+ return skfSpi.engineGetKeySpec(key, keySpec);
+ }
+
+ /**
+ * Get the provider of this implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Translate a secret key into another form.
+ *
+ * @param key The key to translate.
+ * @return The translated key.
+ * @throws java.security.InvalidKeyException If the argument cannot be
+ * translated.
+ */
+ public final SecretKey translateKey(SecretKey key)
+ throws InvalidKeyException
+ {
+ return skfSpi.engineTranslateKey(key);
+ }
+}
diff --git a/libjava/javax/crypto/SecretKeyFactorySpi.java b/libjava/javax/crypto/SecretKeyFactorySpi.java
new file mode 100644
index 00000000000..7b4763dff41
--- /dev/null
+++ b/libjava/javax/crypto/SecretKeyFactorySpi.java
@@ -0,0 +1,108 @@
+/* SecretKeyFactorySpi.java -- Secret key factory service provider interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+import java.security.spec.InvalidKeySpecException;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for the {@link
+ * SecretKeyFactory} class.
+ *
+ * <p>Providers wishing to implement a secret key factory must
+ * subclass this and provide an appropriate implementation for all the
+ * abstract methods below, and provide an appropriate entry in the
+ * master {@link java.security.Provider} class (the service name for
+ * secret key factories is <code>"SecretKeyFactory"</code>).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see SecretKeyFactory
+ */
+public abstract class SecretKeyFactorySpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new secret key factory SPI.
+ */
+ public SecretKeyFactorySpi()
+ {
+ }
+
+ // Abstract instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Translate a {@link java.security.KeySpec} into a {@link SecretKey}.
+ *
+ * @param keySpec The key specification.
+ * @return The secret key.
+ * @throws java.security.spec.InvalidKeySpecException If the key specification
+ * cannot be translated into a secret key.
+ */
+ protected abstract SecretKey engineGenerateSecret(KeySpec keySpec)
+ throws InvalidKeySpecException;
+
+ /**
+ * Translate a {@link SecretKey} into a {@link java.security.KeySpec}.
+ *
+ * @param key The secret key.
+ * @param keySpec The desired key specification class.
+ * @return The key specification.
+ * @throws java.security.spec.InvalidKeySpecException If the secret key cannot
+ * be translated into the desired key specification.
+ */
+ protected abstract KeySpec engineGetKeySpec(SecretKey key, Class keySpec)
+ throws InvalidKeySpecException;
+
+ /**
+ * Translate a secret key into a different representation.
+ *
+ * @param key The secret key to translate.
+ * @return The translated key.
+ * @throws java.security.InvalidKeyException If the specified secret
+ * key cannot be translated.
+ */
+ protected abstract SecretKey engineTranslateKey(SecretKey key)
+ throws InvalidKeyException;
+}
diff --git a/libjava/javax/crypto/ShortBufferException.java b/libjava/javax/crypto/ShortBufferException.java
new file mode 100644
index 00000000000..5b5bf5437e5
--- /dev/null
+++ b/libjava/javax/crypto/ShortBufferException.java
@@ -0,0 +1,70 @@
+/* ShortBufferException.java -- Signals a short output buffer.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * This exception is thrown on an attempt to transform bytes into a
+ * buffer that is too short to contain the data.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class ShortBufferException extends GeneralSecurityException
+{
+
+ // Constant.
+ // ------------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = 8427718640832943747L;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ public ShortBufferException()
+ {
+ super();
+ }
+
+ public ShortBufferException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/crypto/interfaces/DHKey.java b/libjava/javax/crypto/interfaces/DHKey.java
new file mode 100644
index 00000000000..d5d827946df
--- /dev/null
+++ b/libjava/javax/crypto/interfaces/DHKey.java
@@ -0,0 +1,61 @@
+/* DHKey.java -- General interface for a Diffie-Hellman key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.interfaces;
+
+import javax.crypto.spec.DHParameterSpec;
+
+/**
+ * This interface marks public/private keys in the Diffie-Hellman key
+ * exchange algorithm. Implementations of Diffie-Hellman keys should
+ * implement this interface, and applications can safely cast keys that
+ * are known to be Diffie-Hellman keys to this interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public interface DHKey
+{
+ /**
+ * Returns the Diffie-Hellman parameters for this key, which includes
+ * the generator and the prime.
+ *
+ * @return The Diffie-Hellman parameters.
+ */
+ DHParameterSpec getParams();
+}
diff --git a/libjava/javax/crypto/interfaces/DHPrivateKey.java b/libjava/javax/crypto/interfaces/DHPrivateKey.java
new file mode 100644
index 00000000000..63b9c15c416
--- /dev/null
+++ b/libjava/javax/crypto/interfaces/DHPrivateKey.java
@@ -0,0 +1,70 @@
+/* DHPrivateKey.java -- A Diffie-Hellman private key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.interfaces;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+
+/**
+ * This interface marks a private key in the Diffie-Hellman key exchange
+ * algorithm. It should be treated with as much care as any {@link
+ * java.security.PrivateKey}.
+ *
+ * <p>Implementations of Diffie-Hellman private keys should implement
+ * this interface. Applications that know a particular key is a
+ * Diffie-Hellman private key can safely cast it to this interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHKey
+ * @see DHPublicKey
+ */
+public interface DHPrivateKey extends DHKey, PrivateKey
+{
+
+ /** Compatible with JDK1.4. */
+ static final long serialVersionUID = 2211791113380396553L;
+
+ /**
+ * Returns the private value <i>x</i>.
+ *
+ * @return The private value <i>x</i>.
+ */
+ BigInteger getX();
+}
diff --git a/libjava/javax/crypto/interfaces/DHPublicKey.java b/libjava/javax/crypto/interfaces/DHPublicKey.java
new file mode 100644
index 00000000000..5e0b35bf008
--- /dev/null
+++ b/libjava/javax/crypto/interfaces/DHPublicKey.java
@@ -0,0 +1,69 @@
+/* DHPublicKey.java -- A Diffie-Hellman public key.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.interfaces;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+
+/**
+ * This interface marks a public key in the Diffie-Hellman key-exchange
+ * algorithm.
+ *
+ * <p>Implementations of Diffie-Hellman public keys should implement
+ * this interface. Applications that know that a particular key is a
+ * Diffie-Hellman public key it can be safely cast to this interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHKey
+ * @see DHPrivateKey
+ */
+public interface DHPublicKey extends DHKey, PublicKey
+{
+
+ /** Compatible with JDK1.4. */
+ static final long serialVersionUID = -6628103563352519193L;
+
+ /**
+ * Get the public value <i>y</i>.
+ *
+ * @return The public value <i>y</i>.
+ */
+ BigInteger getY();
+}
diff --git a/libjava/javax/crypto/interfaces/PBEKey.java b/libjava/javax/crypto/interfaces/PBEKey.java
new file mode 100644
index 00000000000..53349189849
--- /dev/null
+++ b/libjava/javax/crypto/interfaces/PBEKey.java
@@ -0,0 +1,91 @@
+/* PBEKey.java -- A key derived from a password.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.interfaces;
+
+import javax.crypto.SecretKey;
+
+/**
+ * Interface to a password-derived key for password-based encryption
+ * (PBE). Applications working with a {@link javax.crypto.SecretKey}
+ * that is known to be a password-based key can safely cast such keys to
+ * this interface.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public interface PBEKey extends SecretKey
+{
+
+ /** Compatible with JDK1.4. */
+ static final long serialVersionUID = -1430015993304333921L;
+
+ /**
+ * Retruns the iteration count, or 0 if not specified.
+ *
+ * @return The iteration count.
+ */
+ int getIterationCount();
+
+ /**
+ * Returns a copy of the password as a character array. It is the
+ * caller's responsibility to zero-out the password when it is no
+ * longer in use.
+ *
+ * <p>Although it is not specified in the documentation,
+ * implementations should not copy or clone the password array, but
+ * rather return the reference to the array itself, so the caller has
+ * the ability to erase the password.
+ *
+ * @return The password.
+ */
+ char[] getPassword();
+
+ /**
+ * Returns a copy of the salt. It is the caller's responsibility to
+ * zero-out the salt when it is no longer in use.
+ *
+ * <p>Although it is not specified in the documentation,
+ * implementations should not copy or clone the salt array, but
+ * rather return the reference to the array itself, so the caller has
+ * the ability to erase the salt.
+ *
+ * @return The salt.
+ */
+ byte[] getSalt();
+}
diff --git a/libjava/javax/crypto/spec/DESKeySpec.java b/libjava/javax/crypto/spec/DESKeySpec.java
new file mode 100644
index 00000000000..7423c969b63
--- /dev/null
+++ b/libjava/javax/crypto/spec/DESKeySpec.java
@@ -0,0 +1,220 @@
+/* DESKeySpec -- Keys for DES.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+
+/**
+ * This class is a transparent wrapper for DES keys, which are arrays
+ * of 8 bytes.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class DESKeySpec implements KeySpec
+{
+
+ // Constants.
+ // ------------------------------------------------------------------------
+
+ /**
+ * The length of a DES key, in bytes.
+ */
+ public static final int DES_KEY_LEN = 8;
+
+ /**
+ * The key bytes.
+ */
+ private byte[] key;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new DES key spec, copying the first 8 bytes from the
+ * byte array.
+ *
+ * @param key The key bytes.
+ * @throws java.security.InvalidKeyException If there are less than 8
+ * bytes in the array.
+ */
+ public DESKeySpec(byte[] key) throws InvalidKeyException
+ {
+ this(key, 0);
+ }
+
+ /**
+ * Create a new DES key spec, starting at <code>offset</code> in
+ * the byte array. The first 8 bytes starting at <code>offset</code>
+ * are copied.
+ *
+ * @param key The key bytes.
+ * @param offset The offset into the byte array at which to begin.
+ * @throws java.security.InvalidKeyException If there are less than 8
+ * bytes starting at <code>offset</code>.
+ */
+ public DESKeySpec(byte[] key, int offset) throws InvalidKeyException
+ {
+ if (key.length - offset < DES_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES keys must be 8 bytes long");
+ }
+ this.key = new byte[DES_KEY_LEN];
+ System.arraycopy(key, offset, this.key, 0, DES_KEY_LEN);
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns whether or not the given key is <i>parity adjusted</i>;
+ * i.e. every byte in the key has an odd number of "1" bits.
+ *
+ * @param key The key bytes, considered between <code>[offset,
+ * offset+7]</code>
+ * @param offset The offset into the byte array at which to begin.
+ * @return True if all bytes have an odd number of "1" bits.
+ * @throws java.security.InvalidKeyException If there are not enough
+ * bytes in the array.
+ */
+ public static boolean isParityAdjusted(byte[] key, int offset)
+ throws InvalidKeyException
+ {
+ if (key.length - offset < DES_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES keys must be 8 bytes long");
+ }
+ boolean parity = false;
+ boolean oddbits = false;
+ for (int i = 0; i < DES_KEY_LEN; i++)
+ {
+ oddbits = false;
+ for (int j = 0; j < 8; j++)
+ {
+ oddbits ^= (key[i+offset] & 1 << j) != 0;
+ }
+ parity &= oddbits;
+ }
+ return parity;
+ }
+
+ /**
+ * One-half of the weak and semiweak DES keys (the other half are the
+ * complements of these).
+ */
+ private static final byte[][] WEAK_KEYS = new byte[][] {
+ { 0, 0, 0, 0, 0, 0, 0, 0 }, // 0000 0000 0000 0000
+ { -1, -1, -1, -1, 0, 0, 0, 0 }, // ffff ffff 0000 0000
+ { 1, 1, 1, 1, 1, 1, 1, 1 }, // 0101 0101 0101 0101
+ { 31, 31, 31, 31, 14, 14, 14, 14 }, // 1f1f 1f1f 0e0e 0e0e
+ { 1, -2, 1, -2, 1, -2, 1, -2 }, // 01fe 01fe 01fe 01fe
+ { 31, -32, 31, -32, -32, 31, -32, 31 }, // 1fe0 1fe0 0e1f 0e1f
+ { 1, -32, 1, -32, 1, -15, 1, -15 }, // 01e0 01e0 01f1 01f1
+ { 31, -2, 31, -2, 14, -2, 14, -2 }, // 1ffe 1ffe 0efe 0efe
+ { 1, 31, 1, 31, 1, 14, 1, 14 }, // 011f 011f 010e 010e
+ { -32, -2, -32, -2, -15, -2, -15, -2 }, // e0fe e0fe f1fe f1fe
+ };
+
+ /**
+ * Tests if the bytes between <code>[offset, offset+7]</code>
+ * constitute a weak or semi-weak DES key.
+ *
+ * @param key The key bytes to check.
+ * @param offset The offset in the byte array to start.
+ * @return true If the key bytes are a weak key.
+ */
+ public static boolean isWeak(byte[] key, int offset)
+ throws InvalidKeyException
+ {
+ if (key.length - offset < DES_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES keys must be 8 bytes long");
+ }
+ for (int i = 0; i < WEAK_KEYS.length; i++)
+ {
+ if (equalsOrComplementEquals(key, offset, WEAK_KEYS[i]))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * This method returns true if the first 8 bytes starting at
+ * <code>off</code> in <code>a</code> equal the first 8 bytes in
+ * <code>b</code>, or equal the <i>complement</i> of the first 8 bytes
+ * in <code>b</code>.
+ *
+ * @param a The first byte array.
+ * @param off The index into the first byte array.
+ * @param b The second byte array.
+ * @return <code>a == b || a == ~b</code>
+ */
+ private static boolean equalsOrComplementEquals(byte[] a, int off, byte[] b)
+ {
+ boolean result = true;
+ for (int i = 0; i < DES_KEY_LEN; i++)
+ {
+ result &= a[off+i] == b[i];
+ }
+ if (result) return true;
+ result = true;
+ for (int i = 0; i < DES_KEY_LEN; i++)
+ {
+ result &= a[off+i] == (~b[i]);
+ }
+ return result;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the key as a byte array. This method does not copy the byte
+ * array.
+ *
+ * @return The key bytes.
+ */
+ public byte[] getKey()
+ {
+ return key;
+ }
+}
diff --git a/libjava/javax/crypto/spec/DESedeKeySpec.java b/libjava/javax/crypto/spec/DESedeKeySpec.java
new file mode 100644
index 00000000000..d455163bcee
--- /dev/null
+++ b/libjava/javax/crypto/spec/DESedeKeySpec.java
@@ -0,0 +1,151 @@
+/* DESedeKeySpec.java -- Keys for triple-DES.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+
+/**
+ * This class is a transparent wrapper for DES-EDE (Triple-DES) keys,
+ * which are arrays of 24 bytes.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class DESedeKeySpec implements KeySpec
+{
+
+ // Constants.
+ // ------------------------------------------------------------------------
+
+ /**
+ * The length of a triple-DES key, in bytes.
+ */
+ public static final int DES_EDE_KEY_LEN = 24;
+
+ /**
+ * The key bytes.
+ */
+ private byte[] key;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new DES-EDE key spec, copying the first 24 bytes from the
+ * byte array.
+ *
+ * @param key The key bytes.
+ * @throws java.security.InvalidKeyException If there are less than 24
+ * bytes in the array.
+ */
+ public DESedeKeySpec(byte[] key) throws InvalidKeyException
+ {
+ this(key, 0);
+ }
+
+ /**
+ * Create a new DES-EDE key spec, starting at <code>offset</code> in
+ * the byte array. The first 24 bytes starting at <code>offset</code>
+ * are copied.
+ *
+ * @param key The key bytes.
+ * @param offset The offset into the byte array at which to begin.
+ * @throws java.security.InvalidKeyException If there are less than 24
+ * bytes starting at <code>offset</code>.
+ */
+ public DESedeKeySpec(byte[] key, int offset) throws InvalidKeyException
+ {
+ if (key.length - offset < DES_EDE_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES-EDE keys must be 24 bytes long");
+ }
+ this.key = new byte[DES_EDE_KEY_LEN];
+ System.arraycopy(key, offset, this.key, 0, DES_EDE_KEY_LEN);
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns whether or not the given key is <i>parity adjusted</i>;
+ * i.e. every byte in the key has an odd number of "1" bits.
+ *
+ * @param key The key bytes, considered between <code>[offset,
+ * offset+23]</code>
+ * @param offset The offset into the byte array at which to begin.
+ * @return True if all bytes have an odd number of "1" bits.
+ * @throws java.security.InvalidKeyException If there are not enough
+ * bytes in the array.
+ */
+ public static boolean isParityAdjusted(byte[] key, int offset)
+ throws InvalidKeyException
+ {
+ if (key.length - offset < DES_EDE_KEY_LEN)
+ {
+ throw new InvalidKeyException("DES-EDE keys must be 24 bytes long");
+ }
+ boolean parity = false;
+ boolean oddbits = false;
+ for (int i = 0; i < DES_EDE_KEY_LEN; i++)
+ {
+ oddbits = false;
+ for (int j = 0; j < 8; j++)
+ {
+ oddbits ^= (key[i+offset] & 1 << j) != 0;
+ }
+ parity &= oddbits;
+ }
+ return parity;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the key as a byte array. This method does not copy the byte
+ * array.
+ *
+ * @return The key bytes.
+ */
+ public byte[] getKey()
+ {
+ return key;
+ }
+}
diff --git a/libjava/javax/crypto/spec/DHGenParameterSpec.java b/libjava/javax/crypto/spec/DHGenParameterSpec.java
new file mode 100644
index 00000000000..67392a50f1b
--- /dev/null
+++ b/libjava/javax/crypto/spec/DHGenParameterSpec.java
@@ -0,0 +1,100 @@
+/* DHGenParameterSpec.java -- Diffie-Hellman parameter generator spec.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * This class represents the parameters needed for generating
+ * Diffie-Hellman parameters.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHParameterSpec
+ */
+public class DHGenParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Variables.
+ // ------------------------------------------------------------------------
+
+ /** The length of the prime, in bits. */
+ private int primeSize;
+
+ /** The length of the exponent, in bits. */
+ private int exponentSize;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new Diffie-Hellman parameter generator spec.
+ *
+ * @param primeSize The size of the prime, in bits.
+ * @param exponentSize The size of the exponent, in bits.
+ */
+ public DHGenParameterSpec(int primeSize, int exponentSize)
+ {
+ this.primeSize = primeSize;
+ this.exponentSize = exponentSize;
+ }
+
+ // Intance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the size of the exponent, in bits.
+ *
+ * @return The exponent size.
+ */
+ public int getExponentSize()
+ {
+ return exponentSize;
+ }
+
+ /**
+ * Get the size of the prime, in bits.
+ *
+ * @return The prime size.
+ */
+ public int getPrimeSize()
+ {
+ return primeSize;
+ }
+}
diff --git a/libjava/javax/crypto/spec/DHParameterSpec.java b/libjava/javax/crypto/spec/DHParameterSpec.java
new file mode 100644
index 00000000000..e66f632e882
--- /dev/null
+++ b/libjava/javax/crypto/spec/DHParameterSpec.java
@@ -0,0 +1,135 @@
+/* DHParameterSpec.java -- Parameters for Diffie-Hellman keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * The base set of parameters necessary to perform Diffie-Hellman key
+ * exchange. Each party in the key exchange shares these parameters.
+ *
+ * <p>Each set of parameters consists of a <i>base generator</i>
+ * <code>g</code>, a <i>prime modulus</i> <code>p</code>, and an
+ * optional length, in bits, of the private exponent.
+ *
+ * <p>See <a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-3/">PKCS
+ * #3 - Diffie-Hellman Key Agreement Standard</a> for more information.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see javax.crypto.KeyAgreement
+ */
+public class DHParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Variables.
+ // ------------------------------------------------------------------------
+
+ /** The base generator g. */
+ private BigInteger g;
+
+ /** The prime modulus p. */
+ private BigInteger p;
+
+ /** The length, in bits, of the private exponent. */
+ private int l;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new set of Diffie-Hellman parameters.
+ *
+ * @param p The prime modulus.
+ * @param g The base generator.
+ */
+ public DHParameterSpec(BigInteger p, BigInteger g)
+ {
+ this(p, g, 0);
+ }
+
+ /**
+ * Create a new set of Diffie-Hellman parameters.
+ *
+ * @param p The prime modulus.
+ * @param g The base generator.
+ * @param l The size of the private exponent, in bits.
+ */
+ public DHParameterSpec(BigInteger p, BigInteger g, int l)
+ {
+ this.p = p;
+ this.g = g;
+ this.l = l;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the base generator, <i>g</i>.
+ *
+ * @return The base generator <i>g</i>.
+ */
+ public BigInteger getG()
+ {
+ return g;
+ }
+
+ /**
+ * Get the length of the private exponent, in bits.
+ *
+ * @return The length of the private exponent, in bits, or 0 if this
+ * has not been explicitly set.
+ */
+ public int getL()
+ {
+ return l;
+ }
+
+ /**
+ * Get the prime modulus, <i>p</i>.
+ *
+ * @return The prime modulus, <i>p</i>.
+ */
+ public BigInteger getP()
+ {
+ return p;
+ }
+}
diff --git a/libjava/javax/crypto/spec/DHPrivateKeySpec.java b/libjava/javax/crypto/spec/DHPrivateKeySpec.java
new file mode 100644
index 00000000000..8a4a790a16c
--- /dev/null
+++ b/libjava/javax/crypto/spec/DHPrivateKeySpec.java
@@ -0,0 +1,115 @@
+/* DHPrivateKeySpec.java -- Wrapper for Diffie-Hellman private keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.KeySpec;
+
+/**
+ * A wrapper for Diffie-Hellman private key data.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHPublicKeySpec
+ */
+public class DHPrivateKeySpec implements KeySpec
+{
+
+ // Variables.
+ // ------------------------------------------------------------------------
+
+ /** The base generator. */
+ private BigInteger g;
+
+ /** The prime modulus. */
+ private BigInteger p;
+
+ /** The private exponent. */
+ private BigInteger x;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new Diffie-Hellman private key spec.
+ *
+ * @param x The private exponent.
+ * @param p The prime modulus.
+ * @param g The base generator.
+ */
+ public DHPrivateKeySpec(BigInteger x, BigInteger p, BigInteger g)
+ {
+ this.x = x;
+ this.p = p;
+ this.g = g;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the base generator.
+ *
+ * @return The base generator.
+ */
+ public BigInteger getG()
+ {
+ return g;
+ }
+
+ /**
+ * Get the prime modulus.
+ *
+ * @return The prime modulus.
+ */
+ public BigInteger getP()
+ {
+ return p;
+ }
+
+ /**
+ * Get the private exponent.
+ *
+ * @return The private exponent.
+ */
+ public BigInteger getX()
+ {
+ return x;
+ }
+}
diff --git a/libjava/javax/crypto/spec/DHPublicKeySpec.java b/libjava/javax/crypto/spec/DHPublicKeySpec.java
new file mode 100644
index 00000000000..723dfefa404
--- /dev/null
+++ b/libjava/javax/crypto/spec/DHPublicKeySpec.java
@@ -0,0 +1,115 @@
+/* DHPublicKeySpec.java -- Wrapper for Diffie-Hellman public keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.KeySpec;
+
+/**
+ * A wrapper for Diffie-Hellman public key data.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see DHPrivateKeySpec
+ */
+public class DHPublicKeySpec implements KeySpec
+{
+
+ // Variables.
+ // ------------------------------------------------------------------------
+
+ /** The base generator. */
+ private BigInteger g;
+
+ /** The prime modulus. */
+ private BigInteger p;
+
+ /** The public value. */
+ private BigInteger y;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new Diffie-Hellman public key spec.
+ *
+ * @param y The public value.
+ * @param p The prime modulus.
+ * @param g The base generator.
+ */
+ public DHPublicKeySpec(BigInteger y, BigInteger p, BigInteger g)
+ {
+ this.y = y;
+ this.p = p;
+ this.g = g;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the base generator.
+ *
+ * @return The base generator.
+ */
+ public BigInteger getG()
+ {
+ return g;
+ }
+
+ /**
+ * Get the prime modulus.
+ *
+ * @return The prime modulus.
+ */
+ public BigInteger getP()
+ {
+ return p;
+ }
+
+ /**
+ * Get the public value.
+ *
+ * @return The public value.
+ */
+ public BigInteger getY()
+ {
+ return y;
+ }
+}
diff --git a/libjava/javax/crypto/spec/IvParameterSpec.java b/libjava/javax/crypto/spec/IvParameterSpec.java
new file mode 100644
index 00000000000..1c09c76659f
--- /dev/null
+++ b/libjava/javax/crypto/spec/IvParameterSpec.java
@@ -0,0 +1,96 @@
+/* IvParameterSpec.java -- A simple wrapper for initialization vectors.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A wrapper for an initialization vector. An initialization vector is
+ * necessary for any cipher in any <i>feedback mode</i>, e.g. CBC.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class IvParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The IV. */
+ private byte[] iv;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new initialization vector spec from an entire byte array.
+ *
+ * @param iv The IV bytes.
+ */
+ public IvParameterSpec(byte[] iv)
+ {
+ this(iv, 0, iv.length);
+ }
+
+ /**
+ * Create a new initialization vector spec from part of a byte array.
+ *
+ * @param iv The IV bytes.
+ * @param off The offset into the IV bytes.
+ * @param len The number of IV bytes.
+ */
+ public IvParameterSpec(byte[] iv, int off, int len)
+ {
+ this.iv = new byte[len];
+ System.arraycopy(iv, off, this.iv, 0, len);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the IV. This method does not copy the byte array.
+ *
+ * @return The IV.
+ */
+ public byte[] getIV()
+ {
+ return iv;
+ }
+}
diff --git a/libjava/javax/crypto/spec/PBEKeySpec.java b/libjava/javax/crypto/spec/PBEKeySpec.java
new file mode 100644
index 00000000000..7a8c224cc64
--- /dev/null
+++ b/libjava/javax/crypto/spec/PBEKeySpec.java
@@ -0,0 +1,176 @@
+/* PBEKeySpec.java -- Wrapper for password-based keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.KeySpec;
+
+/**
+ * A wrapper for a password-based key, used for password-based
+ * encryption (PBE).
+ *
+ * <p>Examples of password-based encryption algorithms include:
+ *
+ * <ul>
+ * <li><a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/">PKCS #5
+ * - Password-Based Cryptography Standard</a></li>
+ * <li><a href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/">PKCS
+ * #12 - Personal Information Exchange Syntax Standard</a></li>
+ * </ul>
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ * @see javax.crypto.SecretKeyFactory
+ * @see PBEParameterSpec
+ */
+public class PBEKeySpec implements KeySpec
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The iteration count. */
+ private int iterationCount;
+
+ /** The generated key length. */
+ private int keyLength;
+
+ /** The password. */
+ private char[] password;
+
+ /** The salt. */
+ private byte[] salt;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new PBE key spec with just a password.
+ *
+ * @param password The password char array.
+ */
+ public PBEKeySpec(char[] password)
+ {
+ this(password, null, 0, 0);
+ }
+
+ /**
+ * Create a PBE key spec with a password, salt, and iteration count.
+ *
+ * @param password The password char array.
+ * @param salt The salt bytes.
+ * @param iterationCount The iteration count.
+ */
+ public PBEKeySpec(char[] password, byte[] salt, int iterationCount)
+ {
+ this(password, salt, iterationCount, 0);
+ }
+
+ /**
+ * Create a PBE key spec with a password, salt, iteration count, and
+ * key length.
+ *
+ * @param password The password char array.
+ * @param salt The salt bytes.
+ * @param iterationCount The iteration count.
+ * @param keyLength The generated key length.
+ */
+ public PBEKeySpec(char[] password, byte[] salt, int iterationCount,
+ int keyLength)
+ {
+ this.password = password;
+ this.salt = salt;
+ this.iterationCount = iterationCount;
+ this.keyLength = keyLength;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Clear the password array by filling it with null characters.
+ */
+ public final void clearPassword()
+ {
+ if (password == null) return;
+ for (int i = 0; i < password.length; i++)
+ {
+ password[i] = '\u0000';
+ }
+ }
+
+ /**
+ * Get the iteration count, or 0 if it has not been specified.
+ *
+ * @return The iteration count, or 0 if it has not been specified.
+ */
+ public final int getIterationCount()
+ {
+ return iterationCount;
+ }
+
+ /**
+ * Get the generated key length, or 0 if it has not been specified.
+ *
+ * @return The key length, or 0 if it has not been specified.
+ */
+ public final int getKeyLength()
+ {
+ return keyLength;
+ }
+
+ /**
+ * Get the password character array.
+ *
+ * @return The password.
+ */
+ public final char[] getPassword()
+ {
+ return password;
+ }
+
+ /**
+ * Get the salt bytes.
+ *
+ * @return The salt.
+ */
+ public final byte[] getSalt()
+ {
+ return salt;
+ }
+}
diff --git a/libjava/javax/crypto/spec/PBEParameterSpec.java b/libjava/javax/crypto/spec/PBEParameterSpec.java
new file mode 100644
index 00000000000..f45c866c9d8
--- /dev/null
+++ b/libjava/javax/crypto/spec/PBEParameterSpec.java
@@ -0,0 +1,100 @@
+/* PBEParameterSpec.java -- A wrapper for PBE parameters.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A wrapper for the parameters used in <a
+ * href="http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/">PKCS #5 -
+ * Password-Based Cryptography Standard</a>.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class PBEParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The iteration count. */
+ private int iterationCount;
+
+ /** The salt. */
+ private byte[] salt;
+
+ // Constructor.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Creates a new password-based encryption parameter specification.
+ *
+ * @param salt The salt.
+ * @param iterationCount The iteration count.
+ */
+ public PBEParameterSpec(byte[] salt, int iterationCount)
+ {
+ this.salt = salt;
+ this.iterationCount = iterationCount;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the iteration count.
+ *
+ * @return The iteration count.
+ */
+ public int getIterationCount()
+ {
+ return iterationCount;
+ }
+
+ /**
+ * Get the salt.
+ *
+ * @return The salt.
+ */
+ public byte[] getSalt()
+ {
+ return salt;
+ }
+}
diff --git a/libjava/javax/crypto/spec/RC2ParameterSpec.java b/libjava/javax/crypto/spec/RC2ParameterSpec.java
new file mode 100644
index 00000000000..ec9cde71cf1
--- /dev/null
+++ b/libjava/javax/crypto/spec/RC2ParameterSpec.java
@@ -0,0 +1,166 @@
+/* RC2ParameterSpec.java -- Wrapper for RC2 parameters.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A wrapper for parameters for the <a
+ * href="http://www.rsasecurity.com/rsalabs/faq/3-6-2.html">RC2</a>
+ * block cipher ("RC" means either "Rivest Cipher" or "Ron's Code",
+ * depending upon who you ask and when).
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class RC2ParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** The length of an RC2 IV, in bytes. */
+ private static final int RC2_IV_LENGTH = 8;
+
+ /** The effective key length, in bits. */
+ private int effectiveKeyBits;
+
+ /** The initialization vector. */
+ private byte[] iv;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create RC2 parameters without an IV.
+ *
+ * @param effectiveKeyBits The number of effective key bits.
+ */
+ public RC2ParameterSpec(int effectiveKeyBits)
+ {
+ this.effectiveKeyBits = effectiveKeyBits;
+ }
+
+ /**
+ * Create RC2 parameters with an IV.
+ *
+ * @param effectiveKeyBits The number of effective key bits.
+ * @param iv The IV; the first eight bytes of this array
+ * are used.
+ */
+ public RC2ParameterSpec(int effectiveKeyBits, byte[] iv)
+ {
+ this(effectiveKeyBits, iv, 0);
+ }
+
+ /**
+ * Create RC2 parameters with an IV.
+ *
+ * @param effectiveKeyBits The number of effective key bits.
+ * @param iv The IV; the first eight bytes of this array
+ * after <code>offset</code> are used.
+ * @param offset From whence to start in the array.
+ */
+ public RC2ParameterSpec(int effectiveKeyBits, byte[] iv, int offset)
+ {
+ if (iv.length - offset < RC2_IV_LENGTH)
+ {
+ throw new IllegalArgumentException("IV too short");
+ }
+ this.effectiveKeyBits = effectiveKeyBits;
+ this.iv = new byte[RC2_IV_LENGTH];
+ System.arraycopy(iv, offset, this.iv, 0, RC2_IV_LENGTH);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Get the number of effective key bits.
