Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 21096 invoked from network); 1 Feb 2008 19:06:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Feb 2008 19:06:14 -0000 Received: (qmail 90596 invoked by uid 500); 1 Feb 2008 19:06:04 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 90572 invoked by uid 500); 1 Feb 2008 19:06:04 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 90555 invoked by uid 99); 1 Feb 2008 19:06:04 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2008 11:06:04 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2008 19:05:53 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 624401A986A; Fri, 1 Feb 2008 11:05:20 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r617610 [13/13] - in /geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto: ./ asn1/ asn1/cryptopro/ asn1/misc/ asn1/oiw/ asn1/pkcs/ asn1/sec/ asn1/util/ asn1/x509/ asn1/x9/ crypto/ crypto/digests... Date: Fri, 01 Feb 2008 19:02:36 -0000 To: scm@geronimo.apache.org From: kevan@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080201190520.624401A986A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Added: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java?rev=617610&view=auto ============================================================================== --- geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java (added) +++ geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java Fri Feb 1 11:01:39 2008 @@ -0,0 +1,480 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.geronimo.crypto.jce.provider; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactorySpi; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.RSAPrivateCrtKeySpec; +import java.security.spec.RSAPrivateKeySpec; +import java.security.spec.RSAPublicKeySpec; +import java.security.spec.X509EncodedKeySpec; + +import javax.crypto.interfaces.DHPrivateKey; +import javax.crypto.interfaces.DHPublicKey; +import javax.crypto.spec.DHPrivateKeySpec; +import javax.crypto.spec.DHPublicKeySpec; + +import org.apache.geronimo.crypto.asn1.ASN1InputStream; +import org.apache.geronimo.crypto.asn1.ASN1Sequence; +import org.apache.geronimo.crypto.asn1.cryptopro.CryptoProObjectIdentifiers; +import org.apache.geronimo.crypto.asn1.oiw.OIWObjectIdentifiers; +import org.apache.geronimo.crypto.asn1.pkcs.PKCSObjectIdentifiers; +import org.apache.geronimo.crypto.asn1.pkcs.PrivateKeyInfo; +import org.apache.geronimo.crypto.asn1.pkcs.RSAPrivateKeyStructure; +import org.apache.geronimo.crypto.asn1.x509.AlgorithmIdentifier; +import org.apache.geronimo.crypto.asn1.x509.SubjectPublicKeyInfo; +import org.apache.geronimo.crypto.asn1.x509.X509ObjectIdentifiers; +import org.apache.geronimo.crypto.asn1.x9.X9ObjectIdentifiers; +import org.apache.geronimo.crypto.jce.provider.JCEDHPrivateKey; +import org.apache.geronimo.crypto.jce.provider.JCEDHPublicKey; + +public abstract class JDKKeyFactory + extends KeyFactorySpi +{ + public JDKKeyFactory() + { + } + + protected KeySpec engineGetKeySpec( + Key key, + Class spec) + throws InvalidKeySpecException + { + if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) + { + return new PKCS8EncodedKeySpec(key.getEncoded()); + } + else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) + { + return new X509EncodedKeySpec(key.getEncoded()); + } + else if (spec.isAssignableFrom(RSAPublicKeySpec.class) && key instanceof RSAPublicKey) + { + RSAPublicKey k = (RSAPublicKey)key; + + return new RSAPublicKeySpec(k.getModulus(), k.getPublicExponent()); + } + else if (spec.isAssignableFrom(RSAPrivateKeySpec.class) && key instanceof RSAPrivateKey) + { + RSAPrivateKey k = (RSAPrivateKey)key; + + return new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent()); + } + else if (spec.isAssignableFrom(RSAPrivateCrtKeySpec.class) && key instanceof RSAPrivateCrtKey) + { + RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; + + return new RSAPrivateCrtKeySpec( + k.getModulus(), k.getPublicExponent(), + k.getPrivateExponent(), + k.getPrimeP(), k.getPrimeQ(), + k.getPrimeExponentP(), k.getPrimeExponentQ(), + k.getCrtCoefficient()); + } + else if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey) + { + DHPrivateKey k = (DHPrivateKey)key; + + return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG()); + } + else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey) + { + DHPublicKey k = (DHPublicKey)key; + + return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG()); + } + + throw new RuntimeException("not implemented yet " + key + " " + spec); + } + + protected Key engineTranslateKey( + Key key) + throws InvalidKeyException + { + if (key instanceof RSAPublicKey) + { + return new JCERSAPublicKey((RSAPublicKey)key); + } + else