geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ke...@apache.org
Subject svn commit: r617610 [13/13] - in /geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto: ./ asn1/ asn1/cryptopro/ asn1/misc/ asn1/oiw/ asn1/pkcs/ asn1/sec/ asn1/util/ asn1/x509/ asn1/x9/ crypto/ crypto/digests...
Date Fri, 01 Feb 2008 19:02:36 GMT
Added: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java?rev=617610&view=auto
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java (added)
+++ geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java Fri Feb  1 11:01:39 2008
@@ -0,0 +1,480 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.crypto.jce.provider;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactorySpi;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+import javax.crypto.interfaces.DHPrivateKey;
+import javax.crypto.interfaces.DHPublicKey;
+import javax.crypto.spec.DHPrivateKeySpec;
+import javax.crypto.spec.DHPublicKeySpec;
+
+import org.apache.geronimo.crypto.asn1.ASN1InputStream;
+import org.apache.geronimo.crypto.asn1.ASN1Sequence;
+import org.apache.geronimo.crypto.asn1.cryptopro.CryptoProObjectIdentifiers;
+import org.apache.geronimo.crypto.asn1.oiw.OIWObjectIdentifiers;
+import org.apache.geronimo.crypto.asn1.pkcs.PKCSObjectIdentifiers;
+import org.apache.geronimo.crypto.asn1.pkcs.PrivateKeyInfo;
+import org.apache.geronimo.crypto.asn1.pkcs.RSAPrivateKeyStructure;
+import org.apache.geronimo.crypto.asn1.x509.AlgorithmIdentifier;
+import org.apache.geronimo.crypto.asn1.x509.SubjectPublicKeyInfo;
+import org.apache.geronimo.crypto.asn1.x509.X509ObjectIdentifiers;
+import org.apache.geronimo.crypto.asn1.x9.X9ObjectIdentifiers;
+import org.apache.geronimo.crypto.jce.provider.JCEDHPrivateKey;
+import org.apache.geronimo.crypto.jce.provider.JCEDHPublicKey;
+
+public abstract class JDKKeyFactory
+    extends KeyFactorySpi
+{
+    public JDKKeyFactory()
+    {
+    }
+
+    protected KeySpec engineGetKeySpec(
+        Key    key,
+        Class    spec)
+    throws InvalidKeySpecException
+    {
+       if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8"))
+       {
+               return new PKCS8EncodedKeySpec(key.getEncoded());
+       }
+       else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509"))
+       {
+               return new X509EncodedKeySpec(key.getEncoded());
+       }
+       else if (spec.isAssignableFrom(RSAPublicKeySpec.class) && key instanceof RSAPublicKey)
+       {
+            RSAPublicKey    k = (RSAPublicKey)key;
+
+            return new RSAPublicKeySpec(k.getModulus(), k.getPublicExponent());
+       }
+       else if (spec.isAssignableFrom(RSAPrivateKeySpec.class) && key instanceof RSAPrivateKey)
+       {
+            RSAPrivateKey    k = (RSAPrivateKey)key;
+
+            return new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent());
+       }
+       else if (spec.isAssignableFrom(RSAPrivateCrtKeySpec.class) && key instanceof RSAPrivateCrtKey)
+       {
+            RSAPrivateCrtKey    k = (RSAPrivateCrtKey)key;
+
+            return new RSAPrivateCrtKeySpec(
+                            k.getModulus(), k.getPublicExponent(),
+                            k.getPrivateExponent(),
+                            k.getPrimeP(), k.getPrimeQ(),
+                            k.getPrimeExponentP(), k.getPrimeExponentQ(),
+                            k.getCrtCoefficient());
+       }
+       else if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey)
+       {
+           DHPrivateKey k = (DHPrivateKey)key;
+
+           return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG());
+       }
+       else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey)
+       {
+           DHPublicKey k = (DHPublicKey)key;
+
+           return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG());
+       }
+
+        throw new RuntimeException("not implemented yet " + key + " " + spec);
+    }
+
+    protected Key engineTranslateKey(
+        Key    key)
+        throws InvalidKeyException
+    {
+        if (key instanceof RSAPublicKey)
+        {
+            return new JCERSAPublicKey((RSAPublicKey)key);
+        }
+        else if (key instanceof RSAPrivateCrtKey)
+        {
+            return new JCERSAPrivateCrtKey((RSAPrivateCrtKey)key);
+        }
+        else if (key instanceof RSAPrivateKey)
+        {
+            return new JCERSAPrivateKey((RSAPrivateKey)key);
+        }
+        else if (key instanceof DHPublicKey)
+        {
+            return new JCEDHPublicKey((DHPublicKey)key);
+        }
+        else if (key instanceof DHPrivateKey)
+        {
+            return new JCEDHPrivateKey((DHPrivateKey)key);
+        }
+        else if (key instanceof DSAPublicKey)
+        {
+            return new JDKDSAPublicKey((DSAPublicKey)key);
+        }
+        else if (key instanceof DSAPrivateKey)
+        {
+            return new JDKDSAPrivateKey((DSAPrivateKey)key);
+        }
+        throw new InvalidKeyException("key type unknown");
+    }
+
+    /**
+     * create a public key from the given DER encoded input stream.