+ *
+ * @return The numer of effective key bits.
+ */
+ public int getEffectiveKeyBits()
+ {
+ return effectiveKeyBits;
+ }
+
+ /**
+ * Return the initialization vector, or <code>null</code> if none was
+ * specified.
+ *
+ * @return The IV, or null.
+ */
+ public byte[] getIV()
+ {
+ return iv;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (this == o) return true;
+ byte[] oiv = ((RC2ParameterSpec) o).getIV();
+ if (iv != oiv)
+ {
+ if (iv == null || oiv == null) return false;
+ if (iv.length != oiv.length) return false;
+ for (int i = 0; i < iv.length; i++)
+ {
+ if (iv[i] != oiv[i])
+ {
+ return false;
+ }
+ }
+ }
+ return effectiveKeyBits == ((RC2ParameterSpec) o).getEffectiveKeyBits();
+ }
+
+ public int hashCode()
+ {
+ int code = effectiveKeyBits;
+ if (iv != null)
+ {
+ for (int i = 0; i < RC2_IV_LENGTH; i++)
+ {
+ code += iv[i];
+ }
+ }
+ return code;
+ }
+}
diff --git a/libjava/javax/crypto/spec/RC5ParameterSpec.java b/libjava/javax/crypto/spec/RC5ParameterSpec.java
new file mode 100644
index 00000000000..e7549dd63fe
--- /dev/null
+++ b/libjava/javax/crypto/spec/RC5ParameterSpec.java
@@ -0,0 +1,202 @@
+/* RC5ParameterSpec.java -- parameters for RC5.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A wrapper for parameters to the <a
+ * href="http://www.rsasecurity.com/rsalabs/faq/3-6-4.html">RC5</a>
+ * block cipher.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.4
+ */
+public class RC5ParameterSpec implements AlgorithmParameterSpec
+{
+
+ // Fields.
+ // ------------------------------------------------------------------------
+
+ /** The IV. */
+ private byte[] iv;
+
+ /** The number of rounds. */
+ private int rounds;
+
+ /** The version number. */
+ private int version;
+
+ /** The word size, in bits. */
+ private int wordSize;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create RC5 parameters without an IV.
+ *
+ * @param version The version number.
+ * @param rounds The number of rounds.
+ * @param wordSize The size of a word, in bits.
+ */
+ public RC5ParameterSpec(int version, int rounds, int wordSize)
+ {
+ this.version = version;
+ this.rounds = rounds;
+ this.wordSize = wordSize;
+ }
+
+ /**
+ * Create RC5 parameters with an IV. The bytes in <code>iv</code> in
+ * the range <code>[0, 2*(wordSize/8)-1]</code> are used.
+ *
+ * @param version The version number.
+ * @param rounds The number of rounds.
+ * @param wordSize The size of a word, in bits.
+ * @param iv The IV data.
+ */
+ public RC5ParameterSpec(int version, int rounds, int wordSize, byte[] iv)
+ {
+ this(version, rounds, wordSize, iv, 0);
+ }
+
+ /**
+ * Create RC5 parameters with an IV. The bytes in <code>iv</code> in
+ * the range <code>[off, off+2*(wordSize/8)-1]</code> are used.
+ *
+ * @param version The version number.
+ * @param rounds The number of rounds.
+ * @param wordSize The size of a word, in bits.
+ * @param iv The IV data.
+ * @param off From where in the array the IV starts.
+ */
+ public
+ RC5ParameterSpec(int version, int rounds, int wordSize, byte[] iv, int off)
+ {
+ this(version, rounds, wordSize);
+ int ivLength = 2 * (wordSize / 8);
+ if (off < 0)
+ throw new IllegalArgumentException();
+ if (iv.length - off < ivLength)
+ {
+ throw new IllegalArgumentException("IV too short");
+ }
+ this.iv = new byte[ivLength];
+ System.arraycopy(iv, off, this.iv, 0, ivLength);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the initializaiton vector, or <code>null</code> if none was
+ * specified.
+ *
+ * @return The IV, or null.
+ */
+ public byte[] getIV()
+ {
+ return iv;
+ }
+
+ /**
+ * Get the number of rounds.
+ *
+ * @return The number of rounds.
+ */
+ public int getRounds()
+ {
+ return rounds;
+ }
+
+ /**
+ * Get the version number.
+ *
+ * @return The version number.
+ */
+ public int getVersion()
+ {
+ return version;
+ }
+
+ /**
+ * Get the word size, in bits.
+ *
+ * @return The word size, in bits.
+ */
+ public int getWordSize()
+ {
+ return wordSize;
+ }
+
+ public boolean equals(Object o)
+ {
+ if (this == o) return true;
+ byte[] oiv = ((RC5ParameterSpec) o).getIV();
+ if (iv != oiv)
+ {
+ if (iv == null || oiv == null) return false;
+ if (iv.length != oiv.length) return false;
+ for (int i = 0; i < iv.length; i++)
+ {
+ if (iv[i] != oiv[i])
+ {
+ return false;
+ }
+ }
+ }
+ return rounds == ((RC5ParameterSpec) o).getRounds()
+ && version == ((RC5ParameterSpec) o).getVersion()
+ && wordSize == ((RC5ParameterSpec) o).getWordSize();
+ }
+
+ public int hashCode()
+ {
+ int code = rounds + version + wordSize;
+ if (iv != null)
+ {
+ for (int i = 0; i < iv.length; i++)
+ {
+ code += iv[i];
+ }
+ }
+ return code;
+ }
+}
diff --git a/libjava/javax/crypto/spec/SecretKeySpec.java b/libjava/javax/crypto/spec/SecretKeySpec.java
new file mode 100644
index 00000000000..6d9f4b8feb2
--- /dev/null
+++ b/libjava/javax/crypto/spec/SecretKeySpec.java
@@ -0,0 +1,154 @@
+/* SecretKeySpec.java -- Wrapper for secret keys.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.crypto.spec;
+
+import java.security.spec.KeySpec;
+import javax.crypto.SecretKey;
+
+/**
+ * This is a simple wrapper around a raw byte array, for ciphers that do
+ * not require any key parameters other than the bytes themselves.
+ *
+ * <p>Since this class implements {@link javax.crypto.SecretKey}, which
+ * in turn extends {@link java.security.Key}, so instances of this class
+ * may be passed directly to the <code>init()</code> methods of {@link
+ * javax.crypto.Cipher}.
+ *
+ * @see javax.crypto.SecretKey
+ * @see javax.crypto.SecretKeyFactory
+ */
+public class SecretKeySpec implements KeySpec, SecretKey
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------------
+
+ /** Compatible with JDK1.4. */
+ private static final long serialVersionUID = 6577238317307289933L;
+
+ /** The key bytes. */
+ private byte[] key;
+
+ /** The algorithm's name. */
+ private String algorithm;
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create a new secret key spec from an entire byte array.
+ *
+ * @param key The key material.
+ * @param algorithm The name of the algorithm using this key.
+ */
+ public SecretKeySpec(byte[] key, String algorithm)
+ {
+ this(key, 0, key.length, algorithm);
+ }
+
+ /**
+ * Create a new secret key spec from part of a byte array.
+ *
+ * @param key The key material.
+ * @param off The offset at which key material begins.
+ * @param len The length of key material.
+ * @param algorithm The name of the algorithm using this key.
+ */
+ public SecretKeySpec(byte[] key, int off, int len, String algorithm)
+ {
+ this.key = new byte[len];
+ this.algorithm = algorithm;
+ System.arraycopy(key, off, this.key, 0, len);
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Return the name of the algorithm associated with this secret key.
+ *
+ * @return The algorithm's name.
+ */
+ public String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Return the key as a byte array.
+ *
+ * @return The key material.
+ */
+ public byte[] getEncoded()
+ {
+ return key;
+ }
+
+ /**
+ * This key's format, which is always "RAW".
+ *
+ * @return "RAW"
+ */
+ public String getFormat()
+ {
+ return "RAW";
+ }
+
+ public boolean equals(Object o)
+ {
+ byte[] okey = ((SecretKeySpec) o).getEncoded();
+ if (key.length != okey.length) return false;
+ for (int i = 0; i < key.length; i++)
+ {
+ if (key[i] != okey[i])
+ return false;
+ }
+ return algorithm.equals(((SecretKeySpec) o).getAlgorithm());
+ }
+
+ public int hashCode()
+ {
+ int code = 0;
+ for (int i = 0; i < key.length; i++)
+ {
+ code ^= (key[i] & 0xff) << (i << 3 & 31);
+ }
+ return code ^ algorithm.hashCode();
+ }
+}
diff --git a/libjava/javax/net/ServerSocketFactory.java b/libjava/javax/net/ServerSocketFactory.java
new file mode 100644
index 00000000000..d20c7fbe9f2
--- /dev/null
+++ b/libjava/javax/net/ServerSocketFactory.java
@@ -0,0 +1,122 @@
+/* ServerSocketFactory.java -- factory for server sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+import java.security.Security;
+
+/**
+ * A factory for server sockets. The purpose of this class is to serve
+ * as the superclass of server socket factories that produce server
+ * sockets of a particular type, such as <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) server sockets.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class ServerSocketFactory
+{
+
+ // Constructors.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Default 0-argument constructor.
+ */
+ protected ServerSocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Returns the default server socket factory. The type of factory
+ * returned may depend upon the installation.
+ *
+ * @return The default server socket factory.
+ */
+ public static synchronized ServerSocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("gnu.defaultServerSocketFactory");
+ if (s != null)
+ {
+ Class c = Class.forName(s);
+ return (ServerSocketFactory) c.newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ return new VanillaServerSocketFactory();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Create an unbound server socket.
+ *
+ * @return The new server socket.
+ * @throws IOException If a networking error occurs.
+ */
+ public ServerSocket createServerSocket() throws IOException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Create a server socket bound to the given port.
+ *
+ * @param port The port to bind the server socket to.
+ * @return A server socket bound to <i>port</i>.
+ * @throws IOException If a networking error occurs.
+ */
+ public abstract ServerSocket createServerSocket(int port) throws IOException;
+
+ public abstract ServerSocket createServerSocket(int port, int backlog) throws IOException;
+
+ public abstract ServerSocket createServerSocket(int port, int backlog, InetAddress bindAddress) throws IOException;
+}
diff --git a/libjava/javax/net/SocketFactory.java b/libjava/javax/net/SocketFactory.java
new file mode 100644
index 00000000000..9e236d2dfe3
--- /dev/null
+++ b/libjava/javax/net/SocketFactory.java
@@ -0,0 +1,157 @@
+/* SocketFactory.java -- factory for client sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import java.security.Security;
+
+/**
+ * A factory for client sockets. The purpose of this class is to serve
+ * as the superclass of server socket factories that produce client
+ * sockets of a particular type, such as <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) sockets.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class SocketFactory
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Default 0-arguments constructor.
+ */
+ protected SocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the default socket factory. The type of factory
+ * returned may depend upon the installation.
+ *
+ * @return The default socket factory.
+ */
+ public static synchronized SocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("gnu.defaultSocketFactory");
+ if (s != null)
+ {
+ Class c = Class.forName(s);
+ return (SocketFactory) c.newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ return new VanillaSocketFactory();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns an unbound client socket.
+ *
+ * @return The new, unbound socket.
+ */
+ public Socket createSocket() throws IOException
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ /**
+ * Creates a socket connected to a given host on a given port.
+ *
+ * @param host The hostname to connect to.
+ * @param port The port on <i>host</i> to connect to.
+ * @return A socket connected to <i>host</i> on <i>port</i>.
+ * @throws IOException If a network error occurs.
+ * @throws UnknownHostException If <i>host</i> cannot be resolved.
+ */
+ public abstract Socket createSocket(String host, int port) throws IOException, UnknownHostException;
+
+ /**
+ * Creates a socket connected to a given host on a given port,
+ * connecting locally to the interface with the given address and port.
+ *
+ * @param host The hostname to connect to.
+ * @param port The port on <i>host</i> to connect to.
+ * @param localHost The address of the local interface to bind to.
+ * @param localPort The local port to bind to.
+ * @return A socket connected to <i>host</i> on <i>port</i>.
+ * @throws IOException If a network error occurs.
+ * @throws UnknownHostException If <i>host</i> cannot be resolved.
+ */
+ public abstract Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException;
+
+ /**
+ * Creates a socket connected to a given host on a given port.
+ *
+ * @param host The host address to connect to.
+ * @param port The port on <i>host</i> to connect to.
+ * @return A socket connected to <i>host</i> on <i>port</i>.
+ * @throws IOException If a network error occurs.
+ */
+ public abstract Socket createSocket(InetAddress host, int port) throws IOException;
+
+ /**
+ * Creates a socket connected to a given host on a given port,
+ * connecting locally to the interface with the given address and port.
+ *
+ * @param host The host address to connect to.
+ * @param port The port on <i>host</i> to connect to.
+ * @param localHost The address of the local interface to bind to.
+ * @param localPort The local port to bind to.
+ * @return A socket connected to <i>host</i> on <i>port</i>.
+ * @throws IOException If a network error occurs.
+ */
+ public abstract Socket createSocket(InetAddress hast, int port, InetAddress localHost, int localPort) throws IOException;
+}
diff --git a/libjava/javax/net/VanillaServerSocketFactory.java b/libjava/javax/net/VanillaServerSocketFactory.java
new file mode 100644
index 00000000000..e52ecba9ee3
--- /dev/null
+++ b/libjava/javax/net/VanillaServerSocketFactory.java
@@ -0,0 +1,82 @@
+/* VanillaServerSocketFactory.java -- trivial socket factory.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+/**
+ * A trivial server socket factory.
+ */
+class VanillaServerSocketFactory extends ServerSocketFactory
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ VanillaServerSocketFactory()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------
+
+ public ServerSocket createServerSocket() throws IOException
+ {
+ return new ServerSocket();
+ }
+
+ public ServerSocket createServerSocket(int port) throws IOException
+ {
+ return new ServerSocket(port);
+ }
+
+ public ServerSocket createServerSocket(int port, int backlog) throws IOException
+ {
+ return new ServerSocket(port, backlog);
+ }
+
+ public ServerSocket createServerSocket(int port, int backlog, InetAddress bindAddress) throws IOException
+ {
+ return new ServerSocket(port, backlog, bindAddress);
+ }
+}
diff --git a/libjava/javax/net/VanillaSocketFactory.java b/libjava/javax/net/VanillaSocketFactory.java
new file mode 100644
index 00000000000..ace84929378
--- /dev/null
+++ b/libjava/javax/net/VanillaSocketFactory.java
@@ -0,0 +1,88 @@
+/* VanillaSocketFactory.java -- trivial socket factory.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+/**
+ * A trivial client socket factory.
+ */
+class VanillaSocketFactory extends SocketFactory
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ VanillaSocketFactory()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------
+
+ public Socket createSocket() throws IOException
+ {
+ return new Socket();
+ }
+
+ public Socket createSocket(String host, int port) throws IOException, UnknownHostException
+ {
+ return new Socket(host, port);
+ }
+
+ public Socket createSocket(String host, int port, InetAddress localAddr, int localPort) throws IOException, UnknownHostException
+ {
+ return new Socket(host, port, localAddr, localPort);
+ }
+
+ public Socket createSocket(InetAddress address, int port) throws IOException
+ {
+ return new Socket(address, port);
+ }
+
+ public Socket createSocket(InetAddress address, int port, InetAddress localAddr, int localPort) throws IOException
+ {
+ return new Socket(address, port, localAddr, localPort);
+ }
+}
diff --git a/libjava/javax/net/ssl/HandshakeCompletedEvent.java b/libjava/javax/net/ssl/HandshakeCompletedEvent.java
new file mode 100644
index 00000000000..6171ebc48e7
--- /dev/null
+++ b/libjava/javax/net/ssl/HandshakeCompletedEvent.java
@@ -0,0 +1,152 @@
+/* HandshakeCompletedEvent.java -- SSL handshake completed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.Certificate;
+import javax.security.cert.X509Certificate;
+
+/**
+ * An event raised by a SSLSocket and passed to the {@link
+ * HandshakeCompletedListener#handshakeCompleted(HandshakeCompletedEvent)}
+ * method of all registered listeners when a SSL handshake in a SSL
+ * protocol is completed.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class HandshakeCompletedEvent extends java.util.EventObject
+{
+
+ // Fields.
+ // -------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = 7914963744257769778L;
+
+ /** The session. */
+ private transient final SSLSession session;
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Creates a new handshake completed event.
+ *
+ * @param socket The socket (also the source) creating this event.
+ * @param session The associated session object.
+ * @throws NullPointerException If <i>session</i> is null.
+ */
+ public HandshakeCompletedEvent(SSLSocket socket, SSLSession session)
+ {
+ super(socket);
+ if (session == null)
+ throw new NullPointerException();
+ this.session = session;
+ }
+
+ // Instance methods.
+ // --------------------------------------------------------------------
+
+ /**
+ * Returns the name of the cipher that was negotiated in this
+ * connection.
+ *
+ * @return The negotiated cipher name.
+ */
+ public String getCipherSuite()
+ {
+ if (session != null)
+ return session.getCipherSuite();
+ return null;
+ }
+
+ /**
+ * Returns the local certificates being used in this connection.
+ *
+ * @return The local certificates.
+ */
+ public Certificate[] getLocalCertificates()
+ {
+ if (session != null)
+ return session.getLocalCertificates();
+ return null;
+ }
+
+ /**
+ * Returns the peer's certificates being used in this connection.
+ *
+ * @return The peer's certificates.
+ * @throws SSLPeerUnverifiedException If the peer has not been
+ * verified.
+ */
+ public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException
+ {
+ if (session != null)
+ return session.getPeerCertificates();
+ return null;
+ }
+
+ public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException
+ {
+ if (session != null)
+ return session.getPeerCertificateChain();
+ return null;
+ }
+
+ /**
+ * Returns the SSL session object associated with this connection.
+ *
+ * @return The session object.
+ */
+ public SSLSession getSession()
+ {
+ return session;
+ }
+
+ /**
+ * Returns the socket over which this connection is being
+ * negotiated. This method is equivalent to the {@link
+ * java.util.EventObject#getSource()} method.
+ *
+ * @return The socket.
+ */
+ public SSLSocket getSocket()
+ {
+ return (SSLSocket) getSource();
+ }
+}
diff --git a/libjava/javax/net/ssl/HandshakeCompletedListener.java b/libjava/javax/net/ssl/HandshakeCompletedListener.java
new file mode 100644
index 00000000000..5b79bf973d8
--- /dev/null
+++ b/libjava/javax/net/ssl/HandshakeCompletedListener.java
@@ -0,0 +1,57 @@
+/* HandshakeCompletedListener.java -- listens for handshake events.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An event listener that waits to be notified of {@link
+ * HandshakeCompletedEvent} objects created when handshake phase of
+ * the SSL protocol is completed for a particular connection.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface HandshakeCompletedListener extends java.util.EventListener
+{
+
+ /**
+ * Called when the handshake phase of the SSL protocol completes.
+ *
+ * @param event The event describing the new connection.
+ */
+ void handshakeCompleted(HandshakeCompletedEvent event);
+}
diff --git a/libjava/javax/net/ssl/HostnameVerifier.java b/libjava/javax/net/ssl/HostnameVerifier.java
new file mode 100644
index 00000000000..a45648effb3
--- /dev/null
+++ b/libjava/javax/net/ssl/HostnameVerifier.java
@@ -0,0 +1,64 @@
+/* HostnameVerifier.java -- verifies disparate hostnames.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * The interface for classes that perform hostname verification for cases
+ * when the hostname used to begin the connection (such as in a URL)
+ * does not match the hostname used in the SSL handshake.
+ * Implementations of this interface should provide an implementation
+ * of the {@link #verify(java.lang.String,javax.net.ssl.SSLSession)}
+ * method that accepts or rejects hostnames as appropriate.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface HostnameVerifier
+{
+
+ /**
+ * Verifies a hostname given a particular SSL session. This method
+ * should return <code>true</code> if the hostname is an accepted
+ * alias for the hostname negotiated in the SSL handshake.
+ *
+ * @param hostname The hostname in question.
+ * @param session The current SSL session.
+ * @return <code>true</code> if the hostname is acceptable.
+ */
+ boolean verify(String hostname, SSLSession session);
+}
diff --git a/libjava/javax/net/ssl/HttpsURLConnection.java b/libjava/javax/net/ssl/HttpsURLConnection.java
new file mode 100644
index 00000000000..a7b86c184b4
--- /dev/null
+++ b/libjava/javax/net/ssl/HttpsURLConnection.java
@@ -0,0 +1,256 @@
+/* HttpsURLConnection.java -- an HTTPS connection.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.security.cert.Certificate;
+
+/**
+ * A URL connection that connects via the <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) for HTTPS connections.
+ *
+ * <p>This class may be used in the same way as {@link
+ * HttpURLConnection}, and it will transparently negotiate the SSL
+ * connection.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class HttpsURLConnection extends HttpURLConnection
+{
+
+ // Fields.
+ // ------------------------------------------------------------------
+
+ /** The default verifier. */
+ private static HostnameVerifier defaultVerifier;
+
+ /** The default factory. */
+ private static SSLSocketFactory defaultFactory;
+
+ /**
+ * The hostname verifier used for this connection.
+ */
+ protected HostnameVerifier hostnameVerifier;
+
+ /**
+ * This connection's socket factory.
+ */
+ private SSLSocketFactory factory;
+
+ // Static initializer.
+ // ------------------------------------------------------------------
+
+ static {
+ defaultVerifier = new TrivialHostnameVerifier();
+ try
+ {
+ defaultFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ }
+ }
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Creates a new HTTPS URL connection.
+ *
+ * @param url The URL of the connection being established.
+ * @throws IOException If the connection cannot be established.
+ */
+ protected HttpsURLConnection(URL url) throws IOException
+ {
+ super(url);
+ hostnameVerifier = defaultVerifier;
+ factory = defaultFactory;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Returns the default hostname verifier used in all new
+ * connections.
+ *
+ * @return The default hostname verifier.
+ */
+ public static HostnameVerifier getDefaultHostnameVerifier()
+ {
+ return defaultVerifier;
+ }
+
+ /**
+ * Sets the default hostname verifier to be used in all new
+ * connections.
+ *
+ * @param newDefault The new default hostname verifier.
+ * @throws IllegalArgumentException If <i>newDefault</i> is null.
+ * @throws SecurityException If there is a security manager
+ * currently installed and the caller does not have the {@link
+ * SSLPermission} "setHostnameVerifier".
+ */
+ public static void setDefaultHostnameVerifier(HostnameVerifier newDefault)
+ {
+ if (newDefault == null)
+ throw new IllegalArgumentException("default verifier cannot be null");
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(new SSLPermission("setHostnameVerifier"));
+ defaultVerifier = newDefault;
+ }
+
+ /**
+ * Returns the default SSL socket factory used in all new
+ * connections.
+ *
+ * @return The default SSL socket factory.
+ */
+ public static SSLSocketFactory getDefaultSSLSocketFactory()
+ {
+ return defaultFactory;
+ }
+
+ /**
+ * Sets the default SSL socket factory to be used in all new
+ * connections.
+ *
+ * @param newDefault The new socket factory.
+ * @throws IllegalArgumentException If <i>newDefault</i> is null.
+ * @throws SecurityException If there is a security manager
+ * installed and a call to {@link
+ * SecurityManager#checkSetFactory()} fails.
+ */
+ public static void setDefaultSSLSocketFactory(SSLSocketFactory newDefault)
+ {
+ if (newDefault == null)
+ throw new IllegalArgumentException("default factory cannot be null");
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSetFactory();
+ defaultFactory = newDefault;
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Returns the current hostname verifier for this instance.
+ *
+ * @return The hostname verifier.
+ */
+ public HostnameVerifier getHostnameVerifier()
+ {
+ return hostnameVerifier;
+ }
+
+ /**
+ * Sets the hostname verifier for this instance.
+ *
+ * @param hostnameVerifier The new verifier.
+ * @throws IllegalArgumentException If <i>hostnameVerifier</i> is
+ * null.
+ */
+ public void setHostnameVerifier(HostnameVerifier hostnameVerifier)
+ {
+ if (hostnameVerifier == null)
+ throw new IllegalArgumentException("verifier cannot be null");
+ this.hostnameVerifier = hostnameVerifier;
+ }
+
+ /**
+ * Returns the current SSL socket factory for this instance.
+ *
+ * @return The current SSL socket factory.
+ */
+ public SSLSocketFactory getSSLSocketFactory()
+ {
+ return factory;
+ }
+
+ /**
+ * Sets the SSL socket factory for this instance.
+ *
+ * @param factory The new factory.
+ * @throws IllegalArgumentException If <i>factory</i> is null.
+ */
+ public void setSSLSocketFactory(SSLSocketFactory factory)
+ {
+ if (factory == null)
+ throw new IllegalArgumentException("factory cannot be null");
+ this.factory = factory;
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the cipher name negotiated for this connection.
+ *
+ * @return The cipher name.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ */
+ public abstract String getCipherSuite();
+
+ /**
+ * Returns the certificates used on the local side in this
+ * connection.
+ *
+ * @return The local certificates.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ */
+ public abstract Certificate[] getLocalCertificates();
+
+ /**
+ * Returns the certificates sent by the other party.
+ *
+ * @return The peer's certificates.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ * @throws SSLPeerUnverifiedException If the peer could not be
+ * verified.
+ */
+ public abstract Certificate[] getServerCertificates() throws SSLPeerUnverifiedException;
+}
diff --git a/libjava/javax/net/ssl/KeyManager.java b/libjava/javax/net/ssl/KeyManager.java
new file mode 100644
index 00000000000..083f3f592ed
--- /dev/null
+++ b/libjava/javax/net/ssl/KeyManager.java
@@ -0,0 +1,51 @@
+/* KeyManager.java -- marker interface for key manager classes.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for objects that serve as key managers in SSL
+ * communications. Key managers typically keep track of the public
+ * certificates and private keys when authenticating the local host to
+ * remote host, and thus is typically used in SSL servers.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface KeyManager
+{
+}
diff --git a/libjava/javax/net/ssl/KeyManagerFactory.java b/libjava/javax/net/ssl/KeyManagerFactory.java
new file mode 100644
index 00000000000..a166f60aa43
--- /dev/null
+++ b/libjava/javax/net/ssl/KeyManagerFactory.java
@@ -0,0 +1,281 @@
+/* KeyManagerFactory.java -- factory for key managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+
+import gnu.java.security.Engine;
+
+/**
+ * A class that creates key manager implementations based on a
+ * requested algorithm.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class KeyManagerFactory
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------
+
+ /** The service name for key manager factories. */
+ private static final String KEY_MANAGER_FACTORY = "KeyManagerFactory";
+
+ /** The system default trust manager algorithm. */
+ private static final String DEFAULT_ALGORITHM = "JessieX509";
+
+ /** The underlying engine. */
+ private final KeyManagerFactorySpi kmfSpi;
+
+ /** The provider of this implementation. */
+ private final Provider provider;
+
+ /** The name of this algorithm. */
+ private final String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Create a new key manager factory.
+ *
+ * @param kmfSpi The underlying engine.
+ * @param provider The engine's provider.
+ * @param algorithm The name of this algorithm.
+ */
+ protected KeyManagerFactory(KeyManagerFactorySpi kmfSpi,
+ Provider provider, String algorithm)
+ {
+ this.kmfSpi = kmfSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Get the default algorithm name. This value may be specified at
+ * run-time via the security property
+ * "ssl.KeyManagerFactory.algorithm". If this property is
+ * not specified, this method returns "JessieX509".
+ *
+ * @return The default key manager factory algorithm's name.
+ */
+ public static final String getDefaultAlgorithm()
+ {
+ String alg = null;
+ try
+ {
+ alg = (String) AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty("ssl.KeyManagerFactory.algorithm");
+ }
+ }
+ );
+ }
+ catch (SecurityException se)
+ {
+ }
+ if (alg == null)
+ alg = DEFAULT_ALGORITHM;
+ return alg;
+ }
+
+ /**
+ * Get an instance of the named key manager factory, from the first
+ * provider that implements it.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @return An appropriate implementation of that algoritm.
+ * @throws NoSuchAlgorithmException If no provider implements the
+ * requested algorithm.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException ignore)
+ {
+ }
+ }
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Get an instance of the named key manager factory, from the named
+ * provider.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @param provider The name of the provider to get the
+ * implementation from.
+ * @return An appropriate implementation of that algorithm.
+ * @throws NoSuchAlgorithmException If the provider does not
+ * implement the requested algorithm.
+ * @throws NoSuchProviderException If the named provider does not
+ * exist.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider is null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Get an instance of the named key manager factory, from the given
+ * provider.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @param provider The provider to get the implementation from.
+ * @return An appropriate implementation of that algorithm.
+ * @throws NoSuchAlgorithmException If the provider does not
+ * implement the requested algorithm.
+ * @throws IllegalArgumentException If <i>provider</i> is null.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider is null");
+ try
+ {
+ return new KeyManagerFactory((KeyManagerFactorySpi)
+ Engine.getInstance(KEY_MANAGER_FACTORY, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the name of this key manager factory algorithm.
+ *
+ * @return The name of this key manager factory algorithm.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Get an array of key managers appropriate for this algorithm, with
+ * the most preferred manager first.
+ *
+ * @return The array of key managers.
+ */
+ public final KeyManager[] getKeyManagers()
+ {
+ return kmfSpi.engineGetKeyManagers();
+ }
+
+ /**
+ * Returns the provider of this implementation.
+ *
+ * @return The provider of this implementation.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this instance with an implementation-dependent
+ * parameter object.
+ *
+ * @param params The parameters to initialize with.
+ * @throws InvalidAlgorithmParameterException If the specified
+ * parameters are inappropriate.
+ */
+ public final void init(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ kmfSpi.engineInit(params);
+ }
+
+ /**
+ * Initialize this instance with a key store and a password for
+ * private key entries.
+ *
+ * @param store The key store to read.
+ * @param passwd The password protecting private keys in the store.
+ * @throws KeyStoreException If an error occurs reading the keys.
+ * @throws NoSuchAlgorithmException If an algorithm (such as a
+ * certificate algorithm) is not available.
+ * @throws UnrecoverableKeyException If the password is incorrect.
+ */
+ public final void init(KeyStore store, char[] passwd)
+ throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException
+ {
+ kmfSpi.engineInit(store, passwd);
+ }
+}
diff --git a/libjava/javax/net/ssl/KeyManagerFactorySpi.java b/libjava/javax/net/ssl/KeyManagerFactorySpi.java
new file mode 100644
index 00000000000..3ed978f356c
--- /dev/null
+++ b/libjava/javax/net/ssl/KeyManagerFactorySpi.java
@@ -0,0 +1,102 @@
+/* KeyManagerFactorySpi.java -- SPI for key manager factories.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for key manager
+ * factories.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class KeyManagerFactorySpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ public KeyManagerFactorySpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Engine method for retrieving this factory's key managers.
+ *
+ * @return The key managers.
+ */
+ protected abstract KeyManager[] engineGetKeyManagers();
+
+ /**
+ * Engine method for initializing this factory with some
+ * algorithm-specific parameters.
+ *
+ * @param params The factory parameters.
+ * @throws InvalidAlgorithmParameterException If the supplied parameters
+ * are inappropriate for this instance.
+ */
+ protected abstract void engineInit(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException;
+
+ /**
+ * Engine method for initializing this factory with a key store and a
+ * password for private keys. Either parameter may be <code>null</code>,
+ * in which case some default parameters (possibly derived from system
+ * properties) should be used.
+ *
+ * @param store The key store.
+ * @param passwd The private key password.
+ * @throws KeyStoreException If the key store cannot be accessed.
+ * @throws NoSuchAlgorithmException If some of the data from the key
+ * store cannot be retrieved.
+ * @throws UnrecoverableKeyException If a private key cannot be retrieved,
+ * likely from a wrong password.
