diff options
Diffstat (limited to 'pki/base/util')
294 files changed, 16961 insertions, 17965 deletions
diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java index 29a1ffb3..cad7d0ae 100644 --- a/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java +++ b/pki/base/util/src/com/netscape/cmsutil/crypto/CryptoUtil.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.crypto; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.CharConversionException; @@ -109,27 +108,27 @@ public class CryptoUtil { /* * encodes cert */ - // private static BASE64Encoder mEncoder = new BASE64Encoder(); + // private static BASE64Encoder mEncoder = new BASE64Encoder(); public static String toMIME64(X509CertImpl cert) { try { - return - "-----BEGIN CERTIFICATE-----\n" - // + mEncoder.encodeBuffer(cert.getEncoded()) - + OSUtil.BtoA( cert.getEncoded() ) + return "-----BEGIN CERTIFICATE-----\n" + // + mEncoder.encodeBuffer(cert.getEncoded()) + + OSUtil.BtoA(cert.getEncoded()) + "-----END CERTIFICATE-----\n"; - } catch (Exception e) {} + } catch (Exception e) { + } return null; } - + public static boolean arraysEqual(byte[] bytes, byte[] ints) { if (bytes == null || ints == null) { return false; } - + if (bytes.length != ints.length) { return false; } - + for (int i = 0; i < bytes.length; i++) { if (bytes[i] != ints[i]) { return false; @@ -142,7 +141,7 @@ public class CryptoUtil { * Retrieves handle to a JSS token. */ public static CryptoToken getTokenByName(String token) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException { CryptoManager cm = CryptoManager.getInstance(); CryptoToken t = null; @@ -159,7 +158,7 @@ public class CryptoUtil { * Generates a RSA key pair. */ public static KeyPair generateRSAKeyPair(String token, int keysize) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -172,21 +171,20 @@ public class CryptoUtil { return pair; } - public static boolean isECCKey(X509Key key) - { + public static boolean isECCKey(X509Key key) { String keyAlgo = key.getAlgorithm(); - if (keyAlgo.equals("EC") || + if (keyAlgo.equals("EC") || keyAlgo.equals("OID.1.2.840.10045.44")) { // ECC - return true; - } - return false; + return true; + } + return false; } /** * Generates an ecc key pair. */ public static KeyPair generateECCKeyPair(String token, int keysize) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -194,9 +192,9 @@ public class CryptoUtil { } public static KeyPair generateECCKeyPair(String token, int keysize, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) - throws CryptoManager.NotInitializedException, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -217,7 +215,7 @@ public class CryptoUtil { * Generates an ecc key pair by curve name */ public static KeyPair generateECCKeyPair(String token, String curveName) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -225,7 +223,7 @@ public class CryptoUtil { } public static KeyPair generateECCKeyPair(CryptoToken token, String curveName) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -233,9 +231,9 @@ public class CryptoUtil { } public static KeyPair generateECCKeyPair(String token, String curveName, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) - throws CryptoManager.NotInitializedException, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -244,9 +242,9 @@ public class CryptoUtil { } public static KeyPair generateECCKeyPair(CryptoToken token, String curveName, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, - org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) - throws CryptoManager.NotInitializedException, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_ops, + org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask) + throws CryptoManager.NotInitializedException, NoSuchTokenException, NoSuchAlgorithmException, TokenException { @@ -255,17 +253,17 @@ public class CryptoUtil { g.setKeyPairUsages(usage_ops, usage_mask); - System.out.println("CryptoUtil: generateECCKeyPair: curve = "+ curveName); + System.out.println("CryptoUtil: generateECCKeyPair: curve = " + curveName); int curveCode = 0; try { curveCode = g.getCurveCodeByName(curveName); } catch (Exception e) { - System.out.println("CryptoUtil: generateECCKeyPair: "+ e.toString()); + System.out.println("CryptoUtil: generateECCKeyPair: " + e.toString()); throw new NoSuchAlgorithmException(); } g.initialize(curveCode); - System.out.println("CryptoUtil: generateECCKeyPair: after KeyPairGenerator initialize with:"+ curveName); + System.out.println("CryptoUtil: generateECCKeyPair: after KeyPairGenerator initialize with:" + curveName); KeyPair pair = g.genKeyPair(); return pair; @@ -289,21 +287,21 @@ public class CryptoUtil { ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = new Base64OutputStream(new PrintStream(new - FilterOutputStream(output))); - + FilterOutputStream(output))); + b64.write(bytes); b64.flush(); - + // This is internationally safe because Base64 chars are // contained within 8859_1 return output.toString("8859_1"); } - + public static byte[] base64Decode(String s) throws IOException { - // BASE64Decoder base64 = new BASE64Decoder(); - // byte[] d = base64.decodeBuffer(s); - byte[] d = OSUtil.AtoB( s ); - + // BASE64Decoder base64 = new BASE64Decoder(); + // byte[] d = base64.decodeBuffer(s); + byte[] d = OSUtil.AtoB(s); + return d; } @@ -313,10 +311,10 @@ public class CryptoUtil { public static String reqFormat(String content) { int beginIndex = CERTREQ_BEGIN_HEADING.length(); int endIndex = CERTREQ_END_HEADING.length(); - + String result = CERTREQ_BEGIN_HEADING + "\n"; int index = 0; - + while (content.length() >= LINE_COUNT) { result = result + content.substring(0, LINE_COUNT) + "\n"; content = content.substring(LINE_COUNT); @@ -326,11 +324,11 @@ public class CryptoUtil { } else { result = result + CERTREQ_END_HEADING; } - + return result; } - - public static String getPKCS10FromKey(String dn, + + public static String getPKCS10FromKey(String dn, byte modulus[], byte exponent[], byte prikdata[]) throws IOException, InvalidKeyException, @@ -339,8 +337,7 @@ public class CryptoUtil { CertificateException, SignatureException, CryptoManager.NotInitializedException, - NoSuchAlgorithmException - { + NoSuchAlgorithmException { X509Key x509key = getPublicX509Key(modulus, exponent); PrivateKey prik = findPrivateKeyFromID(prikdata); PKCS10 pkcs10 = createCertificationRequest(dn, x509key, prik); @@ -350,7 +347,7 @@ public class CryptoUtil { return bs.toString(); } - public static String getPKCS10FromKey(String dn, + public static String getPKCS10FromKey(String dn, byte modulus[], byte exponent[], byte prikdata[], String alg) throws IOException, InvalidKeyException, @@ -359,8 +356,7 @@ public class CryptoUtil { CertificateException, SignatureException, CryptoManager.NotInitializedException, - NoSuchAlgorithmException - { + NoSuchAlgorithmException { X509Key x509key = getPublicX509Key(modulus, exponent); PrivateKey prik = findPrivateKeyFromID(prikdata); PKCS10 pkcs10 = createCertificationRequest(dn, x509key, prik, alg); @@ -379,10 +375,10 @@ public class CryptoUtil { } int beginIndex = CERT_BEGIN_HEADING.length(); int endIndex = CERT_END_HEADING.length(); - + String result = CERT_BEGIN_HEADING + "\n"; int index = 0; - + while (content.length() >= LINE_COUNT) { result = result + content.substring(0, LINE_COUNT) + "\n"; content = content.substring(LINE_COUNT); @@ -392,31 +388,32 @@ public class CryptoUtil { } else { result = result + CERT_END_HEADING; } - + return result; } /** * strips out the begin and end certificate brackets + * * @param s the string potentially bracketed with - * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" + * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" * @return string without the brackets */ public static String stripCertBrackets(String s) { if (s == null) { return s; } - + if (s.startsWith(CERT_BEGIN_HEADING) && s.endsWith(CERT_END_HEADING)) { return (s.substring(27, (s.length() - 25))); } - + // To support Thawte's header and footer if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) && (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { return (s.substring(35, (s.length() - 33))); } - + return s; } @@ -430,13 +427,13 @@ public class CryptoUtil { s = s.replaceAll("-----END NEW CERTIFICATE REQUEST-----", ""); s = s.replaceAll("-----BEGIN CERTIFICATE-----", ""); s = s.replaceAll("-----END CERTIFICATE-----", ""); - + StringBuffer sb = new StringBuffer(); StringTokenizer st = new StringTokenizer(s, "\r\n "); - + while (st.hasMoreTokens()) { String nextLine = st.nextToken(); - + nextLine = nextLine.trim(); if (nextLine.equals("-----BEGIN CERTIFICATE REQUEST-----")) { continue; @@ -460,10 +457,10 @@ public class CryptoUtil { } return sb.toString(); } - + public static String normalizeCertStr(String s) { String val = ""; - + for (int i = 0; i < s.length(); i++) { if (s.charAt(i) == '\n') { continue; @@ -484,61 +481,58 @@ public class CryptoUtil { CryptoManager.NotInitializedException, TokenException, CertificateEncodingException, - CertificateException - { + CertificateException { byte[] blah = base64Decode(certchain); CryptoManager manager = CryptoManager.getInstance(); PKCS7 pkcs7 = null; - try { - // try PKCS7 first - pkcs7 = new PKCS7(blah); + try { + // try PKCS7 first + pkcs7 = new PKCS7(blah); } catch (Exception e) { } X509Certificate cert = null; if (pkcs7 == null) { - cert = manager.importCACertPackage(blah); - } else { - java.security.cert.X509Certificate certsInP7[] = - pkcs7.getCertificates(); - if (certsInP7 == null) { cert = manager.importCACertPackage(blah); - } else { - for (int i = 0; i < certsInP7.length; i++) { - // import P7 one by one - cert = manager.importCACertPackage(certsInP7[i].getEncoded()); + } else { + java.security.cert.X509Certificate certsInP7[] = + pkcs7.getCertificates(); + if (certsInP7 == null) { + cert = manager.importCACertPackage(blah); + } else { + for (int i = 0; i < certsInP7.length; i++) { + // import P7 one by one + cert = manager.importCACertPackage(certsInP7[i].getEncoded()); + } } - } } - X509Certificate[] certchains = - CryptoManager.getInstance().buildCertificateChain(cert); - + X509Certificate[] certchains = + CryptoManager.getInstance().buildCertificateChain(cert); + if (certchains != null) { - cert = certchains[certchains.length - 1]; + cert = certchains[certchains.length - 1]; } InternalCertificate icert = (InternalCertificate) cert; - icert.setSSLTrust( InternalCertificate.TRUSTED_CA + icert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA | InternalCertificate.VALID_CA); } public static SEQUENCE parseCRMFMsgs(byte cert_request[]) - throws IOException, InvalidBERException - { - ByteArrayInputStream crmfBlobIn = - new ByteArrayInputStream(cert_request); + throws IOException, InvalidBERException { + ByteArrayInputStream crmfBlobIn = + new ByteArrayInputStream(cert_request); SEQUENCE crmfMsgs = (SEQUENCE) - new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode( + new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode( crmfBlobIn); return crmfMsgs; } - public static X509Key getX509KeyFromCRMFMsgs(SEQUENCE crmfMsgs) - throws IOException, NoSuchAlgorithmException, - InvalidKeyException, InvalidKeyFormatException - { + public static X509Key getX509KeyFromCRMFMsgs(SEQUENCE crmfMsgs) + throws IOException, NoSuchAlgorithmException, + InvalidKeyException, InvalidKeyFormatException { int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) { - throw new IOException("invalid certificate requests"); + throw new IOException("invalid certificate requests"); } CertReqMsg msg = (CertReqMsg) crmfMsgs.elementAt(0); CertRequest certreq = msg.getCertReq(); @@ -549,28 +543,28 @@ public class CryptoUtil { return x509key; } - public static X509Key getPublicX509Key(byte modulus[], byte exponent[]) - throws InvalidKeyException { + public static X509Key getPublicX509Key(byte modulus[], byte exponent[]) + throws InvalidKeyException { return new netscape.security.provider.RSAPublicKey(new BigInt(modulus), new BigInt(exponent)); } public static X509Key getPublicX509ECCKey(byte encoded[]) - throws InvalidKeyException { - try { - return X509Key.parse(new DerValue(encoded)); - } catch (IOException e) { - throw new InvalidKeyException(); - } + throws InvalidKeyException { + try { + return X509Key.parse(new DerValue(encoded)); + } catch (IOException e) { + throw new InvalidKeyException(); + } } public static X509Key convertPublicKeyToX509Key(PublicKey pubk) - throws InvalidKeyException { + throws InvalidKeyException { X509Key xKey; - + if (pubk instanceof RSAPublicKey) { RSAPublicKey rsaKey = (RSAPublicKey) pubk; - + xKey = new netscape.security.provider.RSAPublicKey( new BigInt(rsaKey.getModulus()), new BigInt(rsaKey.getPublicExponent())); @@ -578,18 +572,18 @@ public class CryptoUtil { // Assert.assert(pubk instanceof DSAPublicKey); DSAPublicKey dsaKey = (DSAPublicKey) pubk; DSAParams params = dsaKey.getParams(); - + xKey = new netscape.security.provider.DSAPublicKey(dsaKey.getY(), params.getP(), params.getQ(), params.getG()); } return xKey; } - public static String getSubjectName(SEQUENCE crmfMsgs) - throws IOException { + public static String getSubjectName(SEQUENCE crmfMsgs) + throws IOException { int nummsgs = crmfMsgs.size(); if (nummsgs <= 0) { - throw new IOException("invalid certificate requests"); + throw new IOException("invalid certificate requests"); } CertReqMsg msg = (CertReqMsg) crmfMsgs.elementAt(0); CertRequest certreq = msg.getCertReq(); @@ -597,7 +591,7 @@ public class CryptoUtil { Name n = certTemplate.getSubject(); ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream(); n.encode(subjectEncStream); - + byte[] b = subjectEncStream.toByteArray(); X500Name subject = new X500Name(b); return subject.toString(); @@ -607,46 +601,46 @@ public class CryptoUtil { * Creates a Certificate template. */ public static X509CertInfo createX509CertInfo(KeyPair pair, - int serialno, String issuername, String subjname, + int serialno, String issuername, String subjname, Date notBefore, Date notAfter) - throws IOException, - CertificateException, + throws IOException, + CertificateException, InvalidKeyException { - return createX509CertInfo(convertPublicKeyToX509Key(pair.getPublic()), + return createX509CertInfo(convertPublicKeyToX509Key(pair.getPublic()), serialno, issuername, subjname, notBefore, notAfter); } public static X509CertInfo createX509CertInfo(PublicKey publickey, - int serialno, String issuername, String subjname, + int serialno, String issuername, String subjname, Date notBefore, Date notAfter) - throws IOException, - CertificateException, + throws IOException, + CertificateException, InvalidKeyException { return createX509CertInfo(convertPublicKeyToX509Key(publickey), serialno, issuername, subjname, notBefore, notAfter); } public static X509CertInfo createX509CertInfo(X509Key x509key, - int serialno, String issuername, String subjname, + int serialno, String issuername, String subjname, Date notBefore, Date notAfter) - throws IOException, - CertificateException, + throws IOException, + CertificateException, InvalidKeyException { // set default; use the other call with "alg" to set algorithm String alg = "SHA256withRSA"; try { - return createX509CertInfo (x509key, serialno, issuername, subjname, notBefore, notAfter, alg); + return createX509CertInfo(x509key, serialno, issuername, subjname, notBefore, notAfter, alg); } catch (NoSuchAlgorithmException ex) { - // for those that calls the old call without alg - throw new CertificateException("createX509CertInfo old call should not be here"); + // for those that calls the old call without alg + throw new CertificateException("createX509CertInfo old call should not be here"); } } public static X509CertInfo createX509CertInfo(X509Key x509key, - int serialno, String issuername, String subjname, + int serialno, String issuername, String subjname, Date notBefore, Date notAfter, String alg) - throws IOException, - CertificateException, + throws IOException, + CertificateException, InvalidKeyException, NoSuchAlgorithmException { X509CertInfo info = new X509CertInfo(); @@ -668,10 +662,9 @@ public class CryptoUtil { return info; } - - public static X509CertImpl signECCCert(PrivateKey privateKey, + public static X509CertImpl signECCCert(PrivateKey privateKey, X509CertInfo certInfo) - throws NoSuchTokenException, + throws NoSuchTokenException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, NoSuchTokenException, @@ -679,16 +672,15 @@ public class CryptoUtil { InvalidKeyException, SignatureException, IOException, - CertificateException - { + CertificateException { // set default; use the other call with "alg" to specify algorithm String alg = "SHA256withEC"; return signECCCert(privateKey, certInfo, alg); } - public static X509CertImpl signECCCert(PrivateKey privateKey, + public static X509CertImpl signECCCert(PrivateKey privateKey, X509CertInfo certInfo, String alg) - throws NoSuchTokenException, + throws NoSuchTokenException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, NoSuchTokenException, @@ -696,18 +688,17 @@ public class CryptoUtil { InvalidKeyException, SignatureException, IOException, - CertificateException - { - return signCert(privateKey, certInfo, + CertificateException { + return signCert(privateKey, certInfo, Cert.mapAlgorithmToJss(alg)); } /** * Signs certificate. */ - public static X509CertImpl signCert(PrivateKey privateKey, + public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo, String alg) - throws NoSuchTokenException, + throws NoSuchTokenException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, NoSuchTokenException, @@ -716,13 +707,13 @@ public class CryptoUtil { SignatureException, IOException, CertificateException { - return signCert (privateKey, certInfo, + return signCert(privateKey, certInfo, Cert.mapAlgorithmToJss(alg)); } - public static X509CertImpl signCert(PrivateKey privateKey, + public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo, SignatureAlgorithm sigAlg) - throws NoSuchTokenException, + throws NoSuchTokenException, CryptoManager.NotInitializedException, NoSuchAlgorithmException, NoSuchTokenException, @@ -735,28 +726,28 @@ public class CryptoUtil { DerInputStream ds = new DerInputStream(ASN1Util.encode(sigAlg.toOID())); ObjectIdentifier sigAlgOID = new ObjectIdentifier(ds); AlgorithmId aid = new AlgorithmId(sigAlgOID); - certInfo.set(X509CertInfo.ALGORITHM_ID, - new CertificateAlgorithmId(aid)); - - org.mozilla.jss.crypto.PrivateKey priKey = - (org.mozilla.jss.crypto.PrivateKey) privateKey; + certInfo.set(X509CertInfo.ALGORITHM_ID, + new CertificateAlgorithmId(aid)); + + org.mozilla.jss.crypto.PrivateKey priKey = + (org.mozilla.jss.crypto.PrivateKey) privateKey; CryptoToken token = priKey.getOwningToken(); - + DerOutputStream tmp = new DerOutputStream(); DerOutputStream out = new DerOutputStream(); - + certInfo.encode(tmp); Signature signer = token.getSignatureContext(sigAlg); - + signer.initSign(priKey); signer.update(tmp.toByteArray()); byte signed[] = signer.sign(); - + aid.encode(tmp); tmp.putBitString(signed); out.write(DerValue.tag_Sequence, tmp); X509CertImpl signedCert = new X509CertImpl(out.toByteArray()); - + return signedCert; } @@ -765,20 +756,20 @@ public class CryptoUtil { */ public static PKCS10 createCertificationRequest(String subjectName, X509Key pubk, PrivateKey prik) - throws NoSuchAlgorithmException, NoSuchProviderException, + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { // give default String alg = "SHA256withRSA"; if (isECCKey(pubk)) { - alg = "SHA256withEC"; + alg = "SHA256withEC"; } return createCertificationRequest(subjectName, pubk, prik, alg); } public static PKCS10 createCertificationRequest(String subjectName, X509Key pubk, PrivateKey prik, String alg) - throws NoSuchAlgorithmException, NoSuchProviderException, + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { X509Key key = pubk; @@ -799,7 +790,7 @@ public class CryptoUtil { */ public static PKCS10 createCertificationRequest(String subjectName, KeyPair keyPair) - throws NoSuchAlgorithmException, NoSuchProviderException, + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { String alg; @@ -813,45 +804,45 @@ public class CryptoUtil { // Assert.assert(pubk instanceof DSAPublicKey); alg = "DSA"; } - return createCertificationRequest(subjectName,keyPair, alg); + return createCertificationRequest(subjectName, keyPair, alg); } public static PKCS10 createCertificationRequest(String subjectName, KeyPair keyPair, String alg) - throws NoSuchAlgorithmException, NoSuchProviderException, + throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IOException, CertificateException, SignatureException { PublicKey pubk = keyPair.getPublic(); X509Key key = convertPublicKeyToX509Key(pubk); - + java.security.Signature sig = java.security.Signature.getInstance(alg, "Mozilla-JSS"); - + sig.initSign(keyPair.getPrivate()); - + PKCS10 pkcs10 = new PKCS10(key); - + X500Name name = new X500Name(subjectName); X500Signer signer = new X500Signer(sig, name); - + pkcs10.encodeAndSign(signer); - + return pkcs10; } public static void unTrustCert(InternalCertificate cert) { // remove TRUSTED_CA int flag = cert.getSSLTrust(); - + flag ^= InternalCertificate.VALID_CA; cert.setSSLTrust(flag); } - + /** * Trusts a certificate by nickname. */ - public static void trustCertByNickname(String nickname) - throws CryptoManager.NotInitializedException, + public static void trustCertByNickname(String nickname) + throws CryptoManager.NotInitializedException, TokenException { CryptoManager cm = CryptoManager.getInstance(); X509Certificate certs[] = cm.findCertsByNickname(nickname); @@ -871,12 +862,12 @@ public class CryptoUtil { int flag = InternalCertificate.VALID_CA | InternalCertificate.TRUSTED_CA | InternalCertificate.USER | InternalCertificate.TRUSTED_CLIENT_CA; - + cert.setSSLTrust(flag); cert.setObjectSigningTrust(flag); cert.setEmailTrust(flag); } - + /** * To certificate server point of view, SSL trust is * what we referring. @@ -889,7 +880,7 @@ public class CryptoUtil { return false; } } - + public static boolean isTrust(int flag) { if (((flag & InternalCertificate.VALID_CA) > 0) && ((flag & InternalCertificate.TRUSTED_CA) > 0) @@ -906,11 +897,11 @@ public class CryptoUtil { */ public static SymmetricKey generateKey(CryptoToken token, KeyGenAlgorithm alg) - throws TokenException, NoSuchAlgorithmException, + throws TokenException, NoSuchAlgorithmException, IllegalStateException { try { KeyGenerator kg = token.getKeyGenerator(alg); - + return kg.generate(); } catch (CharConversionException e) { throw new RuntimeException( @@ -950,18 +941,18 @@ public class CryptoUtil { /** * Retrieves a private key from a unique key ID. */ - public static PrivateKey findPrivateKeyFromID(byte id[]) - throws CryptoManager.NotInitializedException, + public static PrivateKey findPrivateKeyFromID(byte id[]) + throws CryptoManager.NotInitializedException, TokenException { CryptoManager cm = CryptoManager.getInstance(); @SuppressWarnings("unchecked") - Enumeration<CryptoToken> enums = cm.getAllTokens(); + Enumeration<CryptoToken> enums = cm.getAllTokens(); while (enums.hasMoreElements()) { - CryptoToken token = enums.nextElement(); + CryptoToken token = enums.nextElement(); String tokenName = token.getName(); CryptoStore store = token.getCryptoStore(); - PrivateKey keys[] = store.getPrivateKeys(); + PrivateKey keys[] = store.getPrivateKeys(); if (keys != null) { for (int i = 0; i < keys.length; i++) { @@ -978,20 +969,20 @@ public class CryptoUtil { * Retrieves all user certificates from all tokens. */ public static X509CertImpl[] getAllUserCerts() - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, TokenException { Vector<X509CertImpl> certs = new Vector<X509CertImpl>(); CryptoManager cm = CryptoManager.getInstance(); @SuppressWarnings("unchecked") - Enumeration<CryptoToken> enums = cm.getAllTokens(); + Enumeration<CryptoToken> enums = cm.getAllTokens(); while (enums.hasMoreElements()) { CryptoToken token = (CryptoToken) enums.nextElement(); String tokenName = token.getName(); - + CryptoStore store = token.getCryptoStore(); org.mozilla.jss.crypto.X509Certificate list[] = store.getCertificates(); - + for (int i = 0; i < list.length; i++) { try { PrivateKey key = cm.findPrivKeyByCert(list[i]); @@ -1024,7 +1015,7 @@ public class CryptoUtil { * Deletes a private key. */ public static void deletePrivateKey(PrivateKey prikey) - throws CryptoManager.NotInitializedException, TokenException { + throws CryptoManager.NotInitializedException, TokenException { CryptoManager cm = CryptoManager.getInstance(); try { @@ -1032,21 +1023,23 @@ public class CryptoUtil { CryptoStore store = token.getCryptoStore(); store.deletePrivateKey(prikey); - } catch (NoSuchItemOnTokenException e) {} + } catch (NoSuchItemOnTokenException e) { + } } /** * Retrieves a private key by nickname. */ public static PrivateKey getPrivateKey(String nickname) - throws CryptoManager.NotInitializedException, TokenException { + throws