if (key instanceof RSAPrivateCrtKey) + { + return new JCERSAPrivateCrtKey((RSAPrivateCrtKey)key); + } + else if (key instanceof RSAPrivateKey) + { + return new JCERSAPrivateKey((RSAPrivateKey)key); + } + else if (key instanceof DHPublicKey) + { + return new JCEDHPublicKey((DHPublicKey)key); + } + else if (key instanceof DHPrivateKey) + { + return new JCEDHPrivateKey((DHPrivateKey)key); + } + else if (key instanceof DSAPublicKey) + { + return new JDKDSAPublicKey((DSAPublicKey)key); + } + else if (key instanceof DSAPrivateKey) + { + return new JDKDSAPrivateKey((DSAPrivateKey)key); + } + throw new InvalidKeyException("key type unknown"); + } + + /** + * create a public key from the given DER encoded input stream. + */ + static PublicKey createPublicKeyFromDERStream( + InputStream in) + throws IOException + { + return createPublicKeyFromPublicKeyInfo( + new SubjectPublicKeyInfo((ASN1Sequence)(new ASN1InputStream(in).readObject()))); + } + + /** + * create a public key from the given public key info object. + */ + static PublicKey createPublicKeyFromPublicKeyInfo( + SubjectPublicKeyInfo info) + { + AlgorithmIdentifier algId = info.getAlgorithmId(); + + if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption) + || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa)) + { + return new JCERSAPublicKey(info); + } + else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) + { + return new JCEDHPublicKey(info); + } + else if (algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber)) + { + return new JCEDHPublicKey(info); + } + else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)) + { + return new JDKDSAPublicKey(info); + } + else if (algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1)) + { + return new JDKDSAPublicKey(info); + } + else + { + throw new RuntimeException("algorithm identifier in key not recognised"); + } + } + + /** + * create a private key from the given DER encoded input stream. + */ + static PrivateKey createPrivateKeyFromDERStream( + InputStream in) + throws IOException + { + return createPrivateKeyFromPrivateKeyInfo( + new PrivateKeyInfo((ASN1Sequence)(new ASN1InputStream(in).readObject()))); + } + + /** + * create a private key from the given public key info object. + */ + static PrivateKey createPrivateKeyFromPrivateKeyInfo( + PrivateKeyInfo info) + { + AlgorithmIdentifier algId = info.getAlgorithmId(); + + if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)) + { + return new JCERSAPrivateCrtKey(info); + } + else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) + { + return new JCEDHPrivateKey(info); + } + else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)) + { + return new JDKDSAPrivateKey(info); + } + else + { + throw new RuntimeException("algorithm identifier in key not recognised"); + } + } + + public static class RSA + extends JDKKeyFactory + { + public RSA() + { + } + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PKCS8EncodedKeySpec) + { + try + { + return JDKKeyFactory.createPrivateKeyFromDERStream( + new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + // + // in case it's just a RSAPrivateKey object... + // + try + { + return new JCERSAPrivateCrtKey( + new RSAPrivateKeyStructure( + (ASN1Sequence)new ASN1InputStream(new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded())).readObject())); + } + catch (Exception ex) + { + throw (InvalidKeySpecException)new InvalidKeySpecException(ex.getMessage()).initCause(ex); + } + } + } + else if (keySpec instanceof RSAPrivateCrtKeySpec) + { + return new JCERSAPrivateCrtKey((RSAPrivateCrtKeySpec)keySpec); + } + else if (keySpec instanceof RSAPrivateKeySpec) + { + return new JCERSAPrivateKey((RSAPrivateKeySpec)keySpec); + } + + throw new InvalidKeySpecException("Unknown KeySpec type."); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof X509EncodedKeySpec) + { + try + { + return JDKKeyFactory.createPublicKeyFromDERStream( + new ByteArrayInputStream(((X509EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e); + } + } + else if (keySpec instanceof RSAPublicKeySpec) + { + return new JCERSAPublicKey((RSAPublicKeySpec)keySpec); + } + + throw new InvalidKeySpecException("Unknown KeySpec type."); + } + } + + public static class DH + extends JDKKeyFactory + { + public DH() + { + } + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PKCS8EncodedKeySpec) + { + try + { + return JDKKeyFactory.createPrivateKeyFromDERStream( + new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e); + } + } + else if (keySpec instanceof DHPrivateKeySpec) + { + return new JCEDHPrivateKey((DHPrivateKeySpec)keySpec); + } + + throw new InvalidKeySpecException("Unknown KeySpec