+ */
+ protected abstract void engineInit(KeyStore store, char[] passwd)
+ throws KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException;
+}
diff --git a/libjava/javax/net/ssl/ManagerFactoryParameters.java b/libjava/javax/net/ssl/ManagerFactoryParameters.java
new file mode 100644
index 00000000000..6d3e008dea9
--- /dev/null
+++ b/libjava/javax/net/ssl/ManagerFactoryParameters.java
@@ -0,0 +1,50 @@
+/* ManagerFactoryParameters.java -- marker interface for manager parameters.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for classes that serve as key or trust manager
+ * parameters, used to initialize instances of {@link
+ * KeyManagerFactory} or {@link TrustManagerFactory}.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface ManagerFactoryParameters
+{
+}
diff --git a/libjava/javax/net/ssl/SSLContext.java b/libjava/javax/net/ssl/SSLContext.java
new file mode 100644
index 00000000000..45e01c3c7be
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLContext.java
@@ -0,0 +1,269 @@
+/* SSLContext.java -- an SSL protocol context.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+
+import gnu.java.security.Engine;
+
+/**
+ * A "meta-factory" for protocol-specific socket and server socket
+ * factories. This class serves as a clearinghouse for socket
+ * factories and cached session contexts for a particular protocol,
+ * such as SSLv3.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class SSLContext
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------
+
+ /** Service name for SSL contexts. */
+ private static final String SSL_CONTEXT = "SSLContext";
+
+ /** The underlying engine. */
+ private final SSLContextSpi ctxSpi;
+
+ /** The provider of the engine class. */
+ private final Provider provider;
+
+ /** The protocal name. */
+ private final String protocol;
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Create a new SSL context.
+ *
+ * @param ctxSpi The context engine.
+ * @param provider The provider of the implementation.
+ * @param protocol The name of the SSL protocol.
+ */
+ protected SSLContext(SSLContextSpi ctxSpi, Provider provider,
+ String protocol)
+ {
+ this.ctxSpi = ctxSpi;
+ this.provider = provider;
+ this.protocol = protocol;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Get an instance of a context for the specified protocol from the
+ * first provider that implements it.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @return The new context.
+ * @throws NoSuchAlgorithm If no provider implements the given
+ * protocol.
+ */
+ public static final SSLContext getInstance(String protocol)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(protocol, provs[i]);
+ }
+ catch (NoSuchAlgorithmException ignore)
+ {
+ }
+ }
+ throw new NoSuchAlgorithmException(protocol);
+ }
+
+ /**
+ * Get an instance of a context for the specified protocol from the
+ * named provider.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @param provider The name of the provider to get the
+ * implementation from.
+ * @return The new context.
+ * @throws NoSuchAlgorithmException If the provider does not
+ * implement the given protocol.
+ * @throws NoSuchProviderException If the named provider does not
+ * exist.
+ * @throws IllegalArgumentException If <i>provider</i> is null.
+ */
+ public static final SSLContext getInstance(String protocol,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ {
+ throw new IllegalArgumentException();
+ }
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(protocol, p);
+ }
+
+ /**
+ * Get an instance of a context for the specified protocol from the
+ * specified provider.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @param provider The name of the provider to get the
+ * implementation from.
+ * @return The new context.
+ * @throws NoSuchAlgorithmException If the provider does not
+ * implement the given protocol.
+ * @throws IllegalArgumentException If <i>provider</i> is null.
+ */
+ public static final SSLContext getInstance(String protocol,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ try
+ {
+ return new SSLContext((SSLContextSpi)
+ Engine.getInstance(SSL_CONTEXT, protocol, provider),
+ provider, protocol);
+ }
+ catch (InvocationTargetException ite)
+ {
+ ite.printStackTrace();
+ throw new NoSuchAlgorithmException();
+ }
+ catch (ClassCastException cce)
+ {
+ cce.printStackTrace();
+ throw new NoSuchAlgorithmException();
+ }
+ }
+
+ // Instance methods.
+ // -----------------------------------------------------------------
+
+ /**
+ * Returns the set of SSL contexts available for client connections.
+ *
+ * @return The set of SSL contexts available for client connections.
+ */
+ public final SSLSessionContext getClientSessionContext()
+ {
+ return ctxSpi.engineGetClientSessionContext();
+ }
+
+ /**
+ * Returns the protocol name of this context.
+ *
+ * @return The protocol name of this context.
+ */
+ public final String getProtocol()
+ {
+ return protocol;
+ }
+
+ /**
+ * Returns the provider of this implementation.
+ *
+ * @return The provider of this implementation.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the set of SSL contexts available for server connections.
+ *
+ * @return The set of SSL contexts available for server connections.
+ */
+ public final SSLSessionContext getServerSessionContext()
+ {
+ return ctxSpi.engineGetServerSessionContext();
+ }
+
+ /**
+ * Returns the factory for server SSL sockets.
+ *
+ * @return The factory for server SSL sockets.
+ */
+ public final SSLServerSocketFactory getServerSocketFactory()
+ {
+ return ctxSpi.engineGetServerSocketFactory();
+ }
+
+ /**
+ * Returns the factory for client SSL sockets.
+ *
+ * @return The factory for client SSL sockets.
+ */
+ public final SSLSocketFactory getSocketFactory()
+ {
+ return ctxSpi.engineGetSocketFactory();
+ }
+
+ /**
+ * Initializes this context and prepares it for producing socket
+ * factories. All of the parameters are optional; default values are
+ * used if left unspecified.
+ *
+ * @param keyManagers The set of key managers to use.
+ * @param trustManagers The set of trust managers to use.
+ * @param random A source of random bits to use.
+ * @throws KeyManagementException If initialization fails.
+ */
+ public final void init(KeyManager[] keyManagers,
+ TrustManager[] trustManagers,
+ SecureRandom random)
+ throws KeyManagementException
+ {
+ ctxSpi.engineInit(keyManagers, trustManagers, random);
+ }
+}
diff --git a/libjava/javax/net/ssl/SSLContextSpi.java b/libjava/javax/net/ssl/SSLContextSpi.java
new file mode 100644
index 00000000000..ecac1cbc5af
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLContextSpi.java
@@ -0,0 +1,109 @@
+/* SSLContextSpi.java -- SPI for SSL contexts.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.KeyManagementException;
+import java.security.SecureRandom;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for SSLContext
+ * objects.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class SSLContextSpi
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Create a new SSLContextSpi.
+ */
+ public SSLContextSpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the set of SSL sessions available for client connections.
+ *
+ * @return The set of SSL sessions available for client connections.
+ */
+ protected abstract SSLSessionContext engineGetClientSessionContext();
+
+ /**
+ * Returns the set of SSL sessions available for server connections.
+ *
+ * @return The set of SSL sessions available for server connections.
+ */
+ protected abstract SSLSessionContext engineGetServerSessionContext();
+
+ /**
+ * Returns the SSL server socket factory.
+ *
+ * @return The SSL server socket factory.
+ */
+ protected abstract SSLServerSocketFactory engineGetServerSocketFactory();
+
+ /**
+ * Returns the SSL client socket factory.
+ *
+ * @return The SSL client socket factory.
+ */
+ protected abstract SSLSocketFactory engineGetSocketFactory();
+
+ /**
+ * Initialize this context with key and trust managers, and a source
+ * of randomness. All of the parameters are optional.
+ *
+ * @param keyManagers The set of key managers.
+ * @param trustManagers The set of trust managers.
+ * @param random The source of randomness.
+ * @throws KeyManagementException If this context cannot be
+ * initialized with these parameters.
+ */
+ protected abstract void engineInit(KeyManager[] keyManagers,
+ TrustManager[] trustManagers,
+ SecureRandom random)
+ throws KeyManagementException;
+}
diff --git a/libjava/javax/net/ssl/SSLException.java b/libjava/javax/net/ssl/SSLException.java
new file mode 100644
index 00000000000..0a33b458fa5
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLException.java
@@ -0,0 +1,59 @@
+/* SSLException.java -- generic SSL exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+
+/**
+ * The superclass of all possible SSL exceptions. Usually, a specific
+ * exception is thrown instead of this exception.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class SSLException extends IOException
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ public SSLException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/net/ssl/SSLHandshakeException.java b/libjava/javax/net/ssl/SSLHandshakeException.java
new file mode 100644
index 00000000000..c0f2c5cbb8f
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLHandshakeException.java
@@ -0,0 +1,51 @@
+/* SSLHandshakeException.java -- exception in SSL handshake.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception that signals an error in the SSL handshake phase.
+ */
+public class SSLHandshakeException extends SSLException
+{
+
+ public SSLHandshakeException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/net/ssl/SSLKeyException.java b/libjava/javax/net/ssl/SSLKeyException.java
new file mode 100644
index 00000000000..c60cac19fe6
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLKeyException.java
@@ -0,0 +1,52 @@
+/* SSLKeyException.java -- exception in using a key in SSL.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception signaling a problem using a public or private key in
+ * an SSL communication.
+ */
+public class SSLKeyException extends SSLException
+{
+
+ public SSLKeyException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/net/ssl/SSLPeerUnverifiedException.java b/libjava/javax/net/ssl/SSLPeerUnverifiedException.java
new file mode 100644
index 00000000000..1b3acbc2497
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLPeerUnverifiedException.java
@@ -0,0 +1,51 @@
+/* SSLPeerUnverifiedException.java -- unverified peer exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception thrown when the remote peer could not be verified.
+ */
+public class SSLPeerUnverifiedException extends SSLException
+{
+
+ public SSLPeerUnverifiedException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/net/ssl/SSLPermission.java b/libjava/javax/net/ssl/SSLPermission.java
new file mode 100644
index 00000000000..3771eaf9828
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLPermission.java
@@ -0,0 +1,66 @@
+/* SSLPermission.java -- SSL permission class.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.BasicPermission;
+
+/**
+ * A permission used for accessing SSL classes.
+ */
+public class SSLPermission extends BasicPermission
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -3456898025505876775L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public SSLPermission(String name)
+ {
+ super(name);
+ }
+
+ public SSLPermission(String name, String actions)
+ {
+ super(name, actions);
+ }
+}
diff --git a/libjava/javax/net/ssl/SSLProtocolException.java b/libjava/javax/net/ssl/SSLProtocolException.java
new file mode 100644
index 00000000000..16a1457ab3e
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLProtocolException.java
@@ -0,0 +1,53 @@
+/* SSLProtocolException.java -- exception in SSL protocol.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception thrown when a fatal protocol error is encountered. This
+ * exception usually indicates some serious problem with the local or
+ * remote SSL implementation.
+ */
+public class SSLProtocolException extends SSLException
+{
+
+ public SSLProtocolException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/javax/net/ssl/SSLServerSocket.java b/libjava/javax/net/ssl/SSLServerSocket.java
new file mode 100644
index 00000000000..eab92a23fb5
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLServerSocket.java
@@ -0,0 +1,189 @@
+// THIS IS A GENERATED FILE. DO NOT EDIT. -*- buffer-read-only: t -*-
+/* SSLServerSocket.java -- a server socket for SSL connections.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+/**
+ * A server socket that allows clients to connect via the SSL protocol.
+ */
+public abstract class SSLServerSocket extends ServerSocket
+{
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ protected SSLServerSocket() throws IOException
+ {
+ super();
+ //super(0);
+ //throw new UnsupportedOperationException("1.4 socket methods not enabled");
+ }
+
+ protected SSLServerSocket(int port) throws IOException
+ {
+ super(port);
+ }
+
+ protected SSLServerSocket(int port, int backlog) throws IOException
+ {
+ super(port, backlog);
+ }
+
+ protected SSLServerSocket(int port, int backlog, InetAddress bindAddress)
+ throws IOException
+ {
+ super(port, backlog, bindAddress);
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the list of cihper suites that are currently enabled in this
+ * server socket. Sockets accepted by this server socket will only have
+ * these suites enabled.
+ *
+ * @return The enabled cipher suites.
+ */
+ public abstract String[] getEnabledCipherSuites();
+
+ /**
+ * Sets the list enabled cipher suites.
+ *
+ * @param suites The cipher suites to enable.
+ */
+ public abstract void setEnabledCipherSuites(String[] suites);
+
+ /**
+ * Returns the list of enabled protocols, such as "SSLv3" and "TLSv1".
+ *
+ * @return The enabled protocols.
+ */
+ public abstract String[] getEnabledProtocols();
+
+ /**
+ * Sets the list of enabled protocols.
+ *
+ * @param protocols The list of protocols to enable.
+ */
+ public abstract void setEnabledProtocols(String[] protocols);
+
+ /**
+ * Returns whether or not sessions will be created, i.e., whether or not
+ * this server socket will allow SSL session resumption.
+ *
+ * @return True if sessions will be created.
+ */
+ public abstract boolean getEnableSessionCreation();
+
+ /**
+ * Sets whether or not sessions will be created.
+ *
+ * @param enabled The new enabled value.
+ */
+ public abstract void setEnableSessionCreation(boolean enabled);
+
+ /**
+ * Returns whether or not this server socket will require clients to
+ * authenticate themselves, such as through a certificate.
+ *
+ * @return True if clients must authenticate themselves.
+ */
+ public abstract boolean getNeedClientAuth();
+
+ /**
+ * Enabled or disables the requirement that clients authenticate themselves.
+ * When this is set to <code>true</code>, connections will be rejected if
+ * connecting clients do not provide proper authentication.
+ *
+ * @param needAuth The new need auth value.
+ */
+ public abstract void setNeedClientAuth(boolean needAuth);
+
+ /**
+ * Returns whether or not sockets accepted by this server socket will do
+ * their handshake as the client-side. The default is false.
+ *
+ * @return True if client mode will be used.
+ */
+ public abstract boolean getUseClientMode();
+
+ /**
+ * Sets whether or not sockets accepted by this server socket will be
+ * created in client mode.
+ *
+ * @param clientMode The new client mode value.
+ */
+ public abstract void setUseClientMode(boolean clientMode);
+
+ /**
+ * Returns whether or not this socket will ask for, but not require, that
+ * connecting clients authenticate themselves. Clients that do not
+ * provide authentication they will still be allowed to connect.
+ *
+ * @return True if this server socket wants client authentication.
+ */
+ public abstract boolean getWantClientAuth();
+
+ /**
+ * Sets whether or not this server socket will want client authentication.
+ *
+ * @param wantAuth The new want auth value.
+ */
+ public abstract void setWantClientAuth(boolean wantAuth);
+
+ /**
+ * Returns a list of cipher suites that this server socket supports.
+ *
+ * @return The list of supported suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+
+ /**
+ * Returns a list of SSL protocols supported by this server socket.
+ *
+ * @return The list of supported protocols.
+ */
+ public abstract String[] getSupportedProtocols();
+}
diff --git a/libjava/javax/net/ssl/SSLServerSocketFactory.java b/libjava/javax/net/ssl/SSLServerSocketFactory.java
new file mode 100644
index 00000000000..ef82d146294
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLServerSocketFactory.java
@@ -0,0 +1,172 @@
+/* SSLServerSocketFactory.java -- factory for SSL server sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.KeyStore;
+import java.security.Security;
+import javax.net.ServerSocketFactory;
+
+/**
+ * A server socket factory for <i>Secure Socket Layer</i> (<b>SSL</b>)
+ * server sockets.
+ */
+public abstract class SSLServerSocketFactory extends ServerSocketFactory
+{
+
+ // Field.
+ // -------------------------------------------------------------------------
+
+ private static SSLContext context;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ protected SSLServerSocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns a default implementation of a SSL server socket factory.
+ *
+ * <p>To control the class that gets returned by this method, set the
+ * security property "ssl.ServerSocketFactory.provider" to the class
+ * name of a concrete implementation of this class. If not set, a
+ * system-dependent implementation will be used.</p>
+ *
+ * <p>The implementation returned is created by the first implementation
+ * of the {@link SSLContext} class found, which is initialized with
+ * default parameters. To control the key and trust manager factory
+ * algorithms used as defaults, set the security properties
+ * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm"
+ * to the appropriate names.</p>
+ *
+ * <p>Using this method is not recommended. Instead, use the methods of
+ * {@link SSLContext}, which provide much better control over the
+ * creation of server socket factories.</p>
+ *
+ * @return The default server socket factory.
+ * @throws RuntimeException If no default can be created.
+ */
+ public static synchronized ServerSocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("ssl.ServerSocketFactory.provider");
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ if (s != null && cl != null)
+ {
+ return (ServerSocketFactory) cl.loadClass(s).newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ if (context == null)
+ {
+ KeyManager[] km = null;
+ TrustManager[] tm = null;
+
+ // 1. Determine which algorithms to use for the key and trust
+ // manager factories.
+ String kmAlg = KeyManagerFactory.getDefaultAlgorithm();
+ String tmAlg = TrustManagerFactory.getDefaultAlgorithm();
+ // 2. Try to initialize the factories with default parameters.
+ try
+ {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg);
+ kmf.init(null, null);
+ km = kmf.getKeyManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+ try
+ {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg);
+ tmf.init((KeyStore) null);
+ tm = tmf.getTrustManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+
+ // 3. Create and initialize a context.
+ try
+ {
+ context = SSLContext.getInstance("SSLv3");
+ context.init(km, tm, null);
+ }
+ catch (Exception ex)
+ {
+ throw new RuntimeException("error instantiating default server socket factory: "
+ + ex.toString());
+ }
+ }
+ try
+ {
+ return context.getServerSocketFactory();
+ }
+ catch (Exception e)
+ {
+ }
+ throw new RuntimeException("no SSLSocketFactory implementation available");
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the list of cipher suites that will be enabled in server sockets
+ * created by this factory.
+ *
+ * @return The default cipher suites.
+ */
+ public abstract String[] getDefaultCipherSuites();
+
+ /**
+ * Returns the list of all cipher suites supported by this factory.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+}
diff --git a/libjava/javax/net/ssl/SSLSession.java b/libjava/javax/net/ssl/SSLSession.java
new file mode 100644
index 00000000000..14797f083a7
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLSession.java
@@ -0,0 +1,168 @@
+/* SSLSession.java -- an SSL session.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.Certificate;
+import javax.security.cert.X509Certificate;
+
+/**
+ * An SSL session is a mechanism through which connections can be established
+ * by re-using previously negotiated handshakes.
+ */
+public interface SSLSession
+{
+
+ /**
+ * Returns this session's cihper suite.
+ *
+ * @return The cipher suite.
+ */
+ String getCipherSuite();
+
+ /**
+ * Returns the time in milliseconds since midnight GMT, 1 January 1970, that
+ * this session was created.
+ *
+ * @return The creation time.
+ */
+ long getCreationTime();
+
+ /**
+ * Returns this session's unique identifier, a arbitrary byte array of up
+ * to 32 bytes.
+ *
+ * @return The session identifier.
+ */
+ byte[] getId();
+
+ /**
+ * Returns the last time this session was accessed.
+ *
+ * @return The lest time this session was accessed.
+ */
+ long getLastAccessedTime();
+
+ /**
+ * Returns the chain of certificates that the local side used in the
+ * handshake, or null if none were used.
+ *
+ * @return The local certificate chain.
+ */
+ Certificate[] getLocalCertificates();
+
+ /**
+ * Returns the chain of certificates that the remote side used in
+ * the handshake, or null if none were used.
+ *
+ * @return The peer's certificate chain.
+ * @throws SSLPeerUnverifiedException If the identity of the peer has
+ * not been verified.
+ */
+ Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException;
+
+ /**
+ * Returns the chain of certificates that the remote side used in
+ * the handshake, or null if none were used.
+ *
+ * @return The peer's certificate chain.
+ * @throws SSLPeerUnverifiedException If the identity of the peer has
+ * not been verified.
+ */
+ X509Certificate[] getPeerCertificateChain()
+ throws SSLPeerUnverifiedException;
+
+ /**
+ * Returns the remote host's name.
+ *
+ * @return The name of the remote host.
+ */
+ String getPeerHost();
+
+ /**
+ * Returns the protocol this session uses.
+ *
+ * @return The protocol.
+ */
+ String getProtocol();
+
+ /**
+ * Returns this session's session context object.
+ *
+ * @return The session context.
+ * @throws SecurityException If the caller does not have the
+ * {@link SSLPermission} "getSessionContext".
+ */
+ SSLSessionContext getSessionContext();
+
+ /**
+ * Returns the names of all values bound to this session.
+ *
+ * @return The list of bound names.
+ */
+ String[] getValueNames();
+
+ /**
+ * Returns the object bound to the given name.
+ *
+ * @param name The name of the value to get.
+ * @return The object bound by that name, or null.
+ */
+ Object getValue(String name);
+
+ /**
+ * Invalidates this session, ensuring that it will not be continued by
+ * another socket.
+ */
+ void invalidate();
+
+ /**
+ * Binds a value to this session, with the given name.
+ *
+ * @param name The name to bind the object with.
+ * @param value The value to bind.
+ */
+ void putValue(String name, Object value);
+
+ /**
+ * Un-binds a value.
+ *
+ * @param name The name of the value to un-bind.
+ */
+ void removeValue(String name);
+}
diff --git a/libjava/javax/net/ssl/SSLSessionBindingEvent.java b/libjava/javax/net/ssl/SSLSessionBindingEvent.java
new file mode 100644
index 00000000000..e0d27efa657
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLSessionBindingEvent.java
@@ -0,0 +1,94 @@
+/* SSLSessionBindingEvent.java -- SSL binding event.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.EventObject;
+
+/**
+ * An event raised by {@link SSLSession} objects when objects are bound to
+ * them.
+ */
+public class SSLSessionBindingEvent extends EventObject
+{
+
+ // Fields.
+ // -------------------------------------------------------------------
+
+ private static final long serialVersionUID = 3989172637106345L;
+
+ private final String name;
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Creates a new binding event.
+ *
+ * @param session The session being bound to.
+ * @param name The name the object was bound under.
+ */
+ public SSLSessionBindingEvent(SSLSession session, String name)
+ {
+ super(session);
+ this.name = name;
+ }
+
+ // Instance methods.
+ // --------------------------------------------------------------------
+
+ /**
+ * Returns the name the object was bound under.
+ *
+ * @return The name.
+ */
+ public String getName()
+ {
+ return name;
+ }
+
+ /**
+ * Returns the session that the object was bound to.
+ *
+ * @return The session.
+ */
+ public SSLSession getSession()
+ {
+ return (SSLSession) getSource();
+ }
+}
diff --git a/libjava/javax/net/ssl/SSLSessionBindingListener.java b/libjava/javax/net/ssl/SSLSessionBindingListener.java
new file mode 100644
index 00000000000..2e2432d4aab
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLSessionBindingListener.java
@@ -0,0 +1,65 @@
+/* SSLSessionBindingListener.java -- listener for SSL bindings.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.EventListener;
+
+/**
+ * An event listener interface that should be notified when it is bound or
+ * unbound to a {@link SSLSession}.
+ */
+public interface SSLSessionBindingListener extends EventListener
+{
+
+ /**
+ * This method is called of all objects when they are bound to an SSL
+ * session.
+ *
+ * @param event The binding event.
+ */
+ void valueBound(SSLSessionBindingEvent event);
+
+ /**
+ * This method is called of all objects when they are unbound to an SSL
+ * session.
+ *
+ * @param event The binding event.
+ */
+ void valueUnbound(SSLSessionBindingEvent event);
+}
diff --git a/libjava/javax/net/ssl/SSLSessionContext.java b/libjava/javax/net/ssl/SSLSessionContext.java
new file mode 100644
index 00000000000..0cbdeed9d1e
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLSessionContext.java
@@ -0,0 +1,103 @@
+/* SSLSessionContext.java -- collection of SSL sessions.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.Enumeration;
+
+/**
+ * A collection of saved SSL sessions, with thier corresponding session
+ * IDs.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface SSLSessionContext
+{
+
+ /**
+ * Returns an enumeration of all saved session IDs. Every element in
+ * the returned enumeration is a byte array.
+ *
+ * @return The session IDs.
+ */
+ Enumeration getIds();
+
+ /**
+ * Gets the session specified by its ID, or <code>null</code> if there
+ * is no session, or if it has expired.
+ *
+ * @param sessionId The ID of the session to get.
+ * @return The session, or <code>null</code>.
+ */
+ SSLSession getSession(byte[] sessionId);
+
+ /**
+ * Returns the maximum number of sessions that may be cached by this
+ * session context.
+ *
+ * @return The maximum number of sessions that may be cached.
+ */
+ int getSessionCacheSize();
+
+ /**
+ * Returns the period of time (in seconds) that a session may be cached
+ * for before becoming invalid.
+ *
+ * @return The time a session may be valid.
+ */
+ int getSessionTimeout();
+
+ /**
+ * Sets the maximum number of sessions that may be cached by this
+ * session context. A cache size of 0 means no limit.
+ *
+ * @param size The new cache size.
+ * @throws IllegalArgumentException If <code>size</code> is negative.
+ */
+ void setSessionCacheSize(int size);
+
+ /**
+ * Sets the period of time (in seconds) that a session may be cached
+ * for before becoming invalid. A timeout of 0 means that sessions
+ * never expire.
+ *
+ * @param seconds The new timeout.
+ * @throws IllegalArgumentException If <code>seconds</code> is negative.
+ */
+ void setSessionTimeout(int seconds);
+}
diff --git a/libjava/javax/net/ssl/SSLSocket.java b/libjava/javax/net/ssl/SSLSocket.java
new file mode 100644
index 00000000000..8b943b9d6f3
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLSocket.java
@@ -0,0 +1,229 @@
+/* SSLSocket.java -- an SSL client socket.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+/**
+ * A socket that communicates over the secure socket layer protocol.
+ */
+public abstract class SSLSocket extends Socket
+{
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ protected SSLSocket()
+ {
+ super();
+ }
+
+ protected SSLSocket(String host, int port)
+ throws IOException, UnknownHostException
+ {
+ super(host, port);
+ }
+
+ protected SSLSocket(InetAddress address, int port) throws IOException
+ {
+ super(address, port);
+ }
+
+ protected SSLSocket(String host, int port,
+ InetAddress localAddr, int localPort)
+ throws IOException, UnknownHostException
+ {
+ super(host, port, localAddr, localPort);
+ }
+
+ protected SSLSocket(InetAddress address, int port,
+ InetAddress localAddr, int localPort)
+ throws IOException
+ {
+ super(address, port, localAddr, localPort);
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Adds a handshake completed listener that wants to be notified when the
+ * SSL handshake completes.
+ *
+ * @param listener The listener to add.
+ */
+ public abstract void
+ addHandshakeCompletedListener(HandshakeCompletedListener listener);
+
+ /**
+ * Removes a handshake listener from this socket.
+ *
+ * @param listener The listener to remove.
+ */
+ public abstract void
+ removeHandshakeCompletedListener(HandshakeCompletedListener listener);
+
+ /**
+ * Returns the list of currently enabled cipher suites.
+ *
+ * @return The list of enabled cipher suites.
+ */
+ public abstract String[] getEnabledCipherSuites();
+
+ /**
+ * Sets the list of enabled cipher suites.
+ *
+ * @param suites The list of suites to enable.
+ */
+ public abstract void setEnabledCipherSuites(String[] suites);
+
+ /**
+ * Returns the list of enabled SSL protocols.
+ *
+ * @return The list of enabled protocols.
+ */
+ public abstract String[] getEnabledProtocols();
+
+ /**
+ * Sets the list of enabled SSL protocols.
+ *
+ * @param protocols The list of protocols to enable.
+ */
+ public abstract void setEnabledProtocols(String[] protocols);
+
+ /**
+ * Returns whether or not sessions will be created by this socket, and thus
+ * allow sessions to be continued later.
+ *
+ * @return Whether or not sessions will be created.
+ */
+ public abstract boolean getEnableSessionCreation();
+
+ /**
+ * Sets whether or not sessions will be created by this socket.
+ *
+ * @param enable The new value.
+ */
+ public abstract void setEnableSessionCreation(boolean enable);
+
+ /**
+ * Returns whether or not this socket will require connecting clients to
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @return Whether or not this socket requires client authentication.
+ */
+ public abstract boolean getNeedClientAuth();
+
+ /**
+ * Sets whether or not this socket will require connecting clients to
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @param needAuth The new need auth value.
+ */
+ public abstract void setNeedClientAuth(boolean needAuth);
+
+ /**
+ * Returns this socket's session object.
+ *
+ * @return The session.
+ */
+ public abstract SSLSession getSession();
+
+ /**
+ * Returns the list of cipher suites supported by this socket.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+
+ /**
+ * Returns the list of protocols supported by this socket.
+ *
+ * @return The list of supported protocols.
+ */
+ public abstract String[] getSupportedProtocols();
+
+ /**
+ * Returns whether or not this socket will connect in client mode.
+ *
+ * @return True if this is a client socket.
+ */
+ public abstract boolean getUseClientMode();
+
+ /**
+ * Sets whether or not this socket will connect in client mode.
+ *
+ * @param clientMode The new value.
+ */
+ public abstract void setUseClientMode(boolean clientMode);
+
+ /**
+ * Returns whether or not this socket will request that connecting clients
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @return The want client auth value.
+ */
+ public abstract boolean getWantClientAuth();
+
+ /**
+ * Sets whether or not this socket will request that connecting clients
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @param wantAuth The new want auth value.
+ */
+ public abstract void setWantClientAuth(boolean wantAuth);
+
+ /**
+ * Explicitly begins the handshake, or, if the handshake has already
+ * completed, requests that the handshake be repeated.
+ *
+ * <p>The handshake will begin implicitly when any attempt to read or
+ * write to the socket is made.</p>
+ *
+ * @throws IOException If an I/O or SSL error occurs.
+ */
+ public abstract void startHandshake() throws IOException;
+}
diff --git a/libjava/javax/net/ssl/SSLSocketFactory.java b/libjava/javax/net/ssl/SSLSocketFactory.java
new file mode 100644
index 00000000000..181ab18a1d2
--- /dev/null
+++ b/libjava/javax/net/ssl/SSLSocketFactory.java
@@ -0,0 +1,192 @@
+/* SSLSocketFactory.java -- factory for SSL client sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.security.AccessController;
+import java.security.KeyStore;
+import java.security.PrivilegedAction;
+import java.security.Security;
+import javax.net.SocketFactory;
+
+/**
+ * A socket factory for creating <i>Secure Socket Layer</i> (<b>SSL</b>)
+ * sockets.
+ */
+public abstract class SSLSocketFactory extends SocketFactory
+{
+
+ // Constants.
+ // -------------------------------------------------------------------------
+
+ private static SSLContext context;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public SSLSocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns a default implementation of a SSL socket factory.
+ *
+ * <p>To control the class that gets returned by this method, set the
+ * security property "ssl.SocketFactory.provider" to the class
+ * name of a concrete implementation of this class. If not set, a
+ * system-dependent implementation will be used.</p>
+ *
+ * <p>The implementation returned is created by the first implementation
+ * of the {@link SSLContext} class found, which is initialized with
+ * default parameters. To control the key and trust manager factory
+ * algorithms used as defaults, set the security properties
+ * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm"
+ * to the appropriate names.</p>
+ *
+ * <p>Using this method is not recommended. Instead, use the methods of
+ * {@link SSLContext}, which provide much better control over the
+ * creation of socket factories.</p>
+ *
+ * @return The default socket factory.
+ * @throws RuntimeException If no default can be created.
+ */
+ public static synchronized SocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("ssl.SocketFactory.provider");
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ if (s != null && cl != null)
+ {
+ return (SocketFactory) cl.loadClass(s).newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ if (context == null)
+ {
+ KeyManager[] km = null;
+ TrustManager[] tm = null;
+
+ // 1. Determine which algorithms to use for the key and trust
+ // manager factories.
+ String kmAlg = KeyManagerFactory.getDefaultAlgorithm();
+ String tmAlg = TrustManagerFactory.getDefaultAlgorithm();
+
+ // 2. Try to initialize the factories with default parameters.
+ try
+ {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg);
+ kmf.init(null, null);
+ km = kmf.getKeyManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+ try
+ {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg);
+ tmf.init((KeyStore) null);
+ tm = tmf.getTrustManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+
+ // 3. Create and initialize a context.
+ try
+ {
+ context = SSLContext.getInstance("SSLv3");
+ context.init(km, tm, null);
+ }
+ catch (Exception ex)
+ {
+ throw new RuntimeException("error instantiating default socket factory: "
+ + ex.toString());
+ }
+ }
+ try
+ {
+ return context.getSocketFactory();
+ }
+ catch (Exception e)
+ {
+ }
+ throw new RuntimeException("no SSLSocketFactory implementation available");
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a SSL socket wrapped around an existing socket.
+ *
+ * @param socket The socket to wrap.