CryptoManager.NotInitializedException, TokenException { try { CryptoManager cm = CryptoManager.getInstance(); X509Certificate cert = cm.findCertByNickname(nickname); org.mozilla.jss.crypto.PrivateKey prikey = cm.findPrivKeyByCert(cert); return prikey; - } catch (ObjectNotFoundException e) {} + } catch (ObjectNotFoundException e) { + } return null; } @@ -1054,7 +1047,7 @@ public class CryptoUtil { * Deletes all certificates by a nickname. */ public static void deleteAllCertificates(String nickname) - throws CryptoManager.NotInitializedException, TokenException { + throws CryptoManager.NotInitializedException, TokenException { CryptoManager cm = CryptoManager.getInstance(); X509Certificate certs[] = cm.findCertsByNickname(nickname); @@ -1070,18 +1063,20 @@ public class CryptoUtil { CryptoStore store = token.getCryptoStore(); store.deleteCert(cert); - } catch (NoSuchItemOnTokenException e) {} catch (ObjectNotFoundException e) {} + } catch (NoSuchItemOnTokenException e) { + } catch (ObjectNotFoundException e) { + } } } /** - * Imports a PKCS#7 certificate chain that includes the user + * Imports a PKCS#7 certificate chain that includes the user * certificate, and trusts the certificate. */ - public static X509Certificate importUserCertificateChain(String c, + public static X509Certificate importUserCertificateChain(String c, String nickname) - throws CryptoManager.NotInitializedException, - CryptoManager.NicknameConflictException, + throws CryptoManager.NotInitializedException, + CryptoManager.NicknameConflictException, CryptoManager.UserCertConflictException, NoSuchItemOnTokenException, TokenException, @@ -1097,7 +1092,7 @@ public class CryptoUtil { * Imports a user certificate, and trusts the certificate. */ public static void importUserCertificate(X509CertImpl cert, String nickname) - throws CryptoManager.NotInitializedException, + throws CryptoManager.NotInitializedException, CertificateEncodingException, NoSuchItemOnTokenException, TokenException, @@ -1110,8 +1105,8 @@ public class CryptoUtil { } public static void importUserCertificate(X509CertImpl cert, String nickname, - boolean trust) - throws CryptoManager.NotInitializedException, + boolean trust) + throws CryptoManager.NotInitializedException, CertificateEncodingException, NoSuchItemOnTokenException, TokenException, @@ -1129,7 +1124,7 @@ public class CryptoUtil { CertificateChain certchain = new CertificateChain(); certchain.decode(bis); - java.security.cert.X509Certificate[] certs = certchain.getChain(); + java.security.cert.X509Certificate[] certs = certchain.getChain(); return certs; } @@ -1138,25 +1133,22 @@ public class CryptoUtil { // START ENABLE_ECC // This following can be removed when JSS with ECC capability // is integrated. -class CryptoAlgorithm extends Algorithm -{ +class CryptoAlgorithm extends Algorithm { protected CryptoAlgorithm(int oidIndex, String name) { super(oidIndex, name); } } -class CryptoKeyPairAlgorithm extends KeyPairAlgorithm -{ - protected CryptoKeyPairAlgorithm(int oidIndex, String name, Algorithm algFamily) { super(oidIndex, name, algFamily); +class CryptoKeyPairAlgorithm extends KeyPairAlgorithm { + protected CryptoKeyPairAlgorithm(int oidIndex, String name, Algorithm algFamily) { + super(oidIndex, name, algFamily); } } -class CryptoSignatureAlgorithm extends SignatureAlgorithm -{ +class CryptoSignatureAlgorithm extends SignatureAlgorithm { protected CryptoSignatureAlgorithm(int oidIndex, String name, - SignatureAlgorithm signingAlg, DigestAlgorithm digestAlg, - OBJECT_IDENTIFIER oid) - { + SignatureAlgorithm signingAlg, DigestAlgorithm digestAlg, + OBJECT_IDENTIFIER oid) { super(oidIndex, name, signingAlg, digestAlg, oid); } } diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/Module.java b/pki/base/util/src/com/netscape/cmsutil/crypto/Module.java index e7971ea7..16f948fd 100644 --- a/pki/base/util/src/com/netscape/cmsutil/crypto/Module.java +++ b/pki/base/util/src/com/netscape/cmsutil/crypto/Module.java @@ -31,34 +31,34 @@ public class Module { private Vector mTokens = null; private boolean mFound = false; - public Module (String name, String printName) { - mCommonName = name; - mUserFriendlyName = printName; - mTokens = new Vector(); + public Module(String name, String printName) { + mCommonName = name; + mUserFriendlyName = printName; + mTokens = new Vector(); } - public Module (String name, String printName, String image) { - mCommonName = name; - mUserFriendlyName = printName; - mImagePath = image; - mTokens = new Vector(); + public Module(String name, String printName, String image) { + mCommonName = name; + mUserFriendlyName = printName; + mImagePath = image; + mTokens = new Vector(); } public void addToken(CryptoToken t) { - Token token = new Token(t); - mTokens.addElement(token); + Token token = new Token(t); + mTokens.addElement(token); } public String getCommonName() { - return mCommonName; + return mCommonName; } public String getUserFriendlyName() { - return mUserFriendlyName; + return mUserFriendlyName; } public String getImagePath() { - return mImagePath; + return mImagePath; } public boolean isFound() { @@ -70,6 +70,6 @@ public class Module { } public Vector getTokens() { - return mTokens; + return mTokens; } } diff --git a/pki/base/util/src/com/netscape/cmsutil/crypto/Token.java b/pki/base/util/src/com/netscape/cmsutil/crypto/Token.java index f86e49bd..c6f5a5e3 100644 --- a/pki/base/util/src/com/netscape/cmsutil/crypto/Token.java +++ b/pki/base/util/src/com/netscape/cmsutil/crypto/Token.java @@ -22,36 +22,36 @@ import org.mozilla.jss.crypto.CryptoToken; public class Token { CryptoToken mToken; - public Token (CryptoToken token) { - mToken = token; + public Token(CryptoToken token) { + mToken = token; } public String getNickName() { - String nickName=""; + String nickName = ""; try { - nickName = mToken.getName(); + nickName = mToken.getName(); } catch (Exception e) { } - return nickName; + return nickName; } public boolean isLoggedIn() { boolean isLoggedIn = false; try { - isLoggedIn = mToken.isLoggedIn(); + isLoggedIn = mToken.isLoggedIn(); } catch (Exception e) { } - return isLoggedIn; + return isLoggedIn; } public boolean isPresent() { boolean isPresent = false; try { - isPresent = mToken.isPresent(); + isPresent = mToken.isPresent(); } catch (Exception e) { } - return isPresent; + return isPresent; } } diff --git a/pki/base/util/src/com/netscape/cmsutil/http/ConnectAsync.java b/pki/base/util/src/com/netscape/cmsutil/http/ConnectAsync.java index 8922f38d..ca230ca2 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/ConnectAsync.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/ConnectAsync.java @@ -17,12 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - import java.net.SocketException; import com.netscape.cmsutil.net.ISocketFactory; - public class ConnectAsync extends Thread { String host = null; int port = 0; @@ -33,9 +31,9 @@ public class ConnectAsync extends Thread { this.host = host; this.port = port; this.obj = sock; - setName("ConnectAsync"); + setName("ConnectAsync"); } - + public void run() { try { obj.makeSocket(host, port); @@ -46,4 +44,3 @@ public class ConnectAsync extends Thread { } } } - diff --git a/pki/base/util/src/com/netscape/cmsutil/http/Http.java b/pki/base/util/src/com/netscape/cmsutil/http/Http.java index acece15d..2cda7fd1 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/Http.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/Http.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - public class Http { public static final String HttpVers = "HTTP/1.0"; diff --git a/pki/base/util/src/com/netscape/cmsutil/http/HttpClient.java b/pki/base/util/src/com/netscape/cmsutil/http/HttpClient.java index 130d747d..2ad67578 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/HttpClient.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/HttpClient.java @@ -60,7 +60,7 @@ public class HttpClient { } public void connect(String host, int port) - throws IOException { + throws IOException { if (mFactory != null) { if (mCertApprovalCallback == null) { mSocket = mFactory.makeSocket(host, port); @@ -76,7 +76,7 @@ public class HttpClient { throw e; } - + mInputStream = mSocket.getInputStream(); mOutputStream = mSocket.getOutputStream(); mInputStreamReader = new InputStreamReader(mInputStream, "UTF8"); @@ -87,7 +87,7 @@ public class HttpClient { // Inserted by beomsuk public void connect(String host, int port, int timeout) - throws IOException { + throws IOException { if (mFactory != null) { mSocket = mFactory.makeSocket(host, port, timeout); } else { @@ -99,7 +99,7 @@ public class HttpClient { throw e; } - + mInputStream = mSocket.getInputStream(); mOutputStream = mSocket.getOutputStream(); mInputStreamReader = new InputStreamReader(mInputStream, "UTF8"); @@ -114,14 +114,13 @@ public class HttpClient { } /** - * Sends a request to http server. - * Returns a http response. + * Sends a request to http server. + * Returns a http response. */ - public HttpResponse send(HttpRequest request) - throws IOException { + public HttpResponse send(HttpRequest request) + throws IOException { HttpResponse resp = new HttpResponse(); - if (mOutputStream == null) throw new IOException("Output stream not initialized"); request.write(mOutputStreamWriter); @@ -137,7 +136,7 @@ public class HttpClient { } public void disconnect() - throws IOException { + throws IOException { mSocket.close(); mInputStream = null; mOutputStream = null; @@ -172,7 +171,7 @@ public class HttpClient { * unit test */ public static void main(String args[]) - throws Exception { + throws Exception { HttpClient c = new HttpClient(); HttpRequest req = new HttpRequest(); HttpResponse resp = null; @@ -182,7 +181,7 @@ public class HttpClient { req.setMethod("GET"); req.setURI(args[2]); - if (args.length >= 4) + if (args.length >= 4) req.setHeader("Connection", args[3]); resp = c.send(req); @@ -203,7 +202,8 @@ public class HttpClient { char[] msgbody; for (int i = 0; i < 2; i++) { - if (i == 1) req.setHeader("Connection", "Close"); + if (i == 1) + req.setHeader("Connection", "Close"); resp = c.send(req); System.out.println("version " + resp.getHttpVers()); System.out.println("status code " + resp.getStatusCode()); diff --git a/pki/base/util/src/com/netscape/cmsutil/http/HttpEofException.java b/pki/base/util/src/com/netscape/cmsutil/http/HttpEofException.java index e5573612..824b9ea2 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/HttpEofException.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/HttpEofException.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - import java.io.IOException; - public class HttpEofException extends IOException { /** * diff --git a/pki/base/util/src/com/netscape/cmsutil/http/HttpMessage.java b/pki/base/util/src/com/netscape/cmsutil/http/HttpMessage.java index 93eeef68..100cbb5a 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/HttpMessage.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/HttpMessage.java @@ -17,21 +17,19 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - import java.io.BufferedReader; import java.io.IOException; import java.io.OutputStreamWriter; import java.util.Enumeration; import java.util.Hashtable; - /** - * Basic HTTP Message, excluding message body. + * Basic HTTP Message, excluding message body. * Not optimized for performance. * Set fields or parse from input. */ public class HttpMessage { - protected String mLine = null; // request or response line. + protected String mLine = null; // request or response line. protected Hashtable mHeaders = null; protected String mContent = null; // arbitrary content chars assumed. @@ -42,14 +40,14 @@ public class HttpMessage { mHeaders = new Hashtable(); } - /** + /** * Set a header field. <br> * Content-length is automatically set on write.<br> * If value spans multiple lines must be in proper http format for * multiple lines. */ public void setHeader(String name, String value) { - if (mHeaders == null) + if (mHeaders == null) mHeaders = new Hashtable(); mHeaders.put(name.toLowerCase(), value); } @@ -62,11 +60,11 @@ public class HttpMessage { } /** - * write http headers - * does not support values of more than one line + * write http headers + * does not support values of more than one line */ public void writeHeaders(OutputStreamWriter writer) - throws IOException { + throws IOException { if (mHeaders != null) { Enumeration keys = mHeaders.keys(); String header, value; @@ -85,7 +83,7 @@ public class HttpMessage { * does not support values of more than one line or multivalue headers. */ public void readHeaders(BufferedReader reader) - throws IOException { + throws IOException { mHeaders = new Hashtable(); int colon; @@ -93,7 +91,7 @@ public class HttpMessage { while (true) { line = reader.readLine(); - if (line == null || line.equals("")) + if (line == null || line.equals("")) break; colon = line.indexOf(':'); if (colon == -1) { @@ -107,7 +105,7 @@ public class HttpMessage { } public void write(OutputStreamWriter writer) - throws IOException { + throws IOException { writer.write(mLine + Http.CRLF); writeHeaders(writer); writer.flush(); @@ -118,12 +116,12 @@ public class HttpMessage { } public void parse(BufferedReader reader) - throws IOException { + throws IOException { String line = reader.readLine(); -// if (line == null) { - // throw new HttpEofException("End of stream reached"); - // } + // if (line == null) { + // throw new HttpEofException("End of stream reached"); + // } if (line.equals("")) { throw new HttpProtocolException("Bad Http req/resp line " + line); } @@ -143,7 +141,7 @@ public class HttpMessage { done = reader.read(cbuf, total, len - total); total += done; } - + mContent = new String(cbuf); } } diff --git a/pki/base/util/src/com/netscape/cmsutil/http/HttpProtocolException.java b/pki/base/util/src/com/netscape/cmsutil/http/HttpProtocolException.java index 6b2fc75f..b5ceb1d7 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/HttpProtocolException.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/HttpProtocolException.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - import java.io.IOException; - public class HttpProtocolException extends IOException { /** * diff --git a/pki/base/util/src/com/netscape/cmsutil/http/HttpRequest.java b/pki/base/util/src/com/netscape/cmsutil/http/HttpRequest.java index 76232a2d..9024dabf 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/HttpRequest.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/HttpRequest.java @@ -17,16 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - import java.io.BufferedReader; import java.io.IOException; import java.io.OutputStreamWriter; - /** * Basic HTTP Request. not optimized for performance. * Set fields or parse from input. - * Handles text content. + * Handles text content. */ public class HttpRequest extends HttpMessage { public static final String GET = "GET"; @@ -48,9 +46,9 @@ public class HttpRequest extends HttpMessage { * set set request method. */ public void setMethod(String method) - throws HttpProtocolException { - if (!method.equals(GET) && !method.equals(HEAD) && - !method.equals(POST)) + throws HttpProtocolException { + if (!method.equals(GET) && !method.equals(HEAD) && + !method.equals(POST)) throw new HttpProtocolException("No such method " + method); mMethod = method; } @@ -66,7 +64,7 @@ public class HttpRequest extends HttpMessage { * write request to the http client */ public void write(OutputStreamWriter writer) - throws IOException { + throws IOException { if (mMethod == null || mURI == null) { HttpProtocolException e = new HttpProtocolException( "Http request method or uri not initialized"); @@ -83,17 +81,17 @@ public class HttpRequest extends HttpMessage { * parse a http request from a http client */ public void parse(BufferedReader reader) - throws IOException { + throws IOException { super.parse(reader); int method = mLine.indexOf(Http.SP); mMethod = mLine.substring(0, method); - if (!mMethod.equals(GET) && !mMethod.equals(POST) && - !mMethod.equals(HEAD)) { + if (!mMethod.equals(GET) && !mMethod.equals(POST) && + !mMethod.equals(HEAD)) { reset(); throw new HttpProtocolException("Bad Http request method"); - } + } int uri = mLine.lastIndexOf(Http.SP); @@ -101,8 +99,8 @@ public class HttpRequest extends HttpMessage { mHttpVers = mLine.substring(uri + 1); if (!mHttpVers.equals("")) { - if (!mHttpVers.equals(Http.Vers1_0) && - !mHttpVers.equals(Http.Vers1_1)) { + if (!mHttpVers.equals(Http.Vers1_0) && + !mHttpVers.equals(Http.Vers1_1)) { reset(); throw new HttpProtocolException("Bad Http version in request"); } diff --git a/pki/base/util/src/com/netscape/cmsutil/http/HttpResponse.java b/pki/base/util/src/com/netscape/cmsutil/http/HttpResponse.java index 09d8e562..7ac7e2f6 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/HttpResponse.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/HttpResponse.java @@ -17,12 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - import java.io.BufferedReader; import java.io.IOException; import java.io.OutputStreamWriter; - /** * Basic HTTP Response. * Set fields or parse from input. @@ -72,7 +70,7 @@ public class HttpResponse extends HttpMessage { * write the response out to the http client */ public void write(OutputStreamWriter writer) - throws IOException { + throws IOException { if (mStatusCode == null) { throw new HttpProtocolException("status code not set in response"); } @@ -88,7 +86,7 @@ public class HttpResponse extends HttpMessage { * parse a http response from a http server */ public void parse(BufferedReader reader) - throws IOException { + throws IOException { mHttpVers = null; mStatusCode = null; mReasonPhrase = null; @@ -102,8 +100,8 @@ public class HttpResponse extends HttpMessage { throw new HttpProtocolException("no Http version in response"); } mHttpVers = mLine.substring(0, httpvers); - if (!mHttpVers.equals(Http.Vers1_0) && - !mHttpVers.equals(Http.Vers1_1)) { + if (!mHttpVers.equals(Http.Vers1_0) && + !mHttpVers.equals(Http.Vers1_1)) { reset(); throw new HttpProtocolException("Bad Http version in response"); } diff --git a/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java b/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java index 501886b5..79154981 100644 --- a/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java +++ b/pki/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.http; - import java.io.IOException; import java.net.Socket; import java.net.SocketException; @@ -35,12 +34,12 @@ import com.netscape.cmsutil.net.ISocketFactory; /** * Uses NSS ssl socket. - * + * * @version $Revision$ $Date$ */ public class JssSSLSocketFactory implements ISocketFactory { private String mClientAuthCertNickname = null; - private SSLSocket s = null; + private SSLSocket s = null; public JssSSLSocketFactory() { } @@ -71,51 +70,49 @@ public class JssSSLSocketFactory implements ISocketFactory { SSLSocket.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 0 }; - + static { int i; - for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; - i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) { + for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) { try { SSLSocket.setCipherPreferenceDefault(i, false); - } catch( SocketException e) { + } catch (SocketException e) { } } //skip SSL_EN_IDEA_128_EDE3_CBC_WITH_MD5 - for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; - i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) { + for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) { try { SSLSocket.setCipherPreferenceDefault(i, false); - } catch( SocketException e) { + } catch (SocketException e) { } } for (i = 0; cipherSuites[i] != 0; ++i) { try { SSLSocket.setCipherPreferenceDefault(cipherSuites[i], true); - } catch( SocketException e) { + } catch (SocketException e) { } } } - public Socket makeSocket(String host, int port) - throws IOException, UnknownHostException { + public Socket makeSocket(String host, int port) + throws IOException, UnknownHostException { return makeSocket(host, port, null, null); } - public Socket makeSocket(String host, int port, - SSLCertificateApprovalCallback certApprovalCallback, - SSLClientCertificateSelectionCallback clientCertCallback) - throws IOException, UnknownHostException { + public Socket makeSocket(String host, int port, + SSLCertificateApprovalCallback certApprovalCallback, + SSLClientCertificateSelectionCallback clientCertCallback) + throws IOException, UnknownHostException { try { s = new SSLSocket(host, port, null, 0, certApprovalCallback, - clientCertCallback); + clientCertCallback); for (int i = 0; cipherSuites[i] != 0; ++i) { try { SSLSocket.setCipherPreferenceDefault(cipherSuites[i], true); - } catch( SocketException e) { + } catch (SocketException e) { } } @@ -154,8 +151,8 @@ public class JssSSLSocketFactory implements ISocketFactory { return s; } - public Socket makeSocket(String host, int port, int timeout) - throws IOException, UnknownHostException { + public Socket makeSocket(String host, int port, int timeout) + throws IOException, UnknownHostException { Thread t = new ConnectAsync(this, host, port); t.start(); @@ -163,7 +160,7 @@ public class JssSSLSocketFactory implements ISocketFactory { t.join(1000 * timeout); } catch (InterruptedException e) { } - + if (t.isAlive()) { } @@ -179,9 +176,8 @@ public class JssSSLSocketFactory implements ISocketFactory { public ClientHandshakeCB(Object sc) { this.sc = sc; } - + public void handshakeCompleted(SSLHandshakeCompletedEvent event) { } } } - diff --git a/pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java b/pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java index eaae0007..132e65e6 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java +++ b/pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java @@ -44,18 +44,18 @@ public class LDAPUtil { LDIFContent content = record.getContent(); int type = content.getType(); if (type == LDIFContent.ATTRIBUTE_CONTENT) { - LDIFAttributeContent c = (LDIFAttributeContent)content; + LDIFAttributeContent c = (LDIFAttributeContent) content; LDAPAttribute[] attrs = c.getAttributes(); LDAPAttributeSet myAttrs = new LDAPAttributeSet(); - for (int i=0; i<attrs.length; i++) + for (int i = 0; i < attrs.length; i++) myAttrs.add(attrs[i]); LDAPEntry entry = new LDAPEntry(dn, myAttrs); try { conn.add(entry); } catch (LDAPException ee) { } - } else if (type == LDIFContent.MODIFICATION_CONTENT) { - LDIFModifyContent c = (LDIFModifyContent)content; + } else if (type == LDIFContent.MODIFICATION_CONTENT) { + LDIFModifyContent c = (LDIFModifyContent) content; LDAPModification[] mods = c.getModifications(); try { conn.modify(dn, mods); diff --git a/pki/base/util/src/com/netscape/cmsutil/net/ISocketFactory.java b/pki/base/util/src/com/netscape/cmsutil/net/ISocketFactory.java index 9227f591..18f6cac8 100644 --- a/pki/base/util/src/com/netscape/cmsutil/net/ISocketFactory.java +++ b/pki/base/util/src/com/netscape/cmsutil/net/ISocketFactory.java @@ -24,15 +24,15 @@ import java.net.UnknownHostException; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback; -public interface ISocketFactory -{ - Socket makeSocket(String host, int port) - throws IOException, UnknownHostException; - Socket makeSocket(String host, int port, int timeout) - throws IOException, UnknownHostException; - Socket makeSocket(String host, int port, - SSLCertificateApprovalCallback certApprovalCallback, - SSLClientCertificateSelectionCallback clientCertCallback) - throws IOException, UnknownHostException; -} +public interface ISocketFactory { + Socket makeSocket(String host, int port) + throws IOException, UnknownHostException; + + Socket makeSocket(String host, int port, int timeout) + throws IOException, UnknownHostException; + Socket makeSocket(String host, int port, + SSLCertificateApprovalCallback certApprovalCallback, + SSLClientCertificateSelectionCallback clientCertCallback) + throws IOException, UnknownHostException; +} diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/BasicOCSPResponse.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/BasicOCSPResponse.java index f6306b78..11ae7f15 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/BasicOCSPResponse.