geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From djen...@apache.org
Subject svn commit: r291352 [10/10] - in /geronimo/trunk: applications/console-core/ applications/console-ear/src/plan/ applications/console-standard/src/java/org/apache/geronimo/console/util/ applications/console-standard/src/webapp/WEB-INF/ assemblies/j2ee-s...
Date Sun, 25 Sep 2005 00:32:39 GMT
Added: geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CRLObject.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CRLObject.java?rev=291352&view=auto
==============================================================================
--- geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CRLObject.java
(added)
+++ geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CRLObject.java
Sat Sep 24 17:31:10 2005
@@ -0,0 +1,388 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.util.jce.provider;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CRLException;
+import java.security.cert.Certificate;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CRLEntry;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.geronimo.util.asn1.ASN1OutputStream;
+import org.apache.geronimo.util.asn1.DERObjectIdentifier;
+import org.apache.geronimo.util.asn1.DEROutputStream;
+import org.apache.geronimo.util.asn1.x509.CertificateList;
+import org.apache.geronimo.util.asn1.x509.TBSCertList;
+import org.apache.geronimo.util.asn1.x509.X509Extension;
+import org.apache.geronimo.util.asn1.x509.X509Extensions;
+import org.apache.geronimo.util.jce.X509Principal;
+
+/**
+ * The following extensions are listed in RFC 2459 as relevant to CRLs
+ *
+ * Authority Key Identifier
+ * Issuer Alternative Name
+ * CRL Number
+ * Delta CRL Indicator (critical)
+ * Issuing Distribution Point (critical)
+ */
+public class X509CRLObject
+    extends X509CRL
+{
+    private CertificateList c;
+
+    public X509CRLObject(
+        CertificateList c)
+    {
+        this.c = c;
+    }
+
+    /**
+     * Will return true if any extensions are present and marked
+     * as critical as we currently dont handle any extensions!
+     */
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        Set extns = getCriticalExtensionOIDs();
+        if ( extns != null && !extns.isEmpty() )
+        {
+            return true;
+        }
+
+        return false;
+    }
+
+    private Set getExtensionOIDs(boolean critical)
+    {
+        if (this.getVersion() == 2)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertList().getExtensions();
+            Enumeration     e = extensions.oids();
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension       ext = extensions.getExtension(oid);
+
+                if (critical == ext.isCritical())
+                {
+                    set.add(oid.getId());
+                }
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+
+    public Set getCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(true);
+    }
+
+    public Set getNonCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(false);
+    }
+
+    public byte[] getExtensionValue(String oid)
+    {
+        X509Extensions exts = c.getTBSCertList().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+                DEROutputStream dOut = new DEROutputStream(bOut);
+
+                try
+                {
+                    dOut.writeObject(ext.getValue());
+
+                    return bOut.toByteArray();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.toString());
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getEncoded()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CRLException(e.toString());
+        }
+    }
+
+    public void verify(PublicKey key)
+        throws CRLException,  NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException,
+        SignatureException
+    {
+        verify(key, "BC");
+    }
+
+    public void verify(PublicKey key, String sigProvider)
+        throws CRLException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException,
+        SignatureException
+    {
+        if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
+        {
+            throw new CRLException("Signature algorithm on CertifcateList does not match
TBSCertList.");
+        }
+
+        Signature sig = Signature.getInstance(getSigAlgName(), sigProvider);
+
+        sig.initVerify(key);
+        sig.update(this.getTBSCertList());
+        if ( !sig.verify(this.getSignature()) )
+        {
+            throw new SignatureException("CRL does not verify with supplied public key.");
+        }
+    }
+
+    public int getVersion()
+    {
+        return c.getVersion();
+    }
+
+    public Principal getIssuerDN()
+    {
+        return new X509Principal(c.getIssuer());
+    }
+
+    public X500Principal getIssuerX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getIssuer());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Date getThisUpdate()
+    {
+        return c.getThisUpdate().getDate();
+    }
+
+    public Date getNextUpdate()
+    {
+        if (c.getNextUpdate() != null)
+        {
+            return c.getNextUpdate().getDate();
+        }