+     */
+    static PublicKey createPublicKeyFromDERStream(
+        InputStream         in)
+        throws IOException
+    {
+        return createPublicKeyFromPublicKeyInfo(
+                new SubjectPublicKeyInfo((ASN1Sequence)(new ASN1InputStream(in).readObject())));
+    }
+
+    /**
+     * create a public key from the given public key info object.
+     */
+    static PublicKey createPublicKeyFromPublicKeyInfo(
+        SubjectPublicKeyInfo         info)
+    {
+        AlgorithmIdentifier     algId = info.getAlgorithmId();
+
+        if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)
+            || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa))
+        {
+              return new JCERSAPublicKey(info);
+        }
+        else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
+        {
+              return new JCEDHPublicKey(info);
+        }
+        else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber))
+        {
+              return new JCEDHPublicKey(info);
+        }
+        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
+        {
+              return new JDKDSAPublicKey(info);
+        }
+        else if (algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1))
+        {
+              return new JDKDSAPublicKey(info);
+        }
+        else
+        {
+            throw new RuntimeException("algorithm identifier in key not recognised");
+        }
+    }
+
+    /**
+     * create a private key from the given DER encoded input stream.
+     */
+    static PrivateKey createPrivateKeyFromDERStream(
+        InputStream         in)
+        throws IOException
+    {
+        return createPrivateKeyFromPrivateKeyInfo(
+                new PrivateKeyInfo((ASN1Sequence)(new ASN1InputStream(in).readObject())));
+    }
+
+    /**
+     * create a private key from the given public key info object.
+     */
+    static PrivateKey createPrivateKeyFromPrivateKeyInfo(
+        PrivateKeyInfo      info)
+    {
+        AlgorithmIdentifier     algId = info.getAlgorithmId();
+
+        if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption))
+        {
+              return new JCERSAPrivateCrtKey(info);
+        }
+        else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
+        {
+              return new JCEDHPrivateKey(info);
+        }
+        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
+        {
+              return new JDKDSAPrivateKey(info);
+        }
+        else
+        {
+            throw new RuntimeException("algorithm identifier in key not recognised");
+        }
+    }
+
+    public static class RSA
+        extends JDKKeyFactory
+    {
+        public RSA()
+        {
+        }
+
+        protected PrivateKey engineGeneratePrivate(
+            KeySpec    keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof PKCS8EncodedKeySpec)
+            {
+                try
+                {
+                    return JDKKeyFactory.createPrivateKeyFromDERStream(
+                                new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded()));
+                }
+                catch (Exception e)
+                {
+                    //
+                    // in case it's just a RSAPrivateKey object...
+                    //
+                    try
+                    {
+                        return new JCERSAPrivateCrtKey(
+                            new RSAPrivateKeyStructure(
+                                (ASN1Sequence)new ASN1InputStream(new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded())).readObject()));
+                    }
+                    catch (Exception ex)
+                    {
+                        throw (InvalidKeySpecException)new InvalidKeySpecException(ex.getMessage()).initCause(ex);
+                    }
+                }
+            }
+            else if (keySpec instanceof RSAPrivateCrtKeySpec)
+            {
+                return new JCERSAPrivateCrtKey((RSAPrivateCrtKeySpec)keySpec);
+            }
+            else if (keySpec instanceof RSAPrivateKeySpec)
+            {
+                return new JCERSAPrivateKey((RSAPrivateKeySpec)keySpec);
+            }
+
+            throw new InvalidKeySpecException("Unknown KeySpec type.");
+        }
+
+        protected PublicKey engineGeneratePublic(
+            KeySpec    keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof X509EncodedKeySpec)
+            {
+                try
+                {
+                    return JDKKeyFactory.createPublicKeyFromDERStream(
+                                new ByteArrayInputStream(((X509EncodedKeySpec)keySpec).getEncoded()));
+                }
+                catch (Exception e)
+                {
+                    throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e);
+                }
+            }
+            else if (keySpec instanceof RSAPublicKeySpec)
+            {
+                return new JCERSAPublicKey((RSAPublicKeySpec)keySpec);
+            }
+
+            throw new InvalidKeySpecException("Unknown KeySpec type.");
+        }
+    }
+
+    public static class DH
+        extends JDKKeyFactory
+    {
+        public DH()
+        {
+        }
+
+        protected PrivateKey engineGeneratePrivate(
+            KeySpec    keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof PKCS8EncodedKeySpec)
+            {
+                try
+                {
+                    return JDKKeyFactory.createPrivateKeyFromDERStream(
+                                new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded()));
+                }
+                catch (Exception e)
+                {
+                    throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e);
+                }