type."); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof X509EncodedKeySpec) + { + try + { + return JDKKeyFactory.createPublicKeyFromDERStream( + new ByteArrayInputStream(((X509EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e); + } + } + else if (keySpec instanceof DHPublicKeySpec) + { + return new JCEDHPublicKey((DHPublicKeySpec)keySpec); + } + + throw new InvalidKeySpecException("Unknown KeySpec type."); + } + } + + public static class DSA + extends JDKKeyFactory + { + public DSA() + { + } + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PKCS8EncodedKeySpec) + { + try + { + return JDKKeyFactory.createPrivateKeyFromDERStream( + new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e); + } + } + else if (keySpec instanceof DSAPrivateKeySpec) + { + return new JDKDSAPrivateKey((DSAPrivateKeySpec)keySpec); + } + + throw new InvalidKeySpecException("Unknown KeySpec type."); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof X509EncodedKeySpec) + { + try + { + return JDKKeyFactory.createPublicKeyFromDERStream( + new ByteArrayInputStream(((X509EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e); + } + } + else if (keySpec instanceof DSAPublicKeySpec) + { + return new JDKDSAPublicKey((DSAPublicKeySpec)keySpec); + } + + throw new InvalidKeySpecException("Unknown KeySpec type."); + } + } + + + public static class EC + extends JDKKeyFactory + { + String algorithm; + + public EC() + { + this("EC"); + } + + public EC( + String algorithm) + { + this.algorithm = algorithm; + } + + protected PrivateKey engineGeneratePrivate( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof PKCS8EncodedKeySpec) + { + try + { + return JDKKeyFactory.createPrivateKeyFromDERStream( + new ByteArrayInputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e); + } + } + + throw new InvalidKeySpecException("Unknown KeySpec type."); + } + + protected PublicKey engineGeneratePublic( + KeySpec keySpec) + throws InvalidKeySpecException + { + if (keySpec instanceof X509EncodedKeySpec) + { + try + { + return JDKKeyFactory.createPublicKeyFromDERStream( + new ByteArrayInputStream(((X509EncodedKeySpec)keySpec).getEncoded())); + } + catch (Exception e) + { + throw (InvalidKeySpecException)new InvalidKeySpecException(e.getMessage()).initCause(e); + } + } + + throw new InvalidKeySpecException("Unknown KeySpec type."); + } + } +} Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/JDKKeyFactory.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java?rev=617610&view=auto ============================================================================== --- geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java (added) +++ geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java Fri Feb 1 11:01:39 2008 @@ -0,0 +1,192 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.apache.geronimo.crypto.jce.provider; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.cert.CRLException; +import java.security.cert.X509CRLEntry; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Set; + +import org.apache.geronimo.crypto.asn1.DERObjectIdentifier; +import org.apache.geronimo.crypto.asn1.DEROutputStream; +import org.apache.geronimo.crypto.asn1.x509.TBSCertList; +import org.apache.geronimo.crypto.asn1.x509.X509Extension; +import org.apache.geronimo.crypto.asn1.x509.X509Extensions; + +/** + * The following extensions are listed in RFC 2459 as relevant to CRL Entries + * + * ReasonCode + * Hode Instruction Code + * Invalidity Date + * Certificate Issuer (critical) + */ +public class X509CRLEntryObject extends X509CRLEntry +{ + private TBSCertList.CRLEntry c; + + public X509CRLEntryObject( + TBSCertList.CRLEntry c) + { + this.c = c; + } + + /** + * Will return true if any extensions are present and marked + * as critical as we currently dont handle any extensions! + */ + public boolean hasUnsupportedCriticalExtension() + { + Set extns = getCriticalExtensionOIDs(); + if ( extns != null && !extns.isEmpty() ) + { + return true; + } + + return false; + } + + private Set getExtensionOIDs(boolean critical) + { + X509Extensions extensions = c.getExtensions(); + + if ( extensions != null ) + { + HashSet set = new HashSet(); + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + X509Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + + return null; + } + + public Set getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + public Set getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + public byte[] getExtensionValue(String oid) + { + X509Extensions exts = c.getExtensions(); + + if (exts != null) + { + X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); + + if (ext != null) + { + try + { + return ext.getValue().getEncoded(); + } + catch (Exception e) + { + throw