+ * @param host The host the socket is connected to.
+ * @param port The port the socket is connected to.
+ * @param autoClose Whether or not the wrapped socket should be closed
+ * automatically.
+ * @return The new SSL socket.
+ * @throws IOException If the socket could not be created.
+ */
+ public abstract Socket createSocket(Socket socket, String host,
+ int port, boolean autoClose)
+ throws IOException;
+
+ /**
+ * Returns the list of cipher suites that will be enabled in sockets
+ * created by this factory.
+ *
+ * @return The default cipher suites.
+ */
+ public abstract String[] getDefaultCipherSuites();
+
+ /**
+ * Returns the list of all cipher suites supported by this factory.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+}
diff --git a/libjava/javax/net/ssl/TrivialHostnameVerifier.java b/libjava/javax/net/ssl/TrivialHostnameVerifier.java
new file mode 100644
index 00000000000..e4e2befc072
--- /dev/null
+++ b/libjava/javax/net/ssl/TrivialHostnameVerifier.java
@@ -0,0 +1,51 @@
+/* TrivialHostnameVerifier.java -- non-verifing verifier.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A hostname verifier that always rejects mismatched hostnames.
+ */
+class TrivialHostnameVerifier implements HostnameVerifier
+{
+
+ public boolean verify(String hostname, SSLSession session)
+ {
+ return false;
+ }
+}
diff --git a/libjava/javax/net/ssl/TrustManager.java b/libjava/javax/net/ssl/TrustManager.java
new file mode 100644
index 00000000000..f90629ab40c
--- /dev/null
+++ b/libjava/javax/net/ssl/TrustManager.java
@@ -0,0 +1,47 @@
+/* TrustManager.java -- marker interface for trust managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for classes that establish the trust of remote
+ * hosts.
+ */
+public interface TrustManager
+{
+}
diff --git a/libjava/javax/net/ssl/TrustManagerFactory.java b/libjava/javax/net/ssl/TrustManagerFactory.java
new file mode 100644
index 00000000000..84059c89618
--- /dev/null
+++ b/libjava/javax/net/ssl/TrustManagerFactory.java
@@ -0,0 +1,279 @@
+/* TrustManagerFactory.java -- factory for trust managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+
+import gnu.java.security.Engine;
+
+/**
+ * A factory for creating trust manager objects.
+ */
+public class TrustManagerFactory
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ /** The service name for trust manager factories. */
+ private static final String TRUST_MANAGER_FACTORY = "TrustManagerFactory";
+
+ /** The system default trust manager algorithm. */
+ private static final String DEFAULT_ALGORITHM = "JessieX509";
+
+ /** The underlying engine class. */
+ private final TrustManagerFactorySpi tmfSpi;
+
+ /** The provider of the engine class. */
+ private final Provider provider;
+
+ /** The name of this trust manager algorithm. */
+ private final String algorithm;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new trust manager factory.
+ *
+ * @param tmfSpi The underlying engine class.
+ * @param provider The provider of the engine class.
+ * @param algorithm The trust manager algorithm name.
+ */
+ protected TrustManagerFactory(TrustManagerFactorySpi tmfSpi,
+ Provider provider, String algorithm)
+ {
+ this.tmfSpi = tmfSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm
+ * from the first provider that implements it.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If no provider implements the given
+ * algorithm.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] provs = Security.getProviders();
+ for (int i = 0; i < provs.length; i++)
+ {
+ try
+ {
+ return getInstance(algorithm, provs[i]);
+ }
+ catch (NoSuchAlgorithmException ignore)
+ {
+ }
+ }
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm
+ * from the named provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The name of the provider to get the instance from.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * given algorithm.
+ * @throws NoSuchProviderException If there is no such named provider.
+ * @throws IllegalArgumentException If the provider argument is null.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ {
+ throw new IllegalArgumentException();
+ }
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ {
+ throw new NoSuchProviderException(provider);
+ }
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm
+ * from the specified provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The provider to get the instance from.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * given algorithm.
+ * @throws IllegalArgumentException If the provider argument is null.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ if (provider == null)
+ {
+ throw new IllegalArgumentException();
+ }
+ try
+ {
+ return new TrustManagerFactory((TrustManagerFactorySpi)
+ Engine.getInstance(TRUST_MANAGER_FACTORY, algorithm, provider),
+ provider, algorithm);
+ }
+ catch (InvocationTargetException ite)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ catch (ClassCastException cce)
+ {
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+ }
+
+ /**
+ * Returns the default algorithm for trust manager factories. The value
+ * returned is either the value of the security property
+ * "ssl.TrustManagerFactory.algorithm" if it is set, or the value "JessieX509"
+ * if not.
+ *
+ * @return The default algorithm name.
+ * @see Security.getProperty(java.lang.String)
+ */
+ public static final String getDefaultAlgorithm()
+ {
+ String alg = null;
+ try
+ {
+ alg = (String) AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty("ssl.TrustManagerFactory.algorithm");
+ }
+ }
+ );
+ }
+ catch (SecurityException se)
+ {
+ }
+ if (alg == null)
+ alg = DEFAULT_ALGORITHM;
+ return alg;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the name of this trust manager algorithm.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Returns the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the trust managers created by this factory.
+ *
+ * @return The trust managers.
+ */
+ public final TrustManager[] getTrustManagers()
+ {
+ return tmfSpi.engineGetTrustManagers();
+ }
+
+ /**
+ * Initialize this instance with some algorithm-specific parameters.
+ *
+ * @param params The parameters.
+ * @throws InvalidAlgorithmParameterException If the supplied parameters
+ * are inappropriate for this instance.
+ */
+ public final void init(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ tmfSpi.engineInit(params);
+ }
+
+ /**
+ * Initialize this instance with a key store. The key store may be null,
+ * in which case a default will be used.
+ *
+ * @param store The key store.
+ * @throws KeyStoreException If there is a problem reading from the
+ * key store.
+ */
+ public final void init(KeyStore store) throws KeyStoreException
+ {
+ tmfSpi.engineInit(store);
+ }
+}
diff --git a/libjava/javax/net/ssl/TrustManagerFactorySpi.java b/libjava/javax/net/ssl/TrustManagerFactorySpi.java
new file mode 100644
index 00000000000..389e02325c4
--- /dev/null
+++ b/libjava/javax/net/ssl/TrustManagerFactorySpi.java
@@ -0,0 +1,88 @@
+/* TrustManagerFactorySpi.java -- SPI for trust manager factories.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+/**
+ * The <i>service provider interface</i> (<b>SPI</b>) for trust managers.
+ */
+public abstract class TrustManagerFactorySpi
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public TrustManagerFactorySpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Engine method that returns the trust managers created by this factory.
+ *
+ * @return The trust managers.
+ */
+ protected abstract TrustManager[] engineGetTrustManagers();
+
+ /**
+ * Engine method that initializes this factory with some algorithm-specific
+ * parameters.
+ *
+ * @param params The parameters.
+ * @throws InvalidAlgorithmParameterException If the given parameters are
+ * inappropriate.
+ */
+ protected abstract void engineInit(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException;
+
+ /**
+ * Engine method that initializes this factory with a key store. The key
+ * store parameter may be null, in which case some default should be used.
+ *
+ * @param store The key store.
+ * @throws KeyStoreException If a problem occurs reading from the key store.
+ */
+ protected abstract void engineInit(KeyStore store) throws KeyStoreException;
+}
diff --git a/libjava/javax/net/ssl/X509KeyManager.java b/libjava/javax/net/ssl/X509KeyManager.java
new file mode 100644
index 00000000000..d5c00b62c97
--- /dev/null
+++ b/libjava/javax/net/ssl/X509KeyManager.java
@@ -0,0 +1,108 @@
+/* X509KeyManager.java -- X.509 key manager interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.net.Socket;
+
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * A key manager for X.509 certificates and their associated private keys.
+ */
+public interface X509KeyManager extends KeyManager
+{
+
+ /**
+ * Choose an alias for client-side authentication.
+ *
+ * @param keyTypes A list of acceptable key types.
+ * @param issuers A list of acceptable certificate issuers.
+ * @param socket The connecting socket.
+ * @return The chosen alias.
+ */
+ String chooseClientAlias(String[] keyTypes, Principal[] issuers,
+ Socket socket);
+
+ /**
+ * Choose an alias for server-side authentication.
+ *
+ * @param keyType The desired certificate type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @param socket The connecting socket.
+ * @return The chosen alias.
+ */
+ String chooseServerAlias(String keyType, Principal[] issuers,
+ Socket socket);
+
+ /**
+ * Gets the X.509 certificate chain associated with the given alias.
+ *
+ * @param alias The alias.
+ * @return The certificate chain.
+ */
+ X509Certificate[] getCertificateChain(String alias);
+
+ /**
+ * Returns all client aliases that support the given key type.
+ *
+ * @param keyType The desired key type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @return The (possibly empty) list of aliases.
+ */
+ String[] getClientAliases(String keyType, Principal[] issuers);
+
+ /**
+ * Gets the private key associated with the given alias.
+ *
+ * @param alias The alias.
+ * @return The private key.
+ */
+ PrivateKey getPrivateKey(String alias);
+
+ /**
+ * Returns all server aliases that support the given key type.
+ *
+ * @param keyType The desired key type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @return The (possibly empty) list of aliases.
+ */
+ String[] getServerAliases(String keyType, Principal[] issuers);
+}
diff --git a/libjava/javax/net/ssl/X509TrustManager.java b/libjava/javax/net/ssl/X509TrustManager.java
new file mode 100644
index 00000000000..b63e0a830b6
--- /dev/null
+++ b/libjava/javax/net/ssl/X509TrustManager.java
@@ -0,0 +1,76 @@
+/* X509TrustManager.java -- X.509 trust manager interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * A trust manager for dealing with X.509 certificates.
+ */
+public interface X509TrustManager extends TrustManager
+{
+
+ /**
+ * Checks if a certificate chain sent by the client is trusted.
+ *
+ * @param chain The certificate chain to check.
+ * @param authType The authentication type.
+ * @throws CertificateException If the client's certificates are not trusted.
+ */
+ void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException;
+
+ /**
+ * Checks if a certificate chain sent by the server is trusted.
+ *
+ * @param chain The certificate chain to check.
+ * @param authType The authentication type.
+ * @throws CertificateException If the server's certificates are not trusted.
+ */
+ void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException;
+
+ /**
+ * Returns the list of trusted issuer certificates currently in use.
+ *
+ * @return The list of trusted issuer certificates.
+ */
+ X509Certificate[] getAcceptedIssuers();
+}
diff --git a/libjava/javax/security/auth/AuthPermission.java b/libjava/javax/security/auth/AuthPermission.java
new file mode 100644
index 00000000000..b4ffa15a954
--- /dev/null
+++ b/libjava/javax/security/auth/AuthPermission.java
@@ -0,0 +1,146 @@
+/* AuthPermission.java -- permissions related to authentication.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.BasicPermission;
+
+/**
+ * <p>A permission controlling access to authentication service. The
+ * <i>actions</i> field of auth permission objects is ignored; the whole
+ * of the permission is defined by the <i>target</i>.</p>
+ *
+ * <p>The authentication permission targets recognized are:</p>
+ *
+ * <dl>
+ * <dt><code>doAs</code></dt>
+ *
+ * <dd><p>Allows access to the {@link
+ * Subject#doAs(javax.security.auth.Subject java.security.PrivilegedAction)}
+ * methods.</p></dd>
+ *
+ * <dt><code>doAsPrivileged</code></dt>
+ *
+ * <dd><p>Allows access to the {@link
+ * Subject#doAsPrivileged(javax.security.auth.Subject,
+ * java.security.PrivilegedAction, java.security.AccessControlContext)}
+ * methods.</p></dd>
+ *
+ * <dt><code>getSubject</code></dt>
+ *
+ * <dd><p>Allows access to the {@link Subject} associated with a
+ * thread.</p></dd>
+ *
+ * <dt><code>getSubjectFromDomainCombiner</code></dt>
+ *
+ * <dd><p>Allows access to the {@link Subject} associated with a
+ * {@link SubjectDomainCombiner}.</p></dd>
+ *
+ * <dt><code>setReadOnly</code></dt>
+ *
+ * <dd><p>Allows a {@link Subject} to be marked as read-only.</p></dd>
+ *
+ * <dt><code>modifyPrincipals</code></dt>
+ *
+ * <dd><p>Allows the set of principals of a subject to be modified.</p></dd>
+ *
+ * <dt><code>modifyPublicCredentials</code></dt>
+ *
+ * <dd><p>Allows the set of public credentials of a subject to be
+ * modified.</p></dd>
+ *
+ * <dt><code>modifyPrivateCredentials</code></dt>
+ *
+ * <dd><p>Allows the set of private credentials of a subject to be
+ * modified.</p></dd>
+ *
+ * <dt><code>refreshCredential</code></dt>
+ *
+ * <dd><p>Allows a {@link Refreshable} credential to be refreshed.</p></dd>
+ *
+ * <dt><code>destroyCredential</code></dt>
+ *
+ * <dd><p>Allows a {@link Destroyable} credential to be destroyed.</p></dd>
+ *
+ * <dt><code>createLoginContext.<i>name</i></code></dt>
+ *
+ * <dd><p>Allows a {@link javax.security.auth.login.LoginContext} for the
+ * given <i>name</i>. <i>name</i> can also be a wildcard (<code>'*'</code>),
+ * which allows the creation of a context with any name.</p></dd>
+ *
+ * <dt><code>getLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be retrieved.</p></dd>
+ *
+ * <dt><code>setLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be set.</p></dd>
+ *
+ * <dt><code>refreshLoginConfiguration</code></dt>
+ *
+ * <dd><p>Allows the system-wide login {@link
+ * javax.security.auth.login.Configuration} to be refreshed.</p></dd>
+ * </dl>
+ */
+public final class AuthPermission extends BasicPermission
+{
+
+ /**
+ * Creates a new authentication permission for the given target name.
+ *
+ * @param name The target name.
+ */
+ public AuthPermission (String name)
+ {
+ super (name);
+ }
+
+ /**
+ * Creates a new authentication permission for the given target name.
+ * The actions list is not used by this class.
+ *
+ * @param name The target name.
+ * @param actions The action list.
+ */
+ public AuthPermission (String name, String actions)
+ {
+ super (name, actions);
+ }
+}
diff --git a/libjava/javax/security/auth/DestroyFailedException.java b/libjava/javax/security/auth/DestroyFailedException.java
new file mode 100644
index 00000000000..00bbd89667f
--- /dev/null
+++ b/libjava/javax/security/auth/DestroyFailedException.java
@@ -0,0 +1,67 @@
+/* DestroyFailedException.java -- signals an object could not be destroyed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An exception thrown when the {@link Destroyable#destroy()} method
+ * fails for a credential.
+ *
+ * @see Destroyable
+ */
+public class DestroyFailedException extends Exception
+{
+
+ /**
+ * Creates a new DestroyFailedException with no detail message.
+ */
+ public DestroyFailedException()
+ {
+ super();
+ }
+
+ /**
+ * Creates a new DestroyFailedException with a detail message.
+ *
+ * @param message The detail message.
+ */
+ public DestroyFailedException (String message)
+ {
+ super (message);
+ }
+}
diff --git a/libjava/javax/security/auth/Destroyable.java b/libjava/javax/security/auth/Destroyable.java
new file mode 100644
index 00000000000..484bece8de9
--- /dev/null
+++ b/libjava/javax/security/auth/Destroyable.java
@@ -0,0 +1,64 @@
+/* Destroyable.java -- an immutable object that may be destroyed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An interface for objects that are immutable but whose sensitive
+ * data may be wiped out.
+ */
+public interface Destroyable
+{
+
+ /**
+ * Destroy this object, clearing all sensitive fields appropriately.
+ *
+ * @throws DestroyFailedException If this object could not be
+ * destroyed.
+ * @throws SecurityException If the caller does not have permission
+ * to destroy this object.
+ */
+ void destroy() throws DestroyFailedException;
+
+ /**
+ * Tells whether or not this object has been destroyed.
+ *
+ * @return True if this object has been destroyed.
+ */
+ boolean isDestroyed();
+}
diff --git a/libjava/javax/security/auth/Policy.java b/libjava/javax/security/auth/Policy.java
new file mode 100644
index 00000000000..2234d85732b
--- /dev/null
+++ b/libjava/javax/security/auth/Policy.java
@@ -0,0 +1,79 @@
+/* Policy.java -- deprecated precursor to java.security.Policy.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.CodeSource;
+import java.security.PermissionCollection;
+
+/**
+ * @deprecated The classes java.security.Policy and
+ * java.security.ProtectionDomain provide the functionality of this class.
+ */
+public abstract class Policy
+{
+
+ private static Policy policy;
+
+ protected Policy()
+ {
+ }
+
+ public static synchronized Policy getPolicy()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("getPolicy"));
+ }
+ return policy;
+ }
+
+ public static synchronized void setPolicy (Policy p)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("setPolicy"));
+ }
+ policy = p;
+ }
+
+ public abstract PermissionCollection getPermissions (Subject subject, CodeSource source);
+ public abstract void refresh();
+}
diff --git a/libjava/javax/security/auth/PrivateCredentialPermission.java b/libjava/javax/security/auth/PrivateCredentialPermission.java
new file mode 100644
index 00000000000..db9fed7939d
--- /dev/null
+++ b/libjava/javax/security/auth/PrivateCredentialPermission.java
@@ -0,0 +1,322 @@
+/* PrivateCredentialPermission.java -- permissions governing private credentials.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.io.Serializable;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+/**
+ * A permission governing access to a private credential. The action of this
+ * permission is always "read" -- meaning that the private credential
+ * information can be read from an object.
+ *
+ * <p>The target of this permission is formatted as follows:</p>
+ *
+ * <p><code>CredentialClassName ( PrinicpalClassName PrincipalName )*</code></p>
+ *
+ * <p><i>CredentialClassName</i> is either the name of a private credential
+ * class name, or a wildcard character (<code>'*'</code>).
+ * <i>PrinicpalClassName</i> is the class name of a principal object, and
+ * <i>PrincipalName</i> is a string representing the principal, or the
+ * wildcard character.</p>
+ */
+public class PrivateCredentialPermission extends Permission
+ implements Serializable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial The credential class name.
+ */
+ private final String credentialClass;
+
+ /**
+ * @serial The principals, a set of CredOwner objects (an undocumented
+ * inner class of this class).
+ */
+ private final Set principals;
+
+ /**
+ * @serial Who knows?
+ */
+ private final boolean testing;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Create a new private credential permission.
+ *
+ * @param name The permission target name.
+ * @param actions The list of actions, which, for this class, must be
+ * <code>"read"</code>.
+ */
+ public PrivateCredentialPermission (final String name, String actions)
+ {
+ super(name);
+ actions = actions.trim().toLowerCase();
+ if (!"read".equals (actions))
+ {
+ throw new IllegalArgumentException("actions must be \"read\"");
+ }
+ StringTokenizer st = new StringTokenizer (name, " \"'");
+ principals = new HashSet();
+ if (st.countTokens() < 3 || (st.countTokens() & 1) == 0)
+ {
+ throw new IllegalArgumentException ("badly formed credential name");
+ }
+ credentialClass = st.nextToken();
+ while (st.hasMoreTokens())
+ {
+ principals.add (new CredOwner (st.nextToken(), st.nextToken()));
+ }
+ testing = false; // WTF ever.
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public boolean equals (Object o)
+ {
+ if (! (o instanceof PrivateCredentialPermission))
+ {
+ return false;
+ }
+ PrivateCredentialPermission that = (PrivateCredentialPermission) o;
+ if (!that.getActions().equals (getActions()))
+ {
+ return false;
+ }
+ if (!that.getCredentialClass().equals (getCredentialClass()))
+ {
+ return false;
+ }
+
+ final String[][] principals = getPrincipals();
+ final String[][] that_principals = that.getPrincipals();
+ if (that_principals == null)
+ {
+ return false;
+ }
+ if (that_principals.length != principals.length)
+ {
+ return false;
+ }
+ for (int i = 0; i < principals.length; i++)
+ {
+ if (!principals[i][0].equals (that_principals[i][0]) ||
+ !principals[i][1].equals (that_principals[i][1]))
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * Returns the actions this permission encompasses. For private credential
+ * permissions, this is always the string <code>"read"</code>.
+ *
+ * @return The list of actions.
+ */
+ public String getActions()
+ {
+ return "read";
+ }
+
+ /**
+ * Returns the credential class name that was embedded in this permission's
+ * target name.
+ *
+ * @return The credential class name.
+ */
+ public String getCredentialClass()
+ {
+ return credentialClass;
+ }
+
+ /**
+ * Returns the principal list that was embedded in this permission's target
+ * name.
+ *
+ * <p>Each element of the returned array is a pair; the first element is the
+ * principal class name, and the second is the principal name.
+ *
+ * @return The principal list.
+ */
+ public String[][] getPrincipals()
+ {
+ String[][] ret = new String[principals.size()][];
+ Iterator it = principals.iterator();
+ for (int i = 0; i < principals.size() && it.hasNext(); i++)
+ {
+ CredOwner co = (CredOwner) it.next();
+ ret[i] = new String[] { co.getPrincipalClass(), co.getPrincipalName() };
+ }
+ return ret;
+ }
+
+ public int hashCode()
+ {
+ return credentialClass.hashCode() + principals.hashCode();
+ }
+
+ /**
+ * Test if this permission implies another. This method returns true if:
+ *
+ * <ol>
+ * <li><i>p</i> is an instance of PrivateCredentialPermission</li>.
+ * <li>The credential class name of this instance matches that of <i>p</i>,
+ * and one of the principals of <i>p</i> is contained in the principals of
+ * this class. Thus,
+ * <ul>
+ * <li><code>[ * P "foo" ] implies [ C P "foo" ]</code></li>
+ * <li><code>[ C P1 "foo" ] implies [ C P1 "foo" P2 "bar" ]</code></li>
+ * <li><code>[ C P1 "*" ] implies [ C P1 "foo" ]</code></li>
+ * </ul>
+ * </ol>
+ *
+ * @param p The permission to check.
+ * @return True if this permission implies <i>p</i>.
+ */
+ public boolean implies (Permission p)
+ {
+ if (! (p instanceof PrivateCredentialPermission))
+ {
+ return false;
+ }
+ PrivateCredentialPermission that = (PrivateCredentialPermission) p;
+ if (!credentialClass.equals ("*")
+ && !credentialClass.equals (that.getCredentialClass()))
+ {
+ return false;
+ }
+ String[][] principals = getPrincipals();
+ String[][] that_principals = that.getPrincipals();
+ if (that_principals == null)
+ {
+ return false;
+ }
+ for (int i = 0; i < principals.length; i++)
+ {
+ for (int j = 0; j < that_principals.length; j++)
+ {
+ if (principals[i][0].equals (that_principals[j][0]) &&
+ (principals[i][1].equals ("*") ||
+ principals[i][1].equals (that_principals[j][1])))
+ {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * This method is not necessary for this class, thus it always returns null.
+ *
+ * @return null.
+ */
+ public PermissionCollection newPermissionCollection()
+ {
+ return null;
+ }
+
+ // Inner class.
+ // -------------------------------------------------------------------------
+
+ /**
+ * An undocumented inner class present for serialization compatibility.
+ */
+ private static class CredOwner implements Serializable
+ {
+
+ // Fields.
+ // -----------------------------------------------------------------------
+
+ private final String principalClass;
+ private final String principalName;
+
+ // Constructor.
+ // -----------------------------------------------------------------------
+
+ CredOwner (final String principalClass, final String principalName)
+ {
+ this.principalClass = principalClass;
+ this.principalName = principalName;
+ }
+
+ // Instance methods.
+ // -----------------------------------------------------------------------
+
+ public boolean equals (Object o)
+ {
+ if (!(o instanceof CredOwner))
+ {
+ return false;
+ }
+ return principalClass.equals (((CredOwner) o).getPrincipalClass()) &&
+ principalName.equals (((CredOwner) o).getPrincipalName());
+ }
+
+ public int hashCode()
+ {
+ return principalClass.hashCode() + principalName.hashCode();
+ }
+
+ public String getPrincipalClass()
+ {
+ return principalClass;
+ }
+
+ public String getPrincipalName()
+ {
+ return principalName;
+ }
+ }
+}
diff --git a/libjava/javax/security/auth/RefreshFailedException.java b/libjava/javax/security/auth/RefreshFailedException.java
new file mode 100644
index 00000000000..5be9ab75ed6
--- /dev/null
+++ b/libjava/javax/security/auth/RefreshFailedException.java
@@ -0,0 +1,63 @@
+/* RefreshFailedException.java -- signals a failed refresh.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * A signal that a call to {@link Refreshable#refresh()} failed.
+ */
+public class RefreshFailedException extends Exception
+{
+
+ /**
+ * Create a new RefreshFailedException with no detail message.
+ */
+ public RefreshFailedException()
+ {
+ }
+
+ /**
+ * Create a new RefreshFailedException with a detail message.
+ *
+ * @param message The detail message.
+ */
+ public RefreshFailedException (String message)
+ {
+ super (message);
+ }
+}
diff --git a/libjava/javax/security/auth/Refreshable.java b/libjava/javax/security/auth/Refreshable.java
new file mode 100644
index 00000000000..b3ceded417a
--- /dev/null
+++ b/libjava/javax/security/auth/Refreshable.java
@@ -0,0 +1,65 @@
+/* Refreshable.java -- an object whose state may be refreshed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+/**
+ * An object whose internal state may be <em>refreshed:</em> as in a
+ * credential object with a expiry date.
+ */
+public interface Refreshable
+{
+
+ /**
+ * Tells whether or not this object is current. Refreshable objects that
+ * are not current may need to be refreshed.
+ *
+ * @return Whether this object is current.
+ */
+ boolean isCurrent();
+
+ /**
+ * Refresh this object. The process involved in refreshing an object is
+ * per-implementation dependent.
+ *
+ * @throws RefreshFailedException If refreshing this object fails.
+ * @throws SecurityException If the caller does not have permission to
+ * refresh, or to take the steps involved in refreshing, this object.
+ */
+ void refresh() throws RefreshFailedException;
+}
diff --git a/libjava/javax/security/auth/Subject.java b/libjava/javax/security/auth/Subject.java
new file mode 100644
index 00000000000..264a41c0561
--- /dev/null
+++ b/libjava/javax/security/auth/Subject.java
@@ -0,0 +1,559 @@
+/* Subject.java -- a single entity in the system.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.DomainCombiner;
+import java.security.Principal;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import java.util.AbstractSet;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.Set;
+
+/**
+ *
+ */
+public final class Subject implements Serializable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -8308522755600156056L;
+
+ /**
+ * @serial The set of principals. The type of this field is SecureSet, a
+ * private inner class.
+ */
+ private final Set principals;
+
+ /**
+ * @serial The read-only flag.
+ */
+ private boolean readOnly;
+
+ private transient final SecureSet pubCred;
+ private transient final SecureSet privCred;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public Subject()
+ {
+ principals = new SecureSet (this, SecureSet.PRINCIPALS);
+ pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS);
+ privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS);
+ readOnly = false;
+ }
+
+ public Subject (final boolean readOnly, final Set principals,
+ final Set pubCred, final Set privCred)
+ {
+ if (principals == null || pubCred == null || privCred == null)
+ {
+ throw new NullPointerException();
+ }
+ this.principals = new SecureSet (this, SecureSet.PRINCIPALS, principals);
+ this.pubCred = new SecureSet (this, SecureSet.PUBLIC_CREDENTIALS, pubCred);
+ this.privCred = new SecureSet (this, SecureSet.PRIVATE_CREDENTIALS, privCred);
+ this.readOnly = readOnly;
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Returns the subject associated with the given {@link
+ * AccessControlContext}.</p>
+ *
+ * <p>All this method does is retrieve the Subject object from the supplied
+ * context's {@link DomainCombiner}, if any, and if it is an instance of
+ * a {@link SubjectDomainCombiner}.
+ *
+ * @param context The context to retrieve the subject from.
+ * @return The subject assoctiated with the context, or <code>null</code>
+ * if there is none.
+ * @throws NullPointerException If <i>subject</i> is null.
+ * @throws SecurityException If the caller does not have permission to get
+ * the subject (<code>"getSubject"</code> target of {@link AuthPermission}.
+ */
+ public static Subject getSubject (final AccessControlContext context)
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("getSubject"));
+ }
+ DomainCombiner dc = context.getDomainCombiner();
+ if (!(dc instanceof SubjectDomainCombiner))
+ {
+ return null;
+ }
+ return ((SubjectDomainCombiner) dc).getSubject();
+ }
+
+ /**
+ * <p>Run a method as another subject. This method will obtain the current
+ * {@link AccessControlContext} for this thread, then creates another with
+ * a {@link SubjectDomainCombiner} with the given subject. The supplied
+ * action will then be run with the modified context.</p>
+ *
+ * @param subject The subject to run as.
+ * @param action The action to run.
+ * @return The value returned by the privileged action.
+ * @throws SecurityException If the caller is not allowed to run under a
+ * different identity (<code>"doAs"</code> target of {@link AuthPermission}.
+ */
+ public static Object doAs (final Subject subject, final PrivilegedAction action)
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("doAs"));
+ }
+ AccessControlContext context =
+ new AccessControlContext (AccessController.getContext(),
+ new SubjectDomainCombiner (subject));
+ return AccessController.doPrivileged (action, context);
+ }
+
+ /**
+ * <p>Run a method as another subject. This method will obtain the current
+ * {@link AccessControlContext} for this thread, then creates another with
+ * a {@link SubjectDomainCombiner} with the given subject. The supplied
+ * action will then be run with the modified context.</p>
+ *
+ * @param subject The subject to run as.
+ * @param action The action to run.
+ * @return The value returned by the privileged action.
+ * @throws SecurityException If the caller is not allowed to run under a
+ * different identity (<code>"doAs"</code> target of {@link AuthPermission}.
+ * @throws PrivilegedActionException If the action throws an exception.
+ */
+ public static Object doAs (final Subject subject,
+ final PrivilegedExceptionAction action)
+ throws PrivilegedActionException
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("doAs"));
+ }
+ AccessControlContext context =
+ new AccessControlContext (AccessController.getContext(),
+ new SubjectDomainCombiner(subject));
+ return AccessController.doPrivileged (action, context);
+ }
+
+ /**
+ * <p>Run a method as another subject. This method will create a new
+ * {@link AccessControlContext} derived from the given one, with a
+ * {@link SubjectDomainCombiner} with the given subject. The supplied
+ * action will then be run with the modified context.</p>
+ *
+ * @param subject The subject to run as.
+ * @param action The action to run.
+ * @param acc The context to use.
+ * @return The value returned by the privileged action.
+ * @throws SecurityException If the caller is not allowed to run under a
+ * different identity (<code>"doAsPrivileged"</code> target of {@link
+ * AuthPermission}.
+ */
+ public static Object doAsPrivileged (final Subject subject,
+ final PrivilegedAction action,
+ final AccessControlContext acc)
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("doAsPrivileged"));
+ }
+ AccessControlContext context =
+ new AccessControlContext (acc, new SubjectDomainCombiner (subject));
+ return AccessController.doPrivileged (action, context);
+ }
+
+ /**
+ * <p>Run a method as another subject. This method will create a new
+ * {@link AccessControlContext} derived from the given one, with a
+ * {@link SubjectDomainCombiner} with the given subject. The supplied
+ * action will then be run with the modified context.</p>
+ *
+ * @param subject The subject to run as.
+ * @param action The action to run.
+ * @param acc The context to use.
+ * @return The value returned by the privileged action.
+ * @throws SecurityException If the caller is not allowed to run under a
+ * different identity (<code>"doAsPrivileged"</code> target of
+ * {@link AuthPermission}.
+ * @throws PrivilegedActionException If the action throws an exception.