+            }
+            else if (keySpec instanceof DHPrivateKeySpec)
+            {
+                return new JCEDHPrivateKey((DHPrivateKeySpec)keySpec);
+            }
+
+            throw new InvalidKeySpecException("Unknown KeySpec type.");
+        }
+
+        protected PublicKey engineGeneratePublic(
+            KeySpec    keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof X509EncodedKeySpec)
+            {
+                try
+                {
+                    return JDKKeyFactory.createPublicKeyFromDERStream(
+                                new ByteArrayInputStream(((X509EncodedKeySpec)keySpec).getEncoded()));
+                }
+                catch (Exception e)
+                {
+                    throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e);
+                }
+            }
+            else if (keySpec instanceof DHPublicKeySpec)
+            {
+                return new JCEDHPublicKey((DHPublicKeySpec)keySpec);
+            }
+
+            throw new InvalidKeySpecException("Unknown KeySpec type.");
+        }
+    }
+
+    public static class DSA
+        extends JDKKeyFactory
+    {
+        public DSA()
+        {
+        }
+
+        protected PrivateKey engineGeneratePrivate(
+            KeySpec    keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof PKCS8EncodedKeySpec)
+            {
+                try
+                {
+                    return JDKKeyFactory.createPrivateKeyFromDERStream(
+                                new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded()));
+                }
+                catch (Exception e)
+                {
+                    throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e);
+                }
+            }
+            else if (keySpec instanceof DSAPrivateKeySpec)
+            {
+                return new JDKDSAPrivateKey((DSAPrivateKeySpec)keySpec);
+            }
+
+            throw new InvalidKeySpecException("Unknown KeySpec type.");
+        }
+
+        protected PublicKey engineGeneratePublic(
+            KeySpec    keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof X509EncodedKeySpec)
+            {
+                try
+                {
+                    return JDKKeyFactory.createPublicKeyFromDERStream(
+                                new ByteArrayInputStream(((X509EncodedKeySpec)keySpec).getEncoded()));
+                }
+                catch (Exception e)
+                {
+                    throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e);
+                }
+            }
+            else if (keySpec instanceof DSAPublicKeySpec)
+            {
+                return new JDKDSAPublicKey((DSAPublicKeySpec)keySpec);
+            }
+
+            throw new InvalidKeySpecException("Unknown KeySpec type.");
+        }
+    }
+
+
+    public static class EC
+        extends JDKKeyFactory
+    {
+        String  algorithm;
+
+        public EC()
+        {
+            this("EC");
+        }
+
+        public EC(
+            String  algorithm)
+        {
+            this.algorithm = algorithm;
+        }
+
+        protected PrivateKey engineGeneratePrivate(
+            KeySpec    keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof PKCS8EncodedKeySpec)
+            {
+                try
+                {
+                    return JDKKeyFactory.createPrivateKeyFromDERStream(
+                                new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded()));
+                }
+                catch (Exception e)
+                {
+                    throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e);
+                }
+            }
+
+            throw new InvalidKeySpecException("Unknown KeySpec type.");
+        }
+
+        protected PublicKey engineGeneratePublic(
+            KeySpec    keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof X509EncodedKeySpec)
+            {
+                try
+                {
+                    return JDKKeyFactory.createPublicKeyFromDERStream(
+                                new ByteArrayInputStream(((X509EncodedKeySpec)keySpec).getEncoded()));
+                }
+                catch (Exception e)
+                {
+                    throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e);
+                }
+            }
+
+            throw new InvalidKeySpecException("Unknown KeySpec type.");
+        }
+    }
+}

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java?rev=617610&view=auto
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java (added)
+++ geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java Fri Feb  1 11:01:39 2008
@@ -0,0 +1,192 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+
+package org.apache.geronimo.crypto.jce.provider;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.cert.CRLException;
+import java.security.cert.X509CRLEntry;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.geronimo.crypto.asn1.DERObjectIdentifier;
+import org.apache.geronimo.crypto.asn1.DEROutputStream;
+import org.apache.geronimo.crypto.asn1.x509.TBSCertList;
+import org.apache.geronimo.crypto.asn1.x509.X509Extension;
+import org.apache.geronimo.crypto.asn1.x509.X509Extensions;
+
+/**
+ * The following extensions are listed in RFC 2459 as relevant to CRL Entries
+ *
+ * ReasonCode
+ * Hode Instruction Code
+ * Invalidity Date
+ * Certificate Issuer (critical)
+ */
+public class X509CRLEntryObject extends X509CRLEntry
+{
+    private TBSCertList.CRLEntry c;
+
+    public X509CRLEntryObject(
+        TBSCertList.CRLEntry c)
+    {
+        this.c = c;
+    }
+
+    /**
+     * Will return true if any extensions are present and marked
+     * as critical as we currently dont handle any extensions!