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/BasicOCSPResponse.java @@ -35,7 +35,7 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; /** * RFC 2560: - * + * * <pre> * BasicOCSPResponse ::= SEQUENCE { * tbsResponseData ResponseData, @@ -43,11 +43,10 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class BasicOCSPResponse implements Response -{ +public class BasicOCSPResponse implements Response { private byte mData[] = null; private ResponseData _rd = null; private AlgorithmIdentifier _signAlg = null; @@ -55,21 +54,18 @@ public class BasicOCSPResponse implements Response private Certificate _certs[] = null; public BasicOCSPResponse(ResponseData rd, AlgorithmIdentifier signAlg, - BIT_STRING signature, Certificate certs[]) - { + BIT_STRING signature, Certificate certs[]) { _rd = rd; _signAlg = signAlg; _signature = signature; _certs = certs; } - public BasicOCSPResponse(OCTET_STRING os) - { + public BasicOCSPResponse(OCTET_STRING os) { this(os.toByteArray()); } - public BasicOCSPResponse(byte data[]) - { + public BasicOCSPResponse(byte data[]) { mData = data; // extract _rd, _signAlg, _signature and _certs @@ -79,23 +75,21 @@ public class BasicOCSPResponse implements Response _signAlg = resp.getSignatureAlgorithm(); _signature = resp.getSignature(); _certs = resp.getCerts(); - } catch (Exception e) { + } catch (Exception e) { // exception in decoding byte data - } + } } private static final Tag TAG = SEQUENCE.TAG; - public Tag getTag() - { + public Tag getTag() { return TAG; } - public void encode(Tag t, OutputStream os) throws IOException - { - if (mData != null) { - os.write(mData); - } else { + public void encode(Tag t, OutputStream os) throws IOException { + if (mData != null) { + os.write(mData); + } else { SEQUENCE seq = new SEQUENCE(); seq.addElement(_rd); seq.addElement(_signAlg); @@ -105,50 +99,42 @@ public class BasicOCSPResponse implements Response for (Certificate c : _certs) { certsSeq.addElement(c); } - EXPLICIT certsExplicit = new EXPLICIT(new Tag(0),certsSeq); + EXPLICIT certsExplicit = new EXPLICIT(new Tag(0), certsSeq); seq.addElement(certsExplicit); } - seq.encode(t,os); - } + seq.encode(t, os); + } } - public void encode(OutputStream os) throws IOException - { + public void encode(OutputStream os) throws IOException { encode(TAG, os); } - public OCTET_STRING getBytes() - { + public OCTET_STRING getBytes() { return null; } - public ResponseData getResponseData() - { + public ResponseData getResponseData() { return _rd; } - public AlgorithmIdentifier getSignatureAlgorithm() - { + public AlgorithmIdentifier getSignatureAlgorithm() { return _signAlg; } - public BIT_STRING getSignature() - { + public BIT_STRING getSignature() { return _signature; } - public int getCertsCount() - { + public int getCertsCount() { return (_certs != null) ? _certs.length : 0; } - public Certificate[] getCerts() - { - return _certs; + public Certificate[] getCerts() { + return _certs; } - public Certificate getCertificateAt(int pos) - { + public Certificate getCertificateAt(int pos) { return (_certs != null) ? _certs[pos] : null; } @@ -161,54 +147,49 @@ public class BasicOCSPResponse implements Response /** * A Template for decoding <code>ResponseBytes</code>. */ - public static class Template implements ASN1Template - { + public static class Template implements ASN1Template { private SEQUENCE.Template seqt; - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement( ResponseData.getTemplate() ); - seqt.addElement( AlgorithmIdentifier.getTemplate() ); - seqt.addElement( BIT_STRING.getTemplate() ); - seqt.addOptionalElement( new EXPLICIT.Template( - new Tag(0), new SEQUENCE.OF_Template( - Certificate.getTemplate())) ); - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - - ResponseData rd = (ResponseData)seq.elementAt(0); - AlgorithmIdentifier alg = (AlgorithmIdentifier)seq.elementAt(1); - BIT_STRING bs = (BIT_STRING)seq.elementAt(2); - Certificate[] certs = null; - if (seq.size() == 4) { - // optional certificates are present - EXPLICIT certSeqExplicit = (EXPLICIT) seq.elementAt(3); - SEQUENCE certSeq = (SEQUENCE) certSeqExplicit.getContent(); - if (certSeq != null) { - certs = new Certificate[certSeq.size()]; - for (int x = 0; x < certSeq.size(); x++) { - certs[x] = (Certificate) certSeq.elementAt(x); - } - } - } - - return new BasicOCSPResponse(rd, alg, bs, certs); - } + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(ResponseData.getTemplate()); + seqt.addElement(AlgorithmIdentifier.getTemplate()); + seqt.addElement(BIT_STRING.getTemplate()); + seqt.addOptionalElement(new EXPLICIT.Template( + new Tag(0), new SEQUENCE.OF_Template( + Certificate.getTemplate()))); + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + ResponseData rd = (ResponseData) seq.elementAt(0); + AlgorithmIdentifier alg = (AlgorithmIdentifier) seq.elementAt(1); + BIT_STRING bs = (BIT_STRING) seq.elementAt(2); + Certificate[] certs = null; + if (seq.size() == 4) { + // optional certificates are present + EXPLICIT certSeqExplicit = (EXPLICIT) seq.elementAt(3); + SEQUENCE certSeq = (SEQUENCE) certSeqExplicit.getContent(); + if (certSeq != null) { + certs = new Certificate[certSeq.size()]; + for (int x = 0; x < certSeq.size(); x++) { + certs[x] = (Certificate) certSeq.elementAt(x); + } + } + } + + return new BasicOCSPResponse(rd, alg, bs, certs); + } } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/CertID.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/CertID.java index 3c563d93..b6979c78 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/CertID.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/CertID.java @@ -32,7 +32,7 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; /** * RFC 2560: - * + * * <pre> * CertID ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, @@ -40,130 +40,116 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; * issuerKeyHash OCTET STRING, -- Hash of Issuers public key * serialNumber CertificateSerialNumber } * </pre> - * + * * @version $Revision$ $Date$ */ -public class CertID implements ASN1Value -{ - /////////////////////////////////////////////////////////////////////// - // Members and member access - /////////////////////////////////////////////////////////////////////// - private AlgorithmIdentifier hashAlgorithm; - private OCTET_STRING issuerNameHash; - private OCTET_STRING issuerKeyHash; - private INTEGER serialNumber; - private SEQUENCE sequence; - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public OCTET_STRING getIssuerNameHash() - { - return issuerNameHash; - } - - public OCTET_STRING getIssuerKeyHash() - { - return issuerKeyHash; - } - - public INTEGER getSerialNumber() - { - return serialNumber; - } - - /////////////////////////////////////////////////////////////////////// - // Constructors - /////////////////////////////////////////////////////////////////////// - - public CertID(AlgorithmIdentifier hashAlgorithm, - OCTET_STRING issuerNameHash, OCTET_STRING issuerKeyHash, - INTEGER serialNumber) - { - sequence = new SEQUENCE(); - - this.hashAlgorithm = hashAlgorithm; - sequence.addElement(hashAlgorithm); - - this.issuerNameHash = issuerNameHash; - sequence.addElement(issuerNameHash); - - this.issuerKeyHash = issuerKeyHash; - sequence.addElement(issuerKeyHash); - - this.serialNumber = serialNumber; - sequence.addElement(serialNumber); - } - - /////////////////////////////////////////////////////////////////////// - // encoding/decoding - /////////////////////////////////////////////////////////////////////// - - private static final Tag TAG = SEQUENCE.TAG; - - public Tag getTag() - { - return TAG; - } - - public void encode(OutputStream ostream) throws IOException - { - encode(TAG, ostream); - } - - public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { - sequence.encode(implicitTag, ostream); - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() { - return templateInstance; - } - - /** - * A Template for decoding a <code>CertID</code>. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement( AlgorithmIdentifier.getTemplate() ); - seqt.addElement( OCTET_STRING.getTemplate() ); - seqt.addElement( OCTET_STRING.getTemplate() ); - seqt.addElement( INTEGER.getTemplate() ); - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - - return new CertID( - (AlgorithmIdentifier) seq.elementAt(0), - (OCTET_STRING) seq.elementAt(1), - (OCTET_STRING) seq.elementAt(2), - (INTEGER) seq.elementAt(3)); - } - } +public class CertID implements ASN1Value { + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + private AlgorithmIdentifier hashAlgorithm; + private OCTET_STRING issuerNameHash; + private OCTET_STRING issuerKeyHash; + private INTEGER serialNumber; + private SEQUENCE sequence; + + public AlgorithmIdentifier getHashAlgorithm() { + return hashAlgorithm; + } + + public OCTET_STRING getIssuerNameHash() { + return issuerNameHash; + } + + public OCTET_STRING getIssuerKeyHash() { + return issuerKeyHash; + } + + public INTEGER getSerialNumber() { + return serialNumber; + } + + /////////////////////////////////////////////////////////////////////// + // Constructors + /////////////////////////////////////////////////////////////////////// + + public CertID(AlgorithmIdentifier hashAlgorithm, + OCTET_STRING issuerNameHash, OCTET_STRING issuerKeyHash, + INTEGER serialNumber) { + sequence = new SEQUENCE(); + + this.hashAlgorithm = hashAlgorithm; + sequence.addElement(hashAlgorithm); + + this.issuerNameHash = issuerNameHash; + sequence.addElement(issuerNameHash); + + this.issuerKeyHash = issuerKeyHash; + sequence.addElement(issuerKeyHash); + + this.serialNumber = serialNumber; + sequence.addElement(serialNumber); + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding a <code>CertID</code>. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(AlgorithmIdentifier.getTemplate()); + seqt.addElement(OCTET_STRING.getTemplate()); + seqt.addElement(OCTET_STRING.getTemplate()); + seqt.addElement(INTEGER.getTemplate()); + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + return new CertID( + (AlgorithmIdentifier) seq.elementAt(0), + (OCTET_STRING) seq.elementAt(1), + (OCTET_STRING) seq.elementAt(2), + (INTEGER) seq.elementAt(3)); + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/CertStatus.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/CertStatus.java index c6fe4b51..a90eb215 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/CertStatus.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/CertStatus.java @@ -21,16 +21,15 @@ import org.mozilla.jss.asn1.ASN1Value; /** * RFC 2560: - * + * * <pre> * CertStatus ::= CHOICE { * good [0] IMPLICIT NULL, * revoked [1] IMPLICIT RevokedInfo, * unknown [2] IMPLICIT UnknownInfo } * </pre> - * + * * @version $Revision$ $Date$ */ -public interface CertStatus extends ASN1Value -{ +public interface CertStatus extends ASN1Value { } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/GoodInfo.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/GoodInfo.java index c0b5015d..fa738726 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/GoodInfo.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/GoodInfo.java @@ -30,79 +30,69 @@ import org.mozilla.jss.asn1.Tag; /** * RFC 2560: - * + * * <pre> * CertStatus ::= CHOICE { * good [0] IMPLICIT NULL, * revoked [1] IMPLICIT RevokedInfo, * unknown [2] IMPLICIT UnknownInfo } * </pre> - * + * * @version $Revision$ $Date$ */ -public class GoodInfo implements CertStatus -{ - private static final Tag TAG = SEQUENCE.TAG; +public class GoodInfo implements CertStatus { + private static final Tag TAG = SEQUENCE.TAG; - public GoodInfo() - { - } + public GoodInfo() { + } - public Tag getTag() - { - return Tag.get(0); - } + public Tag getTag() { + return Tag.get(0); + } - public void encode(Tag t, OutputStream os) throws IOException - { - NULL.getInstance().encode(getTag(), os); - } + public void encode(Tag t, OutputStream os) throws IOException { + NULL.getInstance().encode(getTag(), os); + } - public void encode(OutputStream os) throws IOException - { - encode(getTag(), os); - } + public void encode(OutputStream os) throws IOException { + encode(getTag(), os); + } - private static final Template templateInstance = new Template(); + private static final Template templateInstance = new Template(); - public static Template getTemplate() { - return templateInstance; - } + public static Template getTemplate() { + return templateInstance; + } - /** - * A Template for decoding <code>ResponseBytes</code>. - */ - public static class Template implements ASN1Template - { + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template { - private SEQUENCE.Template seqt; + private SEQUENCE.Template seqt; - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement(new NULL.Template() ); + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(new NULL.Template()); - } + } - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - // SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, - // istream); + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + // SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + // istream); - return new GoodInfo(); + return new GoodInfo(); - } } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/KeyHashID.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/KeyHashID.java index 96a3e44f..358fb0eb 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/KeyHashID.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/KeyHashID.java @@ -30,87 +30,76 @@ import org.mozilla.jss.asn1.Tag; /** * RFC 2560: - * + * * <pre> * ResponderID ::= CHOICE { * byName [1] EXPLICIT Name, * byKey [2] EXPLICIT KeyHash } * </pre> - * + * * @version $Revision$ $Date$ */ -public class KeyHashID implements ResponderID -{ - private OCTET_STRING _hash = null; - private static final Tag TAG = SEQUENCE.TAG; - - public KeyHashID(OCTET_STRING hash) - { - _hash = hash; - } - - public Tag getTag() - { - return Tag.get(2); - } - - public void encode(Tag tag, OutputStream os) throws IOException - { - _hash.encode(os); - } - - public void encode(OutputStream os) throws IOException - { - _hash.encode(os); - } - - public OCTET_STRING getHash() - { - return _hash; - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() { - return templateInstance; +public class KeyHashID implements ResponderID { + private OCTET_STRING _hash = null; + private static final Tag TAG = SEQUENCE.TAG; + + public KeyHashID(OCTET_STRING hash) { + _hash = hash; + } + + public Tag getTag() { + return Tag.get(2); + } + + public void encode(Tag tag, OutputStream os) throws IOException { + _hash.encode(os); + } + + public void encode(OutputStream os) throws IOException { + _hash.encode(os); + } + + public OCTET_STRING getHash() { + return _hash; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + // seqt.addElement(new EXPLICIT.Template( + // new Tag (2), new OCTET_STRING.Template()) ); + seqt.addElement(new OCTET_STRING.Template()); + + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); } - /** - * A Template for decoding <code>ResponseBytes</code>. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); -// seqt.addElement(new EXPLICIT.Template( - // new Tag (2), new OCTET_STRING.Template()) ); - seqt.addElement(new OCTET_STRING.Template() ); - - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - OCTET_STRING o = (OCTET_STRING)seq.elementAt(0); - return new KeyHashID(o); - } - } + OCTET_STRING o = (OCTET_STRING) seq.elementAt(0); + return new KeyHashID(o); + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/NameID.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/NameID.java index aa6ef1b5..529ededb 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/NameID.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/NameID.java @@ -30,88 +30,77 @@ import org.mozilla.jss.pkix.primitive.Name; /** * RFC 2560: - * + * * <pre> * ResponderID ::= CHOICE { * byName [1] EXPLICIT Name, * byKey [2] EXPLICIT KeyHash } * </pre> - * + * * @version $Revision$ $Date$ */ -public class NameID implements ResponderID -{ - private Name _name = null; - private static final Tag TAG = SEQUENCE.TAG; - - public NameID(Name n) - { - _name = n; - } - - public Tag getTag() - { - return Tag.get(1); - } - - public void encode(Tag tag, OutputStream os) throws IOException - { - _name.encode(os); - } - - public void encode(OutputStream os) throws IOException - { - _name.encode(os); - } - - public Name getName() - { - return _name; - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() { - return templateInstance; +public class NameID implements ResponderID { + private Name _name = null; + private static final Tag TAG = SEQUENCE.TAG; + + public NameID(Name n) { + _name = n; + } + + public Tag getTag() { + return Tag.get(1); + } + + public void encode(Tag tag, OutputStream os) throws IOException { + _name.encode(os); + } + + public void encode(OutputStream os) throws IOException { + _name.encode(os); + } + + public Name getName() { + return _name; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + // seqt.addElement(new EXPLICIT.Template( + // new Tag (1), new Name.Template()) ); + seqt.addElement(new Name.Template()); + + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); } - /** - * A Template for decoding <code>ResponseBytes</code>. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - // seqt.addElement(new EXPLICIT.Template( - // new Tag (1), new Name.Template()) ); - seqt.addElement(new Name.Template()); - - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - - // EXPLICIT e_name = (EXPLICIT) seq.elementAt(0); - Name name = (Name)seq.elementAt(0); - return new NameID(name); - } - } + + // EXPLICIT e_name = (EXPLICIT) seq.elementAt(0); + Name name = (Name) seq.elementAt(0); + return new NameID(name); + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPRequest.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPRequest.java index ea2e5422..963bdc83 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPRequest.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPRequest.java @@ -30,125 +30,111 @@ import org.mozilla.jss.asn1.Tag; /** * RFC 2560: - * + * * <pre> * OCSPRequest ::= SEQUENCE { * tbsRequest TBSRequest, * optionalSignature [0] EXPLICIT Signature OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class OCSPRequest implements ASN1Value -{ - - /////////////////////////////////////////////////////////////////////// - // Members and member access - /////////////////////////////////////////////////////////////////////// - private TBSRequest tbsRequest; - private Signature optionalSignature; - private SEQUENCE sequence; - - /** - * Returns the <code>TBSRequest</code> field. - */ - public TBSRequest getTBSRequest() - { - return tbsRequest; - } - - /** - * Returns the <code>Signature</code> field. - */ - public Signature getSignature() - { - return optionalSignature; - } - - - /* THIS code is probably broken. It does not properly encode the explicit element */ - - public OCSPRequest(TBSRequest tbsRequest, Signature optionalSignature) - { - sequence = new SEQUENCE(); - - this.tbsRequest = tbsRequest; - sequence.addElement(tbsRequest); - - this.optionalSignature = optionalSignature; - if (optionalSignature != null) { - sequence.addElement(optionalSignature); - } - } - - /////////////////////////////////////////////////////////////////////// - // encoding/decoding - /////////////////////////////////////////////////////////////////////// - private static final Tag TAG = SEQUENCE.TAG; - - public Tag getTag() - { - return TAG; - } - - public void encode(OutputStream ostream) throws IOException - { - encode(TAG, ostream); - } - - public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { - sequence.encode(implicitTag, ostream); - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() - { - return templateInstance; - } - - /** - * A Template for decoding OCSPRequest. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement(TBSRequest.getTemplate()); - seqt.addOptionalElement( new EXPLICIT.Template( new Tag(0), - new Signature.Template()) ); - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(istream); - Signature signature = null; - if (seq.elementAt(1) != null) { - signature = (Signature)((EXPLICIT)seq.elementAt(1)).getContent(); - } - - return new OCSPRequest( - (TBSRequest) seq.elementAt(0), - signature); - } - } +public class OCSPRequest implements ASN1Value { + + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + private TBSRequest tbsRequest; + private Signature optionalSignature; + private SEQUENCE sequence; + + /** + * Returns the <code>TBSRequest</code> field. + */ + public TBSRequest getTBSRequest() { + return tbsRequest; + } + + /** + * Returns the <code>Signature</code> field. + */ + public Signature getSignature() { + return optionalSignature; + } + + /* THIS code is probably broken. It does not properly encode the explicit element */ + + public OCSPRequest(TBSRequest tbsRequest, Signature optionalSignature) { + sequence = new SEQUENCE(); + + this.tbsRequest = tbsRequest; + sequence.addElement(tbsRequest); + + this.optionalSignature = optionalSignature; + if (optionalSignature != null) { + sequence.addElement(optionalSignature); + } + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding OCSPRequest. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(TBSRequest.getTemplate()); + seqt.addOptionalElement(new EXPLICIT.Template(new Tag(0), + new Signature.Template())); + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(istream); + Signature signature = null; + if (seq.elementAt(1) != null) { + signature = (Signature) ((EXPLICIT) seq.elementAt(1)).getContent(); + } + + return new OCSPRequest( + (TBSRequest) seq.elementAt(0), + signature); + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponse.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponse.java index d8635fe2..6696cd9d 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponse.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponse.java @@ -30,118 +30,106 @@ import org.mozilla.jss.asn1.Tag; /** * RFC 2560: - * + * * <pre> * OCSPResponse ::= SEQUENCE { * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class OCSPResponse implements ASN1Value -{ - /////////////////////////////////////////////////////////////////////// - // Members and member access - /////////////////////////////////////////////////////////////////////// - private OCSPResponseStatus responseStatus = null; - private ResponseBytes responseBytes = null; - private SEQUENCE sequence; - - public OCSPResponseStatus getResponseStatus() - { - return responseStatus; - } - - public ResponseBytes getResponseBytes() - { - return responseBytes; - } - - public OCSPResponse(OCSPResponseStatus responseStatus, - ResponseBytes responseBytes) - { - sequence = new SEQUENCE(); - - this.responseStatus = responseStatus; - sequence.addElement(responseStatus); - - this.responseBytes = responseBytes; - sequence.addElement(new EXPLICIT(Tag.get(0), responseBytes)); - } - - /////////////////////////////////////////////////////////////////////// - // encoding/decoding - /////////////////////////////////////////////////////////////////////// - - private static final Tag TAG = SEQUENCE.TAG; - - public Tag getTag() - { - return TAG; - } - - public void encode(OutputStream ostream) throws IOException - { - encode(TAG, ostream); - } - - public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { - sequence.encode(implicitTag, ostream); - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() { - return templateInstance; - } - - /** - * A Template for decoding an <code>OCSPResponse</code>. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement( OCSPResponseStatus.getTemplate() ); - seqt.addOptionalElement( - new EXPLICIT.Template( - new Tag (0), new ResponseBytes.Template()) ); - - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - - OCSPResponseStatus rs = (OCSPResponseStatus) seq.elementAt(0); - ResponseBytes rb = null; - ASN1Value val = seq.elementAt(1); - if (val instanceof EXPLICIT) { - EXPLICIT exp = (EXPLICIT)val; - rb = (ResponseBytes)exp.getContent(); - } else { - rb = (ResponseBytes)val; - } - return new OCSPResponse(rs, rb); - } - } +public class OCSPResponse implements ASN1Value { + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + private OCSPResponseStatus responseStatus = null; + private ResponseBytes responseBytes = null; + private SEQUENCE sequence; + + public OCSPResponseStatus getResponseStatus() { + return responseStatus; + } + + public ResponseBytes getResponseBytes() { + return responseBytes; + } + + public OCSPResponse(OCSPResponseStatus responseStatus, + ResponseBytes responseBytes) { + sequence = new SEQUENCE(); + + this.responseStatus = responseStatus; + sequence.addElement(responseStatus); + + this.responseBytes = responseBytes; + sequence.addElement(new EXPLICIT(Tag.get(0), responseBytes)); + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding an <code>OCSPResponse</code>. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(OCSPResponseStatus.getTemplate()); + seqt.addOptionalElement( + new EXPLICIT.Template( + new Tag(0), new ResponseBytes.Template())); + + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + OCSPResponseStatus rs = (OCSPResponseStatus) seq.elementAt(0); + ResponseBytes rb = null; + ASN1Value val = seq.elementAt(1); + if (val instanceof EXPLICIT) { + EXPLICIT exp = (EXPLICIT) val; + rb = (ResponseBytes) exp.getContent(); + } else { + rb = (ResponseBytes) val; + } + return new OCSPResponse(rs, rb); + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponseStatus.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponseStatus.java index 145fbe7d..38ca881c 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponseStatus.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/OCSPResponseStatus.java @@ -29,7 +29,7 @@ import org.mozilla.jss.asn1.Tag; /** * RFC 2560: - * + * * <pre> * OCSPResponseStatus ::= ENUMERATED { * successful (0), --Response has valid confirmations @@ -41,90 +41,80 @@ import org.mozilla.jss.asn1.Tag; * unauthorized (6) --Request unauthorized * } * </pre> - * + * * @version $Revision$ $Date$ */ -public class OCSPResponseStatus implements ASN1Value -{ - /////////////////////////////////////////////////////////////////////// - // Members and member access - /////////////////////////////////////////////////////////////////////// - public final static OCSPResponseStatus SUCCESSFUL = - new OCSPResponseStatus(0); - public final static OCSPResponseStatus MALFORMED_REQUEST = - new OCSPResponseStatus(1); - public final static OCSPResponseStatus INTERNAL_ERROR = - new OCSPResponseStatus(2); - public final static OCSPResponseStatus TRY_LATER = - new OCSPResponseStatus(3); - public final static OCSPResponseStatus SIG_REQUIRED = - new OCSPResponseStatus(5); - public final static OCSPResponseStatus UNAUTHORIZED = - new OCSPResponseStatus(6); - - private ENUMERATED responseStatus; - - public long getValue() - { - return responseStatus.getValue(); - } - - public OCSPResponseStatus(long val) - { - responseStatus = new ENUMERATED(val); - } - - /////////////////////////////////////////////////////////////////////// - // encoding/decoding - /////////////////////////////////////////////////////////////////////// - - private static final Tag TAG = ENUMERATED.TAG; - - public Tag getTag() - { - return TAG; - } - - public void encode(OutputStream ostream) throws IOException - { - encode(TAG, ostream); - } - - public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { - responseStatus.encode(implicitTag, ostream); - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() { - return templateInstance; - } - - /** - * A Template for decoding an <code>OCSPResponseStatus</code>. - */ - public static class Template implements ASN1Template - { - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - ENUMERATED.Template enumt = new ENUMERATED.Template(); - ENUMERATED enum1 = (ENUMERATED) enumt.decode(implicitTag, istream); - - return new OCSPResponseStatus(enum1.getValue()); - } - } +public class OCSPResponseStatus implements ASN1Value { + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + public final static OCSPResponseStatus SUCCESSFUL = + new OCSPResponseStatus(0); + public final static OCSPResponseStatus MALFORMED_REQUEST = + new OCSPResponseStatus(1); + public final static OCSPResponseStatus INTERNAL_ERROR = + new OCSPResponseStatus(2); + public final static OCSPResponseStatus TRY_LATER = + new OCSPResponseStatus(3); + public final static OCSPResponseStatus SIG_REQUIRED = + new OCSPResponseStatus(5); + public final static OCSPResponseStatus UNAUTHORIZED = + new OCSPResponseStatus(6); + + private ENUMERATED responseStatus; + + public long getValue() { + return responseStatus.getValue(); + } + + public OCSPResponseStatus(long val) { + responseStatus = new ENUMERATED(val); + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + + private static final Tag TAG = ENUMERATED.TAG; + + public Tag getTag() { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException { + responseStatus.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding an <code>OCSPResponseStatus</code>. + */ + public static class Template implements ASN1Template { + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + ENUMERATED.Template enumt = new ENUMERATED.Template(); + ENUMERATED enum1 = (ENUMERATED) enumt.decode(implicitTag, istream); + + return new OCSPResponseStatus(enum1.getValue()); + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/Request.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/Request.java index 9f277bb9..85c97de2 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/Request.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/Request.java @@ -31,132 +31,117 @@ import org.mozilla.jss.pkix.cert.Extension; /** * RFC 2560: - * + * * <pre> * Request ::= SEQUENCE { * reqCert CertID, * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class Request implements ASN1Value -{ - /////////////////////////////////////////////////////////////////////// - // members and member access - /////////////////////////////////////////////////////////////////////// - private CertID reqCert = null; - private SEQUENCE singleRequestExtensions = null; - private SEQUENCE sequence = null; - - public CertID getCertID() - { - return reqCert; - } - - public int getExtensionsCount() - { - if(singleRequestExtensions == null) { - return 0; - } else { - return singleRequestExtensions.size(); - } - } - - public Extension getRequestExtensionAt(int index) - { - if(singleRequestExtensions == null) { - throw new ArrayIndexOutOfBoundsException(); - } - return (Extension) singleRequestExtensions.elementAt(index); - } - - public Request(CertID reqCert, SEQUENCE singleRequestExtensions) - { - sequence = new SEQUENCE(); - - this.reqCert = reqCert; - sequence.addElement(reqCert); - - if (singleRequestExtensions != null) { - this.singleRequestExtensions = singleRequestExtensions; - sequence.addElement(singleRequestExtensions); - } - } - - /////////////////////////////////////////////////////////////////////// - // encode / decode - /////////////////////////////////////////////////////////////////////// - private static final Tag TAG = SEQUENCE.TAG; - - public Tag getTag() - { - return TAG; - } - - public void encode(OutputStream ostream) throws IOException - { - encode(TAG, ostream); - } - - public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { - sequence.encode(implicitTag, ostream); - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() - { - return templateInstance; - } - - /** - * A Template for decoding Request. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement( CertID.getTemplate() ); - seqt.addOptionalElement(new EXPLICIT.Template(new Tag(0), - new SEQUENCE.OF_Template(new Extension.Template()) )); - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - - EXPLICIT tag = (EXPLICIT) seq.elementAt(1); - - if (tag == null) { - return new Request( - (CertID) seq.elementAt(0), - (SEQUENCE) null); - } - else { - return new Request( - (CertID) seq.elementAt(0), - (SEQUENCE) tag.getContent()); - } - } - } +public class Request implements ASN1Value { + /////////////////////////////////////////////////////////////////////// + // members and member access + /////////////////////////////////////////////////////////////////////// + private CertID reqCert = null; + private SEQUENCE singleRequestExtensions = null; + private SEQUENCE sequence = null; + + public CertID getCertID() { + return reqCert; + } + + public int getExtensionsCount() { + if (singleRequestExtensions == null) { + return 0; + } else { + return singleRequestExtensions.size(); + } + } + + public Extension getRequestExtensionAt(int index) { + if (singleRequestExtensions == null) { + throw new ArrayIndexOutOfBoundsException(); + } + return (Extension) singleRequestExtensions.elementAt(index); + } + + public Request(CertID reqCert, SEQUENCE singleRequestExtensions) { + sequence = new SEQUENCE(); + + this.reqCert = reqCert; + sequence.addElement(reqCert); + + if (singleRequestExtensions != null) { + this.singleRequestExtensions = singleRequestExtensions; + sequence.addElement(singleRequestExtensions); + } + } + + /////////////////////////////////////////////////////////////////////// + // encode / decode + /////////////////////////////////////////////////////////////////////// + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding Request. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(CertID.getTemplate()); + seqt.addOptionalElement(new EXPLICIT.Template(new Tag(0), + new SEQUENCE.OF_Template(new Extension.Template()))); + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + EXPLICIT tag = (EXPLICIT) seq.elementAt(1); + + if (tag == null) { + return new Request( + (CertID) seq.elementAt(0), + (SEQUENCE) null); + } else { + return new Request( + (CertID) seq.elementAt(0), + (SEQUENCE) tag.getContent()); + } + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponderID.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponderID.java index d5cfa680..02e30de0 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponderID.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponderID.java @@ -19,18 +19,16 @@ package com.netscape.cmsutil.ocsp; import org.mozilla.jss.asn1.ASN1Value; - /** * RFC 2560: - * + * * <pre> * ResponderID ::= CHOICE { * byName [1] EXPLICIT Name, * byKey [2] EXPLICIT KeyHash } * </pre> - * + * * @version $Revision$ $Date$ */ -public interface ResponderID extends ASN1Value -{ +public interface ResponderID extends ASN1Value { } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/Response.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/Response.java index eb011e1c..0d363e81 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/Response.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/Response.java @@ -22,14 +22,13 @@ import org.mozilla.jss.asn1.OCTET_STRING; /** * RFC 2560: - * + * * <pre> * response OCTET STRING * </pre> - * + * * @version $Revision$ $Date$ */ -public interface Response extends ASN1Value -{ - public OCTET_STRING getBytes(); +public interface Response extends ASN1Value { + public OCTET_STRING getBytes(); } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseBytes.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseBytes.java index b5fed0d9..c5d46114 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseBytes.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseBytes.java @@ -31,112 +31,100 @@ import org.mozilla.jss.asn1.Tag; /** * RFC 2560: - * + * * <pre> * ResponseBytes ::= SEQUENCE { * responseType OBJECT IDENTIFIER, * response OCTET STRING } * </pre> - * + * * @version $Revision$ $Date$ */ -public class ResponseBytes implements ASN1Value -{ - /////////////////////////////////////////////////////////////////////// - // Members and member access - /////////////////////////////////////////////////////////////////////// - public final static OBJECT_IDENTIFIER OCSP = - new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1"); - public final static OBJECT_IDENTIFIER OCSP_BASIC = - new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.1"); - - private OBJECT_IDENTIFIER responseType = null; - private OCTET_STRING response = null; - private SEQUENCE sequence; - - public OBJECT_IDENTIFIER getObjectIdentifier() - { - return responseType; - } - - public OCTET_STRING getResponse() - { - return response; - } - - public ResponseBytes(OBJECT_IDENTIFIER responseType, OCTET_STRING response) - { - sequence = new SEQUENCE(); - - this.responseType = responseType; - sequence.addElement(responseType); - - this.response = response; - sequence.addElement(response); - } - - /////////////////////////////////////////////////////////////////////// - // encoding/decoding - /////////////////////////////////////////////////////////////////////// - - private static final Tag TAG = SEQUENCE.TAG; - - public Tag getTag() - { - return TAG; - } - - public void encode(OutputStream ostream) throws IOException - { - encode(TAG, ostream); - } - - public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { - sequence.encode(implicitTag, ostream); - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() { - return templateInstance; - } - - /** - * A Template for decoding <code>ResponseBytes</code>. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement( OBJECT_IDENTIFIER.getTemplate() ); - seqt.addElement( OCTET_STRING.getTemplate() ); - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - - return new ResponseBytes( - (OBJECT_IDENTIFIER) seq.elementAt(0), - (OCTET_STRING) seq.elementAt(1)); - } - } +public class ResponseBytes implements ASN1Value { + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + public final static OBJECT_IDENTIFIER OCSP = + new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1"); + public final static OBJECT_IDENTIFIER OCSP_BASIC = + new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.1"); + + private OBJECT_IDENTIFIER responseType = null; + private OCTET_STRING response = null; + private SEQUENCE sequence; + + public OBJECT_IDENTIFIER getObjectIdentifier() { + return responseType; + } + + public OCTET_STRING getResponse() { + return response; + } + + public ResponseBytes(OBJECT_IDENTIFIER responseType, OCTET_STRING response) { + sequence = new SEQUENCE(); + + this.responseType = responseType; + sequence.addElement(responseType); + + this.response = response; + sequence.addElement(response); + } + + /////////////////////////////////////////////////////////////////////// + // encoding/decoding + /////////////////////////////////////////////////////////////////////// + + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(OBJECT_IDENTIFIER.getTemplate()); + seqt.addElement(OCTET_STRING.getTemplate()); + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + + return new ResponseBytes( + (OBJECT_IDENTIFIER) seq.elementAt(0), + (OCTET_STRING) seq.elementAt(1)); + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseData.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseData.java index 81c5eee4..1b28cf13 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseData.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/ResponseData.java @@ -35,7 +35,7 @@ import org.mozilla.jss.pkix.cert.Extension; /** * RFC 2560: - * + * * <pre> * ResponseData ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, @@ -44,13 +44,12 @@ import org.mozilla.jss.pkix.cert.Extension; * responses SEQUENCE OF SingleResponse, * responseExtensions [1] EXPLICIT Extensions OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class ResponseData implements ASN1Value -{ +public class ResponseData implements ASN1Value { private static final INTEGER v1 = new INTEGER(0); - private INTEGER mVer; + private INTEGER mVer; private ResponderID mRID = null; private GeneralizedTime mProduced = null; private SingleResponse mSR[] = null; @@ -58,7 +57,7 @@ public class ResponseData implements ASN1Value private static final Tag TAG = SEQUENCE.TAG; - public ResponseData(INTEGER ver, ResponderID rid, GeneralizedTime produced, + public ResponseData(INTEGER ver, ResponderID rid, GeneralizedTime produced, SingleResponse sr[], Extension exts[]) { mVer = (ver != null) ? ver : v1; mRID = rid; @@ -67,30 +66,25 @@ public class ResponseData implements ASN1Value mExts = exts; } - public ResponseData(ResponderID rid, GeneralizedTime produced, - SingleResponse sr[]) - { + public ResponseData(ResponderID rid, GeneralizedTime produced, + SingleResponse sr[]) { this(v1, rid, produced, sr, null); } - public ResponseData(ResponderID rid, GeneralizedTime produced, - SingleResponse sr[], Extension exts[]) - { + public ResponseData(ResponderID rid, GeneralizedTime produced, + SingleResponse sr[], Extension exts[]) { this(v1, rid, produced, sr, exts); } - - public Tag getTag() - { + + public Tag getTag() { return TAG; } - public void encode(OutputStream os) throws IOException - { + public void encode(OutputStream os) throws IOException { encode(null, os); } - public void encode(Tag t, OutputStream os) throws IOException - { + public void encode(Tag t, OutputStream os) throws IOException { SEQUENCE seq = new SEQUENCE(); if (mVer != v1) { @@ -116,35 +110,29 @@ public class ResponseData implements ASN1Value } else { seq.encode(t, os); } - } + } - public ResponderID getResponderID() - { + public ResponderID getResponderID() { return mRID; } - public GeneralizedTime getProducedAt() - { + public GeneralizedTime getProducedAt() { return mProduced; } - public int getResponseCount() - { + public int getResponseCount() { return (mSR != null) ? mSR.length : 0; } - public SingleResponse getResponseAt(int pos) - { + public SingleResponse getResponseAt(int pos) { return (mSR != null) ? mSR[pos] : null; } - public int getResponseExtensionCount() - { - return (mExts != null) ? mExts.length : 0; + public int getResponseExtensionCount() { + return (mExts != null) ? mExts.length : 0; } - public Extension getResponseExtensionAt(int pos) - { + public Extension getResponseExtensionAt(int pos) { return (mExts != null) ? mExts[pos] : null; } @@ -157,67 +145,62 @@ public class ResponseData implements ASN1Value /** * A Template for decoding <code>ResponseBytes</code>. */ - public static class Template implements ASN1Template - { + public static class Template implements ASN1Template { private SEQUENCE.Template seqt; - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addOptionalElement(new EXPLICIT.Template( - new Tag (0), new INTEGER.Template()) ); - seqt.addElement(new ANY.Template() ); - seqt.addElement(new GeneralizedTime.Template() ); + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addOptionalElement(new EXPLICIT.Template( + new Tag(0), new INTEGER.Template())); + seqt.addElement(new ANY.Template()); + seqt.addElement(new GeneralizedTime.Template()); seqt.addElement(new SEQUENCE.OF_Template( - SingleResponse.getTemplate())); + SingleResponse.getTemplate())); seqt.addOptionalElement(new EXPLICIT.Template( - new Tag(1), new SEQUENCE.OF_Template( - Extension.getTemplate()))); + new Tag(1), new SEQUENCE.OF_Template( + Extension.getTemplate()))); } - public boolean tagMatch(Tag tag) - { + public boolean tagMatch(Tag tag) { return TAG.equals(tag); } public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { + throws InvalidBERException, IOException { return decode(TAG, istream); } public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, - istream); + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + istream); INTEGER ver = v1; - EXPLICIT e_ver = (EXPLICIT)seq.elementAt(0); + EXPLICIT e_ver = (EXPLICIT) seq.elementAt(0); if (e_ver != null && e_ver.getTag().getNum() == 0) { - ver = (INTEGER)e_ver.getContent(); + ver = (INTEGER) e_ver.getContent(); } ResponderID rid = null; - ANY e_rid = (ANY)seq.elementAt(1); + ANY e_rid = (ANY) seq.elementAt(1); if (e_rid.getTag().getNum() == 1) { // name id - rid = (NameID) - NameID.getTemplate().decode(e_rid.getTag(), - new ByteArrayInputStream(e_rid.getEncoded())); + rid = (NameID) + NameID.getTemplate().decode(e_rid.getTag(), + new ByteArrayInputStream(e_rid.getEncoded())); } else if (e_rid.getTag().getNum() == 2) { // key hash id rid = (KeyHashID) - KeyHashID.getTemplate().decode(e_rid.getTag(), - new ByteArrayInputStream(e_rid.getEncoded())); + KeyHashID.getTemplate().decode(e_rid.getTag(), + new ByteArrayInputStream(e_rid.getEncoded())); } - GeneralizedTime producedAt = (GeneralizedTime) seq.elementAt(2); - SEQUENCE responses = (SEQUENCE)seq.elementAt(3); + GeneralizedTime producedAt = (GeneralizedTime) seq.elementAt(2); + SEQUENCE responses = (SEQUENCE) seq.elementAt(3); SingleResponse sr[] = null; - if ((responses != null) && (responses.size() > 0)) { + if ((responses != null) && (responses.size() > 0)) { sr = new SingleResponse[responses.size()]; for (int i = 0; i < responses.size(); i++) { - sr[i] = (SingleResponse)responses.elementAt(i); + sr[i] = (SingleResponse) responses.elementAt(i); } } @@ -226,14 +209,14 @@ public class ResponseData implements ASN1Value SEQUENCE extns_seq; Extension[] extns_array = null; if (extns_exp != null) { - extns_seq = (SEQUENCE)extns_exp.getContent(); + extns_seq = (SEQUENCE) extns_exp.getContent(); extns_array = new Extension[extns_seq.size()]; - for (int x=0;x<extns_array.length;x++) { + for (int x = 0; x < extns_array.length; x++) { extns_array[x] = (Extension) extns_seq.elementAt(x); } } return new ResponseData(ver, rid, producedAt, sr, extns_array); - } - } + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/RevokedInfo.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/RevokedInfo.java index b1b7489f..9b0b2d18 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/RevokedInfo.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/RevokedInfo.java @@ -32,94 +32,82 @@ import org.mozilla.jss.asn1.Tag; /** * RFC 2560: - * + * * <pre> * RevokedInfo ::= SEQUENCE { * revocationTime GeneralizedTime, * revocationReason [0] EXPLICIT CRLReason OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class RevokedInfo implements CertStatus -{ - private static final Tag TAG = SEQUENCE.TAG; +public class RevokedInfo implements CertStatus { + private static final Tag TAG = SEQUENCE.TAG; - private GeneralizedTime mRevokedAt; + private GeneralizedTime mRevokedAt; - public RevokedInfo(GeneralizedTime revokedAt) - { - mRevokedAt = revokedAt; - } + public RevokedInfo(GeneralizedTime revokedAt) { + mRevokedAt = revokedAt; + } - public Tag getTag() - { - return Tag.get(1); - } + public Tag getTag() { + return Tag.get(1); + } - public void encode(Tag t, OutputStream os) throws IOException - { - SEQUENCE seq = new SEQUENCE(); - seq.addElement(mRevokedAt); - seq.encode(t, os); - } + public void encode(Tag t, OutputStream os) throws IOException { + SEQUENCE seq = new SEQUENCE(); + seq.addElement(mRevokedAt); + seq.encode(t, os); + } - public void encode(OutputStream os) throws IOException - { - encode(getTag(), os); - } - - public GeneralizedTime getRevocationTime() - { - return mRevokedAt; - } + public void encode(OutputStream os) throws IOException { + encode(getTag(), os); + } + + public GeneralizedTime getRevocationTime() { + return mRevokedAt; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template { - private static final Template templateInstance = new Template(); + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(new GeneralizedTime.Template()); + seqt.addOptionalElement( + new EXPLICIT.Template(new Tag(0), + new INTEGER.Template())); + + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } - public static Template getTemplate() { - return templateInstance; + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); } - /** - * A Template for decoding <code>ResponseBytes</code>. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement(new GeneralizedTime.Template() ); - seqt.addOptionalElement( - new EXPLICIT.Template( new Tag(0), - new INTEGER.Template()) ); - - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - GeneralizedTime revokedAt = (GeneralizedTime) - seq.elementAt(0); - return new RevokedInfo(revokedAt); + GeneralizedTime revokedAt = (GeneralizedTime) + seq.elementAt(0); + return new RevokedInfo(revokedAt); - } } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/Signature.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/Signature.java index d670dfe2..b9b192ae 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/Signature.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/Signature.java @@ -33,142 +33,127 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; /** * RFC 2560: - * + * * <pre> * Signature ::= SEQUENCE { * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class Signature implements ASN1Value -{ - /////////////////////////////////////////////////////////////////////// - // Members and member access - /////////////////////////////////////////////////////////////////////// - private AlgorithmIdentifier signatureAlgorithm; - private BIT_STRING signature; - private SEQUENCE certs; - private SEQUENCE sequence; - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return signatureAlgorithm; - } - - public BIT_STRING getSignature() - { - return signature; - } - - public int getCertificateCount() - { - if(certs == null) { - return 0; - } else { - return certs.size(); - } - } - - public Certificate getCertificateAt(int index) - { - if(certs == null) { - throw new ArrayIndexOutOfBoundsException(); - } - return (Certificate) certs.elementAt(index); - } - - public Signature(AlgorithmIdentifier signatureAlgorithm, - BIT_STRING signature, SEQUENCE certs) - { - sequence = new SEQUENCE(); - - this.signatureAlgorithm = signatureAlgorithm; - sequence.addElement(signatureAlgorithm); - - this.signature = signature; - sequence.addElement(signature); - - this.certs = certs; - sequence.addElement(certs); - } - - /////////////////////////////////////////////////////////////////////// - // encode / decode - /////////////////////////////////////////////////////////////////////// - private static final Tag TAG = SEQUENCE.TAG; - - public Tag getTag() - { - return TAG; - } - - public void encode(OutputStream ostream) throws IOException - { - encode(TAG, ostream); - } - - public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { - sequence.encode(implicitTag, ostream); - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() - { - return templateInstance; - } - - /** - * A Template for decoding Request. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement( AlgorithmIdentifier.getTemplate() ); - seqt.addElement( BIT_STRING.getTemplate() ); - seqt.addOptionalElement( - new EXPLICIT.Template( - new Tag(0), - new SEQUENCE.OF_Template( new Certificate.Template()) - ) - ); - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - SEQUENCE certs=null; - if( seq.elementAt(2) != null ) { - certs = (SEQUENCE) ((EXPLICIT)seq.elementAt(2)).getContent(); - } - - return new Signature( - (AlgorithmIdentifier) seq.elementAt(0), - (BIT_STRING) seq.elementAt(1), - certs); - } - } +public class Signature implements ASN1Value { + /////////////////////////////////////////////////////////////////////// + // Members and member access + /////////////////////////////////////////////////////////////////////// + private AlgorithmIdentifier signatureAlgorithm; + private BIT_STRING signature; + private SEQUENCE certs; + private SEQUENCE sequence; + + public AlgorithmIdentifier getSignatureAlgorithm() { + return signatureAlgorithm; + } + + public BIT_STRING getSignature() { + return signature; + } + + public int getCertificateCount() { + if (certs == null) { + return 0; + } else { + return certs.size(); + } + } + + public Certificate getCertificateAt(int index) { + if (certs == null) { + throw new ArrayIndexOutOfBoundsException(); + } + return (Certificate) certs.elementAt(index); + } + + public Signature(AlgorithmIdentifier signatureAlgorithm, + BIT_STRING signature, SEQUENCE certs) { + sequence = new SEQUENCE(); + + this.signatureAlgorithm = signatureAlgorithm; + sequence.addElement(signatureAlgorithm); + + this.signature = signature; + sequence.addElement(signature); + + this.certs = certs; + sequence.addElement(certs); + } + + /////////////////////////////////////////////////////////////////////// + // encode / decode + /////////////////////////////////////////////////////////////////////// + private static final Tag TAG = SEQUENCE.TAG; + + public Tag getTag() { + return TAG; + } + + public void encode(OutputStream ostream) throws IOException { + encode(TAG, ostream); + } + + public void encode(Tag implicitTag, OutputStream ostream) + throws IOException { + sequence.encode(implicitTag, ostream); + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } + + /** + * A Template for decoding Request. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(AlgorithmIdentifier.getTemplate()); + seqt.addElement(BIT_STRING.getTemplate()); + seqt.addOptionalElement( + new EXPLICIT.Template( + new Tag(0), + new SEQUENCE.OF_Template(new Certificate.Template()) + ) + ); + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); + SEQUENCE certs = null; + if (seq.elementAt(2) != null) { + certs = (SEQUENCE) ((EXPLICIT) seq.elementAt(2)).getContent(); + } + + return new Signature( + (AlgorithmIdentifier) seq.elementAt(0), + (BIT_STRING) seq.elementAt(1), + certs); + } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/SingleResponse.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/SingleResponse.java index 1ce72747..ab54e501 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/SingleResponse.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/SingleResponse.java @@ -34,7 +34,7 @@ import org.mozilla.jss.pkix.cert.Extension; /** * RFC 2560: - * + * * <pre> * SingleResponse ::= SEQUENCE { * certID CertID, @@ -43,157 +43,140 @@ import org.mozilla.jss.pkix.cert.Extension; * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, * singleExtensions [1] EXPLICIT Extensions OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class SingleResponse implements ASN1Value -{ - private CertID mCID = null; - private CertStatus mStatus = null; - private GeneralizedTime mThisUpdate = null; - private GeneralizedTime mNextUpdate = null; - - private static final Tag TAG = SEQUENCE.TAG; - - public SingleResponse(CertID cid, CertStatus s, - GeneralizedTime thisUpdate, GeneralizedTime nextUpdate) - { - mCID = cid; - mStatus = s; - mThisUpdate = thisUpdate; - mNextUpdate = nextUpdate; - } - - public CertID getCertID() - { - return mCID; - } - - public Tag getTag() - { - return null; - } - - public void encode(Tag t, OutputStream os) throws IOException - { - SEQUENCE seq = new SEQUENCE(); - seq.addElement(mCID); - seq.addElement(mStatus); - seq.addElement(mThisUpdate); - if (mNextUpdate != null) - { - seq.addElement(new EXPLICIT(Tag.get(0), mNextUpdate)); - } - if (t == null) { - seq.encode(os); - } else { - seq.encode(t, os); - } - } - - public void encode(OutputStream os) throws IOException - { - encode(null, os); - } - - public CertStatus getCertStatus() - { - return mStatus; - } - - public GeneralizedTime getThisUpdate() - { - return mThisUpdate; - } - - public GeneralizedTime getNextUpdate() - { - return mNextUpdate; - } - - public int getExtensionCount() - { - return 0; - } - - public Extension getExtensionAt(int pos) - { - return null; - } - - private static final Template templateInstance = new Template(); - - public static Template getTemplate() { - return templateInstance; +public class SingleResponse implements ASN1Value { + private CertID mCID = null; + private CertStatus mStatus = null; + private GeneralizedTime mThisUpdate = null; + private GeneralizedTime mNextUpdate = null; + + private static final Tag TAG = SEQUENCE.TAG; + + public SingleResponse(CertID cid, CertStatus s, + GeneralizedTime thisUpdate, GeneralizedTime nextUpdate) { + mCID = cid; + mStatus = s; + mThisUpdate = thisUpdate; + mNextUpdate = nextUpdate; + } + + public CertID getCertID() { + return mCID; + } + + public Tag getTag() { + return null; + } + + public void encode(Tag t, OutputStream os) throws IOException { + SEQUENCE seq = new SEQUENCE(); + seq.addElement(mCID); + seq.addElement(mStatus); + seq.addElement(mThisUpdate); + if (mNextUpdate != null) { + seq.addElement(new EXPLICIT(Tag.get(0), mNextUpdate)); } + if (t == null) { + seq.encode(os); + } else { + seq.encode(t, os); + } + } + + public void encode(OutputStream os) throws IOException { + encode(null, os); + } + + public CertStatus getCertStatus() { + return mStatus; + } + + public GeneralizedTime getThisUpdate() { + return mThisUpdate; + } + + public GeneralizedTime getNextUpdate() { + return mNextUpdate; + } + + public int getExtensionCount() { + return 0; + } + + public Extension getExtensionAt(int pos) { + return null; + } + + private static final Template templateInstance = new Template(); + + public static Template getTemplate() { + return templateInstance; + } - /** - * A Template for decoding <code>ResponseBytes</code>. - */ - public static class Template implements ASN1Template - { - - private SEQUENCE.Template seqt; - - public Template() - { - seqt = new SEQUENCE.Template(); - seqt.addElement(new CertID.Template() ); - seqt.addElement(new ANY.Template() ); - seqt.addElement(new GeneralizedTime.Template() ); - seqt.addOptionalElement(new EXPLICIT.Template( + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template { + + private SEQUENCE.Template seqt; + + public Template() { + seqt = new SEQUENCE.Template(); + seqt.addElement(new CertID.Template()); + seqt.addElement(new ANY.Template()); + seqt.addElement(new GeneralizedTime.Template()); + seqt.addOptionalElement(new EXPLICIT.Template( new Tag(0), new GeneralizedTime.Template())); - seqt.addOptionalElement(new EXPLICIT.Template(new Tag(1), + seqt.addOptionalElement(new EXPLICIT.Template(new Tag(1), new SEQUENCE.OF_Template(new Extension.Template()))); - } - - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } - - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } - - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, - istream); - - CertID cid = (CertID)seq.elementAt(0); - CertStatus status = null; - ANY e_status = (ANY)seq.elementAt(1); - if (e_status.getTag().getNum() == 0) { - status = (GoodInfo) + } + + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } + + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } + + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + istream); + + CertID cid = (CertID) seq.elementAt(0); + CertStatus status = null; + ANY e_status = (ANY) seq.elementAt(1); + if (e_status.getTag().getNum() == 0) { + status = (GoodInfo) GoodInfo.getTemplate().decode( - e_status.getTag(), - new ByteArrayInputStream(e_status.getEncoded())); - // good - } else if (e_status.getTag().getNum() == 1) { - // revoked - status = (RevokedInfo) + e_status.getTag(), + new ByteArrayInputStream(e_status.getEncoded())); + // good + } else if (e_status.getTag().getNum() == 1) { + // revoked + status = (RevokedInfo) RevokedInfo.getTemplate().decode( - e_status.getTag(), - new ByteArrayInputStream(e_status.getEncoded())); - } else if (e_status.getTag().getNum() == 2) { - // unknown - status = (UnknownInfo) + e_status.getTag(), + new ByteArrayInputStream(e_status.getEncoded())); + } else if (e_status.getTag().getNum() == 2) { + // unknown + status = (UnknownInfo) UnknownInfo.getTemplate().decode( - e_status.getTag(), - new ByteArrayInputStream(e_status.getEncoded())); - } - GeneralizedTime thisUpdate = (GeneralizedTime) - seq.elementAt(2); - GeneralizedTime nextUpdate = null; + e_status.getTag(), + new ByteArrayInputStream(e_status.getEncoded())); + } + GeneralizedTime thisUpdate = (GeneralizedTime) + seq.elementAt(2); + GeneralizedTime nextUpdate = null; - return new SingleResponse(cid, status, thisUpdate, - nextUpdate); + return new SingleResponse(cid, status, thisUpdate, + nextUpdate); - } } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/TBSRequest.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/TBSRequest.java index ea23200d..b7f706ed 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/TBSRequest.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/TBSRequest.java @@ -33,7 +33,7 @@ import org.mozilla.jss.pkix.cert.Extension; /** * RFC 2560: - * + * * <pre> * TBSRequest ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, @@ -41,33 +41,29 @@ import org.mozilla.jss.pkix.cert.Extension; * requestList SEQUENCE OF Request, * requestExtensions [2] EXPLICIT Extensions OPTIONAL } * </pre> - * + * * @version $Revision$ $Date$ */ -public class TBSRequest implements ASN1Value -{ +public class TBSRequest implements ASN1Value { /////////////////////////////////////////////////////////////////////// // members and member access /////////////////////////////////////////////////////////////////////// - private static final INTEGER v1 = new INTEGER (0); + private static final INTEGER v1 = new INTEGER(0); private INTEGER version; private ANY requestorName; private SEQUENCE requestList; private SEQUENCE requestExtensions; - public INTEGER getVersion() - { + public INTEGER getVersion() { return version; } - public ANY getRequestorName() - { + public ANY getRequestorName() { return requestorName; - } + } - public int getRequestCount() - { + public int getRequestCount() { if (requestList == null) { return 0; } else { @@ -75,13 +71,11 @@ public class TBSRequest implements ASN1Value } } - public Request getRequestAt(int index) - { + public Request getRequestAt(int index) { return (Request) requestList.elementAt(index); } - public int getExtensionsCount() - { + public int getExtensionsCount() { if (requestExtensions == null) { return 0; } else { @@ -89,18 +83,16 @@ public class TBSRequest implements ASN1Value } } - public Extension getRequestExtensionAt(int index) - { + public Extension getRequestExtensionAt(int index) { return (Extension) requestExtensions.elementAt(index); } /////////////////////////////////////////////////////////////////////// // constructors /////////////////////////////////////////////////////////////////////// - + public TBSRequest(INTEGER version, ANY requestorName, - SEQUENCE requestList, SEQUENCE requestExtensions) - { + SEQUENCE requestList, SEQUENCE requestExtensions) { this.version = (version != null) ? version : v1; this.requestorName = requestorName; this.requestList = requestList; @@ -112,20 +104,17 @@ public class TBSRequest implements ASN1Value /////////////////////////////////////////////////////////////////////// public static final Tag TAG = SEQUENCE.TAG; - public Tag getTag() - { + public Tag getTag() { return TAG; } public void encode(OutputStream ostream) - throws IOException - { + throws IOException { encode(TAG, ostream); } public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { + throws IOException { SEQUENCE seq = new SEQUENCE(); if (version != v1) { @@ -150,52 +139,46 @@ public class TBSRequest implements ASN1Value private static final Template templateInstance = new Template(); - public static Template getTemplate() - { + public static Template getTemplate() { return templateInstance; } /** * A Template for decoding TBSRequest. */ - public static class Template implements ASN1Template - { + public static class Template implements ASN1Template { private SEQUENCE.Template seqt; - public Template() - { + public Template() { seqt = new SEQUENCE.Template(); seqt.addElement( - new EXPLICIT.Template( - new Tag(0), new INTEGER.Template()), - new EXPLICIT( new Tag(0), new INTEGER(0)) - ); + new EXPLICIT.Template( + new Tag(0), new INTEGER.Template()), + new EXPLICIT(new Tag(0), new INTEGER(0)) + ); seqt.addOptionalElement( - new EXPLICIT.Template( - new Tag (1), new ANY.Template()) ); - seqt.addElement( new SEQUENCE.OF_Template(new Request.Template()) ); + new EXPLICIT.Template( + new Tag(1), new ANY.Template())); + seqt.addElement(new SEQUENCE.OF_Template(new Request.Template())); seqt.addOptionalElement(new EXPLICIT.Template(new Tag(2), - new SEQUENCE.OF_Template(new Extension.Template())) ); + new SEQUENCE.OF_Template(new Extension.Template()))); } - public boolean tagMatch(Tag tag) - { + public boolean tagMatch(Tag tag) { return TAG.equals(tag); } public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { + throws InvalidBERException, IOException { return decode(TAG, istream); } public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { + throws InvalidBERException, IOException { SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, istream); - INTEGER v = v1; //assume default version + INTEGER v = v1; //assume default version EXPLICIT e_ver = (EXPLICIT) seq.elementAt(0); if (e_ver != null) { v = (INTEGER) e_ver.getContent(); @@ -212,16 +195,16 @@ public class TBSRequest implements ASN1Value EXPLICIT exts = (EXPLICIT) seq.elementAt(3); SEQUENCE exts_seq; if (exts != null) { - exts_seq = (SEQUENCE)exts.getContent(); + exts_seq = (SEQUENCE) exts.getContent(); } else { exts_seq = null; } return new TBSRequest( - v, - requestorname, - (SEQUENCE) seq.elementAt(2), - exts_seq); + v, + requestorname, + (SEQUENCE) seq.elementAt(2), + exts_seq); } } } diff --git a/pki/base/util/src/com/netscape/cmsutil/ocsp/UnknownInfo.java b/pki/base/util/src/com/netscape/cmsutil/ocsp/UnknownInfo.java index d9891f5a..1fe4ea74 100644 --- a/pki/base/util/src/com/netscape/cmsutil/ocsp/UnknownInfo.java +++ b/pki/base/util/src/com/netscape/cmsutil/ocsp/UnknownInfo.java @@ -30,76 +30,66 @@ import org.mozilla.jss.asn1.Tag; /** * RFC 2560: - * + * * <pre> * UnknownInfo ::= NULL -- this can be replaced with an enumeration * </pre> - * + * * @version $Revision$ $Date$ */ -public class UnknownInfo implements CertStatus -{ - private static final Tag TAG = SEQUENCE.TAG; +public class UnknownInfo implements CertStatus { + private static final Tag TAG = SEQUENCE.TAG; - public UnknownInfo() - { - } + public UnknownInfo() { + } - public Tag getTag() - { - return Tag.get(2); - } + public Tag getTag() { + return Tag.get(2); + } - public void encode(Tag t, OutputStream os) throws IOException - { - NULL.getInstance().encode(getTag(), os); - } + public void encode(Tag t, OutputStream os) throws IOException { + NULL.getInstance().encode(getTag(), os); + } - public void encode(OutputStream os) throws IOException - { - encode(getTag(), os); - } + public void encode(OutputStream os) throws IOException { + encode(getTag(), os); + } - private static final Template templateInstance = new Template(); + private static final Template templateInstance = new Template(); - public static Template getTemplate() { - return templateInstance; - } + public static Template getTemplate() { + return templateInstance; + } - /** - * A Template for decoding <code>ResponseBytes</code>. - */ - public static class Template implements ASN1Template - { + /** + * A Template for decoding <code>ResponseBytes</code>. + */ + public static class Template implements ASN1Template { - private SEQUENCE.Template seqt; + private SEQUENCE.Template seqt; - public Template() - { -// seqt = new SEQUENCE.Template(); - // seqt.addElement(new NULL.Template() ); + public Template() { + // seqt = new SEQUENCE.Template(); + // seqt.addElement(new NULL.Template() ); - } + } - public boolean tagMatch(Tag tag) - { - return TAG.equals(tag); - } + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } - public ASN1Value decode(InputStream istream) - throws InvalidBERException, IOException - { - return decode(TAG, istream); - } + public ASN1Value decode(InputStream istream) + throws InvalidBERException, IOException { + return decode(TAG, istream); + } - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws InvalidBERException, IOException - { - // SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, - // istream); + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws InvalidBERException, IOException { + // SEQUENCE seq = (SEQUENCE) seqt.decode(implicitTag, + // istream); - return new UnknownInfo(); + return new UnknownInfo(); - } } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/password/IPasswordReader.java b/pki/base/util/src/com/netscape/cmsutil/password/IPasswordReader.java index 1a6a026b..357ae0a6 100644 --- a/pki/base/util/src/com/netscape/cmsutil/password/IPasswordReader.java +++ b/pki/base/util/src/com/netscape/cmsutil/password/IPasswordReader.java @@ -16,11 +16,14 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.password; + import java.io.IOException; import java.util.Enumeration; public interface IPasswordReader { public void init(String pwdPath) throws IOException; + public String getPassword(String tag); + public Enumeration getTags(); } diff --git a/pki/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java b/pki/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java index 3d7a8d80..f2e9293d 100644 --- a/pki/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java +++ b/pki/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java @@ -22,9 +22,13 @@ import java.util.Enumeration; public interface IPasswordStore { public void init(String pwdPath) throws IOException; + public String getPassword(String tag); + public Enumeration getTags(); + public Object putPassword(String tag, String password); + public void commit() - throws IOException, ClassCastException, NullPointerException; + throws IOException, ClassCastException, NullPointerException; } diff --git a/pki/base/util/src/com/netscape/cmsutil/password/IPasswordWriter.java b/pki/base/util/src/com/netscape/cmsutil/password/IPasswordWriter.java index 2f42e02c..c9f9691e 100644 --- a/pki/base/util/src/com/netscape/cmsutil/password/IPasswordWriter.java +++ b/pki/base/util/src/com/netscape/cmsutil/password/IPasswordWriter.java @@ -16,12 +16,15 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.password; + import java.io.IOException; public interface IPasswordWriter { public void init(String pwdPath) - throws IOException;; + throws IOException;; + public Object putPassword(String tag, String password); + public void commit() - throws IOException, ClassCastException, NullPointerException; + throws IOException, ClassCastException, NullPointerException; } diff --git a/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java b/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java index c9cec1df..c962e1c6 100644 --- a/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java +++ b/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java @@ -23,7 +23,7 @@ import java.io.IOException; import java.util.Enumeration; import java.util.Properties; -public class PlainPasswordFile implements IPasswordStore{ +public class PlainPasswordFile implements IPasswordStore { private String mPwdPath = ""; private Properties mPwdStore; private static final String PASSWORD_WRITER_HEADER = ""; @@ -32,24 +32,23 @@ public class PlainPasswordFile implements IPasswordStore{ } public void init(String pwdPath) - throws IOException - { - mPwdStore = new Properties(); - // initialize mPwdStore - mPwdPath = pwdPath; + throws IOException { + mPwdStore = new Properties(); + // initialize mPwdStore + mPwdPath = pwdPath; - FileInputStream file = new FileInputStream(mPwdPath); - mPwdStore.load(file); - file.close(); + FileInputStream file = new FileInputStream(mPwdPath); + mPwdStore.load(file); + file.close(); } public String getPassword(String tag) { - return (String) mPwdStore.getProperty(tag); + return (String) mPwdStore.getProperty(tag); } // return an array of String-based tag public Enumeration getTags() { - return mPwdStore.propertyNames(); + return mPwdStore.propertyNames(); } public Object putPassword(String tag, String password) { @@ -57,8 +56,7 @@ public class PlainPasswordFile implements IPasswordStore{ } public void commit() - throws IOException, ClassCastException, NullPointerException - { + throws IOException, ClassCastException, NullPointerException { FileOutputStream file = new FileOutputStream(mPwdPath); mPwdStore.store(file, PASSWORD_WRITER_HEADER); file.close(); diff --git a/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordReader.java b/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordReader.java index 27a39cb6..4065fd72 100644 --- a/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordReader.java +++ b/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordReader.java @@ -22,7 +22,7 @@ import java.io.IOException; import java.util.Enumeration; import java.util.Properties; -public class PlainPasswordReader implements IPasswordReader{ +public class PlainPasswordReader implements IPasswordReader { private String mPwdPath = ""; private Properties mPwdStore; @@ -30,24 +30,23 @@ public class PlainPasswordReader implements IPasswordReader{ } public void init(String pwdPath) - throws IOException - { - mPwdStore = new Properties(); - // initialize mPwdStore - mPwdPath = pwdPath; - mPwdStore = new Properties(); + throws IOException { + mPwdStore = new Properties(); + // initialize mPwdStore + mPwdPath = pwdPath; + mPwdStore = new Properties(); - FileInputStream file = new FileInputStream(mPwdPath); - mPwdStore.load(file); - file.close(); + FileInputStream file = new FileInputStream(mPwdPath); + mPwdStore.load(file); + file.close(); } public String getPassword(String tag) { - return (String) mPwdStore.getProperty(tag); + return (String) mPwdStore.getProperty(tag); } // return an array of String-based tag public Enumeration getTags() { - return mPwdStore.propertyNames(); + return mPwdStore.propertyNames(); } } diff --git a/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordWriter.java b/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordWriter.java index 0cd29a18..3ceac4bd 100644 --- a/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordWriter.java +++ b/pki/base/util/src/com/netscape/cmsutil/password/PlainPasswordWriter.java @@ -22,7 +22,7 @@ import java.io.FileOutputStream; import java.io.IOException; import java.util.Properties; -public class PlainPasswordWriter implements IPasswordWriter{ +public class PlainPasswordWriter implements IPasswordWriter { private static final String PASSWORD_WRITER_HEADER = ""; private String mPwdPath = ""; private Properties mPwdStore; @@ -31,28 +31,26 @@ public class PlainPasswordWriter implements IPasswordWriter{ } public void init(String pwdPath) - throws IOException - { - mPwdStore = new Properties(); - // initialize mPwdStore - mPwdPath = pwdPath; - mPwdStore = new Properties(); - - FileInputStream file = new FileInputStream(mPwdPath); - mPwdStore.load(file); - file.close(); + throws IOException { + mPwdStore = new Properties(); + // initialize mPwdStore + mPwdPath = pwdPath; + mPwdStore = new Properties(); + + FileInputStream file = new FileInputStream(mPwdPath); + mPwdStore.load(file); + file.close(); } public Object putPassword(String tag, String password) { - return mPwdStore.setProperty(tag, password); + return mPwdStore.setProperty(tag, password); } public void commit() - throws IOException, ClassCastException, NullPointerException - { - FileOutputStream file = new FileOutputStream(mPwdPath); - mPwdStore.store(file, PASSWORD_WRITER_HEADER); - file.close(); + throws IOException, ClassCastException, NullPointerException { + FileOutputStream file = new FileOutputStream(mPwdPath); + mPwdStore.store(file, PASSWORD_WRITER_HEADER); + file.close(); } } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/AccessAccept.java b/pki/base/util/src/com/netscape/cmsutil/radius/AccessAccept.java index c5f9828c..4824c885 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/AccessAccept.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/AccessAccept.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class AccessAccept extends ServerPacket { public AccessAccept(byte data[]) throws IOException { super(data); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/AccessChallenge.java b/pki/base/util/src/com/netscape/cmsutil/radius/AccessChallenge.java index bab34ffe..c06f809b 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/AccessChallenge.