+
+        return null;
+    }
+
+    public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
+    {
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
+                    return new X509CRLEntryObject(certs[i]);
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public Set getRevokedCertificates()
+    {
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            HashSet set = new HashSet();
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                set.add(new X509CRLEntryObject(certs[i]));
+
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+
+    public byte[] getTBSCertList()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c.getTBSCertList());
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CRLException(e.toString());
+        }
+    }
+
+    public byte[] getSignature()
+    {
+        return c.getSignature().getBytes();
+    }
+
+    public String getSigAlgName()
+    {
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+            if ( algName != null )
+            {
+                return algName;
+            }
+        }
+
+        return this.getSigAlgOID();
+    }
+
+    public String getSigAlgOID()
+    {
+        return c.getSignatureAlgorithm().getObjectId().getId();
+    }
+
+    public byte[] getSigAlgParams()
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+
+        if ( c.getSignatureAlgorithm().getParameters() != null )
+        {
+            try
+            {
+                DEROutputStream    dOut = new DEROutputStream(bOut);
+
+                dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("exception getting sig parameters " + e);
+            }
+
+            return bOut.toByteArray();
+        }
+
+        return null;
+    }
+
+    /**
+     * Returns a string representation of this CRL.
+     *
+     * @return a string representation of this CRL.
+     */
+    public String toString()
+    {
+        return "X.509 CRL";
+    }
+
+    /**
+     * Checks whether the given certificate is on this CRL.
+     *
+     * @param cert the certificate to check for.
+     * @return true if the given certificate is on this CRL,
+     * false otherwise.
+     */
+    public boolean isRevoked(Certificate cert)
+    {
+        if ( !cert.getType().equals("X.509") )
+        {
+            throw new RuntimeException("X.509 CRL used with non X.509 Cert");
+        }
+
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            BigInteger serial = ((X509Certificate)cert).getSerialNumber();
+
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                if ( certs[i].getUserCertificate().getValue().equals(serial) )
+                {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+}
+

Added: geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CertificateObject.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CertificateObject.java?rev=291352&view=auto
==============================================================================
--- geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CertificateObject.java
(added)
+++ geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CertificateObject.java
Sat Sep 24 17:31:10 2005
@@ -0,0 +1,727 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.util.jce.provider;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.geronimo.util.asn1.*;
+import org.apache.geronimo.util.asn1.misc.MiscObjectIdentifiers;
+import org.apache.geronimo.util.asn1.misc.NetscapeCertType;
+import org.apache.geronimo.util.asn1.misc.NetscapeRevocationURL;
+import org.apache.geronimo.util.asn1.misc.VerisignCzagExtension;
+import org.apache.geronimo.util.asn1.util.ASN1Dump;
+import org.apache.geronimo.util.asn1.x509.BasicConstraints;
+import org.apache.geronimo.util.asn1.x509.KeyUsage;
+import org.apache.geronimo.util.asn1.x509.X509CertificateStructure;
+import org.apache.geronimo.util.asn1.x509.X509Extension;
+import org.apache.geronimo.util.asn1.x509.X509Extensions;
+import org.apache.geronimo.util.jce.X509Principal;
+import org.apache.geronimo.util.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.apache.geronimo.util.encoders.Hex;
+
+public class X509CertificateObject
+    extends X509Certificate
+    implements PKCS12BagAttributeCarrier
+{
+    private X509CertificateStructure    c;
+    private Hashtable                   pkcs12Attributes = new Hashtable();
+    private Vector                      pkcs12Ordering = new Vector();
+
+    public X509CertificateObject(
+        X509CertificateStructure    c)
+    {
+        this.c = c;
+    }
+
+    public void checkValidity()
+        throws CertificateExpiredException, CertificateNotYetValidException
+    {
+        this.checkValidity(new Date());
+    }
+
+    public void checkValidity(
+        Date    date)
+        throws CertificateExpiredException, CertificateNotYetValidException
+    {
+        if (date.after(this.getNotAfter()))
+        {
+            throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime());
+        }
+
+        if (date.before(this.getNotBefore()))
+        {
+            throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime());