new RuntimeException("error encoding " + e.getMessage(), e); + } + } + } + + return null; + } + + public byte[] getEncoded() + throws CRLException + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); + + try + { + dOut.writeObject(c); + + return bOut.toByteArray(); + } + catch (IOException e) + { + throw (CRLException)new CRLException(e.getMessage()).initCause(e); + } + } + + public BigInteger getSerialNumber() + { + return c.getUserCertificate().getValue(); + } + + public Date getRevocationDate() + { + return c.getRevocationDate().getDate(); + } + + public boolean hasExtensions() + { + return c.getExtensions() != null; + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" userCertificate: " + this.getSerialNumber() + nl); + buf.append(" revocationDate: " + this.getRevocationDate() + nl); + + + X509Extensions extensions = c.getExtensions(); + + if ( extensions != null ) + { + Enumeration e = extensions.oids(); + if ( e.hasMoreElements() ) + { + buf.append(" crlEntryExtensions:" + nl); + + while ( e.hasMoreElements() ) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + X509Extension ext = extensions.getExtension(oid); + buf.append(ext); + } + } + } + + return buf.toString(); + } +} Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLEntryObject.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java?rev=617610&view=auto ============================================================================== --- geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java (added) +++ geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java Fri Feb 1 11:01:39 2008 @@ -0,0 +1,388 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.geronimo.crypto.jce.provider; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.CRLException; +import java.security.cert.Certificate; +import java.security.cert.X509CRL; +import java.security.cert.X509CRLEntry; +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Set; + +import javax.security.auth.x500.X500Principal; + +import org.apache.geronimo.crypto.asn1.ASN1OutputStream; +import org.apache.geronimo.crypto.asn1.DERObjectIdentifier; +import org.apache.geronimo.crypto.asn1.DEROutputStream; +import org.apache.geronimo.crypto.asn1.x509.CertificateList; +import org.apache.geronimo.crypto.asn1.x509.TBSCertList; +import org.apache.geronimo.crypto.asn1.x509.X509Extension; +import org.apache.geronimo.crypto.asn1.x509.X509Extensions; +import org.apache.geronimo.crypto.jce.X509Principal; + +/** + * The following extensions are listed in RFC 2459 as relevant to CRLs + * + * Authority Key Identifier + * Issuer Alternative Name + * CRL Number + * Delta CRL Indicator (critical) + * Issuing Distribution Point (critical) + */ +public class X509CRLObject + extends X509CRL +{ + private CertificateList c; + + public X509CRLObject( + CertificateList c) + { + this.c = c; + } + + /** + * Will return true if any extensions are present and marked + * as critical as we currently dont handle any extensions! + */ + public boolean hasUnsupportedCriticalExtension() + { + Set extns = getCriticalExtensionOIDs(); + if ( extns != null && !extns.isEmpty() ) + { + return true; + } + + return false; + } + + private Set getExtensionOIDs(boolean critical) + { + if (this.getVersion() == 2) + { + HashSet set = new HashSet(); + X509Extensions extensions = c.getTBSCertList().getExtensions(); + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + X509Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + + return null; + } + + public Set getCriticalExtensionOIDs() + { + return getExtensionOIDs(true); + } + + public Set getNonCriticalExtensionOIDs() + { + return getExtensionOIDs(false); + } + + public byte[] getExtensionValue(String oid) + { + X509Extensions exts = c.getTBSCertList().getExtensions(); + + if (exts != null) + { + X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); + + if (ext != null) + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); + + try + { + dOut.writeObject(ext.getValue()); + + return bOut.toByteArray(); + } + catch (Exception e) + { + throw new RuntimeException("error encoding " + e.getMessage(), e); + } + } + } + + return null; + } + + public byte[] getEncoded() + throws CRLException + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); + + try + { + dOut.writeObject(c); + + return bOut.toByteArray(); + } + catch (IOException e) + { + throw (CRLException)new CRLException(e.getMessage()).initCause(e); + } + } + + public void verify(PublicKey key) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, + SignatureException + { + verify(key, "BC"); + } + + public void verify(PublicKey key, String sigProvider) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, + SignatureException + { + if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) ) + { + throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList."); + } + + Signature sig = Signature.getInstance(getSigAlgName(), sigProvider); + + sig.initVerify(key); + sig.update(this.getTBSCertList()); + if ( !sig.verify(this.getSignature()) ) + { + throw new SignatureException("CRL does not verify with supplied public key."); + } + } + + public int getVersion() + { + return c.getVersion(); + } + + public Principal getIssuerDN() + { + return new X509Principal(c.getIssuer()); + } + + public X500Principal getIssuerX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getIssuer()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN", e); + } + } + + public Date getThisUpdate() + { + return c.getThisUpdate().getDate(); + } + + public Date getNextUpdate() + { + if (c.getNextUpdate() != null) + { + return c.getNextUpdate().getDate(); + } + + return null; + } + + public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) + { + TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + + if ( certs != null ) + { + for ( int i = 0; i < certs.length; i++ ) + { + if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) { + return new X509CRLEntryObject(certs[i]); + } + } + } + + return null; + } + + public Set getRevokedCertificates() + { + TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + + if ( certs != null ) + { + HashSet set = new HashSet(); + for ( int i = 0; i < certs.length; i++ ) + { + set.add(new X509CRLEntryObject(certs[i])); + + } + + return set; + } + + return null; + } + + public byte[] getTBSCertList() + throws CRLException + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); + + try + { + dOut.writeObject(c.getTBSCertList()); + + return bOut.toByteArray(); + } + catch (IOException e) + { + throw (CRLException)new CRLException(e.getMessage()).initCause(e); + } + } + + public byte[] getSignature() + { + return c.getSignature().getBytes(); + } + + public String getSigAlgName() + { + Provider[] provs = Security.getProviders(); + + // + // search every provider looking for a real algorithm + // + for (int i = 0; i != provs.length; i++) + { + String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); + if ( algName != null ) + { + return algName; + } + } + + return this.getSigAlgOID(); + } + + public String getSigAlgOID() + { + return c.getSignatureAlgorithm().getObjectId().getId(); + } + + public byte[] getSigAlgParams() + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + + if ( c.getSignatureAlgorithm().getParameters() != null ) + { + try + { + DEROutputStream dOut = new DEROutputStream(bOut); + + dOut.writeObject(c.getSignatureAlgorithm().getParameters()); + } + catch (Exception e) + { + throw new RuntimeException("exception getting sig parameters " + e.getMessage(), e); + } + + return bOut.toByteArray(); + } + + return null; + } + + /** + * Returns a string representation of this CRL. + * + * @return a string representation of this CRL. + */ + public String toString() + { + return "X.509 CRL"; + } + + /** + * Checks whether the given certificate is on this CRL. + * + * @param cert the certificate to check for. + * @return true if the given certificate is on this CRL, + * false otherwise. + */ + public boolean isRevoked(Certificate cert) + { + if ( !cert.getType().equals("X.509") ) + { + throw new RuntimeException("X.509 CRL used with non X.509 Cert"); + } + + TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + + if ( certs != null ) + { + BigInteger serial = ((X509Certificate)cert).getSerialNumber(); + + for ( int i = 0; i < certs.length; i++ ) + { + if ( certs[i].getUserCertificate().getValue().equals(serial) ) + { + return true; + } + } + } + + return false; + } +} + Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CRLObject.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java URL: http://svn.apache.org/viewvc/geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java?rev=617610&view=auto ============================================================================== --- geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java (added) +++ geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java Fri Feb 1 11:01:39 2008 @@ -0,0 +1,727 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.geronimo.crypto.jce.provider; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Principal; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.Signature; +import java.security.SignatureException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Hashtable; +import java.util.List; +import java.util.Set; +import java.util.Vector; + +import javax.security.auth.x500.X500Principal; + +import org.apache.geronimo.crypto.asn1.