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/AccessChallenge.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class AccessChallenge extends ServerPacket { public AccessChallenge(byte data[]) throws IOException { super(data); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/AccessReject.java b/pki/base/util/src/com/netscape/cmsutil/radius/AccessReject.java index 12081a6b..5f32ef34 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/AccessReject.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/AccessReject.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class AccessReject extends ServerPacket { public AccessReject(byte data[]) throws IOException { super(data); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/AccessRequest.java b/pki/base/util/src/com/netscape/cmsutil/radius/AccessRequest.java index 5075f932..7856b0cc 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/AccessRequest.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/AccessRequest.java @@ -17,9 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - - - public class AccessRequest extends NASPacket { public AccessRequest(short id, Authenticator auth) { super(ACCESS_REQUEST, id, auth); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/Attribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/Attribute.java index 33c1f392..5e79816e 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/Attribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/Attribute.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.ByteArrayOutputStream; import java.io.IOException; - public abstract class Attribute { - public static final int USER_NAME = 1; + public static final int USER_NAME = 1; public static final int USER_PASSWORD = 2; public static final int CHAP_PASSWORD = 3; public static final int NAS_IP_ADDRESS = 4; @@ -81,12 +79,12 @@ public abstract class Attribute { return _t; } - public abstract byte[] getValue() - throws IOException; + public abstract byte[] getValue() + throws IOException; - public byte[] getData() - throws IOException { - ByteArrayOutputStream attrOS = new ByteArrayOutputStream(); + public byte[] getData() + throws IOException { + ByteArrayOutputStream attrOS = new ByteArrayOutputStream(); attrOS.write(_t); // type byte value[] = getValue(); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/AttributeFactory.java b/pki/base/util/src/com/netscape/cmsutil/radius/AttributeFactory.java index bf236972..021c0672 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/AttributeFactory.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/AttributeFactory.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class AttributeFactory { public static Attribute createAttribute(byte data[]) - throws IOException { + throws IOException { switch (data[0] & 0xFF) { case Attribute.USER_NAME: // 1 return new UserNameAttribute(data); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/AttributeSet.java b/pki/base/util/src/com/netscape/cmsutil/radius/AttributeSet.java index e79b96f7..46860de1 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/AttributeSet.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/AttributeSet.java @@ -17,11 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.util.Enumeration; import java.util.Vector; - public class AttributeSet { private Vector _attrs = new Vector(); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/Authenticator.java b/pki/base/util/src/com/netscape/cmsutil/radius/Authenticator.java index 3236d9b6..008af489 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/Authenticator.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/Authenticator.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public abstract class Authenticator { public abstract byte[] getData() throws IOException; } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/CHAPChallengeAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/CHAPChallengeAttribute.java index 8b2655c2..cd715a03 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/CHAPChallengeAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/CHAPChallengeAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class CHAPChallengeAttribute extends Attribute { private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/CHAPPasswordAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/CHAPPasswordAttribute.java index 90ebea14..3f0ef179 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/CHAPPasswordAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/CHAPPasswordAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class CHAPPasswordAttribute extends Attribute { private byte _value[] = null; private int _ident = 0; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/CallbackIdAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/CallbackIdAttribute.java index 894ae9c8..5fd80600 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/CallbackIdAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/CallbackIdAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class CallbackIdAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/CallbackNumberAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/CallbackNumberAttribute.java index 96e4af79..d6e45cec 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/CallbackNumberAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/CallbackNumberAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class CallbackNumberAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/CallerStationIdAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/CallerStationIdAttribute.java index 05e4836d..3b5eec80 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/CallerStationIdAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/CallerStationIdAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class CallerStationIdAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/CallingStationIdAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/CallingStationIdAttribute.java index b1f77b69..9a57f808 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/CallingStationIdAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/CallingStationIdAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class CallingStationIdAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java b/pki/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java index de1222a3..b0580118 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/ChallengeException.java @@ -17,9 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - - - public class ChallengeException extends Exception { /** * diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FilterIdAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FilterIdAttribute.java index c8d9abf8..879d7d5c 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FilterIdAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FilterIdAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FilterIdAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkLinkAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkLinkAttribute.java index 2176fbc0..05273780 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkLinkAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkLinkAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedAppleTalkLinkAttribute extends Attribute { public static int UN_NUMBERED = 0; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkNetworkAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkNetworkAttribute.java index 6ea0c05f..cea0d936 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkNetworkAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkNetworkAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedAppleTalkNetworkAttribute extends Attribute { private byte _value[] = null; private int _type = 0; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkZoneAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkZoneAttribute.java index 3ea8c654..54ee47c4 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkZoneAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedAppleTalkZoneAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedAppleTalkZoneAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedCompressionAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedCompressionAttribute.java index cf21b9fd..b57c030b 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedCompressionAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedCompressionAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedCompressionAttribute extends Attribute { public static final int NONE = 1; public static final int VJ_TCP_IP_HEADER = 2; @@ -33,9 +31,9 @@ public class FramedCompressionAttribute extends Attribute { public FramedCompressionAttribute(byte value[]) { super(); _t = FRAMED_COMPRESSION; - _type = value[5] & 0xFF; - _type |= ((value[4] << 8) & 0xFF00); - _type |= ((value[3] << 16) & 0xFF0000); + _type = value[5] & 0xFF; + _type |= ((value[4] << 8) & 0xFF00); + _type |= ((value[3] << 16) & 0xFF0000); _type |= ((value[2] << 24) & 0xFF000000); _value = value; } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPAddressAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPAddressAttribute.java index 1fac0a3f..2f66ee8c 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPAddressAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPAddressAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedIPAddressAttribute extends Attribute { private byte _value[] = null; private byte _addr[] = new byte[4]; @@ -28,10 +26,10 @@ public class FramedIPAddressAttribute extends Attribute { public FramedIPAddressAttribute(byte value[]) { super(); _t = FRAMED_IP_ADDRESS; - _addr[0] = value[2]; - _addr[1] = value[3]; - _addr[2] = value[4]; - _addr[3] = value[5]; + _addr[0] = value[2]; + _addr[1] = value[3]; + _addr[2] = value[4]; + _addr[3] = value[5]; _value = value; } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPNetmaskAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPNetmaskAttribute.java index 9350fac1..f8e1980c 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPNetmaskAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPNetmaskAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedIPNetmaskAttribute extends Attribute { private byte _value[] = null; private byte _mask[] = new byte[4]; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPXNetworkAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPXNetworkAttribute.java index 900c46c0..92f47eec 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPXNetworkAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedIPXNetworkAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedIPXNetworkAttribute extends Attribute { private byte _value[] = null; private byte _net[] = new byte[4]; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedMTUAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedMTUAttribute.java index b3a36233..5cd9551a 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedMTUAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedMTUAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedMTUAttribute extends Attribute { private byte _value[] = null; private int _type = 0; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedProtocolAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedProtocolAttribute.java index 1acee4ce..5af219b9 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedProtocolAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedProtocolAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedProtocolAttribute extends Attribute { public static final int PPP = 1; public static final int SLIP = 2; @@ -35,9 +33,9 @@ public class FramedProtocolAttribute extends Attribute { public FramedProtocolAttribute(byte value[]) { super(); _t = SERVICE_TYPE; - _type = value[5] & 0xFF; - _type |= ((value[4] << 8) & 0xFF00); - _type |= ((value[3] << 16) & 0xFF0000); + _type = value[5] & 0xFF; + _type |= ((value[4] << 8) & 0xFF00); + _type |= ((value[3] << 16) & 0xFF0000); _type |= ((value[2] << 24) & 0xFF000000); _value = value; } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedRouteAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedRouteAttribute.java index bc49adb0..9b123fe2 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedRouteAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedRouteAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedRouteAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/FramedRoutingAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/FramedRoutingAttribute.java index 1ea4e334..14d2b0cc 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/FramedRoutingAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/FramedRoutingAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class FramedRoutingAttribute extends Attribute { public static final int NONE = 0; public static final int SEND_ROUTING_PACKETS = 1; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/GenericAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/GenericAttribute.java index c368a271..ac1798ae 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/GenericAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/GenericAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class GenericAttribute extends Attribute { private byte _value[] = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/IdleTimeoutAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/IdleTimeoutAttribute.java index 38b45a6c..44b0c508 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/IdleTimeoutAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/IdleTimeoutAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class IdleTimeoutAttribute extends Attribute { private int _timeout = 0; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/LoginIPHostAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/LoginIPHostAttribute.java index 7bfe179f..0d1c0565 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/LoginIPHostAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/LoginIPHostAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class LoginIPHostAttribute extends Attribute { public static final int NAS_ALLOW_SELECT = 0xFFFFFFFF; public static final int NAS_SELECT = 0; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATGroupAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATGroupAttribute.java index 93a50766..4cee6bc3 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATGroupAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATGroupAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class LoginLATGroupAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATNodeAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATNodeAttribute.java index 38b4b315..2c2d3411 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATNodeAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATNodeAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class LoginLATNodeAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATPortAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATPortAttribute.java index 056b0fc4..330161ec 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATPortAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATPortAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class LoginLATPortAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATServiceAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATServiceAttribute.java index 7409a83a..158630d2 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATServiceAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/LoginLATServiceAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class LoginLATServiceAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/LoginServiceAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/LoginServiceAttribute.java index 88f5623b..73f49d39 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/LoginServiceAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/LoginServiceAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class LoginServiceAttribute extends Attribute { public static final int TELNET = 0; public static final int RLOGIN = 1; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/LoginTCPPortAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/LoginTCPPortAttribute.java index 0c924f69..6b44f50c 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/LoginTCPPortAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/LoginTCPPortAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class LoginTCPPortAttribute extends Attribute { private int _port = 0; @@ -43,12 +41,12 @@ public class LoginTCPPortAttribute extends Attribute { } public byte[] getValue() throws IOException { - byte[] p = new byte[4]; + byte[] p = new byte[4]; - p[0] = (byte) ((_port >>> 24) & 0xFF); - p[1] = (byte) ((_port >>> 16) & 0xFF); - p[2] = (byte) ((_port >>> 8) & 0xFF); - p[3] = (byte) (_port & 0xFF); + p[0] = (byte) ((_port >>> 24) & 0xFF); + p[1] = (byte) ((_port >>> 16) & 0xFF); + p[2] = (byte) ((_port >>> 8) & 0xFF); + p[3] = (byte) (_port & 0xFF); return p; } } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/NASClassAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/NASClassAttribute.java index ba644f20..57b98302 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/NASClassAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/NASClassAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class NASClassAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/NASIPAddressAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/NASIPAddressAttribute.java index 42dc1a19..d4022b3d 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/NASIPAddressAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/NASIPAddressAttribute.java @@ -17,11 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; import java.net.InetAddress; - public class NASIPAddressAttribute extends Attribute { private InetAddress _ip = null; private byte _value[] = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/NASIdentifierAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/NASIdentifierAttribute.java index 99917cac..0a3a62cd 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/NASIdentifierAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/NASIdentifierAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class NASIdentifierAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/NASPacket.java b/pki/base/util/src/com/netscape/cmsutil/radius/NASPacket.java index b270eadd..70d14398 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/NASPacket.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/NASPacket.java @@ -17,11 +17,9 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.ByteArrayOutputStream; import java.io.IOException; - public abstract class NASPacket extends Packet { public NASPacket(int c, short id, Authenticator auth) { super(c, id, auth); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/NASPortAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/NASPortAttribute.java index 949fa475..0f7b31e7 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/NASPortAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/NASPortAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class NASPortAttribute extends Attribute { private int _port = 0; @@ -39,12 +37,12 @@ public class NASPortAttribute extends Attribute { } public byte[] getValue() throws IOException { - byte[] p = new byte[4]; + byte[] p = new byte[4]; - p[0] = (byte) ((_port >>> 24) & 0xFF); - p[1] = (byte) ((_port >>> 16) & 0xFF); - p[2] = (byte) ((_port >>> 8) & 0xFF); - p[3] = (byte) (_port & 0xFF); + p[0] = (byte) ((_port >>> 24) & 0xFF); + p[1] = (byte) ((_port >>> 16) & 0xFF); + p[2] = (byte) ((_port >>> 8) & 0xFF); + p[3] = (byte) (_port & 0xFF); return p; } } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/NASPortTypeAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/NASPortTypeAttribute.java index ca7cf7b0..84ccc3ae 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/NASPortTypeAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/NASPortTypeAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class NASPortTypeAttribute extends Attribute { public static final int ASYNC = 0; public static final int SYNC = 1; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/Packet.java b/pki/base/util/src/com/netscape/cmsutil/radius/Packet.java index 4af44563..4fad0ba7 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/Packet.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/Packet.java @@ -17,17 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - - - public abstract class Packet { - public static final int ACCESS_REQUEST = 1; - public static final int ACCESS_ACCEPT = 2; - public static final int ACCESS_REJECT = 3; + public static final int ACCESS_REQUEST = 1; + public static final int ACCESS_ACCEPT = 2; + public static final int ACCESS_REJECT = 3; // public static final int ACCOUNTING_REQUEST = 4; // public static final int ACCOUNTING_RESPONSE = 5; public static final int ACCESS_CHALLENGE = 11; - public static final int RESERVED = 255; + public static final int RESERVED = 255; protected int _c = 0; protected short _id = 0; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/PacketFactory.java b/pki/base/util/src/com/netscape/cmsutil/radius/PacketFactory.java index c9dd1620..8d2e20e7 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/PacketFactory.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/PacketFactory.java @@ -17,13 +17,11 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class PacketFactory { public static ServerPacket createServerPacket(byte data[]) - throws IOException { + throws IOException { switch (data[0] & 0xFF) { case Packet.ACCESS_ACCEPT: return new AccessAccept(data); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/PortLimitAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/PortLimitAttribute.java index 602603cb..7903bb1f 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/PortLimitAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/PortLimitAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class PortLimitAttribute extends Attribute { private int _port = 0; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/ProxyStateAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/ProxyStateAttribute.java index ef04ae0c..83831b65 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/ProxyStateAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/ProxyStateAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class ProxyStateAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/RadiusConn.java b/pki/base/util/src/com/netscape/cmsutil/radius/RadiusConn.java index 1c09ea2c..b22807a5 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/RadiusConn.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/RadiusConn.