+ */
+ public static Object doAsPrivileged (final Subject subject,
+ final PrivilegedExceptionAction action,
+ final AccessControlContext acc)
+ throws PrivilegedActionException
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("doAsPrivileged"));
+ }
+ AccessControlContext context =
+ new AccessControlContext (acc, new SubjectDomainCombiner (subject));
+ return AccessController.doPrivileged (action, context);
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public boolean equals (Object o)
+ {
+ if (!(o instanceof Subject))
+ {
+ return false;
+ }
+ Subject that = (Subject) o;
+ return principals.containsAll (that.getPrincipals()) &&
+ pubCred.containsAll (that.getPublicCredentials()) &&
+ privCred.containsAll (that.getPrivateCredentials());
+ }
+
+ public Set getPrincipals()
+ {
+ return principals;
+ }
+
+ public Set getPrincipals(Class clazz)
+ {
+ HashSet result = new HashSet (principals.size());
+ for (Iterator it = principals.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o != null && clazz.isAssignableFrom (o.getClass()))
+ {
+ result.add(o);
+ }
+ }
+ return Collections.unmodifiableSet (result);
+ }
+
+ public Set getPrivateCredentials()
+ {
+ return privCred;
+ }
+
+ public Set getPrivateCredentials (Class clazz)
+ {
+ HashSet result = new HashSet (privCred.size());
+ for (Iterator it = privCred.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o != null && clazz.isAssignableFrom (o.getClass()))
+ {
+ result.add(o);
+ }
+ }
+ return Collections.unmodifiableSet (result);
+ }
+
+ public Set getPublicCredentials()
+ {
+ return pubCred;
+ }
+
+ public Set getPublicCredentials (Class clazz)
+ {
+ HashSet result = new HashSet (pubCred.size());
+ for (Iterator it = pubCred.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (o != null && clazz.isAssignableFrom (o.getClass()))
+ {
+ result.add(o);
+ }
+ }
+ return Collections.unmodifiableSet (result);
+ }
+
+ public int hashCode()
+ {
+ return principals.hashCode() + privCred.hashCode() + pubCred.hashCode();
+ }
+
+ /**
+ * <p>Returns whether or not this subject is read-only.</p>
+ *
+ * @return True is this subject is read-only.
+ */
+ public boolean isReadOnly()
+ {
+ return readOnly;
+ }
+
+ /**
+ * <p>Marks this subject as read-only.</p>
+ *
+ * @throws SecurityException If the caller does not have permission to
+ * set this subject as read-only (<code>"setReadOnly"</code> target of
+ * {@link AuthPermission}.
+ */
+ public void setReadOnly()
+ {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("setReadOnly"));
+ }
+ readOnly = true;
+ }
+
+ public String toString()
+ {
+ return Subject.class.getName() + " [ principals=" + principals +
+ ", private credentials=" + privCred + ", public credentials=" +
+ pubCred + ", read-only=" + readOnly + " ]";
+ }
+
+ // Inner class.
+ // -------------------------------------------------------------------------
+
+ /**
+ * An undocumented inner class that is used for sets in the parent class.
+ */
+ private static class SecureSet extends AbstractSet implements Serializable
+ {
+
+ // Fields.
+ // -----------------------------------------------------------------------
+
+ private static final long serialVersionUID = 7911754171111800359L;
+
+ static final int PRINCIPALS = 0;
+ static final int PUBLIC_CREDENTIALS = 1;
+ static final int PRIVATE_CREDENTIALS = 2;
+
+ private final Subject subject;
+ private final LinkedList elements;
+ private transient final int type;
+
+ // Constructors.
+ // -----------------------------------------------------------------------
+
+ SecureSet (final Subject subject, final int type, final Collection elements)
+ {
+ this (subject, type);
+ for (Iterator it = elements.iterator(); it.hasNext(); )
+ {
+ Object o = it.next();
+ if (type == PRINCIPALS && !(o instanceof Principal))
+ {
+ throw new IllegalArgumentException(o+" is not a Principal");
+ }
+ if (!elements.contains (o))
+ {
+ elements.add (o);
+ }
+ }
+ }
+
+ SecureSet (final Subject subject, final int type)
+ {
+ this.subject = subject;
+ this.type = type;
+ this.elements = new LinkedList();
+ }
+
+ // Instance methods.
+ // -----------------------------------------------------------------------
+
+ public synchronized int size()
+ {
+ return elements.size();
+ }
+
+ public Iterator iterator()
+ {
+ return elements.iterator();
+ }
+
+ public synchronized boolean add(Object element)
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ final SecurityManager sm = System.getSecurityManager();
+ switch (type)
+ {
+ case PRINCIPALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPrincipals"));
+ }
+ if (!(element instanceof Principal))
+ {
+ throw new IllegalArgumentException ("element is not a Principal");
+ }
+ break;
+
+ case PUBLIC_CREDENTIALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPublicCredentials"));
+ }
+ break;
+
+ case PRIVATE_CREDENTIALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPrivateCredentials"));
+ }
+ break;
+
+ default:
+ throw new Error ("this statement should be unreachable");
+ }
+
+ if (elements.contains (element))
+ {
+ return false;
+ }
+
+ return elements.add (element);
+ }
+
+ public synchronized boolean remove (final Object element)
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ final SecurityManager sm = System.getSecurityManager();
+ switch (type)
+ {
+ case PRINCIPALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPrincipals"));
+ }
+ if (!(element instanceof Principal))
+ {
+ throw new IllegalArgumentException ("element is not a Principal");
+ }
+ break;
+
+ case PUBLIC_CREDENTIALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPublicCredentials"));
+ }
+ break;
+
+ case PRIVATE_CREDENTIALS:
+ if (sm != null)
+ {
+ sm.checkPermission (new AuthPermission ("modifyPrivateCredentials"));
+ }
+ break;
+
+ default:
+ throw new Error("this statement should be unreachable");
+ }
+
+ return elements.remove(element);
+ }
+
+ public synchronized boolean contains (final Object element)
+ {
+ return elements.remove (element);
+ }
+
+ public boolean removeAll (final Collection c)
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ return super.removeAll (c);
+ }
+
+ public boolean retainAll (final Collection c)
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ return super.retainAll (c);
+ }
+
+ public void clear()
+ {
+ if (subject.isReadOnly())
+ {
+ throw new IllegalStateException ("subject is read-only");
+ }
+ elements.clear();
+ }
+
+ private synchronized void writeObject (ObjectOutputStream out)
+ throws IOException
+ {
+ throw new UnsupportedOperationException ("FIXME: determine serialization");
+ }
+
+ private void readObject (ObjectInputStream in)
+ throws ClassNotFoundException, IOException
+ {
+ throw new UnsupportedOperationException ("FIXME: determine serialization");
+ }
+ }
+}
diff --git a/libjava/javax/security/auth/SubjectDomainCombiner.java b/libjava/javax/security/auth/SubjectDomainCombiner.java
new file mode 100644
index 00000000000..194e1130a2a
--- /dev/null
+++ b/libjava/javax/security/auth/SubjectDomainCombiner.java
@@ -0,0 +1,96 @@
+/* SubjectDomainCombiner.java -- domain combiner for Subjects.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth;
+
+import java.security.DomainCombiner;
+import java.security.Principal;
+import java.security.ProtectionDomain;
+
+import java.util.LinkedList;
+
+public class SubjectDomainCombiner implements DomainCombiner
+{
+
+ // Field.
+ // -------------------------------------------------------------------------
+
+ private final Subject subject;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public SubjectDomainCombiner (final Subject subject)
+ {
+ this.subject = subject;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public ProtectionDomain[] combine (final ProtectionDomain[] current,
+ final ProtectionDomain[] assigned)
+ {
+ LinkedList domains = new LinkedList();
+ Principal[] principals =
+ (Principal[]) subject.getPrincipals().toArray (new Principal[0]);
+ if (current != null)
+ {
+ for (int i = 0; i < current.length; i++)
+ {
+ domains.add (new ProtectionDomain (current[i].getCodeSource(),
+ current[i].getPermissions(),
+ current[i].getClassLoader(),
+ principals));
+ }
+ }
+ if (assigned != null)
+ {
+ for (int i = 0; i < assigned.length; i++)
+ {
+ domains.add (assigned[i]);
+ }
+ }
+ return (ProtectionDomain[]) domains.toArray (new ProtectionDomain[domains.size()]);
+ }
+
+ public Subject getSubject()
+ {
+ return subject;
+ }
+}
diff --git a/libjava/javax/security/auth/callback/Callback.java b/libjava/javax/security/auth/callback/Callback.java
new file mode 100644
index 00000000000..655ad3348ba
--- /dev/null
+++ b/libjava/javax/security/auth/callback/Callback.java
@@ -0,0 +1,65 @@
+/* Callback.java -- marker interface for callback classes
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+/**
+ * <p>Implementations of this interface are passed to a {@link CallbackHandler},
+ * allowing underlying security services the ability to interact with a calling
+ * application to retrieve specific authentication data such as usernames and
+ * passwords, or to display certain information, such as error and warning
+ * messages.</p>
+ *
+ * <p><code>Callback</code> implementations do not retrieve or display the
+ * information requested by underlying security services. <code>Callback</code>
+ * implementations simply provide the means to pass such requests to
+ * applications, and for applications, if appropriate, to return requested
+ * information back to the underlying security services.</p>
+ *
+ * @see CallbackHandler
+ * @see ChoiceCallback
+ * @see ConfirmationCallback
+ * @see LanguageCallback
+ * @see NameCallback
+ * @see PasswordCallback
+ * @see TextInputCallback
+ * @see TextOutputCallback
+ * @version $Revision: 1.1 $
+ */
+public interface Callback {
+}
diff --git a/libjava/javax/security/auth/callback/CallbackHandler.java b/libjava/javax/security/auth/callback/CallbackHandler.java
new file mode 100644
index 00000000000..289999c5ee1
--- /dev/null
+++ b/libjava/javax/security/auth/callback/CallbackHandler.java
@@ -0,0 +1,156 @@
+/* CallbackHandler.java -- base interface for callback handlers.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.IOException;
+
+/**
+ * <p>An application implements a <code>CallbackHandler</code> and passes it to
+ * underlying security services so that they may interact with the application
+ * to retrieve specific authentication data, such as usernames and passwords, or
+ * to display certain information, such as error and warning messages.</p>
+ *
+ * <p><code>CallbackHandler</code>s are implemented in an application-dependent
+ * fashion. For example, implementations for an application with a graphical
+ * user interface (GUI) may pop up windows to prompt for requested information
+ * or to display error messages. An implementation may also choose to obtain
+ * requested information from an alternate source without asking the end user.</p>
+ *
+ * <p>Underlying security services make requests for different types of
+ * information by passing individual Callbacks to the <code>CallbackHandler</code>.
+ * The <code>CallbackHandler</code> implementation decides how to retrieve and
+ * display information depending on the {@link Callback}s passed to it. For
+ * example, if the underlying service needs a username and password to
+ * authenticate a user, it uses a {@link NameCallback} and
+ * {@link PasswordCallback}. The <code>CallbackHandler</code> can then choose
+ * to prompt for a username and password serially, or to prompt for both in a
+ * single window.</p>
+ *
+ * <p>A default <code>CallbackHandler</code> class implementation may be
+ * specified in the <code>auth.login.defaultCallbackHandler</code> security
+ * property. The security property can be set in the Java security properties
+ * file located in the file named
+ * <code>&lt;JAVA_HOME>/lib/security/java.security</code>, where
+ * <code>&lt;JAVA_HOME></code> refers to the directory where the SDK was
+ * installed.</p>
+ *
+ * <p>If the security property is set to the fully qualified name of a
+ * <code>CallbackHandler</code> implementation class, then a
+ * <code>LoginContext</code>will load the specified <code>CallbackHandler</code>
+ * and pass it to the underlying <code>LoginModules</code>. The
+ * <code>LoginContext</code> only loads the default handler if one was not
+ * provided.</p>
+ *
+ * <p>All default handler implementations must provide a public zero-argument
+ * constructor.</p>
+ *
+ * @version $Revision: 1.1 $
+ */
+public interface CallbackHandler
+{
+
+ /**
+ * <p>Retrieve or display the information requested in the provided
+ * {@link Callback}s.</p>
+ *
+ * <p>The <code>handle()</code> method implementation checks the instance(s)
+ * of the {@link Callback} object(s) passed in to retrieve or display the
+ * requested information. The following example is provided to help
+ * demonstrate what an <code>handle()</code> method implementation might look
+ * like. This example code is for guidance only. Many details, including
+ * proper error handling, are left out for simplicity.</p>
+ *
+ * <pre>
+ *public void handle(Callback[] callbacks)
+ *throws IOException, UnsupportedCallbackException {
+ * for (int i = 0; i < callbacks.length; i++) {
+ * if (callbacks[i] instanceof TextOutputCallback) {
+ * // display the message according to the specified type
+ * TextOutputCallback toc = (TextOutputCallback)callbacks[i];
+ * switch (toc.getMessageType()) {
+ * case TextOutputCallback.INFORMATION:
+ * System.out.println(toc.getMessage());
+ * break;
+ * case TextOutputCallback.ERROR:
+ * System.out.println("ERROR: " + toc.getMessage());
+ * break;
+ * case TextOutputCallback.WARNING:
+ * System.out.println("WARNING: " + toc.getMessage());
+ * break;
+ * default:
+ * throw new IOException("Unsupported message type: "
+ * + toc.getMessageType());
+ * }
+ * } else if (callbacks[i] instanceof NameCallback) {
+ * // prompt the user for a username
+ * NameCallback nc = (NameCallback)callbacks[i];
+ * // ignore the provided defaultName
+ * System.err.print(nc.getPrompt());
+ * System.err.flush();
+ * nc.setName((new BufferedReader(
+ * new InputStreamReader(System.in))).readLine());
+ * } else if (callbacks[i] instanceof PasswordCallback) {
+ * // prompt the user for sensitive information
+ * PasswordCallback pc = (PasswordCallback)callbacks[i];
+ * System.err.print(pc.getPrompt());
+ * System.err.flush();
+ * pc.setPassword(readPassword(System.in));
+ * } else {
+ * throw new UnsupportedCallbackException(
+ * callbacks[i], "Unrecognized Callback");
+ * }
+ * }
+ *}
+ *
+ * // Reads user password from given input stream.
+ *private char[] readPassword(InputStream in) throws IOException {
+ * // insert code to read a user password from the input stream
+ *}
+ * </pre>
+ *
+ * @param callbacks an array of {@link Callback} objects provided by an
+ * underlying security service which contains the information requested to
+ * be retrieved or displayed.
+ * @throws IOException if an input or output error occurs.
+ * @throws UnsupportedCallbackException if the implementation of this method
+ * does not support one or more of the Callbacks specified in the
+ * <code>callbacks</code> parameter.
+ */
+ void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException;
+}
diff --git a/libjava/javax/security/auth/callback/ChoiceCallback.java b/libjava/javax/security/auth/callback/ChoiceCallback.java
new file mode 100644
index 00000000000..44b5ffcba5e
--- /dev/null
+++ b/libjava/javax/security/auth/callback/ChoiceCallback.java
@@ -0,0 +1,237 @@
+/* ChoiceCallback.java -- callback for a choice of values.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a
+ * <code>ChoiceCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to display a list of choices and to retrieve the
+ * selected choice(s).
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class ChoiceCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial the list of choices.
+ * @since 1.4
+ */
+ private String[] choices;
+
+ /**
+ * @serial the choice to be used as the default choice.
+ * @since 1.4
+ */
+ private int defaultChoice;
+
+ /**
+ * @serial whether multiple selections are allowed from the list of choices.
+ * @since 1.4
+ */
+ private boolean multipleSelectionsAllowed;
+
+ /**
+ * @serial the selected choices, represented as indexes into the choices list.
+ * @since 1.4
+ */
+ private int[] selections;
+
+ // Constructor(s)
+ //--------------------------------------------------------------------------
+
+ /**
+ * Construct a <code>ChoiceCallback</code> with a prompt, a list of choices,
+ * a default choice, and a boolean specifying whether or not multiple
+ * selections from the list of choices are allowed.
+ *
+ * @param prompt the prompt used to describe the list of choices.
+ * @param choices the list of choices.
+ * @param defaultChoice the choice to be used as the default choice when the
+ * list of choices are displayed. This value is represented as an index into
+ * the <code>choices</code> array.
+ * @param multipleSelectionsAllowed boolean specifying whether or not
+ * multiple selections can be made from the list of choices.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+ * if <code>prompt</code> has a length of <code>0</code>, if <code>choices</code>
+ * is <code>null</code>, if <code>choices</code> has a length of <code>0</code>,
+ * if any element from <code>choices</code> is <code>null</code>, if any
+ * element from <code>choices</code> has a length of <code>0</code> or if
+ * <code>defaultChoice</code> does not fall within the array boundaries of
+ * <code>choices</code>.
+ */
+ public ChoiceCallback(String prompt, String[] choices, int defaultChoice,
+ boolean multipleSelectionsAllowed)
+ {
+ super();
+
+ setPrompt(prompt);
+ setChoices(choices);
+ if (defaultChoice < 0 || defaultChoice >= this.choices.length)
+ {
+ throw new IllegalArgumentException("default choice is out of bounds");
+ }
+ this.defaultChoice = defaultChoice;
+ this.multipleSelectionsAllowed = multipleSelectionsAllowed;
+ }
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Get the list of choices.
+ *
+ * @return the list of choices.
+ */
+ public String[] getChoices()
+ {
+ return choices;
+ }
+
+ /**
+ * Get the defaultChoice.
+ *
+ * @return the defaultChoice, represented as an index into the choices list.
+ */
+ public int getDefaultChoice()
+ {
+ return defaultChoice;
+ }
+
+ /**
+ * Get the boolean determining whether multiple selections from the choices
+ * list are allowed.
+ *
+ * @return whether multiple selections are allowed.
+ */
+ public boolean allowMultipleSelections()
+ {
+ return multipleSelectionsAllowed;
+ }
+
+ /**
+ * Set the selected choice.
+ *
+ * @param selection the selection represented as an index into the choices
+ * list.
+ * @see #getSelectedIndexes()
+ */
+ public void setSelectedIndex(int selection)
+ {
+ this.selections = new int[1];
+ this.selections[0] = selection;
+ }
+
+ /**
+ * Set the selected choices.
+ *
+ * @param selections the selections represented as indexes into the choices
+ * list.
+ * @throws UnsupportedOperationException if multiple selections are not
+ * allowed, as determined by <code>allowMultipleSelections</code>.
+ * @see #getSelectedIndexes()
+ */
+ public void setSelectedIndexes(int[] selections)
+ {
+ if (!multipleSelectionsAllowed)
+ {
+ throw new UnsupportedOperationException("not allowed");
+ }
+
+ this.selections = selections;
+ }
+
+ /**
+ * Get the selected choices.
+ *
+ * @return the selected choices, represented as indexes into the choices list.
+ * @see #setSelectedIndexes(int[])
+ */
+ public int[] getSelectedIndexes()
+ {
+ return selections;
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid prompt");
+ }
+ this.prompt = prompt;
+ }
+
+ private void setChoices(String[] choices) throws IllegalArgumentException
+ {
+ if (choices == null || choices.length == 0)
+ {
+ throw new IllegalArgumentException("invalid choices");
+ }
+ for (int i = 0; i < choices.length; i++)
+ {
+ if (choices[i] == null || choices[i].length() == 0)
+ {
+ throw new IllegalArgumentException("invalid choice at index #"+i);
+ }
+ }
+ this.choices = choices;
+ }
+}
diff --git a/libjava/javax/security/auth/callback/ConfirmationCallback.java b/libjava/javax/security/auth/callback/ConfirmationCallback.java
new file mode 100644
index 00000000000..8abd393f52c
--- /dev/null
+++ b/libjava/javax/security/auth/callback/ConfirmationCallback.java
@@ -0,0 +1,506 @@
+/* ConfirmationCallback.java -- callback for confirmations.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a
+ * <code>ConfirmationCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to ask for YES/NO, OK/CANCEL, YES/NO/CANCEL or other
+ * similar confirmations.
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class ConfirmationCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Unspecified option type.</p>
+ *
+ * <p>The <code>getOptionType</code> method returns this value if this
+ * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+ * instead of an <code>optionType</code>.</p>
+ */
+ public static final int UNSPECIFIED_OPTION = -1;
+
+ /**
+ * <p>YES/NO confirmation option.</p>
+ *
+ * <p>An underlying security service specifies this as the <code>optionType</code>
+ * to a <code>ConfirmationCallback</code> constructor if it requires a
+ * confirmation which can be answered with either <code>YES</code> or
+ * <code>NO</code>.</p>
+ */
+ public static final int YES_NO_OPTION = 0;
+
+ /**
+ * <p>YES/NO/CANCEL confirmation confirmation option.</p>
+ *
+ * <p>An underlying security service specifies this as the <code>optionType</code>
+ * to a <code>ConfirmationCallback</code> constructor if it requires a
+ * confirmation which can be answered with either <code>YES</code>,
+ * <code>NO</code> or <code>CANCEL</code>.
+ */
+ public static final int YES_NO_CANCEL_OPTION = 1;
+
+ /**
+ * <p>OK/CANCEL confirmation confirmation option.</p>
+ *
+ * <p>An underlying security service specifies this as the <code>optionType</code>
+ * to a <code>ConfirmationCallback</code> constructor if it requires a
+ * confirmation which can be answered with either <code>OK</code> or
+ * <code>CANCEL</code>.</p>
+ */
+ public static final int OK_CANCEL_OPTION = 2;
+
+ /**
+ * <p>YES option.</p>
+ *
+ * <p>If an <code>optionType</code> was specified to this
+ * <code>ConfirmationCallback</code>, this option may be specified as a
+ * <code>defaultOption</code> or returned as the selected index.</p>
+ */
+ public static final int YES = 0;
+
+ /**
+ * <p>NO option.</p>
+ *
+ * <p>If an <code>optionType</code> was specified to this
+ * <code>ConfirmationCallback</code>, this option may be specified as a
+ * <code>defaultOption</code> or returned as the selected index.</p>
+ */
+ public static final int NO = 1;
+
+ /**
+ * <p>CANCEL option.</p>
+ *
+ * <p>If an <code>optionType</code> was specified to this
+ * <code>ConfirmationCallback</code>, this option may be specified as a
+ * <code>defaultOption</code> or returned as the selected index.</p>
+ */
+ public static final int CANCEL = 2;
+
+ /**
+ * <p>OK option.</p>
+ *
+ * <p>If an <code>optionType</code> was specified to this
+ * <code>ConfirmationCallback</code>, this option may be specified as a
+ * <code>defaultOption</code> or returned as the selected index.</p>
+ */
+ public static final int OK = 3;
+
+ /** INFORMATION message type. */
+ public static final int INFORMATION = 0;
+
+ /** WARNING message type. */
+ public static final int WARNING = 1;
+
+ /** ERROR message type. */
+ public static final int ERROR = 2;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int messageType;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int optionType;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int defaultOption;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String[] options = null;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int selection;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Construct a <code>ConfirmationCallback</code> with a message type, an
+ * option type and a default option.</p>
+ *
+ * <p>Underlying security services use this constructor if they require
+ * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.</p>
+ *
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+ * OK_CANCEL_OPTION).
+ * @param defaultOption the default option from the provided optionType (YES,
+ * NO, CANCEL or OK).
+ * @throws IllegalArgumentException if <code>messageType</code> is not either
+ * <code>INFORMATION</code>, <code>WARNING</code>, or <code>ERROR</code>, if
+ * <code>optionType</code> is not either <code>YES_NO_OPTION</code>,
+ * <code>YES_NO_CANCEL_OPTION</code>, or <code>OK_CANCEL_OPTION</code>, or if
+ * <code>defaultOption</code> does not correspond to one of the options in
+ * <code>optionType</code>.
+ */
+ public ConfirmationCallback(int messageType, int optionType, int defaultOption)
+ throws IllegalArgumentException
+ {
+ super();
+
+ setMessageType(messageType);
+ setOptionType(optionType, defaultOption);
+ this.defaultOption = defaultOption;
+ }
+
+ /**
+ * <p>Construct a <code>ConfirmationCallback</code> with a message type, a
+ * list of options and a default option.</p>
+ *
+ * <p>Underlying security services use this constructor if they require a
+ * confirmation different from the available preset confirmations provided
+ * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are
+ * listed in the <code>options</code> array, and are displayed by the
+ * {@link CallbackHandler} implementation in a manner consistent with the
+ * way preset options are displayed.</p>
+ *
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param options the list of confirmation options.
+ * @param defaultOption the default option, represented as an index into the
+ * <code>options</code> array.
+ * @throws IllegalArgumentException if <code>messageType</code> is not either
+ * <code>INFORMATION</code>, <code>WARNING</code>, or <code>ERROR</code>, if
+ * <code>options</code> is <code>null</code>, if <code>options</code> has a
+ * length of <code>0</code>, if any element from <code>options</code> is
+ * <code>null</code>, if any element from <code>options</code> has a length
+ * of <code>0</code>, or if <code>defaultOption</code> does not lie within
+ * the array boundaries of <code>options</code>.
+ */
+ public ConfirmationCallback(int messageType, String[] options, int defaultOption)
+ {
+ super();
+
+ setMessageType(messageType);
+ setOptions(options, defaultOption);
+ this.defaultOption = defaultOption;
+ }
+
+ /**
+ * <p>Construct a <code>ConfirmationCallback</code> with a prompt, message
+ * type, an option type and a default option.</p>
+ *
+ * <p>Underlying security services use this constructor if they require
+ * either a YES/NO, YES/NO/CANCEL or OK/CANCEL confirmation.</p>
+ *
+ * @param prompt the prompt used to describe the list of options.
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param optionType the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+ * OK_CANCEL_OPTION).
+ * @param defaultOption the default option from the provided optionType (YES,
+ * NO, CANCEL or OK).
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+ * if <code>prompt</code> has a length of <code>0</code>, if
+ * <code>messageType</code> is not either <ode>INFORMATION</code>,
+ * <code>WARNING</code>, or <code>ERROR</code>, if <code>optionType</code> is
+ * not either <code>YES_NO_OPTION</code>, <code>YES_NO_CANCEL_OPTION</code>,
+ * or <code>OK_CANCEL_OPTION</code>, or if <code>defaultOption</code> does
+ * not correspond to one of the options in <code>optionType</code>.
+ */
+ public ConfirmationCallback(String prompt, int messageType, int optionType,
+ int defaultOption)
+ {
+ super();
+
+ setPrompt(prompt);
+ setMessageType(messageType);
+ setOptionType(optionType, defaultOption);
+ this.defaultOption = defaultOption;
+ }
+
+ /**
+ * <p>Construct a <code>ConfirmationCallback</code> with a prompt, message
+ * type, a list of options and a default option.</p>
+ *
+ * <p>Underlying security services use this constructor if they require a
+ * confirmation different from the available preset confirmations provided
+ * (for example, CONTINUE/ABORT or STOP/GO). The confirmation options are
+ * listed in the <code>options</code> array, and are displayed by the
+ * {@link CallbackHandler} implementation in a manner consistent with the
+ * way preset options are displayed.</p>
+ *
+ * @param prompt the prompt used to describe the list of options.
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param options the list of confirmation options.
+ * @param defaultOption the default option, represented as an index into the
+ * <code>options</code> array.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+ * if <code>prompt</code> has a length of <code>0</code>, if
+ * <code>messageType</code> is not either <ode>INFORMATION</code>,
+ * <code>WARNING</code>, or <code>ERROR</code>, if <code>options</code> is
+ * <code>null</code>, if <code>options</code> has a length of <code>0</code>,
+ * if any element from <code>options</code> is <code>null</code>, if any
+ * element from <code>options</code> has a length of <code>0</code>, or if
+ * <code>defaultOption</code> does not lie within the array boundaries of
+ * <code>options</code>.
+ */
+ public ConfirmationCallback(String prompt, int messageType, String[] options,
+ int defaultOption)
+ {
+ super();
+
+ setPrompt(prompt);
+ setMessageType(messageType);
+ setOptions(options, defaultOption);
+ this.defaultOption = defaultOption;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt, or <code>null</code> if this
+ * <code>ConfirmationCallback</code> was instantiated without a prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Get the message type.
+ *
+ * @return the message type (INFORMATION, WARNING or ERROR).
+ */
+ public int getMessageType()
+ {
+ return messageType;
+ }
+
+ /**
+ * <p>Get the option type.</p>
+ *
+ * <p>If this method returns {@link #UNSPECIFIED_OPTION}, then this
+ * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+ * instead of an <code>optionType</code>. In this case, invoke the
+ * {@link #getOptions()} method to determine which confirmation options to
+ * display.</p>
+ *
+ * @return the option type (YES_NO_OPTION, YES_NO_CANCEL_OPTION or
+ * OK_CANCEL_OPTION), or UNSPECIFIED_OPTION if this
+ * <code>ConfirmationCallback</code> was instantiated with <code>options</code>
+ * instead of an <code>optionType</code>.
+ */
+ public int getOptionType()
+ {
+ if (options != null)
+ {
+ return UNSPECIFIED_OPTION;
+ }
+ return optionType;
+ }
+
+ /**
+ * Get the confirmation options.
+ *
+ * @return the list of confirmation options, or <code>null</code> if this
+ * <code>ConfirmationCallback</code> was instantiated with an
+ * <code>optionType</code> instead of <code>options</code>.
+ */
+ public String[] getOptions()
+ {
+ return options;
+ }
+
+ /**
+ * Get the default option.
+ *
+ * @return the default option, represented as <code>YES</code>, <code>NO</code>,
+ * <code>OK</code> or <code>CANCEL</code> if an <code>optionType</code> was
+ * specified to the constructor of this <code>ConfirmationCallback</code>.
+ * Otherwise, this method returns the default option as an index into the
+ * <code>options</code> array specified to the constructor of this
+ * <code>ConfirmationCallback</code>.
+ */
+ public int getDefaultOption()
+ {
+ return defaultOption;
+ }
+
+ /**
+ * Set the selected confirmation option.
+ *
+ * @param selection the selection represented as <code>YES</code>,
+ * <code>NO</code>, <code>OK</code> or <code>CANCEL</code> if an
+ * <code>optionType</code> was specified to the constructor of this
+ * <code>ConfirmationCallback</code>. Otherwise, the <code>selection</code>
+ * represents the index into the <code>options</code> array specified to the
+ * constructor of this <code>ConfirmationCallback</code>.
+ * @see #getSelectedIndex()
+ */
+ public void setSelectedIndex(int selection)
+ {
+ if (options != null)
+ {
+ setOptions(options, selection);
+ }
+ else
+ {
+ setOptionType(optionType, selection);
+ }
+ }
+
+ /**
+ * Get the selected confirmation option.
+ *
+ * @return the selected confirmation option represented as <code>YES</code>,
+ * <code>NO</code>, <code>OK</code> or <code>CANCEL</code> if an
+ * <code>optionType</code> was specified to the constructor of this
+ * <code>ConfirmationCallback</code>. Otherwise, this method returns the
+ * selected confirmation option as an index into the <code>options</code>
+ * array specified to the constructor of this <code>ConfirmationCallback</code>.
+ * @see #setSelectedIndex(int)
+ */
+ public int getSelectedIndex()
+ {
+ return this.selection;
+ }
+
+ private void setMessageType(int messageType) throws IllegalArgumentException
+ {
+ switch (messageType)
+ {
+ case INFORMATION:
+ case WARNING:
+ case ERROR: this.messageType = messageType; break;
+ default: throw new IllegalArgumentException("illegal message type");
+ }
+ }
+
+ private void setOptionType(int optionType, int selectedOption)
+ throws IllegalArgumentException
+ {
+ switch (optionType)
+ {
+ case YES_NO_OPTION:
+ this.optionType = optionType;
+ switch (selectedOption)
+ {
+ case YES:
+ case NO: this.selection = selectedOption; break;
+ default: throw new IllegalArgumentException("invalid option");
+ }
+ break;
+ case YES_NO_CANCEL_OPTION:
+ this.optionType = optionType;
+ switch (selectedOption)
+ {
+ case YES:
+ case NO:
+ case CANCEL: this.selection = selectedOption; break;
+ default: throw new IllegalArgumentException("invalid option");
+ }
+ break;
+ case OK_CANCEL_OPTION:
+ this.optionType = optionType;
+ switch (selectedOption)
+ {
+ case OK:
+ case CANCEL: this.selection = selectedOption; break;
+ default: throw new IllegalArgumentException("invalid option");
+ }
+ break;
+ default:
+ throw new IllegalArgumentException("illegal option type");
+ }
+ }
+
+ private void setOptions(String[] options, int selectedOption)
+ throws IllegalArgumentException
+ {
+ if ((selectedOption < 0) || (selectedOption > options.length - 1))
+ {
+ throw new IllegalArgumentException("invalid selection");
+ }
+ if ((options == null) || (options.length == 0))
+ {
+ throw new IllegalArgumentException("options is null or empty");
+ }
+ for (int i = 0; i < options.length; i++)
+ {
+ if ((options[i] == null) || (options[i].length() == 0))
+ {
+ throw new IllegalArgumentException("options[" + i + "] is null or empty");
+ }
+ }
+ this.options = options;
+ this.selection = selectedOption;
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("prompt is null or empty");
+ }
+ this.prompt = prompt;
+ }
+}
diff --git a/libjava/javax/security/auth/callback/LanguageCallback.java b/libjava/javax/security/auth/callback/LanguageCallback.java
new file mode 100644
index 00000000000..71910632b48
--- /dev/null
+++ b/libjava/javax/security/auth/callback/LanguageCallback.java
@@ -0,0 +1,101 @@
+/* LanguageCallback.java -- callback for language choices.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+import java.util.Locale;
+
+/**
+ * Underlying security services instantiate and pass a <code>LanguageCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * the {@link Locale} used for localizing text.