+        }
+    }
+
+    public int getVersion()
+    {
+        return c.getVersion();
+    }
+
+    public BigInteger getSerialNumber()
+    {
+        return c.getSerialNumber().getValue();
+    }
+
+    public Principal getIssuerDN()
+    {
+        return new X509Principal(c.getIssuer());
+    }
+
+    public X500Principal getIssuerX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getIssuer());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Principal getSubjectDN()
+    {
+        return new X509Principal(c.getSubject());
+    }
+
+    public X500Principal getSubjectX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getSubject());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN");
+        }
+    }
+
+    public Date getNotBefore()
+    {
+        return c.getStartDate().getDate();
+    }
+
+    public Date getNotAfter()
+    {
+        return c.getEndDate().getDate();
+    }
+
+    public byte[] getTBSCertificate()
+        throws CertificateEncodingException
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c.getTBSCertificate());
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CertificateEncodingException(e.toString());
+        }
+    }
+
+    public byte[] getSignature()
+    {
+        return c.getSignature().getBytes();
+    }
+
+    /**
+     * return a more "meaningful" representation for the signature algorithm used in
+     * the certficate.
+     */
+    public String getSigAlgName()
+    {
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+            if (algName != null)
+            {
+                return algName;
+            }
+        }
+
+        return this.getSigAlgOID();
+    }
+
+    /**
+     * return the object identifier for the signature.
+     */
+    public String getSigAlgOID()
+    {
+        return c.getSignatureAlgorithm().getObjectId().getId();
+    }
+
+    /**
+     * return the signature parameters, or null if there aren't any.
+     */
+    public byte[] getSigAlgParams()
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+
+        if (c.getSignatureAlgorithm().getParameters() != null)
+        {
+            try
+            {
+                DEROutputStream         dOut = new DEROutputStream(bOut);
+
+                dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("exception getting sig parameters " + e);
+            }
+
+            return bOut.toByteArray();
+        }
+        else
+        {
+            return null;
+        }
+    }
+
+    public boolean[] getIssuerUniqueID()
+    {
+        DERBitString    id = c.getTBSCertificate().getIssuerUniqueId();
+
+        if (id != null)
+        {
+            byte[]          bytes = id.getBytes();
+            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+            for (int i = 0; i != boolId.length; i++)
+            {
+                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return boolId;
+        }
+
+        return null;
+    }
+
+    public boolean[] getSubjectUniqueID()
+    {
+        DERBitString    id = c.getTBSCertificate().getSubjectUniqueId();
+
+        if (id != null)
+        {
+            byte[]          bytes = id.getBytes();
+            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+            for (int i = 0; i != boolId.length; i++)
+            {
+                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return boolId;
+        }
+
+        return null;
+    }
+
+    public boolean[] getKeyUsage()
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.15");
+        int     length = 0;
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                DERBitString    bits = (DERBitString)dIn.readObject();
+
+                bytes = bits.getBytes();
+                length = (bytes.length * 8) - bits.getPadBits();
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("error processing key usage extension");
+            }
+
+            boolean[]       keyUsage = new boolean[(length < 9) ? 9 : length];
+
+            for (int i = 0; i != length; i++)
+            {
+                keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return keyUsage;
+        }
+
+        return null;
+    }
+
+    public List getExtendedKeyUsage()
+        throws CertificateParsingException
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.37");
+        int     length = 0;
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
+                ArrayList       list = new ArrayList();
+
+                for (int i = 0; i != seq.size(); i++)
+                {
+                    list.add(((DERObjectIdentifier)seq.getObjectAt(i)).getId());
+                }
+
+                return Collections.unmodifiableList(list);
+            }
+            catch (Exception e)
+            {
+                throw new CertificateParsingException("error processing extended key usage
extension");
+            }
+        }
+
+        return null;
+    }
+
+    public int getBasicConstraints()
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.19");
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
+
+                if (seq.size() == 2)