+     */
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        Set extns = getCriticalExtensionOIDs();
+        if ( extns != null && !extns.isEmpty() )
+        {
+            return true;
+        }
+
+        return false;
+    }
+
+    private Set getExtensionOIDs(boolean critical)
+    {
+        X509Extensions extensions = c.getExtensions();
+
+        if ( extensions != null )
+        {
+            HashSet            set = new HashSet();
+            Enumeration        e = extensions.oids();
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier    oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension        ext = extensions.getExtension(oid);
+
+                if (critical == ext.isCritical())
+                {
+                    set.add(oid.getId());
+                }
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+
+    public Set getCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(true);
+    }
+
+    public Set getNonCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(false);
+    }
+
+    public byte[] getExtensionValue(String oid)
+    {
+        X509Extensions exts = c.getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                try
+                {
+                    return ext.getValue().getEncoded();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.getMessage(), e);
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getEncoded()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw (CRLException)new CRLException(e.getMessage()).initCause(e);
+        }
+    }
+
+    public BigInteger getSerialNumber()
+    {
+        return c.getUserCertificate().getValue();
+    }
+
+    public Date getRevocationDate()
+    {
+        return c.getRevocationDate().getDate();
+    }
+
+    public boolean hasExtensions()
+    {
+        return c.getExtensions() != null;
+    }
+
+    public String toString()
+    {
+        StringBuffer buf = new StringBuffer();
+        String nl = System.getProperty("line.separator");
+
+        buf.append("      userCertificate: " + this.getSerialNumber() + nl);
+        buf.append("       revocationDate: " + this.getRevocationDate() + nl);
+
+
+        X509Extensions extensions = c.getExtensions();
+
+        if ( extensions != null )
+        {
+            Enumeration e = extensions.oids();
+            if ( e.hasMoreElements() )
+            {
+                buf.append("   crlEntryExtensions:" + nl);
+
+                while ( e.hasMoreElements() )
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension ext = extensions.getExtension(oid);
+                    buf.append(ext);
+                }
+            }
+        }
+
+        return buf.toString();
+    }
+}

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java?rev=617610&view=auto
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java (added)
+++ geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java Fri Feb  1 11:01:39 2008
@@ -0,0 +1,388 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.crypto.jce.provider;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CRLException;
+import java.security.cert.Certificate;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CRLEntry;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.geronimo.crypto.asn1.ASN1OutputStream;
+import org.apache.geronimo.crypto.asn1.DERObjectIdentifier;
+import org.apache.geronimo.crypto.asn1.DEROutputStream;
+import org.apache.geronimo.crypto.asn1.x509.CertificateList;
+import org.apache.geronimo.crypto.asn1.x509.TBSCertList;
+import org.apache.geronimo.crypto.asn1.x509.X509Extension;
+import org.apache.geronimo.crypto.asn1.x509.X509Extensions;
+import org.apache.geronimo.crypto.jce.X509Principal;
+
+/**
+ * The following extensions are listed in RFC 2459 as relevant to CRLs
+ *
+ * Authority Key Identifier
+ * Issuer Alternative Name
+ * CRL Number
+ * Delta CRL Indicator (critical)
+ * Issuing Distribution Point (critical)
+ */
+public class X509CRLObject
+    extends X509CRL
+{
+    private CertificateList c;
+
+    public X509CRLObject(
+        CertificateList c)
+    {
+        this.c = c;
+    }
+
+    /**
+     * Will return true if any extensions are present and marked
+     * as critical as we currently dont handle any extensions!