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class LanguageCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private Locale locale;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /** Construct a <code>LanguageCallback</code>. */
+ public LanguageCallback()
+ {
+ super();
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Set the retrieved Locale.
+ *
+ * @param locale the retrieved Locale.
+ * @see #getLocale()
+ */
+ public void setLocale(Locale locale)
+ {
+ this.locale = locale;
+ }
+
+ /**
+ * Get the retrieved Locale.
+ *
+ * @return the retrieved Locale, or <code>null</code> if no Locale could be
+ * retrieved.
+ * @see #setLocale(Locale)
+ */
+ public Locale getLocale()
+ {
+ return locale;
+ }
+}
diff --git a/libjava/javax/security/auth/callback/NameCallback.java b/libjava/javax/security/auth/callback/NameCallback.java
new file mode 100644
index 00000000000..c98edfdbea9
--- /dev/null
+++ b/libjava/javax/security/auth/callback/NameCallback.java
@@ -0,0 +1,179 @@
+/* NameCallback.java -- callback for user names.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>NameCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * name information.
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class NameCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String defaultName;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String inputName;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Construct a <code>NameCallback</code> with a prompt.
+ *
+ * @param prompt the prompt used to request the name.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or if <code>prompt</code> has a length of <code>0</code>.
+ */
+ public NameCallback(String prompt)
+ {
+ super();
+
+ setPrompt(prompt);
+ }
+
+ /**
+ * Construct a <code>NameCallback</code> with a prompt and default name.
+ *
+ * @param prompt the prompt used to request the information.
+ * @param defaultName the name to be used as the default name displayed with
+ * the prompt.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or if <code>prompt</code> has a length of <code>0</code>, if
+ * <code>defaultName</code> is <code>null</code>, or if <code>defaultName</code>
+ * has a length of <code>0</code>.
+ */
+ public NameCallback(String prompt, String defaultName)
+ throws IllegalArgumentException
+ {
+ super();
+
+ setPrompt(prompt);
+ setDefaultName(defaultName);
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Get the default name.
+ *
+ * @return the default name, or <code>null</code> if this
+ * <code>NameCallback</code> was not instantiated with a
+ * <code>defaultName</code>.
+ */
+ public String getDefaultName()
+ {
+ return defaultName;
+ }
+
+ /**
+ * Set the retrieved name.
+ *
+ * @param name the retrieved name (which may be <code>null</code>).
+ * @see #getName()
+ */
+ public void setName(String name)
+ {
+ this.inputName = name;
+ }
+
+ /**
+ * Get the retrieved name.
+ *
+ * @return the retrieved name (which may be <code>null</code>)
+ * @see #setName(String)
+ */
+ public String getName()
+ {
+ return inputName;
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid prompt");
+ }
+ this.prompt = prompt;
+ }
+
+ private void setDefaultName(String defaultName) throws IllegalArgumentException
+ {
+ if ((defaultName == null) || (defaultName.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid default name");
+ }
+ this.defaultName = defaultName;
+ }
+}
diff --git a/libjava/javax/security/auth/callback/PasswordCallback.java b/libjava/javax/security/auth/callback/PasswordCallback.java
new file mode 100644
index 00000000000..5620bc5cd79
--- /dev/null
+++ b/libjava/javax/security/auth/callback/PasswordCallback.java
@@ -0,0 +1,169 @@
+/* PasswordCallback.java -- callback for passwords.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>PasswordCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * password information.
+ *
+ * @see CallbackHandler,
+ * @version $Revision: 1.1 $
+ */
+public class PasswordCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private boolean echoOn;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private char[] inputPassword;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Construct a <code>PasswordCallback</code> with a prompt and a boolean
+ * specifying whether the password should be displayed as it is being typed.
+ *
+ * @param prompt the prompt used to request the password.
+ * @param echoOn <code>true</code> if the password should be displayed as it
+ * is being typed.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or if <code>prompt</code> has a length of <code>0</code>.
+ */
+ public PasswordCallback(String prompt, boolean echoOn)
+ {
+ super();
+
+ setPrompt(prompt);
+ this.echoOn = echoOn;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Return whether the password should be displayed as it is being typed.
+ *
+ * @return the whether the password should be displayed as it is being typed.
+ */
+ public boolean isEchoOn()
+ {
+ return echoOn;
+ }
+
+ /**
+ * <p>Set the retrieved password.</p>
+ *
+ * <p>This method makes a copy of the input password before storing it.</p>
+ *
+ * @param password the retrieved password, which may be <code>null</code>.
+ * @see #getPassword()
+ */
+ public void setPassword(char[] password)
+ {
+ inputPassword = (password == null ? null : (char[]) password.clone());
+ }
+
+ /**
+ * <p>Get the retrieved password.</p>
+ *
+ * <p>This method returns a copy of the retrieved password.</p>
+ *
+ * @return the retrieved password, which may be <code>null</code>.
+ * @see #setPassword(char[])
+ */
+ public char[] getPassword()
+ {
+ return (inputPassword == null ? null : (char[]) inputPassword.clone());
+ }
+
+ /** Clear the retrieved password. */
+ public void clearPassword()
+ {
+ if (inputPassword != null)
+ {
+ for (int i = 0; i < inputPassword.length; i++)
+ {
+ inputPassword[i] = '\0';
+ }
+ inputPassword = null;
+ }
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid prompt");
+ }
+ this.prompt = prompt;
+ }
+}
diff --git a/libjava/javax/security/auth/callback/TextInputCallback.java b/libjava/javax/security/auth/callback/TextInputCallback.java
new file mode 100644
index 00000000000..55c1aa2534d
--- /dev/null
+++ b/libjava/javax/security/auth/callback/TextInputCallback.java
@@ -0,0 +1,178 @@
+/* TextInputCallback.java -- callbacks for user input.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * Underlying security services instantiate and pass a <code>TextInputCallback</code>
+ * to the <code>handle()</code> method of a {@link CallbackHandler} to retrieve
+ * generic text information.
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.1 $
+ */
+public class TextInputCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String prompt;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String defaultText;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String inputText;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Construct a <code>TextInputCallback</code> with a prompt.
+ *
+ * @param prompt the prompt used to request the information.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or if <code>prompt</code> has a length of <code>0</code>.
+ */
+ public TextInputCallback(String prompt) throws IllegalArgumentException
+ {
+ super();
+
+ setPrompt(prompt);
+ }
+
+ /**
+ * Construct a <code>TextInputCallback</code> with a prompt and default
+ * input value.
+ *
+ * @param prompt the prompt used to request the information.
+ * @param defaultText the text to be used as the default text displayed with
+ * the prompt.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>,
+ * if <code>prompt</code> has a length of <code>0</code>, if
+ * <code>defaultText</code> is <code>null</code> or if <code>defaultText</code>
+ * has a length of <code>0</code>.
+ */
+ public TextInputCallback(String prompt, String defaultText)
+ throws IllegalArgumentException
+ {
+ super();
+
+ setPrompt(prompt);
+ setDefaultText(defaultText);
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the prompt.
+ *
+ * @return the prompt.
+ */
+ public String getPrompt()
+ {
+ return prompt;
+ }
+
+ /**
+ * Get the default text.
+ *
+ * @return the default text, or <code>null</code> if this
+ * <code>TextInputCallback</code> was not instantiated with
+ * <code>defaultText</code>.
+ */
+ public String getDefaultText()
+ {
+ return defaultText;
+ }
+
+ /**
+ * Set the retrieved text.
+ *
+ * @param text the retrieved text, which may be <code>null</code>.
+ */
+ public void setText(String text)
+ {
+ this.inputText = text;
+ }
+
+ /**
+ * Get the retrieved text.
+ *
+ * @return the retrieved text, which may be <code>null</code>.
+ */
+ public String getText()
+ {
+ return inputText;
+ }
+
+ private void setPrompt(String prompt) throws IllegalArgumentException
+ {
+ if ((prompt == null) || (prompt.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid prompt");
+ }
+ this.prompt = prompt;
+ }
+
+ private void setDefaultText(String defaultText) throws IllegalArgumentException
+ {
+ if ((defaultText == null) || (defaultText.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid default text");
+ }
+ this.defaultText = defaultText;
+ }
+}
diff --git a/libjava/javax/security/auth/callback/TextOutputCallback.java b/libjava/javax/security/auth/callback/TextOutputCallback.java
new file mode 100644
index 00000000000..380a5ef60f0
--- /dev/null
+++ b/libjava/javax/security/auth/callback/TextOutputCallback.java
@@ -0,0 +1,141 @@
+/* TextOutputCallback.java -- callback for text output.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+import java.io.Serializable;
+
+/**
+ * <p>Underlying security services instantiate and pass a
+ * <code>TextOutputCallback</code> to the <code>handle()</code> method of a
+ * {@link CallbackHandler} to display information messages, warning messages and
+ * error messages.</p>
+ *
+ * @see CallbackHandler
+ * @version $Revision: 1.2 $
+ */
+public class TextOutputCallback implements Callback, Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /** Information message */
+ public static final int INFORMATION = 0;
+
+ /** Warning message */
+ public static final int WARNING = 1;
+
+ /** Error message */
+ public static final int ERROR = 2;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private int messageType;
+
+ /**
+ * @serial
+ * @since 1.4
+ */
+ private String message;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Construct a <code>TextOutputCallback</code> with a message type and
+ * message to be displayed.</p>
+ *
+ * @param messageType the message type (INFORMATION, WARNING or ERROR).
+ * @param message the message to be displayed.
+ * @throws IllegalArgumentException if <code>messageType</code> is not either
+ * <code>INFORMATION</code>, <code>WARNING</code> or <code>ERROR</code>, if
+ * <code>message</code> is <code>null</code>, or if <code>message</code> has
+ * a length of <code>0</code>.
+ */
+ public TextOutputCallback(int messageType, String message)
+ throws IllegalArgumentException
+ {
+ switch (messageType)
+ {
+ case INFORMATION:
+ case WARNING:
+ case ERROR: this.messageType = messageType; break;
+ default: throw new IllegalArgumentException("invalid message type");
+ }
+
+ setMessage(message);
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Returns the message's <code>messageType</code>.</p>
+ *
+ * @return the message type (INFORMATION, WARNING or ERROR).
+ */
+ public int getMessageType()
+ {
+ return messageType;
+ }
+
+ /**
+ * <p>Returns the <code>message</code> to be displayed.</p>
+ *
+ * @return the message to be displayed.
+ */
+ public String getMessage()
+ {
+ return message;
+ }
+
+ private void setMessage(String message) throws IllegalArgumentException
+ {
+ if ((message == null) || (message.length() == 0))
+ {
+ throw new IllegalArgumentException("invalid message");
+ }
+ this.message = message;
+ }
+}
diff --git a/libjava/javax/security/auth/callback/UnsupportedCallbackException.java b/libjava/javax/security/auth/callback/UnsupportedCallbackException.java
new file mode 100644
index 00000000000..215942c40b5
--- /dev/null
+++ b/libjava/javax/security/auth/callback/UnsupportedCallbackException.java
@@ -0,0 +1,102 @@
+/* UnsupportedCallbackException.java -- signals an unsupported callback type.
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.callback;
+
+/**
+ * Signals that a {@link CallbackHandler} does not recognize a particular
+ * {@link Callback}.
+ *
+ * @version $Revision: 1.1 $
+ */
+public class UnsupportedCallbackException extends Exception
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /** @serial */
+ private Callback callback;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Constructs an <code>UnsupportedCallbackException</code> with no detail
+ * message.
+ *
+ * @param callback the unrecognized {@link Callback}.
+ */
+ public UnsupportedCallbackException(Callback callback)
+ {
+ super();
+
+ this.callback = callback;
+ }
+
+ /**
+ * Constructs an <code>UnsupportedCallbackException</code> with the specified
+ * detail message. A detail message is a {@link String} that describes this
+ * particular exception.
+ *
+ * @param callback the unrecognized {@link Callback}.
+ * @param msg the detail message.
+ */
+ public UnsupportedCallbackException(Callback callback, String msg)
+ {
+ super(msg);
+
+ this.callback = callback;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Get the unrecognized {@link Callback}.
+ *
+ * @return the unrecognized {@link Callback}.
+ */
+ public Callback getCallback()
+ {
+ return this.callback;
+ }
+}
diff --git a/libjava/javax/security/auth/login/AccountExpiredException.java b/libjava/javax/security/auth/login/AccountExpiredException.java
new file mode 100644
index 00000000000..e8e331347be
--- /dev/null
+++ b/libjava/javax/security/auth/login/AccountExpiredException.java
@@ -0,0 +1,64 @@
+/* AccountExpiredException.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals that an attempt was made to login to an account
+ * that has expired.
+ */
+public class AccountExpiredException extends LoginException
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -6064064890162661560L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public AccountExpiredException()
+ {
+ }
+
+ public AccountExpiredException (String message)
+ {
+ super (message);
+ }
+}
diff --git a/libjava/javax/security/auth/login/AppConfigurationEntry.java b/libjava/javax/security/auth/login/AppConfigurationEntry.java
new file mode 100644
index 00000000000..1879a68c1e8
--- /dev/null
+++ b/libjava/javax/security/auth/login/AppConfigurationEntry.java
@@ -0,0 +1,135 @@
+/* AppConfigurationEntry.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+public class AppConfigurationEntry
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private final String loginModuleName;
+ private final LoginModuleControlFlag controlFlag;
+ private final Map options;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public AppConfigurationEntry (final String loginModuleName,
+ final LoginModuleControlFlag controlFlag,
+ final Map options)
+ {
+ if (loginModuleName == null || loginModuleName.length() == 0)
+ throw new IllegalArgumentException ("module name cannot be null nor empty");
+ if (LoginModuleControlFlag.OPTIONAL != controlFlag &&
+ LoginModuleControlFlag.REQUIRED != controlFlag &&
+ LoginModuleControlFlag.REQUISITE != controlFlag &&
+ LoginModuleControlFlag.SUFFICIENT != controlFlag)
+ throw new IllegalArgumentException ("invalid controlFlag");
+ if (options == null)
+ throw new IllegalArgumentException ("options cannot be null");
+ this.loginModuleName = loginModuleName;
+ this.controlFlag = controlFlag;
+ this.options = Collections.unmodifiableMap (new HashMap (options));
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public LoginModuleControlFlag getControlFlag()
+ {
+ return controlFlag;
+ }
+
+ public String getLoginModuleName()
+ {
+ return loginModuleName;
+ }
+
+ public Map getOptions()
+ {
+ return options;
+ }
+
+ // Inner class.
+ // -------------------------------------------------------------------------
+
+ public static class LoginModuleControlFlag
+ {
+
+ // Constants.
+ // -----------------------------------------------------------------------
+
+ public static final LoginModuleControlFlag OPTIONAL = new LoginModuleControlFlag();
+ public static final LoginModuleControlFlag REQUIRED = new LoginModuleControlFlag();
+ public static final LoginModuleControlFlag REQUISITE = new LoginModuleControlFlag();
+ public static final LoginModuleControlFlag SUFFICIENT = new LoginModuleControlFlag();
+
+ // Constructor.
+ // -----------------------------------------------------------------------
+
+ private LoginModuleControlFlag()
+ {
+ }
+
+ // Instance methods.
+ // -----------------------------------------------------------------------
+
+ public String toString()
+ {
+ StringBuffer buf = new StringBuffer (LoginModuleControlFlag.class.getName());
+ buf.append ('.');
+ if (this == OPTIONAL)
+ buf.append ("OPTIONAL");
+ else if (this == REQUIRED)
+ buf.append ("REQUIRED");
+ else if (this == REQUISITE)
+ buf.append ("REQUISITE");
+ else if (this == SUFFICIENT)
+ buf.append ("SUFFICIENT");
+ else
+ buf.append ("HARVEY_THE_RABBIT");
+ return buf.toString();
+ }
+ }
+}
diff --git a/libjava/javax/security/auth/login/Configuration.java b/libjava/javax/security/auth/login/Configuration.java
new file mode 100644
index 00000000000..4a55013ca2b
--- /dev/null
+++ b/libjava/javax/security/auth/login/Configuration.java
@@ -0,0 +1,109 @@
+/* Configuration.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Security;
+
+import javax.security.auth.AuthPermission;
+
+public abstract class Configuration
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private static Configuration config;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ protected Configuration()
+ {
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ public static synchronized Configuration getConfiguration()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission (new AuthPermission ("getLoginConfiguration"));
+ if (config == null)
+ {
+ String conf = (String) AccessController.doPrivileged
+ (new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty ("login.configuration.provider");
+ }
+ });
+ try
+ {
+ if (conf != null)
+ config = (Configuration) Class.forName (conf).newInstance();
+ else
+ config = new NullConfiguration();
+ }
+ catch (Exception x)
+ {
+ config = new NullConfiguration();
+ }
+ }
+ return config;
+ }
+
+ public static synchronized void setConfiguration (Configuration config)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission (new AuthPermission ("setLoginConfiguration"));
+ Configuration.config = config;
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ public abstract AppConfigurationEntry[] getAppConfigurationEntry (String applicationName);
+
+ public abstract void refresh();
+}
diff --git a/libjava/javax/security/auth/login/CredentialExpiredException.java b/libjava/javax/security/auth/login/CredentialExpiredException.java
new file mode 100644
index 00000000000..df643ba6990
--- /dev/null
+++ b/libjava/javax/security/auth/login/CredentialExpiredException.java
@@ -0,0 +1,64 @@
+/* CredentialExpiredException.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals an attempt to login with a credential that
+ * has expired.
+ */
+public class CredentialExpiredException extends LoginException
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -5344739593859737937L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public CredentialExpiredException()
+ {
+ }
+
+ public CredentialExpiredException (String message)
+ {
+ super (message);
+ }
+}
diff --git a/libjava/javax/security/auth/login/FailedLoginException.java b/libjava/javax/security/auth/login/FailedLoginException.java
new file mode 100644
index 00000000000..384ade08427
--- /dev/null
+++ b/libjava/javax/security/auth/login/FailedLoginException.java
@@ -0,0 +1,63 @@
+/* FailedLoginException.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+/**
+ * An exception that signals that an attempt to login was unsuccessful.
+ */
+public class FailedLoginException extends LoginException
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = 802556922354616286L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public FailedLoginException()
+ {
+ }
+
+ public FailedLoginException (String message)
+ {
+ super (message);
+ }
+}
diff --git a/libjava/javax/security/auth/login/LoginContext.java b/libjava/javax/security/auth/login/LoginContext.java
new file mode 100644
index 00000000000..da88e841282
--- /dev/null
+++ b/libjava/javax/security/auth/login/LoginContext.java
@@ -0,0 +1,44 @@
+/* LoginContext.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+public class LoginContext
+{
+
+}
diff --git a/libjava/javax/security/auth/login/LoginException.java b/libjava/javax/security/auth/login/LoginException.java
new file mode 100644
index 00000000000..878120381b5
--- /dev/null
+++ b/libjava/javax/security/auth/login/LoginException.java
@@ -0,0 +1,65 @@
+/* LoginException.java
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * A general exception during authentication and authorization.
+ */
+public class LoginException extends GeneralSecurityException
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -4679091624035232488L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public LoginException()
+ {
+ }
+
+ public LoginException (String message)
+ {
+ super (message);
+ }
+}
diff --git a/libjava/javax/security/auth/login/NullConfiguration.java b/libjava/javax/security/auth/login/NullConfiguration.java
new file mode 100644
index 00000000000..e1c99037f96
--- /dev/null
+++ b/libjava/javax/security/auth/login/NullConfiguration.java
@@ -0,0 +1,64 @@
+/* NullConfiguration.java -- no-op default login configuration.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.login;
+
+import javax.security.auth.AuthPermission;
+
+final class NullConfiguration extends Configuration
+{
+
+ // Contructor.
+ // -------------------------------------------------------------------------
+
+ NullConfiguration()
+ {
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public AppConfigurationEntry[] getAppConfigurationEntry (String applicationName)
+ {
+ return null;
+ }
+
+ public void refresh()
+ {
+ }
+}
diff --git a/libjava/javax/security/auth/x500/X500PrivateCredential.java b/libjava/javax/security/auth/x500/X500PrivateCredential.java
new file mode 100644
index 00000000000..fb3a5ef40b7
--- /dev/null
+++ b/libjava/javax/security/auth/x500/X500PrivateCredential.java
@@ -0,0 +1,148 @@
+/* X500PrivateCredential.java -- certificate and private key pair.
+ Copyright (C) 2003 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.auth.x500;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import javax.security.auth.Destroyable;
+
+/**
+ * A pairing of a {@link X509Certificate} and its corresponding {@link
+ * PrivateKey}, with an optional keystore alias.
+ */
+public final class X500PrivateCredential implements Destroyable
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private PrivateKey key;
+ private X509Certificate certificate;
+ private String alias;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new private credential with no associated keystore alias.
+ *
+ * @param certificate The X.509 certificate.
+ * @param key The private key.
+ * @throws IllegalArgumentException If either parameter is null.
+ */
+ public X500PrivateCredential (X509Certificate certificate, PrivateKey key)
+ {
+ if (certificate == null || key == null)
+ throw new IllegalArgumentException();
+ this.certificate = certificate;
+ this.key = key;
+ }
+
+ /**
+ * Creates a new private credential with a keystore alias.
+ *
+ * @param certificate The X.509 certificate.
+ * @param key The private key.
+ * @param alias The keystore alias for this credential.
+ * @throws IllegalArgumentException If any parameter is null.
+ */
+ public X500PrivateCredential (X509Certificate certificate, PrivateKey key,
+ String alias)
+ {
+ this (certificate, key);
+ if (alias == null)
+ throw new IllegalArgumentException();
+ this.alias = alias;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the certificate of this credential.
+ *
+ * @return The certificate of this credential.
+ */
+ public X509Certificate getCertificate()
+ {
+ return certificate;
+ }
+
+ /**
+ * Returns the private key of this credential.
+ *
+ * @return The private key of this credential.
+ */
+ public PrivateKey getPrivateKey()
+ {
+ return key;
+ }
+
+ /**
+ * Returns the keystore alias of this credential, or null if not present.
+ *
+ * @return The keystore alias, or null.
+ */
+ public String getAlias()
+ {
+ return alias;
+ }
+
+ /**
+ * Destroy the sensitive data of this credential, setting the certificate,
+ * private key, and keystore alias to null.
+ */
+ public void destroy()
+ {
+ certificate = null;
+ key = null;
+ alias = null;
+ }
+
+ /**
+ * Tells whether or not this credential has been destroyed, and that
+ * the certificate and private key fields are null.
+ *
+ * @return True if this object has been destroyed.
+ */
+ public boolean isDestroyed()
+ {
+ return certificate == null && key == null;
+ }
+}
diff --git a/libjava/javax/security/cert/Certificate.java b/libjava/javax/security/cert/Certificate.java
new file mode 100644
index 00000000000..8090817fcf4
--- /dev/null
+++ b/libjava/javax/security/cert/Certificate.java
@@ -0,0 +1,176 @@
+/* Certificate.java -- base class of public-key certificates.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.SignatureException;
+
+import java.util.Arrays;
+import java.util.zip.Adler32;
+
+/**
+ * <p>The base class for public-key certificates.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.Certificate} class. It should not be used in new
+ * applications.</b></p>
+ */
+public abstract class Certificate
+{
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public Certificate()
+ {
+ super();
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Tests if this certificate equals another.</p>
+ *
+ * @param other The object to test.
+ * @return True if the certificates are equal.
+ */
+ public boolean equals(Object other)
+ {
+ if (other == null || !(other instanceof Certificate))
+ {
+ return false;
+ }
+ if (other == this)
+ {
+ return true;
+ }
+ try
+ {
+ return Arrays.equals(getEncoded(), ((Certificate) other).getEncoded());
+ }
+ catch (CertificateEncodingException cee)
+ {
+ return false;
+ }
+ }
+
+ /**
+ * <p>Computes a hash code for this certificate.</p>
+ *
+ * @return The hash code.
+ */
+ public int hashCode()
+ {
+ try
+ {
+ Adler32 csum = new Adler32();
+ csum.update(getEncoded());
+ return (int) csum.getValue();
+ }
+ catch (CertificateEncodingException cee)
+ {
+ return 0;
+ }
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Return the encoded form of this certificate.</p>
+ *
+ * @return The encoded form.
+ * @throws CertificateEncodingException If the certificate could not be
+ * encoded.
+ */
+ public abstract byte[] getEncoded() throws CertificateEncodingException;
+
+ /**
+ * <p>Verifies the signature of this certificate.</p>
+ *
+ * @param key The signer's public key.
+ * @throws CertificateException
+ * @throws NoSuchAlgorithmException If the algorithm used to sign the
+ * certificate is not available.
+ * @throws InvalidKeyException If the supplied key is not appropriate for the
+ * certificate's signature algorithm.
+ * @throws NoSuchProviderException
+ * @throws SignatureException If the signature could not be verified.
+ */
+ public abstract void verify(PublicKey key)
+ throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException;
+
+ /**
+ * <p>Verifies the signature of this certificate, using the specified security
+ * provider.</p>
+ *
+ * @param key The signer's public key.
+ * @param sigProvider The name of the signature provider.
+ * @throws CertificateException
+ * @throws NoSuchAlgorithmException If the algorithm used to sign the
+ * certificate is not available.
+ * @throws InvalidKeyException If the supplied key is not appropriate for the
+ * certificate's signature algorithm.
+ * @throws NoSuchProviderException If <i>sigProvider</i> is not the name of an
+ * installed provider.
+ * @throws SignatureException If the signature could not be verified.
+ */
+ public abstract void verify(PublicKey key, String sigProvider)
+ throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException;
+
+ /**
+ * <p>Returns a printable representation of this certificate.</p>
+ *
+ * @return The string.
+ */
+ public abstract String toString();
+
+ /**
+ * <p>Returns this certificate's public key.</p>
+ *
+ * @return The public key.
+ */
+ public abstract PublicKey getPublicKey();
+}
diff --git a/libjava/javax/security/cert/CertificateEncodingException.java b/libjava/javax/security/cert/CertificateEncodingException.java
new file mode 100644
index 00000000000..81c85dd9f2e
--- /dev/null
+++ b/libjava/javax/security/cert/CertificateEncodingException.java
@@ -0,0 +1,60 @@
+/* CertificateEncodingException.java -- certificate encoding exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals a problem when encoding certificates.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.CertificateEncodingException} class. It should not be used
+ * in new applications.</b></p>
+ */
+public class CertificateEncodingException extends CertificateException
+{
+
+ public CertificateEncodingException()
+ {
+ super();
+ }
+
+ public CertificateEncodingException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/javax/security/cert/CertificateException.java b/libjava/javax/security/cert/CertificateException.java
new file mode 100644
index 00000000000..4e79a312057
--- /dev/null
+++ b/libjava/javax/security/cert/CertificateException.java
@@ -0,0 +1,60 @@
+/* CertificateException.java -- certificate exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals a generic problem with certificates.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.CertificateException} class. It should not be used in new
+ * applications.</b></p>
+ */
+public class CertificateException extends Exception
+{
+
+ public CertificateException()
+ {
+ super();
+ }
+
+ public CertificateException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/javax/security/cert/CertificateExpiredException.java b/libjava/javax/security/cert/CertificateExpiredException.java
new file mode 100644
index 00000000000..53b0cc007ed
--- /dev/null
+++ b/libjava/javax/security/cert/CertificateExpiredException.java
@@ -0,0 +1,60 @@
+/* CertificateExpiredException.java -- certificate expired exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals that a certificate has expired.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.CertificateExpiredException} class. It should not be used
+ * in new applications.</b></p>
+ */
+public class CertificateExpiredException extends CertificateException
+{
+
+ public CertificateExpiredException()
+ {
+ super();
+ }
+
+ public CertificateExpiredException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/javax/security/cert/CertificateNotYetValidException.java b/libjava/javax/security/cert/CertificateNotYetValidException.java
new file mode 100644
index 00000000000..56c8aeb7f53
--- /dev/null
+++ b/libjava/javax/security/cert/CertificateNotYetValidException.java
@@ -0,0 +1,60 @@
+/* CertificateNotYetValidException.java -- certificate not yet valid exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals that a certificate is not yet valid.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.CertificateNotYetValidException} class. It should not be
+ * used in new applications.</b></p>
+ */
+public class CertificateNotYetValidException extends CertificateException
+{
+
+ public CertificateNotYetValidException()
+ {
+ super();
+ }
+
+ public CertificateNotYetValidException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/javax/security/cert/CertificateParsingException.java b/libjava/javax/security/cert/CertificateParsingException.java
new file mode 100644
index 00000000000..17012e2f1c9
--- /dev/null
+++ b/libjava/javax/security/cert/CertificateParsingException.java
@@ -0,0 +1,59 @@
+/* CertificateParsingException.java -- certificate parsing exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+/**
+ * <p>Signals a parsing error when decoding a certificate.</p>
+ *
+ * <p><b>This class is deprecated. It should not be used in new
+ * applications.</b></p>
+ */
+public class CertificateParsingException extends CertificateException
+{
+
+ public CertificateParsingException()
+ {
+ super();
+ }
+
+ public CertificateParsingException(String msg)
+ {
+ super(msg);
+ }
+}
diff --git a/libjava/javax/security/cert/X509CertBridge.java b/libjava/javax/security/cert/X509CertBridge.java
new file mode 100644
index 00000000000..1c075d6d52f
--- /dev/null
+++ b/libjava/javax/security/cert/X509CertBridge.java
@@ -0,0 +1,203 @@
+/* X509CertBridge.java -- bridge between JDK and JSSE cert APIs.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+import java.math.BigInteger;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.Principal;
+import java.security.SignatureException;
+
+import java.util.Date;
+
+/**
+ * <p>An implementation of the {@link X509Certificate} class that delegates
+ * calls to a {@link java.security.cert.X509Certificate}.</p>
+ */
+final class X509CertBridge extends X509Certificate
+{
+
+ // Fields.