+                {
+                    if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+                    {
+                        return ((DERInteger)seq.getObjectAt(1)).getValue().intValue();
+                    }
+                    else
+                    {
+                        return -1;
+                    }
+                }
+                else if (seq.size() == 1)
+                {
+                    if (seq.getObjectAt(0) instanceof DERBoolean)
+                    {
+                        if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+                        {
+                            return Integer.MAX_VALUE;
+                        }
+                        else
+                        {
+                            return -1;
+                        }
+                    }
+                    else
+                    {
+                        return -1;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("error processing key usage extension");
+            }
+        }
+
+        return -1;
+    }
+
+    public Set getCriticalExtensionOIDs()
+    {
+        if (this.getVersion() == 3)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (ext.isCritical())
+                    {
+                        set.add(oid.getId());
+                    }
+                }
+
+                return set;
+            }
+        }
+
+        return null;
+    }
+
+    private byte[] getExtensionBytes(String oid)
+    {
+        X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+            if (ext != null)
+            {
+                return ext.getValue().getOctets();
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getExtensionValue(String oid)
+    {
+        X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+                DEROutputStream            dOut = new DEROutputStream(bOut);
+
+                try
+                {
+                    dOut.writeObject(ext.getValue());
+
+                    return bOut.toByteArray();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.toString());
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public Set getNonCriticalExtensionOIDs()
+    {
+        if (this.getVersion() == 3)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (!ext.isCritical())
+                    {
+                        set.add(oid.getId());
+                    }
+                }
+
+                return set;
+            }
+        }
+
+        return null;
+    }
+
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        if (this.getVersion() == 3)
+        {
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    if (oid.getId().equals("2.5.29.15")
+                       || oid.getId().equals("2.5.29.19"))
+                    {
+                        continue;
+                    }
+
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (ext.isCritical())
+                    {
+                        return true;
+                    }
+                }
+            }
+        }
+
+        return false;
+    }
+
+    public PublicKey getPublicKey()
+    {
+        return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
+    }
+
+    public byte[] getEncoded()
+        throws CertificateEncodingException
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw new CertificateEncodingException(e.toString());
+        }
+    }
+
+    public void setBagAttribute(
+        DERObjectIdentifier oid,
+        DEREncodable        attribute)
+    {
+        pkcs12Attributes.put(oid, attribute);
+        pkcs12Ordering.addElement(oid);
+    }
+
+    public DEREncodable getBagAttribute(
+        DERObjectIdentifier oid)
+    {
+        return (DEREncodable)pkcs12Attributes.get(oid);
+    }
+
+    public Enumeration getBagAttributeKeys()
+    {
+        return pkcs12Ordering.elements();
+    }
+
+    public String toString()
+    {
+        StringBuffer    buf = new StringBuffer();
+        String          nl = System.getProperty("line.separator");
+
+        buf.append("  [0]         Version: " + this.getVersion() + nl);
+        buf.append("         SerialNumber: " + this.getSerialNumber() + nl);
+        buf.append("             IssuerDN: " + this.getIssuerDN() + nl);
+        buf.append("           Start Date: " + this.getNotBefore() + nl);
+        buf.append("           Final Date: " + this.getNotAfter() + nl);
+        buf.append("            SubjectDN: " + this.getSubjectDN() + nl);
+        buf.append("           Public Key: " + this.getPublicKey() + nl);
+        buf.append("  Signature Algorithm: " + this.getSigAlgName() + nl);
+
+        byte[]  sig = this.getSignature();
+
+        buf.append("            Signature: " + new String(Hex.encode(sig, 0, 20)) + nl);
+        for (int i = 20; i < sig.length; i += 20)
+        {
+            if (i < sig.length - 20)
+            {
+                buf.append("                       " + new String(Hex.encode(sig, i, 20))
+ nl);
+            }
+            else
+            {
+                buf.append("                       " + new String(Hex.encode(sig, i, sig.length