+     */
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        Set extns = getCriticalExtensionOIDs();
+        if ( extns != null && !extns.isEmpty() )
+        {
+            return true;
+        }
+
+        return false;
+    }
+
+    private Set getExtensionOIDs(boolean critical)
+    {
+        if (this.getVersion() == 2)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertList().getExtensions();
+            Enumeration     e = extensions.oids();
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension       ext = extensions.getExtension(oid);
+
+                if (critical == ext.isCritical())
+                {
+                    set.add(oid.getId());
+                }
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+
+    public Set getCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(true);
+    }
+
+    public Set getNonCriticalExtensionOIDs()
+    {
+        return getExtensionOIDs(false);
+    }
+
+    public byte[] getExtensionValue(String oid)
+    {
+        X509Extensions exts = c.getTBSCertList().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+                DEROutputStream dOut = new DEROutputStream(bOut);
+
+                try
+                {
+                    dOut.writeObject(ext.getValue());
+
+                    return bOut.toByteArray();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.getMessage(), e);
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getEncoded()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw (CRLException)new CRLException(e.getMessage()).initCause(e);
+        }
+    }
+
+    public void verify(PublicKey key)
+        throws CRLException,  NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException,
+        SignatureException
+    {
+        verify(key, "BC");
+    }
+
+    public void verify(PublicKey key, String sigProvider)
+        throws CRLException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException,
+        SignatureException
+    {
+        if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
+        {
+            throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList.");
+        }
+
+        Signature sig = Signature.getInstance(getSigAlgName(), sigProvider);
+
+        sig.initVerify(key);
+        sig.update(this.getTBSCertList());
+        if ( !sig.verify(this.getSignature()) )
+        {
+            throw new SignatureException("CRL does not verify with supplied public key.");
+        }
+    }
+
+    public int getVersion()
+    {
+        return c.getVersion();
+    }
+
+    public Principal getIssuerDN()
+    {
+        return new X509Principal(c.getIssuer());
+    }
+
+    public X500Principal getIssuerX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getIssuer());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN", e);
+        }
+    }
+
+    public Date getThisUpdate()
+    {
+        return c.getThisUpdate().getDate();
+    }
+
+    public Date getNextUpdate()
+    {
+        if (c.getNextUpdate() != null)
+        {
+            return c.getNextUpdate().getDate();
+        }
+
+        return null;
+    }
+
+    public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
+    {
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
+                    return new X509CRLEntryObject(certs[i]);
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public Set getRevokedCertificates()
+    {
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            HashSet set = new HashSet();
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                set.add(new X509CRLEntryObject(certs[i]));
+
+            }
+
+            return set;
+        }
+
+        return null;
+    }
+
+    public byte[] getTBSCertList()
+        throws CRLException
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+        DEROutputStream            dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c.getTBSCertList());
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw (CRLException)new CRLException(e.getMessage()).initCause(e);
+        }
+    }
+
+    public byte[] getSignature()
+    {
+        return c.getSignature().getBytes();
+    }
+
+    public String getSigAlgName()
+    {
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+            if ( algName != null )
+            {
+                return algName;
+            }
+        }
+
+        return this.getSigAlgOID();
+    }
+
+    public String getSigAlgOID()
+    {
+        return c.getSignatureAlgorithm().getObjectId().getId();
+    }
+
+    public byte[] getSigAlgParams()
+    {
+        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+
+        if ( c.getSignatureAlgorithm().getParameters() != null )
+        {
+            try
+            {
+                DEROutputStream    dOut = new DEROutputStream(bOut);
+
+                dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("exception getting sig parameters " + e.getMessage(), e);
+            }
+
+            return bOut.toByteArray();
+        }
+
+        return null;
+    }
+
+    /**
+     * Returns a string representation of this CRL.
+     *
+     * @return a string representation of this CRL.
+     */
+    public String toString()
+    {
+        return "X.509 CRL";
+    }
+
+    /**
+     * Checks whether the given certificate is on this CRL.
+     *
+     * @param cert the certificate to check for.
+     * @return true if the given certificate is on this CRL,
+     * false otherwise.