+ // -------------------------------------------------------------------------
+
+ private java.security.cert.X509Certificate cert;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ X509CertBridge(java.security.cert.X509Certificate cert)
+ {
+ this.cert = cert;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ public byte[] getEncoded() throws CertificateEncodingException
+ {
+ try
+ {
+ return cert.getEncoded();
+ }
+ catch (java.security.cert.CertificateEncodingException cee)
+ {
+ throw new CertificateEncodingException(cee.getMessage());
+ }
+ }
+
+ public void verify(PublicKey key)
+ throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException
+ {
+ try
+ {
+ cert.verify(key);
+ }
+ catch (java.security.cert.CertificateException ce)
+ {
+ throw new CertificateException(ce.getMessage());
+ }
+ }
+
+ public void verify(PublicKey key, String sigProvider)
+ throws CertificateException, NoSuchAlgorithmException, InvalidKeyException,
+ NoSuchProviderException, SignatureException
+ {
+ try
+ {
+ cert.verify(key, sigProvider);
+ }
+ catch (java.security.cert.CertificateException ce)
+ {
+ throw new CertificateException(ce.getMessage());
+ }
+ }
+
+ public String toString()
+ {
+ return cert.toString();
+ }
+
+ public PublicKey getPublicKey()
+ {
+ return cert.getPublicKey();
+ }
+
+ public void checkValidity()
+ throws CertificateExpiredException, CertificateNotYetValidException
+ {
+ try
+ {
+ cert.checkValidity();
+ }
+ catch (java.security.cert.CertificateExpiredException cee)
+ {
+ throw new CertificateExpiredException(cee.getMessage());
+ }
+ catch (java.security.cert.CertificateNotYetValidException cnyve)
+ {
+ throw new CertificateNotYetValidException(cnyve.getMessage());
+ }
+ }
+
+ public void checkValidity(Date date)
+ throws CertificateExpiredException, CertificateNotYetValidException
+ {
+ try
+ {
+ cert.checkValidity(date);
+ }
+ catch (java.security.cert.CertificateExpiredException cee)
+ {
+ throw new CertificateExpiredException(cee.getMessage());
+ }
+ catch (java.security.cert.CertificateNotYetValidException cnyve)
+ {
+ throw new CertificateNotYetValidException(cnyve.getMessage());
+ }
+ }
+
+ public int getVersion()
+ {
+ return cert.getVersion();
+ }
+
+ public BigInteger getSerialNumber()
+ {
+ return cert.getSerialNumber();
+ }
+
+ public Principal getIssuerDN()
+ {
+ return cert.getIssuerDN();
+ }
+
+ public Principal getSubjectDN()
+ {
+ return cert.getSubjectDN();
+ }
+
+ public Date getNotBefore()
+ {
+ return cert.getNotBefore();
+ }
+
+ public Date getNotAfter()
+ {
+ return cert.getNotAfter();
+ }
+
+ public String getSigAlgName()
+ {
+ return cert.getSigAlgName();
+ }
+
+ public String getSigAlgOID()
+ {
+ return cert.getSigAlgOID();
+ }
+
+ public byte[] getSigAlgParams()
+ {
+ return cert.getSigAlgParams();
+ }
+}
diff --git a/libjava/javax/security/cert/X509Certificate.java b/libjava/javax/security/cert/X509Certificate.java
new file mode 100644
index 00000000000..2bf0b4e94b0
--- /dev/null
+++ b/libjava/javax/security/cert/X509Certificate.java
@@ -0,0 +1,191 @@
+/* X509Certificate.java -- base class of X.509 certificates.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.cert;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.IOException;
+
+import java.math.BigInteger;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
+import java.security.cert.CertificateFactory;
+
+import java.util.Date;
+
+/**
+ * <p>The base class of all X.509 certificates.</p>
+ *
+ * <p><b>This class is deprecated in favor of the {@link
+ * java.security.cert.X509Certificate} class. It should not be used in new
+ * applications.</b></p>
+ */
+public abstract class X509Certificate extends Certificate
+{
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Get an instance of X509Certificate for the given encoded bytes.</p>
+ *
+ * @param encoded The encoded certificate.
+ * @return An instance of X509Certificate.
+ * @throws CertificateException If the encoded certificate cannot be parsed.
+ */
+ public static X509Certificate getInstance(byte[] encoded)
+ throws CertificateException
+ {
+ return getInstance(new ByteArrayInputStream(encoded));
+ }
+
+ /**
+ * <p>Get an instance of X509Certificate for the given encoded stream.</p>
+ *
+ * @param encoded The encoded certificate stream..
+ * @return An instance of X509Certificate.
+ * @throws CertificateException If the encoded certificate cannot be parsed.
+ */
+ public static X509Certificate getInstance(InputStream encoded)
+ throws CertificateException
+ {
+ try
+ {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ return new X509CertBridge((java.security.cert.X509Certificate)
+ cf.generateCertificate(encoded));
+ }
+ catch (java.security.cert.CertificateException ce)
+ {
+ throw new CertificateException(ce.getMessage());
+ }
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Check if this certificate is valid now.</p>
+ *
+ * @throws CertificateExpiredException If the certificate has expired.
+ * @throws CertificateNotYetValidException If the certificate is not yet valid.
+ * @see #checkValidity(java.util.Date)
+ */
+ public abstract void checkValidity()
+ throws CertificateExpiredException, CertificateNotYetValidException;
+
+ /**
+ * <p>Check if this certificate is valid for the given date.</p>
+ *
+ * @param date The date to check.
+ * @throws CertificateExpiredException If the certificate has expired.
+ * @throws CertificateNotYetValidException If the certificate is not yet valid.
+ */
+ public abstract void checkValidity(Date date)
+ throws CertificateExpiredException, CertificateNotYetValidException;
+
+ /**
+ * <p>Returns the X.509 version number.</p>
+ *
+ * @return The version number.
+ */
+ public abstract int getVersion();
+
+ /**
+ * <p>Returns this certificate's serial number.</p>
+ *
+ * @return The serial number.
+ */
+ public abstract BigInteger getSerialNumber();
+
+ /**
+ * <p>Returns the distinguished name of this certificate's issuer.</p>
+ *
+ * @return The issuer's distinguished name.
+ */
+ public abstract Principal getIssuerDN();
+
+ /**
+ * <p>Returns the distinguished name of this certificate's subject.</p>
+ *
+ * @return The subject's distinguished name.
+ */
+ public abstract Principal getSubjectDN();
+
+ /**
+ * <p>Returns the <i>not before</i> portion of this certificate's validity
+ * period.</p>
+ *
+ * @return The not before date.
+ */
+ public abstract Date getNotBefore();
+
+ /**
+ * <p>Returns the <i>not after</i> portion of this certificate's validity
+ * period.</p>
+ *
+ * @return The not after date.
+ */
+ public abstract Date getNotAfter();
+
+ /**
+ * <p>Returns the name of this certificate's signature algorithm.</p>
+ *
+ * @return The name of the signature algorithm.
+ */
+ public abstract String getSigAlgName();
+
+ /**
+ * <p>Returns the object identifier (OID) of this certificate's signature
+ * algorithm. The returned string is a sequence of integers separated by
+ * periods.</p>
+ *
+ * @return The signature OID.
+ */
+ public abstract String getSigAlgOID();
+
+ /**
+ * <p>Returns the signature parameters. The returned byte array contains the
+ * raw DER-encoded parameters.</p>
+ *
+ * @return The signature parameters.
+ */
+ public abstract byte[] getSigAlgParams();
+}
diff --git a/libjava/javax/security/sasl/AuthenticationException.java b/libjava/javax/security/sasl/AuthenticationException.java
new file mode 100644
index 00000000000..1af2eb30a15
--- /dev/null
+++ b/libjava/javax/security/sasl/AuthenticationException.java
@@ -0,0 +1,105 @@
+/* AuthenticationException.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpathis free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpathis distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+/**
+ * <p>This exception is thrown by a SASL mechanism implementation to indicate
+ * that the SASL exchange has failed due to reasons related to authentication,
+ * such as an invalid identity, passphrase, or key.</p>
+ *
+ * <p>Note that the lack of an <code>AuthenticationException</code> does not
+ * mean that the failure was not due to an authentication error. A SASL
+ * mechanism implementation might throw the more general {@link SaslException}
+ * instead of <code>AuthenticationException</code> if it is unable to determine
+ * the nature of the failure, or if does not want to disclose the nature of the
+ * failure, for example, due to security reasons.</p>
+ */
+public class AuthenticationException extends SaslException
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Constructs a new instance of <code>AuthenticationException</code>. The
+ * root exception and the detailed message are <code>null</code>.
+ */
+ public AuthenticationException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs a new instance of <code>AuthenticationException</code> with a
+ * detailed message. The root exception is <code>null</code>.
+ *
+ * @param detail a possibly <code>null</code> string containing details of
+ * the exception.
+ * @see Throwable#getMessage()
+ */
+ public AuthenticationException(String detail)
+ {
+ super(detail);
+ }
+
+ /**
+ * Constructs a new instance of <code>AuthenticationException</code> with a
+ * detailed message and a root exception.
+ *
+ * @param detail a possibly <code>null</code> string containing details of
+ * the exception.
+ * @param ex a possibly <code>null</code> root exception that caused this
+ * exception.
+ * @see Throwable#getMessage()
+ * @see SaslException#getCause()
+ */
+ public AuthenticationException(String detail, Throwable ex)
+ {
+ super(detail, ex);
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+}
diff --git a/libjava/javax/security/sasl/AuthorizeCallback.java b/libjava/javax/security/sasl/AuthorizeCallback.java
new file mode 100644
index 00000000000..77fe78698ad
--- /dev/null
+++ b/libjava/javax/security/sasl/AuthorizeCallback.java
@@ -0,0 +1,171 @@
+/* AuthorizeCallback.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpathis free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpathis distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * This callback is used by {@link SaslServer} to determine whether one entity
+ * (identified by an authenticated authentication ID) can act on behalf of
+ * another entity (identified by an authorization ID).
+ */
+public class AuthorizeCallback implements Callback
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /** @serial The (authenticated) authentication id to check. */
+ private String authenticationID = null;
+
+ /** @serial The authorization id to check. */
+ private String authorizationID = null;
+
+ /**
+ * @serial The id of the authorized entity. If null, the id of the authorized
+ * entity is authorizationID.
+ */
+ private String authorizedID = null;
+
+ /**
+ * @serial A flag indicating whether the authentication id is allowed to act
+ * on behalf of the authorization id.
+ */
+ private boolean authorized = false;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Constructs an instance of <code>AuthorizeCallback</code>.
+ *
+ * @param authnID the (authenticated) authentication ID.
+ * @param authzID the authorization ID.
+ */
+ public AuthorizeCallback(String authnID, String authzID)
+ {
+ super();
+
+ this.authenticationID = authnID;
+ this.authorizationID = authzID;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the authentication ID to check.
+ *
+ * @return the authentication ID to check
+ */
+ public String getAuthenticationID()
+ {
+ return authenticationID;
+ }
+
+ /**
+ * Returns the authorization ID to check.
+ *
+ * @return the authorization ID to check.
+ */
+ public String getAuthorizationID()
+ {
+ return authorizationID;
+ }
+
+ /**
+ * Determines if the identity represented by authentication ID is allowed to
+ * act on behalf of the authorization ID.
+ *
+ * @return <code>true</code> if authorization is allowed; <code>false</code>
+ * otherwise.
+ * @see #setAuthorized(boolean)
+ * @see #getAuthorizedID()
+ */
+ public boolean isAuthorized()
+ {
+ return authorized;
+ }
+
+ /**
+ * Sets if authorization is allowed or not.
+ *
+ * @param authorized <code>true</code> if authorization is allowed;
+ * <code>false</code> otherwise.
+ * @see #isAuthorized()
+ * @see #setAuthorizedID(String)
+ */
+ public void setAuthorized(boolean authorized)
+ {
+ this.authorized = authorized;
+ }
+
+ /**
+ * Returns the ID of the authorized user.
+ *
+ * @return the ID of the authorized user. <code>null</code> means the
+ * authorization failed.
+ * @see #setAuthorized(boolean)
+ * @see #setAuthorizedID(String)
+ */
+ public String getAuthorizedID()
+ {
+ if (!authorized)
+ {
+ return null;
+ }
+ return (authorizedID != null ? authorizedID : authorizationID);
+ }
+
+ /**
+ * Sets the ID of the authorized entity. Called by handler only when the ID
+ * is different from {@link #getAuthorizationID()}. For example, the ID might
+ * need to be canonicalized for the environment in which it will be used.
+ *
+ * @see #setAuthorized(boolean)
+ * @see #getAuthorizedID()
+ */
+ public void setAuthorizedID(String id)
+ {
+ this.authorizedID = id;
+ }
+}
diff --git a/libjava/javax/security/sasl/RealmCallback.java b/libjava/javax/security/sasl/RealmCallback.java
new file mode 100644
index 00000000000..49bc08ae2ec
--- /dev/null
+++ b/libjava/javax/security/sasl/RealmCallback.java
@@ -0,0 +1,75 @@
+/* RealmCallback.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import javax.security.auth.callback.TextInputCallback;
+
+/**
+ * This callback is used by {@link SaslClient} and {@link SaslServer} to
+ * retrieve realm information.
+ */
+public class RealmCallback extends TextInputCallback
+{
+
+ /**
+ * Constructs a <code>RealmCallback</code> with a prompt.
+ *
+ * @param prompt the non-null prompt to use to request the realm information.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or empty.
+ */
+ public RealmCallback(String prompt)
+ {
+ super(prompt);
+ }
+
+ /**
+ * Constructs a <code>RealmCallback</code> with a prompt and default realm
+ * information.
+ *
+ * @param prompt the non-null prompt to use to request the realm information.
+ * @param defaultRealmInfo the non-null default realm information to use.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or empty, or if <code>defaultRealm</code> is empty or <code>null</code>.
+ */
+ public RealmCallback(String prompt, String defaultRealmInfo)
+ {
+ super(prompt, defaultRealmInfo);
+ }
+}
diff --git a/libjava/javax/security/sasl/RealmChoiceCallback.java b/libjava/javax/security/sasl/RealmChoiceCallback.java
new file mode 100644
index 00000000000..2e00407610f
--- /dev/null
+++ b/libjava/javax/security/sasl/RealmChoiceCallback.java
@@ -0,0 +1,71 @@
+/* RealmChoiceCallback.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import javax.security.auth.callback.ChoiceCallback;
+
+/**
+ * This callback is used by {@link SaslClient} and {@link SaslServer} to obtain
+ * a realm given a list of realm choices.
+ */
+public class RealmChoiceCallback extends ChoiceCallback
+{
+
+ /**
+ * Constructs a <code>RealmChoiceCallback</code> with a prompt, a list of
+ * choices and a default choice.
+ *
+ * @param prompt the non-null prompt to use to request the realm.
+ * @param choices the non-null list of realms to choose from.
+ * @param defaultChoice the choice to be used as the default when the list of
+ * choices is displayed. It is an index into the <code>choices</code> array.
+ * @param multiple <code>true</code> if multiple choices allowed;
+ * <code>false</code> otherwise.
+ * @throws IllegalArgumentException if <code>prompt</code> is <code>null</code>
+ * or empty, if <code>choices</code> has a length of <code>0</code>, if any
+ * element from <code>choices</code> is <code>null</code> or empty, or if
+ * <code>defaultChoice</code> does not fall within the array boundary of
+ * <code>choices</code>.
+ */
+ public RealmChoiceCallback(String prompt, String[] choices, int defaultChoice,
+ boolean multiple)
+ {
+ super(prompt, choices, defaultChoice, multiple);
+ }
+}
diff --git a/libjava/javax/security/sasl/Sasl.java b/libjava/javax/security/sasl/Sasl.java
new file mode 100644
index 00000000000..2174692f4b4
--- /dev/null
+++ b/libjava/javax/security/sasl/Sasl.java
@@ -0,0 +1,691 @@
+/* Sasl.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Vector;
+import java.security.Security;
+import java.security.Provider;
+
+import javax.security.auth.callback.CallbackHandler;
+
+/**
+ * <p>A static class for creating SASL clients and servers.</p>
+ *
+ * <p>This class defines the policy of how to locate, load, and instantiate SASL
+ * clients and servers.</p>
+ *
+ * <p>For example, an application or library gets a SASL client instance by
+ * doing something like:</p>
+ *
+ * <pre>
+ *SaslClient sc =
+ * Sasl.createSaslClient(mechanisms, authorizationID, protocol,
+ * serverName, props, callbackHandler);
+ * </pre>
+ *
+ * <p>It can then proceed to use the instance to create an authenticated
+ * connection.</p>
+ *
+ * <p>Similarly, a server gets a SASL server instance by using code that looks
+ * as follows:</p>
+ *
+ * <pre>
+ *SaslServer ss =
+ * Sasl.createSaslServer(mechanism, protocol, serverName, props,
+ * callbackHandler);
+ * </pre>
+ */
+public class Sasl
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>The name of a property that specifies the quality-of-protection to use.
+ * The property contains a comma-separated, ordered list of quality-of-
+ * protection values that the client or server is willing to support. A qop
+ * value is one of:</p>
+ *
+ * <ul>
+ * <li><code>"auth"</code> - authentication only,</li>
+ * <li><code>"auth-int"</code> - authentication plus integrity
+ * protection,</li>
+ * <li><code>"auth-conf"</code> - authentication plus integrity and
+ * confidentiality protection.</li>
+ * </ul>
+ *
+ * <p>The order of the list specifies the preference order of the client or
+ * server.</p>
+ *
+ * <p>If this property is absent, the default qop is <code>"auth"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.qop"</code>.</p>
+ */
+ public static final String QOP = "javax.security.sasl.qop";
+
+ /**
+ * <p>The name of a property that specifies the cipher strength to use. The
+ * property contains a comma-separated, ordered list of cipher strength
+ * values that the client or server is willing to support. A strength value
+ * is one of:</p>
+ *
+ * <ul>
+ * <li><code>"low"</code>,</li>
+ * <li><code>"medium"</code>,</li>
+ * <li><code>"high"</code>.</li>
+ * </ul>
+ *
+ * <p>The order of the list specifies the preference order of the client or
+ * server. An implementation should allow configuration of the meaning of
+ * these values. An application may use the Java Cryptography Extension (JCE)
+ * with JCE-aware mechanisms to control the selection of cipher suites that
+ * match the strength values.</p>
+ *
+ * <p>If this property is absent, the default strength is
+ * <code>"high,medium,low"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.strength"</code>.
+ * </p>
+ */
+ public static final String STRENGTH = "javax.security.sasl.strength";
+
+ /**
+ * <p>The name of a property that specifies whether the server must authenticate
+ * to the client. The property contains <code>"true"</code> if the server
+ * must authenticate the to client; <code>"false"</code> otherwise. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is
+ * <code>"javax.security.sasl.server.authentication"</code>.</p>
+ */
+ public static final String SERVER_AUTH = "javax.security.sasl.server.authentication";
+
+ /**
+ * <p>The name of a property that specifies the maximum size of the receive
+ * buffer in bytes of {@link SaslClient}/{@link SaslServer}. The property
+ * contains the string representation of an integer.</p>
+ *
+ * <p>If this property is absent, the default size is defined by the
+ * mechanism.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.maxbuffer"</code>.
+ * </p>
+ */
+ public static final String MAX_BUFFER = "javax.security.sasl.maxbuffer";
+
+ /**
+ * <p>The name of a property that specifies the maximum size of the raw send
+ * buffer in bytes of {@link SaslClient}/{@link SaslServer}. The property
+ * contains the string representation of an integer. The value of this
+ * property is negotiated between the client and server during the
+ * authentication exchange.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.rawsendsize"</code>.
+ * </p>
+ */
+ public static final String RAW_SEND_SIZE = "javax.security.sasl.rawsendsize";
+
+ /**
+ * <p>The name of a property that specifies whether mechanisms susceptible
+ * to simple plain passive attacks (e.g., "PLAIN") are not permitted. The
+ * property contains <code>"true"</code> if such mechanisms are not
+ * permitted; <code>"false"</code> if such mechanisms are permitted. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.noplaintext"</code>.
+ * </p>
+ */
+ public static final String POLICY_NOPLAINTEXT = "javax.security.sasl.policy.noplaintext";
+
+ /**
+ * <p>The name of a property that specifies whether mechanisms susceptible to
+ * active (non-dictionary) attacks are not permitted. The property contains
+ * <code>"true"</code> if mechanisms susceptible to active attacks are not
+ * permitted; <code>"false"</code> if such mechanisms are permitted. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.noactive"</code>.
+ * </p>
+ */
+ public static final String POLICY_NOACTIVE = "javax.security.sasl.policy.noactive";
+
+ /**
+ * <p>The name of a property that specifies whether mechanisms susceptible to
+ * passive dictionary attacks are not permitted. The property contains
+ * <code>"true"</code> if mechanisms susceptible to dictionary attacks are
+ * not permitted; <code>"false"</code> if such mechanisms are permitted. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.nodictionary"</code>.
+ * </p>
+ */
+ public static final String POLICY_NODICTIONARY = "javax.security.sasl.policy.nodictionary";
+
+ /**
+ * <p>The name of a property that specifies whether mechanisms that accept
+ * anonymous login are not permitted. The property contains <code>"true"</code>
+ * if mechanisms that accept anonymous login are not permitted; <code>"false"
+ * </code> if such mechanisms are permitted. The default is <code>"false"</code>.
+ * </p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.noanonymous"</code>.
+ * </p>
+ */
+ public static final String POLICY_NOANONYMOUS = "javax.security.sasl.policy.noanonymous";
+
+ /**
+ * The name of a property that specifies whether mechanisms that implement
+ * forward secrecy between sessions are required. Forward secrecy means that
+ * breaking into one session will not automatically provide information for
+ * breaking into future sessions. The property contains <code>"true"</code>
+ * if mechanisms that implement forward secrecy between sessions are
+ * required; <code>"false"</code> if such mechanisms are not required. The
+ * default is <code>"false"</code>.</p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.forward"</code>.
+ * </p>
+ */
+ public static final String POLICY_FORWARD_SECRECY = "javax.security.sasl.policy.forward";
+
+ /**
+ * The name of a property that specifies whether mechanisms that pass client
+ * credentials are required. The property contains <code>"true"</code> if
+ * mechanisms that pass client credentials are required; <code>"false"</code>
+ * if such mechanisms are not required. The default is <code>"false"</code>.
+ * </p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.policy.credentials"</code>.
+ * </p>
+ */
+ public static final String POLICY_PASS_CREDENTIALS = "javax.security.sasl.policy.credentials";
+
+ /**
+ * <p>The name of a property that specifies whether to reuse previously
+ * authenticated session information. The property contains <code>"true"</code>
+ * if the mechanism implementation may attempt to reuse previously
+ * authenticated session information; it contains <code>"false"</code> if the
+ * implementation must not reuse previously authenticated session information.
+ * A setting of <code>"true"</code> serves only as a hint; it does not
+ * necessarily entail actual reuse because reuse might not be possible due to
+ * a number of reasons, including, but not limited to, lack of mechanism
+ * support for reuse, expiration of reusable information, and the peer's
+ * refusal to support reuse. The property's default value is <code>"false"</code>.
+ * </p>
+ *
+ * <p>The value of this constant is <code>"javax.security.sasl.reuse"</code>.
+ * Note that all other parameters and properties required to create a SASL
+ * client/server instance must be provided regardless of whether this
+ * property has been supplied. That is, you cannot supply any less
+ * information in anticipation of reuse. Mechanism implementations that
+ * support reuse might allow customization of its implementation for factors
+ * such as cache size, timeouts, and criteria for reuseability. Such
+ * customizations are implementation-dependent.</p>
+ */
+ public static final String REUSE = "javax.security.sasl.reuse";
+
+ private static final String CLIENT_FACTORY_SVC = "SaslClientFactory.";
+ private static final String SERVER_FACTORY_SVC = "SaslServerFactory.";
+ private static final String ALIAS = "Alg.Alias.";
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ private Sasl()
+ {
+ super();
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * <p>Creates a {@link SaslClient} for the specified mechanism.</p>
+ *
+ * <p>This method uses the JCA Security Provider Framework, described in the
+ * "Java Cryptography Architecture API Specification &amp; Reference", for
+ * locating and selecting a {@link SaslClient} implementation.</p>
+ *
+ * <p>First, it obtains an ordered list of {@link SaslClientFactory}
+ * instances from the registered security providers for the
+ * <code>"SaslClientFactory"</code> service and the specified mechanism. It
+ * then invokes <code>createSaslClient()</code> on each factory instance on
+ * the list until one produces a non-null {@link SaslClient} instance. It
+ * returns the non-null {@link SaslClient} instance, or <code>null</code> if
+ * the search fails to produce a non-null {@link SaslClient} instance.</p>
+ *
+ * <p>A security provider for <code>SaslClientFactory</code> registers with
+ * the JCA Security Provider Framework keys of the form:</p>
+ *
+ * <pre>
+ * SaslClientFactory.mechanism_name
+ * </pre>
+ *
+ * <p>and values that are class names of implementations of {@link
+ * SaslClientFactory}.</p>
+ *
+ * <p>For example, a provider that contains a factory class,
+ * <code>com.wiz.sasl.digest.ClientFactory</code>, that supports the
+ * <code>"DIGEST-MD5"</code> mechanism would register the following entry
+ * with the JCA:</p>
+ *
+ * <pre>
+ * SaslClientFactory.DIGEST-MD5 com.wiz.sasl.digest.ClientFactory
+ * </pre>
+ *
+ * <p>See the "Java Cryptography Architecture API Specification &amp;
+ * Reference" for information about how to install and configure security
+ * service providers.</p>
+ *
+ * @param mechanisms the non-null list of mechanism names to try. Each is the
+ * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
+ * @param authorizationID the possibly <code>null</code> protocol-dependent
+ * identification to be used for authorization. If <code>null</code> or
+ * empty, the server derives an authorization ID from the client's
+ * authentication credentials. When the SASL authentication completes
+ * successfully, the specified entity is granted access.
+ * @param protocol the non-null string name of the protocol for which the
+ * authentication is being performed (e.g. "ldap").
+ * @param serverName the non-null fully-qualified host name of the server to
+ * authenticate to.
+ * @param props the possibly null set of properties used to select the SASL
+ * mechanism and to configure the authentication exchange of the selected
+ * mechanism. For example, if props contains the {@link Sasl#POLICY_NOPLAINTEXT}
+ * property with the value <code>"true"</code>, then the selected SASL
+ * mechanism must not be susceptible to simple plain passive attacks. In
+ * addition to the standard properties declared in this class, other,
+ * possibly mechanism-specific, properties can be included. Properties not
+ * relevant to the selected mechanism are ignored.
+ * @param cbh the possibly <code>null</code> callback handler to used by the
+ * SASL mechanisms to get further information from the application/library to
+ * complete the authentication. For example, a SASL mechanism might require
+ * the authentication ID, password and realm from the caller. The
+ * authentication ID is requested by using a
+ * {@link javax.security.auth.callback.NameCallback}. The password is
+ * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
+ * The realm is requested by using a {@link RealmChoiceCallback} if there is
+ * a list of realms to choose from, and by using a {@link RealmCallback} if
+ * the realm must be entered.
+ * @return a possibly <code>null</code> {@link SaslClient} created using the
+ * parameters supplied. If <code>null</code>, the method could not find a
+ * {@link SaslClientFactory} that will produce one.
+ * @throws SaslException if a {@link SaslClient} cannot be created because
+ * of an error.
+ */
+ public static SaslClient createSaslClient(String[] mechanisms,
+ String authorizationID,
+ String protocol,
+ String serverName, Map props,
+ CallbackHandler cbh)
+ throws SaslException
+ {
+ if (mechanisms == null)
+ {
+ return null;
+ }
+ Provider[] providers = Security.getProviders();
+ if (providers == null || providers.length == 0)
+ {
+ return null;
+ }
+
+ SaslClient result = null;
+ SaslClientFactory factory = null;
+ String m, clazz = null, upper, alias;
+ int j;
+ Provider p;
+ for (int i = 0; i < mechanisms.length; i++)
+ {
+ m = mechanisms[i];
+ if (m == null)
+ continue;
+ for (j = 0; j < providers.length; j++)
+ {
+ p = providers[j];
+ if (p != null)
+ {
+ // try the name as is
+ clazz = p.getProperty(CLIENT_FACTORY_SVC + m);
+ if (clazz == null) // try all uppercase
+ {
+ upper = m.toUpperCase();
+ clazz = p.getProperty(CLIENT_FACTORY_SVC + upper);
+ if (clazz == null) // try if it's an alias
+ {
+ alias = p.getProperty(ALIAS + CLIENT_FACTORY_SVC + m);
+ if (alias == null) // try all-uppercase alias name
+ {
+ alias = p.getProperty(ALIAS + CLIENT_FACTORY_SVC + upper);
+ if (alias == null) // spit the dummy
+ continue;
+ }
+ clazz = p.getProperty(CLIENT_FACTORY_SVC + alias);
+ }
+ }
+ if (clazz == null)
+ continue;
+ else
+ clazz = clazz.trim();
+ }
+
+ try
+ {
+ result = null;
+ factory = (SaslClientFactory) Class.forName(clazz).newInstance();
+ result = factory.createSaslClient(mechanisms, authorizationID,
+ protocol, serverName, props, cbh);
+ }
+ catch (ClassCastException ignored) // ignore instantiation exceptions
+ {
+ }
+ catch (ClassNotFoundException ignored)
+ {
+ }
+ catch (InstantiationException ignored)
+ {
+ }
+ catch (IllegalAccessException ignored)
+ {
+ }
+ if (result != null)
+ return result;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Gets an enumeration of known factories for producing a {@link SaslClient}
+ * instance. This method uses the same sources for locating factories as
+ * <code>createSaslClient()</code>.
+ *
+ * @return a non-null {@link Enumeration} of known factories for producing a
+ * {@link SaslClient} instance.
+ * @see #createSaslClient(String[],String,String,String,Map,CallbackHandler)
+ */
+ public static Enumeration getSaslClientFactories()
+ {
+ Vector result = new Vector();
+ HashSet names = new HashSet();
+ Provider[] providers = Security.getProviders();
+ Iterator it;
+ if (providers == null)
+ {
+ Provider p;
+ String key;
+ for (int i = 0; i < providers.length; i++)
+ {
+ p = providers[i];
+ for (it = p.keySet().iterator(); it.hasNext(); )
+ {
+ key = (String) it.next();
+ // add key's binding (a) it is a class of a client factory,
+ // and (b) the key does not include blanks
+ if (key.startsWith(CLIENT_FACTORY_SVC) && key.indexOf(" ") == -1)
+ {
+ names.add(p.getProperty(key));
+ break;
+ }
+ }
+ }
+ }
+ // we have the factory class names in names; instantiate and enumerate
+ String c;
+ for (it = names.iterator(); it.hasNext(); )
+ {
+ c = (String) it.next();
+ try
+ {
+ SaslClientFactory f = (SaslClientFactory) Class.forName(c).newInstance();
+ if (f != null)
+ result.add(f);
+ } catch (ClassCastException ignored) { // ignore instantiation exceptions
+ } catch (ClassNotFoundException ignored) {
+ } catch (InstantiationException ignored) {
+ } catch (IllegalAccessException ignored) {
+ }
+ }
+
+ return result.elements();
+ }
+
+ /**
+ * <p>Creates a {@link SaslServer} for the specified mechanism.</p>
+ *
+ * <p>This method uses the JCA Security Provider Framework, described in the
+ * "Java Cryptography Architecture API Specification &amp; Reference", for
+ * locating and selecting a SaslServer implementation.</p>
+ *
+ * <p>First, it obtains an ordered list of {@link SaslServerFactory}
+ * instances from the registered security providers for the
+ * <code>"SaslServerFactory"</code> service and the specified mechanism. It
+ * then invokes <code>createSaslServer()</code> on each factory instance on
+ * the list until one produces a non-null {@link SaslServer} instance. It
+ * returns the non-null {@link SaslServer} instance, or <code>null</code> if
+ * the search fails to produce a non-null {@link SaslServer} instance.</p>
+ *
+ * <p>A security provider for {@link SaslServerFactory} registers with the
+ * JCA Security Provider Framework keys of the form:</p>
+ *
+ * <pre>
+ * SaslServerFactory.mechanism_name
+ * </pre>
+ *
+ * <p>and values that are class names of implementations of {@link
+ * SaslServerFactory}.</p>
+ *
+ * <p>For example, a provider that contains a factory class,
+ * <code>com.wiz.sasl.digest.ServerFactory</code>, that supports the
+ * <code>"DIGEST-MD5"</code> mechanism would register the following entry
+ * with the JCA:</p>
+ *
+ * <pre>
+ * SaslServerFactory.DIGEST-MD5 com.wiz.sasl.digest.ServerFactory
+ * </pre></p>
+ *
+ * <p>See the "Java Cryptography Architecture API Specification &amp;
+ * Reference" for information about how to install and configure security
+ * service providers.</p>
+ *
+ * @param mechanism the non-null mechanism name. It must be an
+ * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
+ * @param protocol the non-null string name of the protocol for which the
+ * authentication is being performed (e.g. "ldap").
+ * @param serverName the non-null fully qualified host name of the server.
+ * @param props the possibly <code>null</code> set of properties used to
+ * select the SASL mechanism and to configure the authentication exchange of
+ * the selected mechanism. For example, if props contains the {@link
+ * Sasl#POLICY_NOPLAINTEXT} property with the value <code>"true"</code>, then
+ * the selected SASL mechanism must not be susceptible to simple plain
+ * passive attacks. In addition to the standard properties declared in this
+ * class, other, possibly mechanism-specific, properties can be included.