*; +import org.apache.geronimo.crypto.asn1.misc.MiscObjectIdentifiers; +import org.apache.geronimo.crypto.asn1.misc.NetscapeCertType; +import org.apache.geronimo.crypto.asn1.misc.NetscapeRevocationURL; +import org.apache.geronimo.crypto.asn1.misc.VerisignCzagExtension; +import org.apache.geronimo.crypto.asn1.util.ASN1Dump; +import org.apache.geronimo.crypto.asn1.x509.BasicConstraints; +import org.apache.geronimo.crypto.asn1.x509.KeyUsage; +import org.apache.geronimo.crypto.asn1.x509.X509CertificateStructure; +import org.apache.geronimo.crypto.asn1.x509.X509Extension; +import org.apache.geronimo.crypto.asn1.x509.X509Extensions; +import org.apache.geronimo.crypto.jce.X509Principal; +import org.apache.geronimo.crypto.jce.interfaces.PKCS12BagAttributeCarrier; +import org.apache.geronimo.crypto.encoders.Hex; + +public class X509CertificateObject + extends X509Certificate + implements PKCS12BagAttributeCarrier +{ + private X509CertificateStructure c; + private Hashtable pkcs12Attributes = new Hashtable(); + private Vector pkcs12Ordering = new Vector(); + + public X509CertificateObject( + X509CertificateStructure c) + { + this.c = c; + } + + public void checkValidity() + throws CertificateExpiredException, CertificateNotYetValidException + { + this.checkValidity(new Date()); + } + + public void checkValidity( + Date date) + throws CertificateExpiredException, CertificateNotYetValidException + { + if (date.after(this.getNotAfter())) + { + throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); + } + + if (date.before(this.getNotBefore())) + { + throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); + } + } + + public int getVersion() + { + return c.getVersion(); + } + + public BigInteger getSerialNumber() + { + return c.getSerialNumber().getValue(); + } + + public Principal getIssuerDN() + { + return new X509Principal(c.getIssuer()); + } + + public X500Principal getIssuerX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getIssuer()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN", e); + } + } + + public Principal getSubjectDN() + { + return new X509Principal(c.getSubject()); + } + + public X500Principal getSubjectX500Principal() + { + try + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + ASN1OutputStream aOut = new ASN1OutputStream(bOut); + + aOut.writeObject(c.getSubject()); + + return new X500Principal(bOut.toByteArray()); + } + catch (IOException e) + { + throw new IllegalStateException("can't encode issuer DN", e); + } + } + + public Date getNotBefore() + { + return c.getStartDate().getDate(); + } + + public Date getNotAfter() + { + return c.getEndDate().getDate(); + } + + public byte[] getTBSCertificate() + throws CertificateEncodingException + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); + + try + { + dOut.writeObject(c.getTBSCertificate()); + + return bOut.toByteArray(); + } + catch (IOException e) + { + throw (CertificateEncodingException)new CertificateEncodingException(e.getMessage()).initCause(e); + } + } + + public byte[] getSignature() + { + return c.getSignature().getBytes(); + } + + /** + * return a more "meaningful" representation for the signature algorithm used in + * the certficate. + */ + public String getSigAlgName() + { + Provider[] provs = Security.getProviders(); + + // + // search every provider looking for a real algorithm + // + for (int i = 0; i != provs.length; i++) + { + String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); + if (algName != null) + { + return algName; + } + } + + return this.getSigAlgOID(); + } + + /** + * return the object identifier for the signature. + */ + public String getSigAlgOID() + { + return c.getSignatureAlgorithm().getObjectId().getId(); + } + + /** + * return the signature parameters, or null if there aren't any. + */ + public byte[] getSigAlgParams() + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + + if (c.getSignatureAlgorithm().getParameters() != null) + { + try + { + DEROutputStream dOut = new DEROutputStream(bOut); + + dOut.writeObject(c.getSignatureAlgorithm().getParameters()); + } + catch (Exception e) + { + throw new RuntimeException("exception getting sig parameters " + e.getMessage(), e); + } + + return bOut.toByteArray(); + } + else + { + return null; + } + } + + public boolean[] getIssuerUniqueID() + { + DERBitString id = c.getTBSCertificate().getIssuerUniqueId(); + + if (id != null) + { + byte[] bytes = id.getBytes(); + boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; + + for (int i = 0; i != boolId.length; i++) + { + boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return boolId; + } + + return null; + } + + public boolean[] getSubjectUniqueID() + { + DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); + + if (id != null) + { + byte[] bytes = id.getBytes(); + boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; + + for (int i = 0; i != boolId.length; i++) + { + boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return boolId; + } + + return null; + } + + public boolean[] getKeyUsage() + { + byte[] bytes = this.getExtensionBytes("2.5.29.15"); + int length = 0; + + if (bytes != null) + { + try + { + ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes)); + DERBitString bits = (DERBitString)dIn.readObject(); + + bytes = bits.getBytes(); + length = (bytes.length * 8) - bits.getPadBits(); + } + catch (Exception e) + { + throw new RuntimeException("error processing key usage extension", e); + } + + boolean[] keyUsage = new boolean[(length < 9) ? 9 : length]; + + for (int i = 0; i != length; i++) + { + keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; + } + + return keyUsage; + } + + return null; + } + + public List getExtendedKeyUsage() + throws CertificateParsingException + { + byte[] bytes = this.getExtensionBytes("2.5.29.37"); + int length = 0; + + if (bytes != null) + { + try + { + ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes)); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + ArrayList list = new ArrayList(); + + for (int i = 0; i != seq.size(); i++) + { + list.add(((DERObjectIdentifier)seq.getObjectAt(i)).getId()); + } + + return Collections.unmodifiableList(list); + } + catch (Exception e) + { + throw (CertificateParsingException)new CertificateParsingException("error processing extended key usage extension").initCause(e); + } + } + + return null; + } + + public int getBasicConstraints() + { + byte[] bytes = this.getExtensionBytes("2.5.29.19"); + + if (bytes != null) + { + try + { + ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes)); + ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); + + if (seq.size() == 2) + { + if (((DERBoolean)seq.getObjectAt(0)).isTrue()) + { + return ((DERInteger)seq.getObjectAt(1)).getValue().intValue(); + } + else + { + return -1; + } + } + else if (seq.size() == 1) + { + if (seq.getObjectAt(0) instanceof DERBoolean) + { + if (((DERBoolean)seq.getObjectAt(0)).isTrue()) + { + return Integer.MAX_VALUE; + } + else + { + return -1; + } + } + else + { + return -1; + } + } + } + catch (Exception e) + { + throw new RuntimeException("error processing key usage extension", e); + } + } + + return -1; + } + + public Set getCriticalExtensionOIDs() + { + if (this.getVersion() == 3) + { + HashSet set = new HashSet(); + X509Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + X509Extension ext = extensions.getExtension(oid); + + if (ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + private byte[] getExtensionBytes(String oid) + { + X509Extensions exts = c.getTBSCertificate().getExtensions(); + + if (exts != null) + { + X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); + if (ext != null) + { + return ext.getValue().getOctets(); + } + } + + return null; + } + + public byte[] getExtensionValue(String oid) + { + X509Extensions exts = c.getTBSCertificate().getExtensions(); + + if (exts != null) + { + X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); + + if (ext != null) + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); + + try + { + dOut.writeObject(ext.getValue()); + + return bOut.toByteArray(); + } + catch (Exception e) + { + throw new RuntimeException("error encoding " + e.getMessage(), e); + } + } + } + + return null; + } + + public Set getNonCriticalExtensionOIDs() + { + if (this.getVersion() == 3) + { + HashSet set = new HashSet(); + X509Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + X509Extension ext = extensions.getExtension(oid); + + if (!ext.isCritical()) + { + set.add(oid.getId()); + } + } + + return set; + } + } + + return null; + } + + public boolean hasUnsupportedCriticalExtension() + { + if (this.getVersion() == 3) + { + X509Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + while (e.hasMoreElements()) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + if (oid.getId().equals("2.5.29.15") + || oid.getId().equals("2.5.29.19")) + { + continue; + } + + X509Extension ext = extensions.getExtension(oid); + + if (ext.isCritical()) + { + return true; + } + } + } + } + + return false; + } + + public PublicKey getPublicKey() + { + return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo()); + } + + public byte[] getEncoded() + throws CertificateEncodingException + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + DEROutputStream dOut = new DEROutputStream(bOut); + + try + { + dOut.writeObject(c); + + return bOut.toByteArray(); + } + catch (IOException e) + { + throw (CertificateEncodingException)new CertificateEncodingException(e.getMessage()).initCause(e); + } + } + + public void setBagAttribute( + DERObjectIdentifier oid, + DEREncodable attribute) + { + pkcs12Attributes.put(oid, attribute); + pkcs12Ordering.addElement(oid); + } + + public DEREncodable getBagAttribute( + DERObjectIdentifier oid) + { + return (DEREncodable)pkcs12Attributes.get(oid); + } + + public Enumeration getBagAttributeKeys() + { + return pkcs12Ordering.elements(); + } + + public String toString() + { + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" [0] Version: " + this.getVersion() + nl); + buf.append(" SerialNumber: " + this.getSerialNumber() + nl); + buf.append(" IssuerDN: " + this.getIssuerDN() + nl); + buf.append(" Start Date: " + this.getNotBefore() + nl); + buf.append(" Final Date: " + this.getNotAfter() + nl); + buf.append(" SubjectDN: " + this.getSubjectDN() + nl); + buf.append(" Public Key: " + this.getPublicKey() + nl); + buf.append(" Signature Algorithm: " + this.getSigAlgName() + nl); + + byte[] sig = this.getSignature(); + + buf.append(" Signature: " + new String(Hex.encode(sig, 0, 20)) + nl); + for (int i = 20; i < sig.length; i += 20) + { + if (i < sig.length - 20) + { + buf.append(" " + new String(Hex.encode(sig, i, 20)) + nl); + } + else + { + buf.append(" " + new String(Hex.encode(sig, i, sig.length - i)) + nl); + } + } + + X509Extensions extensions = c.getTBSCertificate().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + if (e.hasMoreElements()) + { + buf.append(" Extensions: \n"); + } + + while (e.hasMoreElements()) + { + DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); + X509Extension ext = extensions.getExtension(oid); + + if (ext.getValue() != null) + { + byte[] octs = ext.getValue().getOctets(); + ByteArrayInputStream bIn = new ByteArrayInputStream(octs); + ASN1InputStream dIn = new ASN1InputStream(bIn); + buf.append(" critical(" + ext.isCritical() + ") "); + try + { + if (oid.equals(X509Extensions.BasicConstraints)) + { + buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject()) + nl); + } + else if (oid.equals(X509Extensions.KeyUsage)) + { + buf.append(new KeyUsage((DERBitString)dIn.readObject()) + nl); + } + else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) + { + buf.append(new NetscapeCertType((DERBitString)dIn.readObject()) + nl); + } + else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) + { + buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject()) + nl); + } + else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) + { + buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject()) + nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = " + ASN1Dump.dumpAsString(dIn.readObject()) + nl); + //buf.append(" value = " + "*****" + nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + // buf.append(" value = " + new String(Hex.encode(ext.getValue().getOctets())) + nl); + buf.append(" value = " + "*****" + nl); + } + } + else + { + buf.append(nl); + } + } + } + + return buf.toString(); + } + + public final void verify( + PublicKey key) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + Signature signature = null; + + if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature())) + { + throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); + } + + try + { + signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId(), "BC"); + } + catch (Exception e) + { + signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId()); + } + + signature.initVerify(key); + + signature.update(this.getTBSCertificate()); + + if (!signature.verify(this.getSignature())) + { + throw new InvalidKeyException("Public key presented not for certificate signature"); + } + } + + public final void verify( + PublicKey key, + String sigProvider) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException + { + Signature signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId(), sigProvider); + + if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature())) + { + throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); + } + + signature.initVerify(key); + + signature.update(this.getTBSCertificate()); + + if (!signature.verify(this.getSignature())) + { + throw new InvalidKeyException("Public key presented not for certificate signature"); + } + } +} Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java ------------------------------------------------------------------------------ svn:keywords = Date Revision Propchange: geronimo/server/trunk/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/jce/provider/X509CertificateObject.java ------------------------------------------------------------------------------ svn:mime-type = text/plain