+     */
+    public boolean isRevoked(Certificate cert)
+    {
+        if ( !cert.getType().equals("X.509") )
+        {
+            throw new RuntimeException("X.509 CRL used with non X.509 Cert");
+        }
+
+        TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+        if ( certs != null )
+        {
+            BigInteger serial = ((X509Certificate)cert).getSerialNumber();
+
+            for ( int i = 0; i < certs.length; i++ )
+            {
+                if ( certs[i].getUserCertificate().getValue().equals(serial) )
+                {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+}
+

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java?rev=617610&view=auto
==============================================================================
--- geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java (added)
+++ geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java Fri Feb  1 11:01:39 2008
@@ -0,0 +1,727 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package org.apache.geronimo.crypto.jce.provider;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.geronimo.crypto.asn1.*;
+import org.apache.geronimo.crypto.asn1.misc.MiscObjectIdentifiers;
+import org.apache.geronimo.crypto.asn1.misc.NetscapeCertType;
+import org.apache.geronimo.crypto.asn1.misc.NetscapeRevocationURL;
+import org.apache.geronimo.crypto.asn1.misc.VerisignCzagExtension;
+import org.apache.geronimo.crypto.asn1.util.ASN1Dump;
+import org.apache.geronimo.crypto.asn1.x509.BasicConstraints;
+import org.apache.geronimo.crypto.asn1.x509.KeyUsage;
+import org.apache.geronimo.crypto.asn1.x509.X509CertificateStructure;
+import org.apache.geronimo.crypto.asn1.x509.X509Extension;
+import org.apache.geronimo.crypto.asn1.x509.X509Extensions;
+import org.apache.geronimo.crypto.jce.X509Principal;
+import org.apache.geronimo.crypto.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.apache.geronimo.crypto.encoders.Hex;
+
+public class X509CertificateObject
+    extends X509Certificate
+    implements PKCS12BagAttributeCarrier
+{
+    private X509CertificateStructure    c;
+    private Hashtable                   pkcs12Attributes = new Hashtable();
+    private Vector                      pkcs12Ordering = new Vector();
+
+    public X509CertificateObject(
+        X509CertificateStructure    c)
+    {
+        this.c = c;
+    }
+
+    public void checkValidity()
+        throws CertificateExpiredException, CertificateNotYetValidException
+    {
+        this.checkValidity(new Date());
+    }
+
+    public void checkValidity(
+        Date    date)
+        throws CertificateExpiredException, CertificateNotYetValidException
+    {
+        if (date.after(this.getNotAfter()))
+        {
+            throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime());
+        }
+
+        if (date.before(this.getNotBefore()))
+        {
+            throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime());
+        }
+    }
+
+    public int getVersion()
+    {
+        return c.getVersion();
+    }
+
+    public BigInteger getSerialNumber()
+    {
+        return c.getSerialNumber().getValue();
+    }
+
+    public Principal getIssuerDN()
+    {
+        return new X509Principal(c.getIssuer());
+    }
+
+    public X500Principal getIssuerX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getIssuer());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN", e);
+        }
+    }
+
+    public Principal getSubjectDN()
+    {
+        return new X509Principal(c.getSubject());
+    }
+
+    public X500Principal getSubjectX500Principal()
+    {
+        try
+        {
+            ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+            ASN1OutputStream        aOut = new ASN1OutputStream(bOut);
+
+            aOut.writeObject(c.getSubject());
+
+            return new X500Principal(bOut.toByteArray());
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException("can't encode issuer DN", e);
+        }
+    }
+
+    public Date getNotBefore()
+    {
+        return c.getStartDate().getDate();
+    }
+
+    public Date getNotAfter()
+    {
+        return c.getEndDate().getDate();
+    }
+
+    public byte[] getTBSCertificate()
+        throws CertificateEncodingException
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c.getTBSCertificate());
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw (CertificateEncodingException)new CertificateEncodingException(e.getMessage()).initCause(e);
+        }
+    }
+
+    public byte[] getSignature()
+    {
+        return c.getSignature().getBytes();
+    }
+
+    /**
+     * return a more "meaningful" representation for the signature algorithm used in
+     * the certficate.
+     */
+    public String getSigAlgName()
+    {
+        Provider[] provs = Security.getProviders();
+
+        //
+        // search every provider looking for a real algorithm
+        //
+        for (int i = 0; i != provs.length; i++)
+        {
+            String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+            if (algName != null)
+            {
+                return algName;
+            }
+        }
+
+        return this.getSigAlgOID();
+    }
+
+    /**
+     * return the object identifier for the signature.
+     */
+    public String getSigAlgOID()
+    {
+        return c.getSignatureAlgorithm().getObjectId().getId();
+    }
+
+    /**
+     * return the signature parameters, or null if there aren't any.