- i)) + nl);
+            }
+        }
+
+        X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+        if (extensions != null)
+        {
+            Enumeration     e = extensions.oids();
+
+            if (e.hasMoreElements())
+            {
+                buf.append("       Extensions: \n");
+            }
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension           ext = extensions.getExtension(oid);
+
+                if (ext.getValue() != null)
+                {
+                    byte[]                  octs = ext.getValue().getOctets();
+                    ByteArrayInputStream    bIn = new ByteArrayInputStream(octs);
+                    ASN1InputStream         dIn = new ASN1InputStream(bIn);
+                    buf.append("                       critical(" + ext.isCritical() + ")
");
+                    try
+                    {
+                        if (oid.equals(X509Extensions.BasicConstraints))
+                        {
+                            buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject())
+ nl);
+                        }
+                        else if (oid.equals(X509Extensions.KeyUsage))
+                        {
+                            buf.append(new KeyUsage((DERBitString)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.netscapeCertType))
+                        {
+                            buf.append(new NetscapeCertType((DERBitString)dIn.readObject())
+ nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL))
+                        {
+                            buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject())
+ nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension))
+                        {
+                            buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject())
+ nl);
+                        }
+                        else
+                        {
+                            buf.append(oid.getId());
+                            buf.append(" value = " + ASN1Dump.dumpAsString(dIn.readObject())
+ nl);
+                            //buf.append(" value = " + "*****" + nl);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        buf.append(oid.getId());
+                   //     buf.append(" value = " + new String(Hex.encode(ext.getValue().getOctets()))
+ nl);
+                        buf.append(" value = " + "*****" + nl);
+                    }
+                }
+                else
+                {
+                    buf.append(nl);
+                }
+            }
+        }
+
+        return buf.toString();
+    }
+
+    public final void verify(
+        PublicKey   key)
+        throws CertificateException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException, SignatureException
+    {
+        Signature   signature = null;
+
+        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        {
+            throw new CertificateException("signature algorithm in TBS cert not same as outer
cert");
+        }
+
+        try
+        {
+            signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId(),
"BC");
+        }
+        catch (Exception e)
+        {
+            signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId());
+        }
+
+        signature.initVerify(key);
+
+        signature.update(this.getTBSCertificate());
+
+        if (!signature.verify(this.getSignature()))
+        {
+            throw new InvalidKeyException("Public key presented not for certificate signature");
+        }
+    }
+
+    public final void verify(
+        PublicKey   key,
+        String      sigProvider)
+        throws CertificateException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException, SignatureException
+    {
+        Signature signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId(),
sigProvider);
+
+        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        {
+            throw new CertificateException("signature algorithm in TBS cert not same as outer
cert");
+        }
+
+        signature.initVerify(key);
+
+        signature.update(this.getTBSCertificate());
+
+        if (!signature.verify(this.getSignature()))
+        {
+            throw new InvalidKeyException("Public key presented not for certificate signature");
+        }
+    }
+}

Modified: geronimo/trunk/sandbox/spring-assembly/src/conf/server-gbean.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/spring-assembly/src/conf/server-gbean.xml?rev=291352&r1=291351&r2=291352&view=diff
==============================================================================
--- geronimo/trunk/sandbox/spring-assembly/src/conf/server-gbean.xml (original)
+++ geronimo/trunk/sandbox/spring-assembly/src/conf/server-gbean.xml Sat Sep 24 17:31:10 2005
@@ -91,9 +91,6 @@
         <uri>geronimo-spec/jars/geronimo-spec-corba-2.3-rc4.jar</uri>
     </dependency>
     <dependency>
-        <uri>bouncycastle/jars/bcprov-jdk14-124.jar</uri>
-    </dependency>
-    <dependency>
         <uri>avalon/jars/avalon-framework-4.1.4.jar</uri>
     </dependency>
     <dependency>



Mime
View raw message