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; import java.io.InterruptedIOException; import java.net.DatagramPacket; @@ -28,7 +27,6 @@ import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Properties; - /** * This class implements RFC2865 - Remote Authentication Dial In * User Service (RADIUS), June 2000. @@ -52,20 +50,20 @@ public class RadiusConn { private int _maxRetries = MAX_RETRIES; private SecureRandom _rand = null; - public RadiusConn(String host1, String host2, int port, String secret, - int timeout) throws SocketException { + public RadiusConn(String host1, String host2, int port, String secret, + int timeout) throws SocketException { this(host1, port, host2, port, secret, timeout, null, null); } public RadiusConn(String host, int port, String secret, byte seed[], - Properties options) - throws SocketException { + Properties options) + throws SocketException { this(host, port, host, port, secret, DEFAULT_TIMEOUT, seed, options); } - public RadiusConn(String host1, int port1, String host2, int port2, - String secret, int timeout, byte seed[], Properties options) - throws SocketException { + public RadiusConn(String host1, int port1, String host2, int port2, + String secret, int timeout, byte seed[], Properties options) + throws SocketException { _host[0] = host1; _port[0] = port1; _host[1] = host2; @@ -73,7 +71,7 @@ public class RadiusConn { _selected = 0; _secret = secret; _options = options; - _socket = new DatagramSocket(); + _socket = new DatagramSocket(); _socket.setSoTimeout(timeout * 1000); if (seed == null) { _rand = new SecureRandom(); @@ -86,8 +84,8 @@ public class RadiusConn { _socket.disconnect(); } - public void authenticate(String name, String password) - throws IOException, NoSuchAlgorithmException, + public void authenticate(String name, String password) + throws IOException, NoSuchAlgorithmException, RejectException, ChallengeException { int retries = 0; Packet res = null; @@ -104,7 +102,7 @@ public class RadiusConn { send(req, _host[_selected], _port[_selected]); try { retries++; - res = receive(); + res = receive(); if (res instanceof AccessReject) { throw new RejectException((AccessReject) res); } else if (res instanceof AccessChallenge) { @@ -121,24 +119,23 @@ public class RadiusConn { } // throw e; } - + } - } - while (res == null); + } while (res == null); } public void replyChallenge(String password, ChallengeException ce) - throws IOException, NoSuchAlgorithmException, + throws IOException, NoSuchAlgorithmException, RejectException, ChallengeException { replyChallenge(null, password, ce); } - public void replyChallenge(String name, String password, - ChallengeException ce) - throws IOException, NoSuchAlgorithmException, + public void replyChallenge(String name, String password, + ChallengeException ce) + throws IOException, NoSuchAlgorithmException, RejectException, ChallengeException { StateAttribute state = (StateAttribute) - ce.getAttributeSet().getAttributeByType(Attribute.STATE); + ce.getAttributeSet().getAttributeByType(Attribute.STATE); if (state == null) throw new IOException("State not found in challenge"); @@ -154,7 +151,7 @@ public class RadiusConn { req.addAttribute(new NASPortAttribute(_socket.getLocalPort())); send(req, _host[_selected], _port[_selected]); - Packet res = receive(); + Packet res = receive(); if (res instanceof AccessReject) { throw new RejectException((AccessReject) res); @@ -164,7 +161,7 @@ public class RadiusConn { } public void replyChallenge(String name, String password, String state) - throws IOException, NoSuchAlgorithmException, + throws IOException, NoSuchAlgorithmException, RejectException, ChallengeException { if (state == null) throw new IOException("State not found in challenge"); @@ -178,7 +175,7 @@ public class RadiusConn { req.addAttribute(new NASPortAttribute(_socket.getLocalPort())); send(req, _host[_selected], _port[_selected]); - Packet res = receive(); + Packet res = receive(); if (res instanceof AccessReject) { throw new RejectException((AccessReject) res); @@ -192,12 +189,12 @@ public class RadiusConn { } private void send(NASPacket packet, String host, int port) - throws IOException { - DatagramPacket dp = new DatagramPacket(new byte[4096], 4096); + throws IOException { + DatagramPacket dp = new DatagramPacket(new byte[4096], 4096); - dp.setPort(port); - dp.setAddress(InetAddress.getByName(host)); - byte data[] = packet.getData(); + dp.setPort(port); + dp.setAddress(InetAddress.getByName(host)); + byte data[] = packet.getData(); dp.setLength(data.length); dp.setData(data); @@ -207,10 +204,10 @@ public class RadiusConn { } private ServerPacket receive() - throws IOException { - DatagramPacket dp = new DatagramPacket(new byte[4096], 4096); + throws IOException { + DatagramPacket dp = new DatagramPacket(new byte[4096], 4096); - _socket.receive(dp); + _socket.receive(dp); byte data[] = dp.getData(); ServerPacket p = PacketFactory.createServerPacket(data); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/RejectException.java b/pki/base/util/src/com/netscape/cmsutil/radius/RejectException.java index d80b045e..1c4e7bea 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/RejectException.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/RejectException.java @@ -17,9 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - - - public class RejectException extends Exception { /** * @@ -37,5 +34,5 @@ public class RejectException extends Exception { public String getReplyMessage() { return ((ReplyMessageAttribute) (_res.getAttributeSet().getAttributeByType(Attribute.REPLY_MESSAGE))).getString(); - } + } } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/ReplyMessageAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/ReplyMessageAttribute.java index 094a5173..5ec4ea05 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/ReplyMessageAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/ReplyMessageAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class ReplyMessageAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/RequestAuthenticator.java b/pki/base/util/src/com/netscape/cmsutil/radius/RequestAuthenticator.java index 108b5145..5d82752d 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/RequestAuthenticator.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/RequestAuthenticator.java @@ -17,18 +17,16 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; - public class RequestAuthenticator extends Authenticator { private byte _ra[] = null; - public RequestAuthenticator(SecureRandom rand, String secret) - throws NoSuchAlgorithmException { + public RequestAuthenticator(SecureRandom rand, String secret) + throws NoSuchAlgorithmException { byte[] authenticator = new byte[16]; rand.nextBytes(authenticator); diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/ResponseAuthenticator.java b/pki/base/util/src/com/netscape/cmsutil/radius/ResponseAuthenticator.java index 93fd46c3..3c3de33c 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/ResponseAuthenticator.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/ResponseAuthenticator.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class ResponseAuthenticator extends Authenticator { private byte _data[] = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/ServerPacket.java b/pki/base/util/src/com/netscape/cmsutil/radius/ServerPacket.java index abbe255f..f7d7fa30 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/ServerPacket.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/ServerPacket.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public abstract class ServerPacket extends Packet { public ServerPacket(byte data[]) throws IOException { super(); @@ -41,8 +39,8 @@ public abstract class ServerPacket extends Packet { int attrLen = (data[startp + 1] & 0xFF); byte attrData[] = new byte[attrLen]; - System.arraycopy(data, startp, attrData, 0, attrData.length); - addAttribute(AttributeFactory.createAttribute(attrData)); + System.arraycopy(data, startp, attrData, 0, attrData.length); + addAttribute(AttributeFactory.createAttribute(attrData)); startp += attrData.length; } } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/ServiceTypeAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/ServiceTypeAttribute.java index 7ab143f7..f31c74f9 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/ServiceTypeAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/ServiceTypeAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class ServiceTypeAttribute extends Attribute { public static final int LOGIN = 1; public static final int FRAMED = 2; @@ -40,9 +38,9 @@ public class ServiceTypeAttribute extends Attribute { public ServiceTypeAttribute(byte value[]) { super(); _t = SERVICE_TYPE; - _type = value[5] & 0xFF; - _type |= ((value[4] << 8) & 0xFF00); - _type |= ((value[3] << 16) & 0xFF0000); + _type = value[5] & 0xFF; + _type |= ((value[4] << 8) & 0xFF00); + _type |= ((value[3] << 16) & 0xFF0000); _type |= ((value[2] << 24) & 0xFF000000); _value = value; } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/SessionTimeoutAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/SessionTimeoutAttribute.java index fcbf6942..2809aee4 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/SessionTimeoutAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/SessionTimeoutAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class SessionTimeoutAttribute extends Attribute { private int _timeout = 0; @@ -39,12 +37,12 @@ public class SessionTimeoutAttribute extends Attribute { } public byte[] getValue() throws IOException { - byte[] p = new byte[4]; + byte[] p = new byte[4]; - p[0] = (byte) ((_timeout >>> 24) & 0xFF); - p[1] = (byte) ((_timeout >>> 16) & 0xFF); - p[2] = (byte) ((_timeout >>> 8) & 0xFF); - p[3] = (byte) (_timeout & 0xFF); + p[0] = (byte) ((_timeout >>> 24) & 0xFF); + p[1] = (byte) ((_timeout >>> 16) & 0xFF); + p[2] = (byte) ((_timeout >>> 8) & 0xFF); + p[3] = (byte) (_timeout & 0xFF); return p; } } diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/StateAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/StateAttribute.java index 4408819a..027f9562 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/StateAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/StateAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class StateAttribute extends Attribute { private byte _value[] = null; private String _str = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/TerminationActionAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/TerminationActionAttribute.java index 67f214ad..b47a70d8 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/TerminationActionAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/TerminationActionAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class TerminationActionAttribute extends Attribute { public static final int DEFAULT = 0; public static final int RADIUS_REQUEST = 1; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/UserNameAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/UserNameAttribute.java index ccc715e5..af7ce6bb 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/UserNameAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/UserNameAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class UserNameAttribute extends Attribute { private String _name = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/UserPasswordAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/UserPasswordAttribute.java index 938652e0..31c27cdf 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/UserPasswordAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/UserPasswordAttribute.java @@ -17,12 +17,10 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; - public class UserPasswordAttribute extends Attribute { private Authenticator _ra = null; private String _secret = null; @@ -43,7 +41,7 @@ public class UserPasswordAttribute extends Attribute { MessageDigest md5 = null; try { - md5 = MessageDigest.getInstance("MD5"); + md5 = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new IOException(e.getMessage()); } @@ -57,7 +55,7 @@ public class UserPasswordAttribute extends Attribute { for (int i = 0; i < ret.length; i++) { if ((i % 16) == 0) { - md5.reset(); + md5.reset(); md5.update(_secret.getBytes()); } if (i < up.length) { diff --git a/pki/base/util/src/com/netscape/cmsutil/radius/VendorSpecificAttribute.java b/pki/base/util/src/com/netscape/cmsutil/radius/VendorSpecificAttribute.java index e3f17416..5f3d9f17 100644 --- a/pki/base/util/src/com/netscape/cmsutil/radius/VendorSpecificAttribute.java +++ b/pki/base/util/src/com/netscape/cmsutil/radius/VendorSpecificAttribute.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.radius; - import java.io.IOException; - public class VendorSpecificAttribute extends Attribute { private byte _value[] = null; private String _id = null; diff --git a/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java b/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java index ae93d2b6..914387dd 100644 --- a/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java +++ b/pki/base/util/src/com/netscape/cmsutil/scep/CRSPKIMessage.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.scep; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.CharConversionException; @@ -51,70 +50,69 @@ import org.mozilla.jss.pkix.cert.Certificate; import org.mozilla.jss.pkix.cert.CertificateInfo; import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; - public class CRSPKIMessage { - + // OIDs for authenticated attributes - public static OBJECT_IDENTIFIER CRS_MESSAGETYPE = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 113733, 1, 9, 2} - ); - public static OBJECT_IDENTIFIER CRS_PKISTATUS = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 113733, 1, 9, 3} - ); - public static OBJECT_IDENTIFIER CRS_FAILINFO = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 113733, 1, 9, 4} - ); - public static OBJECT_IDENTIFIER CRS_SENDERNONCE = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 113733, 1, 9, 5} - ); - public static OBJECT_IDENTIFIER CRS_RECIPIENTNONCE = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 113733, 1, 9, 6} - ); - public static OBJECT_IDENTIFIER CRS_TRANSID = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 113733, 1, 9, 7} - ); + public static OBJECT_IDENTIFIER CRS_MESSAGETYPE = + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 113733, 1, 9, 2 } + ); + public static OBJECT_IDENTIFIER CRS_PKISTATUS = + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 113733, 1, 9, 3 } + ); + public static OBJECT_IDENTIFIER CRS_FAILINFO = + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 113733, 1, 9, 4 } + ); + public static OBJECT_IDENTIFIER CRS_SENDERNONCE = + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 113733, 1, 9, 5 } + ); + public static OBJECT_IDENTIFIER CRS_RECIPIENTNONCE = + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 113733, 1, 9, 6 } + ); + public static OBJECT_IDENTIFIER CRS_TRANSID = + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 113733, 1, 9, 7 } + ); public static OBJECT_IDENTIFIER CRS_EXTENSIONREQ = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 113733, 1, 9, 8} - ); - + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 113733, 1, 9, 8 } + ); + // PKCS9 defined OIDs public static OBJECT_IDENTIFIER PKCS9_CONTENT_TYPE = - new OBJECT_IDENTIFIER(new long[] {1, 2, 840, 113549, 1, 9, 3} - ); + new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 9, 3 } + ); public static OBJECT_IDENTIFIER PKCS9_MESSAGE_DIGEST = - new OBJECT_IDENTIFIER(new long[] {1, 2, 840, 113549, 1, 9, 4} - ); + new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 9, 4 } + ); /* PKCS 1 - rsaEncryption */ public static OBJECT_IDENTIFIER RSA_ENCRYPTION = - new OBJECT_IDENTIFIER(new long[] {1, 2, 840, 113549, 1, 1, 1} - ); - + new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 1, 1 } + ); + public static OBJECT_IDENTIFIER DES_CBC_ENCRYPTION = - new OBJECT_IDENTIFIER(new long[] {1, 3, 14, 3, 2, 7} - ); + new OBJECT_IDENTIFIER(new long[] { 1, 3, 14, 3, 2, 7 } + ); public static OBJECT_IDENTIFIER DES_EDE3_CBC_ENCRYPTION = - new OBJECT_IDENTIFIER(new long[] {1, 2, 840, 113549, 3, 7} - ); + new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 3, 7 } + ); - public static OBJECT_IDENTIFIER MD5_DIGEST = - new OBJECT_IDENTIFIER(new long[] {1, 2, 840, 113549, 2, 5} - ); + public static OBJECT_IDENTIFIER MD5_DIGEST = + new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 2, 5 } + ); - public static OBJECT_IDENTIFIER SHA1_DIGEST = - new OBJECT_IDENTIFIER(new long[] {1, 3, 14, 3, 2, 26} - ); + public static OBJECT_IDENTIFIER SHA1_DIGEST = + new OBJECT_IDENTIFIER(new long[] { 1, 3, 14, 3, 2, 26 } + ); - public static OBJECT_IDENTIFIER SHA256_DIGEST = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 101, 3, 4, 2, 1} - ); + public static OBJECT_IDENTIFIER SHA256_DIGEST = + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 101, 3, 4, 2, 1 } + ); - public static OBJECT_IDENTIFIER SHA512_DIGEST = - new OBJECT_IDENTIFIER(new long[] {2, 16, 840, 1, 101, 3, 4, 2, 3} - ); + public static OBJECT_IDENTIFIER SHA512_DIGEST = + new OBJECT_IDENTIFIER(new long[] { 2, 16, 840, 1, 101, 3, 4, 2, 3 } + ); // Strings given in 'messageType' authenticated attribute public final static String mType_PKCSReq = "19"; @@ -122,12 +120,12 @@ public class CRSPKIMessage { public final static String mType_GetCertInitial = "20"; public final static String mType_GetCert = "21"; public final static String mType_GetCRL = "22"; - + // Strings given in 'PKIStatus' authenticated attribute public final static String mStatus_SUCCESS = "0"; public final static String mStatus_FAILURE = "2"; public final static String mStatus_PENDING = "3"; - + // Strings given in 'failInfo' authenticated attribute public final static String mFailInfo_badAlg = "0"; public final static String mFailInfo_badMessageCheck = "1"; @@ -142,66 +140,65 @@ public class CRSPKIMessage { public final static String mFailInfo_noKeyReuse = "10"; public final static String mFailInfo_internalCAError = "11"; public final static String mFailInfo_tryLater = "12"; - + // ************************************************************************ // These private members represent the flattened structure of the PKIMessage // ************************************************************************ - + // top level is just a ContentInfo - private ContentInfo crsci; + private ContentInfo crsci; // it's content is a signedData - private SignedData sd; + private SignedData sd; // In the signed data, we have: - private int sdv; // Version - private ContentInfo data; // The data to be digested - private EnvelopedData sded; // Enveloped data inside of signed data - private byte[] signerCertBytes; + private int sdv; // Version + private ContentInfo data; // The data to be digested + private EnvelopedData sded; // Enveloped data inside of signed data + private byte[] signerCertBytes; org.mozilla.jss.pkix.cert.Certificate signerCert; - private SET sis; // set of SignerInfos - private SignerInfo si; // First SignerInfo + private SET sis; // set of SignerInfos + private SignerInfo si; // First SignerInfo private AlgorithmIdentifier digestAlgorithmId = null; - private int siv; // Version - private SET aa; // Authenticated Attributes - private SET aa_old; // Authenticated Attributes - private IssuerAndSerialNumber sgnIASN; // Signer's Issuer Name and Serialnum - private OCTET_STRING aa_digest; // digest of the authenticated attrs - - private String messageType; // these are all authenticated attributes - private String failInfo; - private String pkiStatus; - private String transactionID; - private byte[] senderNonce; - private byte[] recipientNonce; + private int siv; // Version + private SET aa; // Authenticated Attributes + private SET aa_old; // Authenticated Attributes + private IssuerAndSerialNumber sgnIASN; // Signer's Issuer Name and Serialnum + private OCTET_STRING aa_digest; // digest of the authenticated attrs + + private String messageType; // these are all authenticated attributes + private String failInfo; + private String pkiStatus; + private String transactionID; + private byte[] senderNonce; + private byte[] recipientNonce; private OCTET_STRING msg_digest; // digest of the message // Inside the sded Enveloped data - private RecipientInfo ri; // First RecipientInfo - private int riv; // Version - private AlgorithmIdentifier riAlgid; // alg that the bulk key is wrapped with - private byte[] riKey; // bulk key, wrapped with above algorithm - private byte[] cKey; // * 'clear', unwrapped key (not in ASN.1) * + private RecipientInfo ri; // First RecipientInfo + private int riv; // Version + private AlgorithmIdentifier riAlgid; // alg that the bulk key is wrapped with + private byte[] riKey; // bulk key, wrapped with above algorithm + private byte[] cKey; // * 'clear', unwrapped key (not in ASN.1) * private IssuerAndSerialNumber rcpIASN; // Recipient's Issuer Name and Serial Number private EncryptedContentInfo eci; - private byte[] iv; // initialization vector for above key - private byte[] ec; // encrypted content (P10, in case of request) - private byte[] cc; // * 'clear' content (not in ASN.1) * - private String encryptionAlgorithm = null; + private byte[] iv; // initialization vector for above key + private byte[] ec; // encrypted content (P10, in case of request) + private byte[] cc; // * 'clear' content (not in ASN.1) * + private String encryptionAlgorithm = null; // For the CertRep, the enveloped content is another signed Data: - private SignedData crsd; - private int rsdVersion; - private byte[] rsdCert; // certificate to send in response + private SignedData crsd; + private int rsdVersion; + private byte[] rsdCert; // certificate to send in response - private PKCS10 myP10; + private PKCS10 myP10; - private Hashtable<String, Object> attrs; // miscellanous + private Hashtable<String, Object> attrs; // miscellanous // *** END *** // - public void debug() { } @@ -213,30 +210,28 @@ public class CRSPKIMessage { return attrs.get(a); } - private SignatureAlgorithm getSignatureAlgorithm (String hashAlgorithm) - { + private SignatureAlgorithm getSignatureAlgorithm(String hashAlgorithm) { SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RSASignatureWithMD5Digest; if (hashAlgorithm != null) { if (hashAlgorithm.equals("SHA1")) { signatureAlgorithm = SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if (hashAlgorithm.equals("SHA256")) { signatureAlgorithm = SignatureAlgorithm.RSASignatureWithSHA256Digest; - } else if (hashAlgorithm.equals("SHA512")) { + } else if (hashAlgorithm.equals("SHA512")) { signatureAlgorithm = SignatureAlgorithm.RSASignatureWithSHA512Digest; } } return signatureAlgorithm; } - private OBJECT_IDENTIFIER getAlgorithmOID (String hashAlgorithm) - { + private OBJECT_IDENTIFIER getAlgorithmOID(String hashAlgorithm) { OBJECT_IDENTIFIER oid = MD5_DIGEST; if (hashAlgorithm != null) { if (hashAlgorithm.equals("SHA1")) { oid = SHA1_DIGEST; } else if (hashAlgorithm.equals("SHA256")) { oid = SHA256_DIGEST; - } else if (hashAlgorithm.equals("SHA512")) { + } else if (hashAlgorithm.equals("SHA512")) { oid = SHA512_DIGEST; } } @@ -244,8 +239,7 @@ public class CRSPKIMessage { } // getHashAlgorithm is added to work around issue 636217 - private String getHashAlgorithm (OBJECT_IDENTIFIER algorithmOID) - { + private String getHashAlgorithm(OBJECT_IDENTIFIER algorithmOID) { String hashAlgorithm = null; OBJECT_IDENTIFIER oid = MD5_DIGEST; if (algorithmOID != null) { @@ -255,7 +249,7 @@ public class CRSPKIMessage { hashAlgorithm = "SHA1"; } else if (algorithmOID.equals(SHA256_DIGEST)) { hashAlgorithm = "SHA256"; - } else if (algorithmOID.equals(SHA512_DIGEST)) { + } else if (algorithmOID.equals(SHA512_DIGEST)) { hashAlgorithm = "SHA512"; } } @@ -265,33 +259,33 @@ public class CRSPKIMessage { // These functions are used to initialize the various blobs public void makeSignedData(int version, - byte[] certificate, String hashAlgorithm) { + byte[] certificate, String hashAlgorithm) { try { SET digest_algs = new SET(); digest_algs.addElement(new AlgorithmIdentifier(getAlgorithmOID(hashAlgorithm), new NULL())); - + // SET certs = new SET(); // certs.addElement(new ANY(certificate)); - + SET sis = new SET(); sis.addElement(si); - + ContentInfo data = this.data; this.sd = new SignedData( digest_algs, data, - null, // don't send the certs, he already has them - null, // crl's - sis); + null, // don't send the certs, he already has them + null, // crl's + sis); } catch (Exception e) { } } - + public byte[] getResponse() throws IOException, InvalidBERException { crsci = new ContentInfo(ContentInfo.SIGNED_DATA, @@ -320,23 +314,23 @@ public class CRSPKIMessage { */ public void makeSignerInfo(int version, - // issuer and serialnumber - org.mozilla.jss.crypto.PrivateKey pk, String hashAlgorithm) - throws java.security.NoSuchAlgorithmException, + // issuer and serialnumber + org.mozilla.jss.crypto.PrivateKey pk, String hashAlgorithm) + throws java.security.NoSuchAlgorithmException, TokenException, java.security.InvalidKeyException, - java.security.SignatureException, + java.security.SignatureException, org.mozilla.jss.CryptoManager.NotInitializedException { - si = new SignerInfo(sgnIASN, // issuer and serialnum - this.aa, // Authenticated Attributes - null, // Unauthenticated Attrs - ContentInfo.ENVELOPED_DATA, // content type - msg_digest.toByteArray(), // digest - getSignatureAlgorithm(hashAlgorithm), + si = new SignerInfo(sgnIASN, // issuer and serialnum + this.aa, // Authenticated Attributes + null, // Unauthenticated Attrs + ContentInfo.ENVELOPED_DATA, // content type + msg_digest.toByteArray(), // digest + getSignatureAlgorithm(hashAlgorithm), pk); } - + public void makeAuthenticatedAttributes() { aa = new SET(); @@ -348,28 +342,28 @@ public class CRSPKIMessage { tidset.addElement((new PrintableString(transactionID))); aa.addElement(new Attribute(CRS_TRANSID, tidset)); } - + if (pkiStatus != null) { SET pkistatusset = new SET(); pkistatusset.addElement(new PrintableString(pkiStatus)); aa.addElement(new Attribute(CRS_PKISTATUS, pkistatusset)); } - + if (messageType != null) { SET aaset = new SET(); aaset.addElement(new PrintableString(messageType)); - aa.addElement(new Attribute(CRS_MESSAGETYPE, aaset)); + aa.addElement(new Attribute(CRS_MESSAGETYPE, aaset)); } if (failInfo != null) { SET fiset = new SET(); fiset.addElement(new PrintableString(failInfo)); - aa.addElement(new Attribute(CRS_FAILINFO, fiset)); + aa.addElement(new Attribute(CRS_FAILINFO, fiset)); } - + if (senderNonce != null) { SET snset = new SET(); @@ -385,29 +379,29 @@ public class CRSPKIMessage { } // XXX sender nonce - + } catch (CharConversionException e) { } } - + public byte[] makeEnvelopedData(int version) { byte[] r; try { - + if (this.ri != null) { ContentInfo ci; SET ris = new SET(); ris.addElement(this.ri); - + this.sded = new EnvelopedData( new