+     */
+    public byte[] getSigAlgParams()
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+
+        if (c.getSignatureAlgorithm().getParameters() != null)
+        {
+            try
+            {
+                DEROutputStream         dOut = new DEROutputStream(bOut);
+
+                dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("exception getting sig parameters " + e.getMessage(), e);
+            }
+
+            return bOut.toByteArray();
+        }
+        else
+        {
+            return null;
+        }
+    }
+
+    public boolean[] getIssuerUniqueID()
+    {
+        DERBitString    id = c.getTBSCertificate().getIssuerUniqueId();
+
+        if (id != null)
+        {
+            byte[]          bytes = id.getBytes();
+            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+            for (int i = 0; i != boolId.length; i++)
+            {
+                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return boolId;
+        }
+
+        return null;
+    }
+
+    public boolean[] getSubjectUniqueID()
+    {
+        DERBitString    id = c.getTBSCertificate().getSubjectUniqueId();
+
+        if (id != null)
+        {
+            byte[]          bytes = id.getBytes();
+            boolean[]       boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+            for (int i = 0; i != boolId.length; i++)
+            {
+                boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return boolId;
+        }
+
+        return null;
+    }
+
+    public boolean[] getKeyUsage()
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.15");
+        int     length = 0;
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                DERBitString    bits = (DERBitString)dIn.readObject();
+
+                bytes = bits.getBytes();
+                length = (bytes.length * 8) - bits.getPadBits();
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("error processing key usage extension", e);
+            }
+
+            boolean[]       keyUsage = new boolean[(length < 9) ? 9 : length];
+
+            for (int i = 0; i != length; i++)
+            {
+                keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+            }
+
+            return keyUsage;
+        }
+
+        return null;
+    }
+
+    public List getExtendedKeyUsage()
+        throws CertificateParsingException
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.37");
+        int     length = 0;
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
+                ArrayList       list = new ArrayList();
+
+                for (int i = 0; i != seq.size(); i++)
+                {
+                    list.add(((DERObjectIdentifier)seq.getObjectAt(i)).getId());
+                }
+
+                return Collections.unmodifiableList(list);
+            }
+            catch (Exception e)
+            {
+                throw (CertificateParsingException)new CertificateParsingException("error processing extended key usage extension").initCause(e);
+            }
+        }
+
+        return null;
+    }
+
+    public int getBasicConstraints()
+    {
+        byte[]  bytes = this.getExtensionBytes("2.5.29.19");
+
+        if (bytes != null)
+        {
+            try
+            {
+                ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+                ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();
+
+                if (seq.size() == 2)
+                {
+                    if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+                    {
+                        return ((DERInteger)seq.getObjectAt(1)).getValue().intValue();
+                    }
+                    else
+                    {
+                        return -1;
+                    }
+                }
+                else if (seq.size() == 1)
+                {
+                    if (seq.getObjectAt(0) instanceof DERBoolean)
+                    {
+                        if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+                        {
+                            return Integer.MAX_VALUE;
+                        }
+                        else
+                        {
+                            return -1;
+                        }
+                    }
+                    else
+                    {
+                        return -1;
+                    }
+                }
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException("error processing key usage extension", e);
+            }
+        }
+
+        return -1;
+    }
+
+    public Set getCriticalExtensionOIDs()
+    {
+        if (this.getVersion() == 3)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (ext.isCritical())
+                    {
+                        set.add(oid.getId());
+                    }
+                }
+
+                return set;
+            }
+        }
+
+        return null;
+    }
+
+    private byte[] getExtensionBytes(String oid)
+    {
+        X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+            if (ext != null)
+            {
+                return ext.getValue().getOctets();
+            }
+        }
+
+        return null;
+    }
+
+    public byte[] getExtensionValue(String oid)
+    {
+        X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+        if (exts != null)
+        {
+            X509Extension   ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+            if (ext != null)
+            {
+                ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
+                DEROutputStream            dOut = new DEROutputStream(bOut);
+
+                try
+                {
+                    dOut.writeObject(ext.getValue());
+
+                    return bOut.toByteArray();
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException("error encoding " + e.getMessage(), e);
+                }
+            }
+        }
+
+        return null;
+    }
+
+    public Set getNonCriticalExtensionOIDs()
+    {
+        if (this.getVersion() == 3)
+        {
+            HashSet         set = new HashSet();
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (!ext.isCritical())
+                    {
+                        set.add(oid.getId());
+                    }
+                }
+
+                return set;
+            }
+        }
+
+        return null;
+    }
+
+    public boolean hasUnsupportedCriticalExtension()
+    {
+        if (this.getVersion() == 3)
+        {
+            X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+            if (extensions != null)
+            {
+                Enumeration     e = extensions.oids();
+
+                while (e.hasMoreElements())
+                {
+                    DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+                    if (oid.getId().equals("2.5.29.15")
+                       || oid.getId().equals("2.5.29.19"))
+                    {
+                        continue;
+                    }
+
+                    X509Extension       ext = extensions.getExtension(oid);