+ * Properties not relevant to the selected mechanism are ignored.
+ * @param cbh the possibly <code>null</code> callback handler to used by the
+ * SASL mechanisms to get further information from the application/library to
+ * complete the authentication. For example, a SASL mechanism might require
+ * the authentication ID, password and realm from the caller. The
+ * authentication ID is requested by using a
+ * {@link javax.security.auth.callback.NameCallback}. The password is
+ * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
+ * The realm is requested by using a {@link RealmChoiceCallback} if there is
+ * a list of realms to choose from, and by using a {@link RealmCallback} if
+ * the realm must be entered.
+ * @return a possibly <code>null</code> {@link SaslServer} created using the
+ * parameters supplied. If <code>null</code>, the method cannot find a
+ * {@link SaslServerFactory} instance that will produce one.
+ * @throws SaslException if a {@link SaslServer} instance cannot be created
+ * because of an error.
+ */
+ public static SaslServer createSaslServer(String mechanism, String protocol,
+ String serverName,
+ Map props, CallbackHandler cbh)
+ throws SaslException
+ {
+ if (mechanism == null)
+ return null;
+ Provider[] providers = Security.getProviders();
+ if (providers == null || providers.length == 0)
+ return null;
+
+ SaslServer result = null;
+ SaslServerFactory factory = null;
+ String clazz = null, upper, alias = null;
+ int j;
+ Provider p;
+ for (j = 0; j < providers.length; j++)
+ {
+ p = providers[j];
+ if (p != null)
+ {
+ // try the name as is
+ clazz = p.getProperty(SERVER_FACTORY_SVC + mechanism);
+ if (clazz == null) // try all uppercase
+ {
+ upper = mechanism.toUpperCase();
+ clazz = p.getProperty(SERVER_FACTORY_SVC + upper);
+ if (clazz == null) // try if it's an alias
+ {
+ alias = p.getProperty(ALIAS + SERVER_FACTORY_SVC + mechanism);
+ if (alias == null) // try all-uppercase alias name
+ {
+ alias = p.getProperty(ALIAS + SERVER_FACTORY_SVC + upper);
+ if (alias == null) // spit the dummy
+ continue;
+ }
+ }
+ clazz = p.getProperty(SERVER_FACTORY_SVC + alias);
+ }
+ }
+ if (clazz == null)
+ continue;
+ else
+ clazz = clazz.trim();
+
+ try
+ {
+ result = null;
+ factory = (SaslServerFactory) Class.forName(clazz).newInstance();
+ result =
+ factory.createSaslServer(mechanism, protocol, serverName, props, cbh);
+ }
+ catch (ClassCastException ignored) // ignore instantiation exceptions
+ {
+ }
+ catch (ClassNotFoundException ignored)
+ {
+ }
+ catch (InstantiationException ignored)
+ {
+ }
+ catch (IllegalAccessException ignored)
+ {
+ }
+ if (result != null)
+ return result;
+ }
+ return null;
+ }
+
+ /**
+ * Gets an enumeration of known factories for producing a {@link SaslServer}
+ * instance. This method uses the same sources for locating factories as
+ * <code>createSaslServer()</code>.
+ *
+ * @return a non-null {@link Enumeration} of known factories for producing a
+ * {@link SaslServer} instance.
+ * @see #createSaslServer(String,String,String,Map,CallbackHandler)
+ */
+ public static Enumeration getSaslServerFactories()
+ {
+ Vector result = new Vector();
+ HashSet names = new HashSet();
+ Provider[] providers = Security.getProviders();
+ Iterator it;
+ if (providers == null)
+ {
+ Provider p;
+ String key;
+ for (int i = 0; i < providers.length; i++)
+ {
+ p = providers[i];
+ for (it = p.keySet().iterator(); it.hasNext(); )
+ {
+ key = (String) it.next();
+ // add key's binding (a) it is a class of a server factory,
+ // and (b) the key does not include blanks
+ if (key.startsWith(SERVER_FACTORY_SVC) && key.indexOf(" ") == -1)
+ {
+ names.add(p.getProperty(key));
+ break;
+ }
+ }
+ }
+ }
+ // we have the factory class names in names; instantiate and enumerate
+ String c;
+ for (it = names.iterator(); it.hasNext(); )
+ {
+ c = (String) it.next();
+ try
+ {
+ SaslServerFactory f = (SaslServerFactory) Class.forName(c).newInstance();
+ if (f != null)
+ result.add(f);
+ }
+ catch (ClassCastException ignored) // ignore instantiation exceptions
+ {
+ }
+ catch (ClassNotFoundException ignored)
+ {
+ }
+ catch (InstantiationException ignored)
+ {
+ }
+ catch (IllegalAccessException ignored)
+ {
+ }
+ }
+
+ return result.elements();
+ }
+}
diff --git a/libjava/javax/security/sasl/SaslClient.java b/libjava/javax/security/sasl/SaslClient.java
new file mode 100644
index 00000000000..ca95ced2554
--- /dev/null
+++ b/libjava/javax/security/sasl/SaslClient.java
@@ -0,0 +1,231 @@
+/* SaslClient.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpathis free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpathis distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+/**
+ * <p>Performs SASL authentication as a client.</p>
+ *
+ * <p>A protocol library such as one for LDAP gets an instance of this class in
+ * order to perform authentication defined by a specific SASL mechanism.
+ * Invoking methods on the <code>SaslClient</code> instance process challenges
+ * and create responses according to the SASL mechanism implemented by the
+ * <code>SaslClient</code>. As the authentication proceeds, the instance
+ * encapsulates the state of a SASL client's authentication exchange.</p>
+ *
+ * <p>Here's an example of how an LDAP library might use a <code>SaslClient</code>.
+ * It first gets an instance of a SaslClient:</p>
+ * <pre>
+ *SaslClient sc =
+ * Sasl.createSaslClient(mechanisms, authorizationID, protocol,
+ * serverName, props, callbackHandler);
+ * </pre>
+ *
+ * <p>It can then proceed to use the client for authentication. For example, an
+ * LDAP library might use the client as follows:</p>
+ * <pre>
+ * // Get initial response and send to server
+ *byte[] response = sc.hasInitialResponse()
+ * ? sc.evaluateChallenge(new byte[0]) : null;
+ *LdapResult res = ldap.sendBindRequest(dn, sc.getName(), response);
+ *while (!sc.isComplete()
+ * && ((res.status == SASL_BIND_IN_PROGRESS) || (res.status == SUCCESS))) {
+ * response = sc.evaluateChallenge( res.getBytes() );
+ * if (res.status == SUCCESS) {
+ * // we're done; don't expect to send another BIND
+ * if ( response != null ) {
+ * throw new SaslException(
+ * "Protocol error: attempting to send response after completion");
+ * }
+ * break;
+ * }
+ * res = ldap.sendBindRequest(dn, sc.getName(), response);
+ *}
+ *if (sc.isComplete() && (res.status == SUCCESS) ) {
+ * String qop = (String)sc.getNegotiatedProperty(Sasl.QOP);
+ * if ((qop != null)
+ * && (qop.equalsIgnoreCase("auth-int")
+ * || qop.equalsIgnoreCase("auth-conf"))) {
+ * // Use SaslClient.wrap() and SaslClient.unwrap() for future
+ * // communication with server
+ * ldap.in = new SecureInputStream(sc, ldap.in);
+ * ldap.out = new SecureOutputStream(sc, ldap.out);
+ * }
+ *}
+ * </pre>
+ *
+ * <p>If the mechanism has an initial response, the library invokes
+ * {@link #evaluateChallenge(byte[])} with an empty challenge to get the initial
+ * response. Protocols such as IMAP4, which do not include an initial response
+ * with their first authentication command to the server, initiate the
+ * authentication without first calling {@link #hasInitialResponse()} or
+ * {@link #evaluateChallenge(byte[])}. When the server responds to the command,
+ * it sends an initial challenge. For a SASL mechanism in which the client sends
+ * data first, the server should have issued a challenge with no data. This will
+ * then result in a call (on the client) to {@link #evaluateChallenge(byte[])}
+ * with an empty challenge.</p>
+ *
+ * @see Sasl
+ * @see SaslClientFactory
+ * @version $Revision: 1.1 $
+ */
+public interface SaslClient
+{
+
+ /**
+ * Returns the IANA-registered mechanism name of this SASL client. (e.g.
+ * "CRAM-MD5", "GSSAPI").
+ *
+ * @return a non-null string representing the IANA-registered mechanism name.
+ */
+ String getMechanismName();
+
+ /**
+ * Determines if this mechanism has an optional initial response. If
+ * <code>true</code>, caller should call {@link #evaluateChallenge(byte[])}
+ * with an empty array to get the initial response.
+ *
+ * @return <code>true</code> if this mechanism has an initial response.
+ */
+ boolean hasInitialResponse();
+
+ /**
+ * Evaluates the challenge data and generates a response. If a challenge is
+ * received from the server during the authentication process, this method is
+ * called to prepare an appropriate next response to submit to the server.
+ *
+ * @param challenge the non-null challenge sent from the server. The
+ * challenge array may have zero length.
+ * @return the possibly <code>null</code> reponse to send to the server. It
+ * is <code>null</code> if the challenge accompanied a "SUCCESS" status and
+ * the challenge only contains data for the client to update its state and no
+ * response needs to be sent to the server. The response is a zero-length
+ * byte array if the client is to send a response with no data.
+ * @throws SaslException if an error occurred while processing the challenge
+ * or generating a response.
+ */
+ byte[] evaluateChallenge(byte[] challenge) throws SaslException;
+
+ /**
+ * Determines if the authentication exchange has completed. This method may
+ * be called at any time, but typically, it will not be called until the
+ * caller has received indication from the server (in a protocol-specific
+ * manner) that the exchange has completed.
+ *
+ * @return <code>true</code> if the authentication exchange has completed;
+ * <code>false</code> otherwise.
+ */
+ boolean isComplete();
+
+ /**
+ * <p>Unwraps a byte array received from the server. This method can be
+ * called only after the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>) and only if the
+ * authentication exchange has negotiated integrity and/or privacy as the
+ * quality of protection; otherwise, an {@link IllegalStateException} is
+ * thrown.</p>
+ *
+ * <p><code>incoming</code> is the contents of the SASL buffer as defined in
+ * RFC 2222 without the leading four octet field that represents the length.
+ * <code>offset</code> and <code>len</code> specify the portion of incoming
+ * to use.</p>
+ *
+ * @param incoming a non-null byte array containing the encoded bytes from
+ * the server.
+ * @param offset the starting position at <code>incoming</code> of the bytes
+ * to use.
+ * @param len the number of bytes from <code>incoming</code> to use.
+ * @return a non-null byte array containing the decoded bytes.
+ * @throws SaslException if <code>incoming</code> cannot be successfully
+ * unwrapped.
+ * @throws IllegalStateException if the authentication exchange has not
+ * completed, or if the negotiated quality of protection has neither
+ * integrity nor privacy.
+ */
+ byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException;
+
+ /**
+ * <p>Wraps a byte array to be sent to the server. This method can be called
+ * only after the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>) and only if the
+ * authentication exchange has negotiated integrity and/or privacy as the
+ * quality of protection; otherwise, an {@link IllegalStateException} is
+ * thrown.</p>
+ *
+ * <p>The result of this method will make up the contents of the SASL buffer
+ * as defined in RFC 2222 without the leading four octet field that
+ * represents the length. <code>offset</code> and <code>len</code> specify
+ * the portion of <code>outgoing</code> to use.</p>
+ *
+ * @param outgoing a non-null byte array containing the bytes to encode.
+ * @param offset the starting position at <code>outgoing</code> of the bytes
+ * to use.
+ * @param len the number of bytes from <code>outgoing</code> to use.
+ * @return a non-null byte array containing the encoded bytes.
+ * @throws SaslException if <code>outgoing</code> cannot be successfully
+ * wrapped.
+ * @throws IllegalStateException if the authentication exchange has not
+ * completed, or if the negotiated quality of protection has neither
+ * integrity nor privacy.
+ */
+ byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException;
+
+ /**
+ * Retrieves the negotiated property. This method can be called only after
+ * the authentication exchange has completed (i.e., when {@link #isComplete()}
+ * returns <code>true</code>); otherwise, an {@link IllegalStateException} is
+ * thrown.
+ *
+ * @param propName the non-null property name.
+ * @return the value of the negotiated property. If <code>null</code>, the
+ * property was not negotiated or is not applicable to this mechanism.
+ * @throws IllegalStateException if this authentication exchange has not
+ * completed.
+ */
+ Object getNegotiatedProperty(String propName) throws SaslException;
+
+ /**
+ * Disposes of any system resources or security-sensitive information the
+ * <code>SaslClient</code> might be using. Invoking this method invalidates
+ * the <code>SaslClient</code> instance. This method is idempotent.
+ *
+ * @throws SaslException if a problem was encountered while disposing of the
+ * resources.
+ */
+ void dispose() throws SaslException;
+}
diff --git a/libjava/javax/security/sasl/SaslClientFactory.java b/libjava/javax/security/sasl/SaslClientFactory.java
new file mode 100644
index 00000000000..b67c7a324f0
--- /dev/null
+++ b/libjava/javax/security/sasl/SaslClientFactory.java
@@ -0,0 +1,117 @@
+/* SaslClientFactory.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+/**
+ * <p>An interface for creating instances of {@link SaslClient}. A class that
+ * implements this interface must be thread-safe and handle multiple
+ * simultaneous requests. It must also have a public constructor that accepts
+ * no arguments.</p>
+ *
+ * <p>This interface is not normally accessed directly by a client, which will
+ * use the {@link Sasl} static methods to create a client instance instead.
+ * However, a particular environment may provide and install a new or different
+ * <code>SaslClientFactory</code>.</p>
+ *
+ * @see SaslClient
+ * @see Sasl
+ * @version $Revision: 1.1 $
+ */
+public interface SaslClientFactory
+{
+
+ /**
+ * Creates a {@link SaslClient} using the parameters supplied.
+ *
+ * @param mechanisms the non-null list of mechanism names to try. Each is the
+ * IANA-registered name of a SASL mechanism (e.g. "GSSAPI", "CRAM-MD5").
+ * @param authorizationID the possibly null protocol-dependent identification
+ * to be used for authorization. If <code>null</code> or empty, the server
+ * derives an authorization ID from the client's authentication credentials.
+ * When the SASL authentication completes successfully, the specified entity
+ * is granted access.
+ * @param protocol the non-null string name of the protocol for which the
+ * authentication is being performed (e.g. "ldap").
+ * @param serverName the non-null fully qualified host name of the server to
+ * authenticate to.
+ * @param props the possibly <code>null</code> set of properties used to
+ * select the SASL mechanism and to configure the authentication exchange of
+ * the selected mechanism. See the {@link Sasl} class for a list of standard
+ * properties. Other, possibly mechanism-specific, properties can be included.
+ * Properties not relevant to the selected mechanism are ignored.
+ * @param cbh the possibly <code>null</code> callback handler to used by the
+ * SASL mechanisms to get further information from the application/library to
+ * complete the authentication. For example, a SASL mechanism might require
+ * the authentication ID, password and realm from the caller. The
+ * authentication ID is requested by using a
+ * {@link javax.security.auth.callback.NameCallback}. The password is
+ * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
+ * The realm is requested by using a {@link RealmChoiceCallback} if there is
+ * a list of realms to choose from, and by using a {@link RealmCallback} if
+ * the realm must be entered.
+ * @return a possibly <code>null</code> {@link SaslClient} created using the
+ * parameters supplied. If <code>null</code>, this factory cannot produce a
+ * {@link SaslClient} using the parameters supplied.
+ * @throws SaslException if a {@link SaslClient} instance cannot be created
+ * because of an error.
+ */
+ SaslClient createSaslClient(String[] mechanisms, String authorizationID,
+ String protocol, String serverName, Map props,
+ CallbackHandler cbh)
+ throws SaslException;
+
+ /**
+ * Returns an array of names of mechanisms that match the specified mechanism
+ * selection policies.
+ *
+ * @param props the possibly <code>null</code> set of properties used to
+ * specify the security policy of the SASL mechanisms. For example, if props
+ * contains the {@link Sasl#POLICY_NOPLAINTEXT} property with the value
+ * <code>"true"</code>, then the factory must not return any SASL mechanisms
+ * that are susceptible to simple plain passive attacks. See the {@link Sasl}
+ * class for a complete list of policy properties. Non-policy related
+ * properties, if present in props, are ignored.
+ * @return a non-null array containing IANA-registered SASL mechanism names.
+ */
+ String[] getMechanismNames(Map props);
+}
diff --git a/libjava/javax/security/sasl/SaslException.java b/libjava/javax/security/sasl/SaslException.java
new file mode 100644
index 00000000000..9ff091d6374
--- /dev/null
+++ b/libjava/javax/security/sasl/SaslException.java
@@ -0,0 +1,185 @@
+/* SaslException.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.io.Serializable;
+
+/**
+ * This class represents an error that has occurred when using SASL.
+ *
+ * @version $Revision: 1.1 $
+ */
+public class SaslException extends IOException implements Serializable
+{
+
+ // Constants and variables
+ // -------------------------------------------------------------------------
+
+ /**
+ * @serial The possibly null root cause exception.
+ */
+ private Throwable _exception = null;
+
+ // Constructor(s)
+ // -------------------------------------------------------------------------
+
+ /**
+ * Constructs a new instance of <code>SaslException</code>. The root
+ * exception and the detailed message are null.
+ */
+ public SaslException()
+ {
+ super();
+ }
+
+ /**
+ * Constructs a new instance of <code>SaslException</code> with a detailed
+ * message. The <code>root</code> exception is <code>null</code>.
+ *
+ * @param detail a possibly null string containing details of the exception.
+ * @see Throwable#getMessage()
+ */
+ public SaslException(String detail)
+ {
+ super(detail);
+ }
+
+ /**
+ * Constructs a new instance of <code>SaslException</code> with a detailed
+ * message and a root exception. For example, a <code>SaslException</code>
+ * might result from a problem with the callback handler, which might throw a
+ * {@link javax.security.auth.callback.UnsupportedCallbackException} if it
+ * does not support the requested callback, or throw an {@link IOException}
+ * if it had problems obtaining data for the callback. The
+ * <code>SaslException</code>'s root exception would be then be the exception
+ * thrown by the callback handler.
+ *
+ * @param detail a possibly <code>null</code> string containing details of
+ * the exception.
+ * @param ex a possibly <code>null</code> root exception that caused this
+ * exception.
+ * @see Throwable#getMessage()
+ * @see #getCause()
+ */
+ public SaslException(String detail, Throwable ex)
+ {
+ super(detail);
+ _exception = ex;
+ }
+
+ // Class methods
+ // -------------------------------------------------------------------------
+
+ // Instance methods
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the cause of this throwable or <code>null</code> if the cause is
+ * nonexistent or unknown. The cause is the throwable that caused this
+ * exception to be thrown.
+ *
+ * @return the possibly <code>null</code> exception that caused this exception.
+ */
+ public Throwable getCause()
+ {
+ return _exception;
+ }
+
+ /**
+ * Prints this exception's stack trace to <code>System.err</code>. If this
+ * exception has a root exception; the stack trace of the root exception is
+ * also printed to <code>System.err</code>.
+ */
+ public void printStackTrace()
+ {
+ super.printStackTrace();
+ if (_exception != null)
+ _exception.printStackTrace();
+ }
+
+ /**
+ * Prints this exception's stack trace to a print stream. If this exception
+ * has a root exception; the stack trace of the root exception is also
+ * printed to the print stream.
+ *
+ * @param ps the non-null print stream to which to print.
+ */
+ public void printStackTrace(PrintStream ps)
+ {
+ super.printStackTrace(ps);
+ if (_exception != null)
+ _exception.printStackTrace(ps);
+ }
+
+ /**
+ * Prints this exception's stack trace to a print writer. If this exception
+ * has a root exception; the stack trace of the root exception is also
+ * printed to the print writer.
+ *
+ * @param pw the non-null print writer to use for output.
+ */
+ public void printStackTrace(PrintWriter pw)
+ {
+ super.printStackTrace(pw);
+ if (_exception != null)
+ _exception.printStackTrace(pw);
+ }
+
+ /**
+ * Returns the string representation of this exception. The string
+ * representation contains this exception's class name, its detailed
+ * messsage, and if it has a root exception, the string representation of the
+ * root exception. This string representation is meant for debugging and not
+ * meant to be interpreted programmatically.
+ *
+ * @return the non-null string representation of this exception.
+ * @see Throwable#getMessage()
+ */
+ public String toString()
+ {
+ StringBuffer sb = new StringBuffer(this.getClass().getName())
+ .append(": ").append(super.toString());
+ if (_exception != null)
+ sb.append("; caused by: ").append(_exception.toString());
+ return sb.toString();
+ }
+}
diff --git a/libjava/javax/security/sasl/SaslServer.java b/libjava/javax/security/sasl/SaslServer.java
new file mode 100644
index 00000000000..3f0d79d4412
--- /dev/null
+++ b/libjava/javax/security/sasl/SaslServer.java
@@ -0,0 +1,226 @@
+/* SasServer.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+/**
+ * <p>Performs SASL authentication as a server.</p>
+ *
+ * <p>A server such as an LDAP server gets an instance of this class in order to
+ * perform authentication defined by a specific SASL mechanism. Invoking methods
+ * on the <code>SaslServer</code> instance generates challenges corresponding to
+ * the SASL mechanism implemented by the <code>SaslServer</code> instance. As
+ * the authentication proceeds, the instance encapsulates the state of a SASL
+ * server's authentication exchange.</p>
+ *
+ * <p>Here's an example of how an LDAP server might use a <code>SaslServer</code>
+ * instance. It first gets an instance of a <code>SaslServer</code> for the SASL
+ * mechanism requested by the client:</p>
+ *
+ * <pre>
+ *SaslServer ss =
+ * Sasl.createSaslServer(mechanism, "ldap", myFQDN, props, callbackHandler);
+ * </pre>
+ *
+ * <p>It can then proceed to use the server for authentication. For example,
+ * suppose the LDAP server received an LDAP BIND request containing the name of
+ * the SASL mechanism and an (optional) initial response. It then might use the
+ * server as follows:</p>
+ *
+ * <pre>
+ *while (!ss.isComplete()) {
+ * try {
+ * byte[] challenge = ss.evaluateResponse(response);
+ * if (ss.isComplete()) {
+ * status = ldap.sendBindResponse(mechanism, challenge, SUCCESS);
+ * } else {
+ * status = ldap.sendBindResponse(mechanism, challenge, SASL_BIND_IN_PROGRESS);
+ * response = ldap.readBindRequest();
+ * }
+ * } catch (SaslException x) {
+ * status = ldap.sendErrorResponse(x);
+ * break;
+ * }
+ *}
+ *if (ss.isComplete() && (status == SUCCESS)) {
+ * String qop = (String) sc.getNegotiatedProperty(Sasl.QOP);
+ * if (qop != null
+ * && (qop.equalsIgnoreCase("auth-int")
+ * || qop.equalsIgnoreCase("auth-conf"))) {
+ * // Use SaslServer.wrap() and SaslServer.unwrap() for future
+ * // communication with client
+ * ldap.in = new SecureInputStream(ss, ldap.in);
+ * ldap.out = new SecureOutputStream(ss, ldap.out);
+ * }
+ *}
+ * </pre>
+ *
+ * @see Sasl
+ * @see SaslServerFactory
+ * @version $Revision: 1.1 $
+ */
+public interface SaslServer
+{
+
+ /**
+ * Returns the IANA-registered mechanism name of this SASL server (e.g.
+ * "CRAM-MD5", "GSSAPI").
+ *
+ * @return a non-null string representing the IANA-registered mechanism name.
+ */
+ String getMechanismName();
+
+ /**
+ * Evaluates the response data and generates a challenge. If a response is
+ * received from the client during the authentication process, this method is
+ * called to prepare an appropriate next challenge to submit to the client.
+ * The challenge is <code>null</code> if the authentication has succeeded and
+ * no more challenge data is to be sent to the client. It is non-null if the
+ * authentication must be continued by sending a challenge to the client, or
+ * if the authentication has succeeded but challenge data needs to be
+ * processed by the client. {@link #isComplete()} should be called after each
+ * call to <code>evaluateResponse()</code>,to determine if any further
+ * response is needed from the client.
+ *
+ * @param response the non-null (but possibly empty) response sent by the
+ * client.
+ * @return the possibly <code>null</code> challenge to send to the client.
+ * It is <code>null</code> if the authentication has succeeded and there is
+ * no more challenge data to be sent to the client.
+ * @throws SaslException if an error occurred while processing the response
+ * or generating a challenge.
+ */
+ byte[] evaluateResponse(byte[] response) throws SaslException;
+
+ /**
+ * Determines if the authentication exchange has completed. This method is
+ * typically called after each invocation of {@link #evaluateResponse(byte[])}
+ * to determine whether the authentication has completed successfully or
+ * should be continued.
+ *
+ * @return <code>true</code> if the authentication exchange has completed;
+ * <code>false</code> otherwise.
+ */
+ boolean isComplete();
+
+ /**
+ * Reports the authorization ID in effect for the client of this session This
+ * method can only be called if {@link #isComplete()} returns <code>true</code>.
+ *
+ * @return the authorization ID of the client.
+ * @throws IllegalStateException if this authentication session has not
+ * completed.
+ */
+ String getAuthorizationID();
+
+ /**
+ * <p>Unwraps a byte array received from the client. This method can be called
+ * only after the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>) and only if the
+ * authentication exchange has negotiated integrity and/or privacy as the
+ * quality of protection; otherwise, an {@link IllegalStateException} is
+ * thrown.</p>
+ *
+ * <p><code>incoming</code> is the contents of the SASL buffer as defined in
+ * RFC 2222 without the leading four octet field that represents the length.
+ * <code>offset</code> and <code>len</code> specify the portion of incoming
+ * to use.</p>
+ *
+ * @param incoming a non-null byte array containing the encoded bytes from
+ * the client.
+ * @param offset the starting position at <code>incoming</code> of the bytes
+ * to use.
+ * @param len the number of bytes from <code>incoming</code> to use.
+ * @return a non-null byte array containing the decoded bytes.
+ * @throws SaslException if <code>incoming</code> cannot be successfully
+ * unwrapped.
+ * @throws IllegalStateException if the authentication exchange has not
+ * completed, or if the negotiated quality of protection has neither
+ * integrity nor privacy.
+ */
+ byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException;
+
+ /**
+ * <p>Wraps a byte array to be sent to the client. This method can be called
+ * only after the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>) and only if the
+ * authentication exchange has negotiated integrity and/or privacy as the
+ * quality of protection; otherwise, an {@link IllegalStateException} is
+ * thrown.</p>
+ *
+ * <p>The result of this method will make up the contents of the SASL buffer
+ * as defined in RFC 2222 without the leading four octet field that
+ * represents the length. <code>offset</code> and <code>len</code> specify
+ * the portion of <code>outgoing</code> to use.
+ *
+ * @param outgoing a non-null byte array containing the bytes to encode.
+ * @param offset the starting position at <code>outgoing</code> of the bytes
+ * to use.
+ * @param len the number of bytes from <code>outgoing</code> to use.
+ * @return a non-null byte array containing the encoded bytes.
+ * @throws SaslException if <code>outgoing</code> cannot be successfully
+ * wrapped.
+ * @throws IllegalStateException if the authentication exchange has not
+ * completed, or if the negotiated quality of protection has neither
+ * integrity nor privacy.
+ */
+ byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException;
+
+ /**
+ * Retrieves the negotiated property. This method can be called only after
+ * the authentication exchange has completed (i.e., when
+ * {@link #isComplete()} returns <code>true</code>); otherwise, an
+ * {@link IllegalStateException} is thrown.
+ *
+ * @return the value of the negotiated property. If <code>null</code>, the
+ * property was not negotiated or is not applicable to this mechanism.
+ * @throws IllegalStateException if this authentication exchange has not
+ * completed.
+ */
+ Object getNegotiatedProperty(String propName) throws SaslException;
+
+ /**
+ * Disposes of any system resources or security-sensitive information the
+ * <code>SaslServer</code> might be using. Invoking this method invalidates
+ * the <code>SaslServer</code> instance. This method is idempotent.
+ *
+ * @throws SaslException if a problem was encountered while disposing of the
+ * resources.
+ */
+ void dispose() throws SaslException;
+}
diff --git a/libjava/javax/security/sasl/SaslServerFactory.java b/libjava/javax/security/sasl/SaslServerFactory.java
new file mode 100644
index 00000000000..b9387bbeed1
--- /dev/null
+++ b/libjava/javax/security/sasl/SaslServerFactory.java
@@ -0,0 +1,114 @@
+/* SaslServerFactory.java
+ Copyright (C) 2003, Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation Inc., 59 Temple Place - Suite 330, Boston, MA
+02111-1307 USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.security.sasl;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+/**
+ * <p>An interface for creating instances of {@link SaslServer}. A class that
+ * implements this interface must be thread-safe and handle multiple
+ * simultaneous requests. It must also have a public constructor that accepts
+ * no arguments.</p>
+ *
+ * This interface is not normally accessed directly by a server, which will use
+ * the {@link Sasl} static methods to create a {@link SaslServer} instance
+ * instead. However, a particular environment may provide and install a new or
+ * different <code>SaslServerFactory</code>.</p>
+ *
+ * @see SaslServer
+ * @see Sasl
+ * @version $Revision: 1.1 $
+ */
+public interface SaslServerFactory
+{
+
+ /**
+ * Creates a {@link SaslServer} instance using the parameters supplied. It
+ * returns <code>null</code> if no {@link SaslServer} instance can be created
+ * using the parameters supplied. Throws {@link SaslException} if it cannot
+ * create a {@link SaslServer} because of an error.
+ *
+ * @param mechanism the non-null IANA-registered name of a SASL mechanism
+ * (e.g. "GSSAPI", "CRAM-MD5").
+ * @param protocol the non-null string name of the protocol for which the
+ * authentication is being performed (e.g. "ldap").
+ * @param serverName the non-null fully qualified host name of the server to
+ * authenticate to.
+ * @param props the possibly null set of properties used to select the SASL
+ * mechanism and to configure the authentication exchange of the selected
+ * mechanism. See the {@link Sasl} class for a list of standard properties.
+ * Other, possibly mechanism-specific, properties can be included. Properties
+ * not relevant to the selected mechanism are ignored.
+ * @param cbh the possibly null callback handler to used by the SASL
+ * mechanisms to get further information from the application/library to
+ * complete the authentication. For example, a SASL mechanism might require
+ * the authentication ID, password and realm from the caller. The
+ * authentication ID is requested by using a
+ * {@link javax.security.auth.callback.NameCallback}. The password is
+ * requested by using a {@link javax.security.auth.callback.PasswordCallback}.
+ * The realm is requested by using a {@link RealmChoiceCallback} if there is
+ * a list of realms to choose from, and by using a {@link RealmCallback} if
+ * the realm must be entered.
+ * @return a possibly null {@link SaslServer} created using the parameters
+ * supplied. If <code>null</code> is returned, it means that this factory
+ * cannot produce a {@link SaslServer} using the parameters supplied.
+ * @throws SaslException if a SaslServer instance cannot be created because
+ * of an error.
+ */
+ SaslServer createSaslServer(String mechanism, String protocol,
+ String serverName, Map props, CallbackHandler cbh)
+ throws SaslException;
+
+ /**
+ * Returns an array of names of mechanisms that match the specified mechanism
+ * selection policies.
+ *
+ * @param props the possibly <code>null</code> set of properties used to
+ * specify the security policy of the SASL mechanisms. For example, if props
+ * contains the {@link Sasl#POLICY_NOPLAINTEXT} property with the value
+ * <code>"true"</code>, then the factory must not return any SASL mechanisms
+ * that are susceptible to simple plain passive attacks. See the {@link Sasl}
+ * class for a complete list of policy properties. Non-policy related
+ * properties, if present in props, are ignored.
+ * @return a non-null array containing IANA-registered SASL mechanism names.
+ */
+ String[] getMechanismNames(Map props);
+}
View Lorry Controller Status