+
+                    if (ext.isCritical())
+                    {
+                        return true;
+                    }
+                }
+            }
+        }
+
+        return false;
+    }
+
+    public PublicKey getPublicKey()
+    {
+        return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
+    }
+
+    public byte[] getEncoded()
+        throws CertificateEncodingException
+    {
+        ByteArrayOutputStream   bOut = new ByteArrayOutputStream();
+        DEROutputStream         dOut = new DEROutputStream(bOut);
+
+        try
+        {
+            dOut.writeObject(c);
+
+            return bOut.toByteArray();
+        }
+        catch (IOException e)
+        {
+            throw (CertificateEncodingException)new CertificateEncodingException(e.getMessage()).initCause(e);
+        }
+    }
+
+    public void setBagAttribute(
+        DERObjectIdentifier oid,
+        DEREncodable        attribute)
+    {
+        pkcs12Attributes.put(oid, attribute);
+        pkcs12Ordering.addElement(oid);
+    }
+
+    public DEREncodable getBagAttribute(
+        DERObjectIdentifier oid)
+    {
+        return (DEREncodable)pkcs12Attributes.get(oid);
+    }
+
+    public Enumeration getBagAttributeKeys()
+    {
+        return pkcs12Ordering.elements();
+    }
+
+    public String toString()
+    {
+        StringBuffer    buf = new StringBuffer();
+        String          nl = System.getProperty("line.separator");
+
+        buf.append("  [0]         Version: " + this.getVersion() + nl);
+        buf.append("         SerialNumber: " + this.getSerialNumber() + nl);
+        buf.append("             IssuerDN: " + this.getIssuerDN() + nl);
+        buf.append("           Start Date: " + this.getNotBefore() + nl);
+        buf.append("           Final Date: " + this.getNotAfter() + nl);
+        buf.append("            SubjectDN: " + this.getSubjectDN() + nl);
+        buf.append("           Public Key: " + this.getPublicKey() + nl);
+        buf.append("  Signature Algorithm: " + this.getSigAlgName() + nl);
+
+        byte[]  sig = this.getSignature();
+
+        buf.append("            Signature: " + new String(Hex.encode(sig, 0, 20)) + nl);
+        for (int i = 20; i < sig.length; i += 20)
+        {
+            if (i < sig.length - 20)
+            {
+                buf.append("                       " + new String(Hex.encode(sig, i, 20)) + nl);
+            }
+            else
+            {
+                buf.append("                       " + new String(Hex.encode(sig, i, sig.length - i)) + nl);
+            }
+        }
+
+        X509Extensions  extensions = c.getTBSCertificate().getExtensions();
+
+        if (extensions != null)
+        {
+            Enumeration     e = extensions.oids();
+
+            if (e.hasMoreElements())
+            {
+                buf.append("       Extensions: \n");
+            }
+
+            while (e.hasMoreElements())
+            {
+                DERObjectIdentifier     oid = (DERObjectIdentifier)e.nextElement();
+                X509Extension           ext = extensions.getExtension(oid);
+
+                if (ext.getValue() != null)
+                {
+                    byte[]                  octs = ext.getValue().getOctets();
+                    ByteArrayInputStream    bIn = new ByteArrayInputStream(octs);
+                    ASN1InputStream         dIn = new ASN1InputStream(bIn);
+                    buf.append("                       critical(" + ext.isCritical() + ") ");
+                    try
+                    {
+                        if (oid.equals(X509Extensions.BasicConstraints))
+                        {
+                            buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(X509Extensions.KeyUsage))
+                        {
+                            buf.append(new KeyUsage((DERBitString)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.netscapeCertType))
+                        {
+                            buf.append(new NetscapeCertType((DERBitString)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL))
+                        {
+                            buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject()) + nl);
+                        }
+                        else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension))
+                        {
+                            buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject()) + nl);
+                        }
+                        else
+                        {
+                            buf.append(oid.getId());
+                            buf.append(" value = " + ASN1Dump.dumpAsString(dIn.readObject()) + nl);
+                            //buf.append(" value = " + "*****" + nl);
+                        }
+                    }
+                    catch (Exception ex)
+                    {
+                        buf.append(oid.getId());
+                   //     buf.append(" value = " + new String(Hex.encode(ext.getValue().getOctets())) + nl);
+                        buf.append(" value = " + "*****" + nl);
+                    }
+                }
+                else
+                {
+                    buf.append(nl);
+                }
+            }
+        }
+
+        return buf.toString();
+    }
+
+    public final void verify(
+        PublicKey   key)
+        throws CertificateException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException, SignatureException
+    {
+        Signature   signature = null;
+
+        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        {
+            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
+        }
+
+        try
+        {
+            signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId(), "BC");
+        }
+        catch (Exception e)
+        {
+            signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId());
+        }
+
+        signature.initVerify(key);
+
+        signature.update(this.getTBSCertificate());
+
+        if (!signature.verify(this.getSignature()))
+        {
+            throw new InvalidKeyException("Public key presented not for certificate signature");
+        }
+    }
+
+    public final void verify(
+        PublicKey   key,
+        String      sigProvider)
+        throws CertificateException, NoSuchAlgorithmException,
+        InvalidKeyException, NoSuchProviderException, SignatureException
+    {
+        Signature signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId(), sigProvider);
+
+        if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+        {
+            throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
+        }
+
+        signature.initVerify(key);
+
+        signature.update(this.getTBSCertificate());
+
+        if (!signature.verify(this.getSignature()))
+        {
+            throw new InvalidKeyException("Public key presented not for certificate signature");
+        }
+    }
+}

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain



Mime
View raw message