INTEGER(version), ris, eci); - + ci = new ContentInfo(ContentInfo.ENVELOPED_DATA, sded); ByteArrayOutputStream ba = new ByteArrayOutputStream(); @@ -434,8 +428,8 @@ public class CRSPKIMessage { this.riv = version; this.riAlgid = new AlgorithmIdentifier(RSA_ENCRYPTION, new NULL()); - this.riKey = riKey; - + this.riKey = riKey; + this.ri = new RecipientInfo( new INTEGER(this.riv), rcpIASN, @@ -471,18 +465,18 @@ public class CRSPKIMessage { try { SET certs = new SET(); ANY cert = new ANY(certificate); - + certs.addElement(cert); - + crsd = new SignedData( - new SET(), // empty set of digestAlgorithmID's - new ContentInfo( - new OBJECT_IDENTIFIER(new long[] {1, 2, 840, 113549, 1, 7, 1} + new SET(), // empty set of digestAlgorithmID's + new ContentInfo( + new OBJECT_IDENTIFIER(new long[] { 1, 2, 840, 113549, 1, 7, 1 } ), null), //empty content - certs, - null, // no CRL's - new SET() // empty SignerInfos + certs, + null, // no CRL's + new SET() // empty SignerInfos ); ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd); @@ -497,7 +491,7 @@ public class CRSPKIMessage { return null; } } - + public String toString() { StringBuffer sb = new StringBuffer(); sb.append("{ messageType="); @@ -509,15 +503,15 @@ public class CRSPKIMessage { sb.append(", transactionID="); sb.append(getTransactionID()); sb.append(", senderNonce="); - sb.append( Arrays.toString( getSenderNonce() ) ); + sb.append(Arrays.toString(getSenderNonce())); sb.append(", recipientNonce="); - sb.append( Arrays.toString( getRecipientNonce() ) ); + sb.append(Arrays.toString(getRecipientNonce())); sb.append(" }"); - + String s = sb.toString(); return s; } - + public String getMessageType() { return messageType; } @@ -561,7 +555,7 @@ public class CRSPKIMessage { public String getDigestAlgorithmName() { String name = null; if (digestAlgorithmId != null) { - name = getHashAlgorithm(digestAlgorithmId.getOID()); + name = getHashAlgorithm(digestAlgorithmId.getOID()); } return name; } @@ -570,10 +564,10 @@ public class CRSPKIMessage { try { org.mozilla.jss.pkix.cert.Certificate.Template ct = new - org.mozilla.jss.pkix.cert.Certificate.Template(); - + org.mozilla.jss.pkix.cert.Certificate.Template(); + ByteArrayInputStream bais = new ByteArrayInputStream(this.signerCertBytes); - + signerCert = (org.mozilla.jss.pkix.cert.Certificate) ct.decode(bais); return signerCert.getInfo().getSubjectPublicKeyInfo().toPublicKey(); } catch (Exception e) { @@ -593,7 +587,7 @@ public class CRSPKIMessage { } - public void setAA_old( SET auth_attrs ) { + public void setAA_old(SET auth_attrs) { aa_old = auth_attrs; } @@ -613,15 +607,15 @@ public class CRSPKIMessage { public byte[] getAADigest() { return aa_digest.toByteArray(); } - + public PKCS10 getP10() { return myP10; } - + public void setP10(PKCS10 p10) { myP10 = p10; } - + public void setSgnIssuerAndSerialNumber(IssuerAndSerialNumber iasn) { this.sgnIASN = iasn; } @@ -631,7 +625,7 @@ public class CRSPKIMessage { } public IssuerAndSerialNumber getSgnIssuerAndSerialNumber() { - return this.sgnIASN; + return this.sgnIASN; } public IssuerAndSerialNumber getRcpIssuerAndSerialNumber() { @@ -664,7 +658,6 @@ public class CRSPKIMessage { // public void setCertificate(byte [] cert) { this.certificate = cert; } - public void setMsgDigest(byte[] digest) { this.msg_digest = new OCTET_STRING(digest); } @@ -675,53 +668,52 @@ public class CRSPKIMessage { public void setPending() { // setIssuerAndSerialNumber(); - + setMessageType(mType_CertRep); setPKIStatus(mStatus_PENDING); }; - + public void setFailure(String failInfo) { setMessageType(mType_CertRep); setPKIStatus(mStatus_FAILURE); setFailInfo(failInfo); } - + // Should add a Certificate to this call public void setSuccess() { setMessageType(mType_CertRep); setPKIStatus(mStatus_SUCCESS); } - + /** * Gets a byte array which is the der-encoded blob * which gets sent back to the router. */ - + public byte[] getEncoded() { //Assert.assert(messageType != null); //Assert.assert(pkiStatus != null); - - return new byte[1]; // blagh + + return new byte[1]; // blagh } - - private void decodeCRSPKIMessage (ByteArrayInputStream bais) throws InvalidBERException, Exception { + private void decodeCRSPKIMessage(ByteArrayInputStream bais) throws InvalidBERException, Exception { org.mozilla.jss.pkcs7.ContentInfo.Template crscit; crscit = new ContentInfo.Template(); crsci = (ContentInfo) crscit.decode(bais); - - if (!ContentInfo.SIGNED_DATA.equals(crsci.getContentType())) { + + if (!ContentInfo.SIGNED_DATA.equals(crsci.getContentType())) { throw new Exception("ContentType wasn't signed data, it was" + crsci.getContentType()); } - + // Now that we know that the contentInfo is a SignedData, we can decode it SignedData.Template sdt = new SignedData.Template(); - + sd = (SignedData) sdt.decode( new ByteArrayInputStream( - ((ANY) crsci.getContent()).getEncoded() + ((ANY) crsci.getContent()).getEncoded() )); this.decodeSD(); } @@ -729,34 +721,34 @@ public class CRSPKIMessage { public CRSPKIMessage() { attrs = new Hashtable<String, Object>(); } - - public CRSPKIMessage (ByteArrayInputStream bais) throws InvalidBERException, Exception { + + public CRSPKIMessage(ByteArrayInputStream bais) throws InvalidBERException, Exception { attrs = new Hashtable<String, Object>(); decodeCRSPKIMessage(bais); } private void decodeSD() throws Exception { - ContentInfo sdci; + ContentInfo sdci; sis = sd.getSignerInfos(); - + decodeSI(); sdci = sd.getContentInfo(); - + // HACK to work with CRS ANY a = (ANY) sdci.getContent(); ByteArrayInputStream s = new ByteArrayInputStream(a.getEncoded()); OCTET_STRING os = (OCTET_STRING) (new OCTET_STRING.Template()).decode(s); - + ByteArrayInputStream s2 = new ByteArrayInputStream(os.toByteArray()); ContentInfo ci = (ContentInfo) (new ContentInfo.Template()).decode(s2); ByteArrayInputStream s3 = new ByteArrayInputStream(((ANY) ci.getContent()).getEncoded()); - + EnvelopedData.Template edt = new EnvelopedData.Template(); sded = (EnvelopedData) edt.decode(s3); - + SET signerCerts = (SET) sd.getCertificates(); Certificate firstCert = (Certificate) signerCerts.elementAt(0); @@ -766,10 +758,10 @@ public class CRSPKIMessage { sgnIASN = new IssuerAndSerialNumber(firstCertInfo.getIssuer(), firstCertInfo.getSerialNumber()); - + decodeED(); } - + private void decodeSI() throws Exception { if (sis.size() == 0) { throw new Exception("SignerInfos is empty"); @@ -782,12 +774,12 @@ public class CRSPKIMessage { aa_digest = new OCTET_STRING(si.getEncryptedDigest()); } - + private void decodeED() throws Exception { SET ris; ris = (SET) sded.getRecipientInfos(); - + if (ris.size() == 0) { throw new Exception("RecipientInfos is empty"); } @@ -801,32 +793,32 @@ public class CRSPKIMessage { } else { throw new Exception("P10 encrypted alg is not supported (not DES): " + eci.getContentEncryptionAlgorithm().getOID()); } - + ec = eci.getEncryptedContent().toByteArray(); OCTET_STRING.Template ost = new OCTET_STRING.Template(); - + OCTET_STRING os = (OCTET_STRING) - ost.decode(new ByteArrayInputStream( - ((ANY) eci.getContentEncryptionAlgorithm().getParameters()).getEncoded() - ) - ); + ost.decode(new ByteArrayInputStream( + ((ANY) eci.getContentEncryptionAlgorithm().getParameters()).getEncoded() + ) + ); iv = os.toByteArray(); decodeRI(); } - + /** * The PKCS10 request is encrypt with a symmetric key. * This key in turn is encrypted with the RSA key in the * CA certificate. - * - * riAlgid is the algorithm the symm key is encrypted with. It had - * better be RSA - * riKey is the encrypted symmetric key + * + * riAlgid is the algorithm the symm key is encrypted with. It had + * better be RSA + * riKey is the encrypted symmetric key */ - + private void decodeRI() throws Exception { // really should get issuer and serial number of our RI, as this @@ -834,18 +826,18 @@ public class CRSPKIMessage { // going to assume that the key is the Signing cert for the server. riAlgid = ri.getKeyEncryptionAlgorithmID(); - + if (!riAlgid.getOID().equals(RSA_ENCRYPTION)) { throw new Exception("Request is protected by a key which we can't decrypt"); } - + riKey = ri.getEncryptedKey().toByteArray(); - + } - + private void decodeAA() throws InvalidBERException, IOException { aa = si.getAuthenticatedAttributes(); - + int count; for (count = 0; count < aa.size(); count++) { @@ -855,20 +847,20 @@ public class CRSPKIMessage { PrintableString ps; PrintableString.Template pst = new PrintableString.Template(); OCTET_STRING.Template ost = new OCTET_STRING.Template(); - + OBJECT_IDENTIFIER oid = a.getType(); if (oid.equals(CRS_MESSAGETYPE)) { ps = (PrintableString) pst.decode(new ByteArrayInputStream(f.getEncoded())); // We make a new string here messageType = ps.toString(); - + } else if (oid.equals(CRS_PKISTATUS)) { ps = (PrintableString) pst.decode(new ByteArrayInputStream(f.getEncoded())); - pkiStatus = new String (ps.toString()); + pkiStatus = new String(ps.toString()); } else if (oid.equals(CRS_FAILINFO)) { ps = (PrintableString) pst.decode(new ByteArrayInputStream(f.getEncoded())); - failInfo = new String (ps.toString()); + failInfo = new String(ps.toString()); } else if (oid.equals(CRS_SENDERNONCE)) { OCTET_STRING oss = (OCTET_STRING) ost.decode(new ByteArrayInputStream(f.getEncoded())); @@ -879,18 +871,18 @@ public class CRSPKIMessage { recipientNonce = osr.toByteArray(); } else if (oid.equals(CRS_TRANSID)) { ps = (PrintableString) pst.decode(new ByteArrayInputStream(f.getEncoded())); - transactionID = new String (ps.toString()); + transactionID = new String(ps.toString()); } - + } - - } // end of decodeAA(); - + + } // end of decodeAA(); + public String getMessageTypeString() { if (messageType == null) { return null; } - + if (messageType.equals(mType_PKCSReq)) { return "PKCSReq"; } @@ -910,5 +902,4 @@ public class CRSPKIMessage { //Assert.assert(false); return null; } -} - +} diff --git a/pki/base/util/src/com/netscape/cmsutil/util/Cert.java b/pki/base/util/src/com/netscape/cmsutil/util/Cert.java index d5689ac9..b280a760 100644 --- a/pki/base/util/src/com/netscape/cmsutil/util/Cert.java +++ b/pki/base/util/src/com/netscape/cmsutil/util/Cert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.util; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509CRL; @@ -63,13 +62,13 @@ public class Cert { } if ((s.startsWith("-----BEGIN CERTIFICATE-----")) && - (s.endsWith("-----END CERTIFICATE-----"))) { + (s.endsWith("-----END CERTIFICATE-----"))) { return (s.substring(27, (s.length() - 25))); } // To support Thawte's header and footer if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) && - (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { + (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { return (s.substring(35, (s.length() - 33))); } @@ -81,23 +80,23 @@ public class Cert { return s; } if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) && - (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { + (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) { return (s.substring(43, (s.length() - 41))); } return s; } public static String stripCertBrackets(String s) { - return stripBrackets(s); + return stripBrackets(s); } - // private static BASE64Decoder mDecoder = new BASE64Decoder(); + // private static BASE64Decoder mDecoder = new BASE64Decoder(); public static X509CertImpl mapCert(String mime64) - throws IOException { + throws IOException { mime64 = stripCertBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); - // byte rawPub[] = mDecoder.decodeBuffer(newval); - byte rawPub[] = OSUtil.AtoB( newval ); + // byte rawPub[] = mDecoder.decodeBuffer(newval); + byte rawPub[] = OSUtil.AtoB(newval); X509CertImpl cert = null; try { @@ -108,27 +107,27 @@ public class Cert { } public static X509Certificate[] mapCertFromPKCS7(String mime64) - throws IOException { + throws IOException { mime64 = stripCertBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); - // byte rawPub[] = mDecoder.decodeBuffer(newval); - byte rawPub[] = OSUtil.AtoB( newval ); + // byte rawPub[] = mDecoder.decodeBuffer(newval); + byte rawPub[] = OSUtil.AtoB(newval); PKCS7 p7 = null; try { p7 = new PKCS7(rawPub); } catch (Exception e) { - throw new IOException( "p7 is null" ); + throw new IOException("p7 is null"); } return p7.getCertificates(); } public static X509CRL mapCRL(String mime64) - throws IOException { + throws IOException { mime64 = stripCRLBrackets(mime64.trim()); String newval = normalizeCertStr(mime64); - // byte rawPub[] = mDecoder.decodeBuffer(newval); - byte rawPub[] = OSUtil.AtoB( newval ); + // byte rawPub[] = mDecoder.decodeBuffer(newval); + byte rawPub[] = OSUtil.AtoB(newval); X509CRL crl = null; try { @@ -139,7 +138,7 @@ public class Cert { } public static X509CRL mapCRL1(String mime64) - throws IOException { + throws IOException { mime64 = stripCRLBrackets(mime64.trim()); byte rawPub[] = OSUtil.AtoB(mime64); @@ -187,4 +186,3 @@ public class Cert { return val; } } - diff --git a/pki/base/util/src/com/netscape/cmsutil/util/Fmt.java b/pki/base/util/src/com/netscape/cmsutil/util/Fmt.java index 49b878c4..a24b8d09 100644 --- a/pki/base/util/src/com/netscape/cmsutil/util/Fmt.java +++ b/pki/base/util/src/com/netscape/cmsutil/util/Fmt.java @@ -45,7 +45,6 @@ package com.netscape.cmsutil.util; // Visit the ACME Labs Java page for up-to-date versions of this and other // fine Java utilities: http://www.acme.com/java/ - /// Some simple single-arg sprintf-like routines. // <P> // It is apparently impossible to declare a Java method that accepts @@ -205,7 +204,7 @@ public class Fmt { if ((l & 0xf000000000000000L) != 0) return fmt( Long.toString(l >>> 60, 16) + - fmt(l & 0x0fffffffffffffffL, 15, HX | ZF), + fmt(l & 0x0fffffffffffffffL, 15, HX | ZF), minWidth, flags | WN); else return fmt(Long.toString(l, 16), minWidth, flags | WN); @@ -213,7 +212,7 @@ public class Fmt { if ((l & 0x8000000000000000L) != 0) return fmt( Long.toString(l >>> 63, 8) + - fmt(l & 0x7fffffffffffffffL, 21, OC | ZF), + fmt(l & 0x7fffffffffffffffL, 21, OC | ZF), minWidth, flags | WN); else return fmt(Long.toString(l, 8), minWidth, flags | WN); @@ -375,8 +374,8 @@ public class Fmt { int numFigs = number.length(); int fracFigs = fraction.length(); - if( ( numFigs == 0 || number.toString().equals( "0" ) ) && - fracFigs > 0 ) { + if ((numFigs == 0 || number.toString().equals("0")) && + fracFigs > 0) { // Don't count leading zeros in the fraction. numFigs = 0; for (int i = 0; i < fraction.length(); ++i) { @@ -394,11 +393,11 @@ public class Fmt { } else if (sigFigs < mantFigs && sigFigs >= numFigs) { // Want fewer figures in the fraction; chop. fraction.setLength( - fraction.length() - (fracFigs - (sigFigs - numFigs))); + fraction.length() - (fracFigs - (sigFigs - numFigs))); // Round? } else if (sigFigs < numFigs) { // Want fewer figures in the number; turn them to zeros. - fraction.setLength(0); // should already be zero, but make sure + fraction.setLength(0); // should already be zero, but make sure for (int i = sigFigs; i < numFigs; ++i) number.setCharAt(i, '0'); // Round? @@ -427,7 +426,7 @@ public class Fmt { if (d == Double.POSITIVE_INFINITY) return "Inf"; - // Grab the sign, and then make the number positive for simplicity. + // Grab the sign, and then make the number positive for simplicity. boolean negative = false; if (d < 0.0D) { @@ -471,19 +470,21 @@ public class Fmt { else num = Integer.parseInt(numStr); - // Build the new mantissa. + // Build the new mantissa. StringBuffer newMantBuf = new StringBuffer(numStr + "."); double p = Math.pow(10, exp); double frac = d - num * p; String digits = "0123456789"; - int nDigits = 16 - numStr.length(); // about 16 digits in a double + int nDigits = 16 - numStr.length(); // about 16 digits in a double for (int i = 0; i < nDigits; ++i) { p /= 10.0D; int dig = (int) (frac / p); - if (dig < 0) dig = 0; - if (dig > 9) dig = 9; + if (dig < 0) + dig = 0; + if (dig > 9) + dig = 9; newMantBuf.append(digits.charAt(dig)); frac -= dig * p; } @@ -519,86 +520,86 @@ public class Fmt { while (newMantBuf.charAt(len - 1) == '0') newMantBuf.setLength(--len); - // And chop a trailing dot, if any. + // And chop a trailing dot, if any. if (newMantBuf.charAt(len - 1) == '.') newMantBuf.setLength(--len); - // Done. + // Done. return (negative ? "-" : "") + - newMantBuf + - (expStr.length() != 0 ? ("e" + expStr) : ""); + newMantBuf + + (expStr.length() != 0 ? ("e" + expStr) : ""); } /****************************************************************************** - /// Test program. - public static void main( String[] args ) - { - System.out.println( "Starting tests." ); - show( Fmt.fmt( "Hello there." ) ); - show( Fmt.fmt( 123 ) ); - show( Fmt.fmt( 123, 10 ) ); - show( Fmt.fmt( 123, 10, Fmt.ZF ) ); - show( Fmt.fmt( 123, 10, Fmt.LJ ) ); - show( Fmt.fmt( -123 ) ); - show( Fmt.fmt( -123, 10 ) ); - show( Fmt.fmt( -123, 10, Fmt.ZF ) ); - show( Fmt.fmt( -123, 10, Fmt.LJ ) ); - show( Fmt.fmt( (byte) 0xbe, 22, Fmt.OC ) ); - show( Fmt.fmt( (short) 0xbabe, 22, Fmt.OC ) ); - show( Fmt.fmt( 0xcafebabe, 22, Fmt.OC ) ); - show( Fmt.fmt( 0xdeadbeefcafebabeL, 22, Fmt.OC ) ); - show( Fmt.fmt( 0x8000000000000000L, 22, Fmt.OC ) ); - show( Fmt.fmt( (byte) 0xbe, 16, Fmt.HX ) ); - show( Fmt.fmt( (short) 0xbabe, 16, Fmt.HX ) ); - show( Fmt.fmt( 0xcafebabe, 16, Fmt.HX ) ); - show( Fmt.fmt( 0xdeadbeefcafebabeL, 16, Fmt.HX ) ); - show( Fmt.fmt( 0x8000000000000000L, 16, Fmt.HX ) ); - show( Fmt.fmt( 'c' ) ); - show( Fmt.fmt( new java.util.Date() ) ); - show( Fmt.fmt( 123.456F ) ); - show( Fmt.fmt( 123456000000000000.0F ) ); - show( Fmt.fmt( 123.456F, 0, 8 ) ); - show( Fmt.fmt( 123.456F, 0, 7 ) ); - show( Fmt.fmt( 123.456F, 0, 6 ) ); - show( Fmt.fmt( 123.456F, 0, 5 ) ); - show( Fmt.fmt( 123.456F, 0, 4 ) ); - show( Fmt.fmt( 123.456F, 0, 3 ) ); - show( Fmt.fmt( 123.456F, 0, 2 ) ); - show( Fmt.fmt( 123.456F, 0, 1 ) ); - show( Fmt.fmt( 123456000000000000.0F, 0, 4 ) ); - show( Fmt.fmt( -123.456F, 0, 4 ) ); - show( Fmt.fmt( -123456000000000000.0F, 0, 4 ) ); - show( Fmt.fmt( 123.0F ) ); - show( Fmt.fmt( 123.0D ) ); - show( Fmt.fmt( 1.234567890123456789F ) ); - show( Fmt.fmt( 1.234567890123456789D ) ); - show( Fmt.fmt( 1234567890123456789F ) ); - show( Fmt.fmt( 1234567890123456789D ) ); - show( Fmt.fmt( 0.000000000000000000001234567890123456789F ) ); - show( Fmt.fmt( 0.000000000000000000001234567890123456789D ) ); - show( Fmt.fmt( 12300.0F ) ); - show( Fmt.fmt( 12300.0D ) ); - show( Fmt.fmt( 123000.0F ) ); - show( Fmt.fmt( 123000.0D ) ); - show( Fmt.fmt( 1230000.0F ) ); - show( Fmt.fmt( 1230000.0D ) ); - show( Fmt.fmt( 12300000.0F ) ); - show( Fmt.fmt( 12300000.0D ) ); - show( Fmt.fmt( Float.NaN ) ); - show( Fmt.fmt( Float.POSITIVE_INFINITY ) ); - show( Fmt.fmt( Float.NEGATIVE_INFINITY ) ); - show( Fmt.fmt( Double.NaN ) ); - show( Fmt.fmt( Double.POSITIVE_INFINITY ) ); - show( Fmt.fmt( Double.NEGATIVE_INFINITY ) ); - show( Fmt.fmt( 1.0F / 8.0F ) ); - show( Fmt.fmt( 1.0D / 8.0D ) ); - System.out.println( "Done with tests." ); - } - - private static void show( String str ) - { - System.out.println( "#" + str + "#" ); - } - ******************************************************************************/ + * /// Test program. + * public static void main( String[] args ) + * { + * System.out.println( "Starting tests." ); + * show( Fmt.fmt( "Hello there." ) ); + * show( Fmt.fmt( 123 ) ); + * show( Fmt.fmt( 123, 10 ) ); + * show( Fmt.fmt( 123, 10, Fmt.ZF ) ); + * show( Fmt.fmt( 123, 10, Fmt.LJ ) ); + * show( Fmt.fmt( -123 ) ); + * show( Fmt.fmt( -123, 10 ) ); + * show( Fmt.fmt( -123, 10, Fmt.ZF ) ); + * show( Fmt.fmt( -123, 10, Fmt.LJ ) ); + * show( Fmt.fmt( (byte) 0xbe, 22, Fmt.OC ) ); + * show( Fmt.fmt( (short) 0xbabe, 22, Fmt.OC ) ); + * show( Fmt.fmt( 0xcafebabe, 22, Fmt.OC ) ); + * show( Fmt.fmt( 0xdeadbeefcafebabeL, 22, Fmt.OC ) ); + * show( Fmt.fmt( 0x8000000000000000L, 22, Fmt.OC ) ); + * show( Fmt.fmt( (byte) 0xbe, 16, Fmt.HX ) ); + * show( Fmt.fmt( (short) 0xbabe, 16, Fmt.HX ) ); + * show( Fmt.fmt( 0xcafebabe, 16, Fmt.HX ) ); + * show( Fmt.fmt( 0xdeadbeefcafebabeL, 16, Fmt.HX ) ); + * show( Fmt.fmt( 0x8000000000000000L, 16, Fmt.HX ) ); + * show( Fmt.fmt( 'c' ) ); + * show( Fmt.fmt( new java.util.Date() ) ); + * show( Fmt.fmt( 123.456F ) ); + * show( Fmt.fmt( 123456000000000000.0F ) ); + * show( Fmt.fmt( 123.456F, 0, 8 ) ); + * show( Fmt.fmt( 123.456F, 0, 7 ) ); + * show( Fmt.fmt( 123.456F, 0, 6 ) ); + * show( Fmt.fmt( 123.456F, 0, 5 ) ); + * show( Fmt.fmt( 123.456F, 0, 4 ) ); + * show( Fmt.fmt( 123.456F, 0, 3 ) ); + * show( Fmt.fmt( 123.456F, 0, 2 ) ); + * show( Fmt.fmt( 123.456F, 0, 1 ) ); + * show( Fmt.fmt( 123456000000000000.0F, 0, 4 ) ); + * show( Fmt.fmt( -123.456F, 0, 4 ) ); + * show( Fmt.fmt( -123456000000000000.0F, 0, 4 ) ); + * show( Fmt.fmt( 123.0F ) ); + * show( Fmt.fmt( 123.0D ) ); + * show( Fmt.fmt( 1.234567890123456789F ) ); + * show( Fmt.fmt( 1.234567890123456789D ) ); + * show( Fmt.fmt( 1234567890123456789F ) ); + * show( Fmt.fmt( 1234567890123456789D ) ); + * show( Fmt.fmt( 0.000000000000000000001234567890123456789F ) ); + * show( Fmt.fmt( 0.000000000000000000001234567890123456789D ) ); + * show( Fmt.fmt( 12300.0F ) ); + * show( Fmt.fmt( 12300.0D ) ); + * show( Fmt.fmt( 123000.0F ) ); + * show( Fmt.fmt( 123000.0D ) ); + * show( Fmt.fmt( 1230000.0F ) ); + * show( Fmt.fmt( 1230000.0D ) ); + * show( Fmt.fmt( 12300000.0F ) ); + * show( Fmt.fmt( 12300000.0D ) ); + * show( Fmt.fmt( Float.NaN ) ); + * show( Fmt.fmt( Float.POSITIVE_INFINITY ) ); + * show( Fmt.fmt( Float.NEGATIVE_INFINITY ) ); + * show( Fmt.fmt( Double.NaN ) ); + * show( Fmt.fmt( Double.POSITIVE_INFINITY ) ); + * show( Fmt.fmt( Double.NEGATIVE_INFINITY ) ); + * show( Fmt.fmt( 1.0F / 8.0F ) ); + * show( Fmt.fmt( 1.0D / 8.0D ) ); + * System.out.println( "Done with tests." ); + * } + * + * private static void show( String str ) + * { + * System.out.println( "#" + str + "#" ); + * } + ******************************************************************************/ } diff --git a/pki/base/util/src/com/netscape/cmsutil/util/HMACDigest.java b/pki/base/util/src/com/netscape/cmsutil/util/HMACDigest.java index e77e37a5..09bf53bb 100644 --- a/pki/base/util/src/com/netscape/cmsutil/util/HMACDigest.java +++ b/pki/base/util/src/com/netscape/cmsutil/util/HMACDigest.java @@ -17,14 +17,12 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.util; - import java.security.MessageDigest; - /** * This class implements the HMAC algorithm specified in RFC 2104 using * any MessageDigest. - * + * * @author mikep * @version $Revision$, $Date$ * @see java.security.MessageDigest @@ -51,9 +49,9 @@ public class HMACDigest implements Cloneable { /** * Creates an HMACDigest - * - * @param md The MessageDigest to be used for the HMAC calculation. It - * must be clonable. + * + * @param md The MessageDigest to be used for the HMAC calculation. It + * must be clonable. */ public HMACDigest(MessageDigest md) { mMD = md; @@ -62,9 +60,9 @@ public class HMACDigest implements Cloneable { /** * Creates an HMACDigest and initializes the HMAC function * with the given key. - * - * @param md The MessageDigest to be used for the HMAC calculation. It - * must be clonable. + * + * @param md The MessageDigest to be used for the HMAC calculation. It + * must be clonable. * @param key The key value to be used in the HMAC calculation */ public HMACDigest(MessageDigest md, byte[] key) { @@ -81,18 +79,18 @@ public class HMACDigest implements Cloneable { /** * Initialize the HMAC function - * + * * The HMAC transform looks like: - * - * hash(key XOR opad, hash(key XOR ipad, text)) - * + * + * hash(key XOR opad, hash(key XOR ipad, text)) + * * where key is an n byte key * ipad is the byte 0x36 repeated 64 times * opad is the byte 0x5c repeated 64 times * and text is the data being protected - * + * * This routine must be called after every reset. - * + * * @param key The password used to protect the hash value */ public void init(byte[] key) { @@ -133,7 +131,7 @@ public class HMACDigest implements Cloneable { /** * Updates the digest using the specified array of bytes. - * + * * @param input the array of bytes. */ public void update(byte[] input) { @@ -143,7 +141,7 @@ public class HMACDigest implements Cloneable { /** * Completes the HMAC computation with the outer pad * The digest is reset after this call is made. - * + * * @return the array of bytes for the resulting hash value. */ public byte[] digest() { @@ -175,16 +173,15 @@ public class HMACDigest implements Cloneable { /** * Clone the HMACDigest - * + * * @return a clone if the implementation is cloneable. - * @exception CloneNotSupportedException if this is called on a - * MessageDigest implementation that does not support - * <code>Cloneable</code>. + * @exception CloneNotSupportedException if this is called on a + * MessageDigest implementation that does not support <code>Cloneable</code>. */ public Object clone() throws CloneNotSupportedException { int i; - HMACDigest hd = (HMACDigest) super.clone(); + HMACDigest hd = (HMACDigest) super.clone(); hd.mKeyOpad = new byte[PAD_BYTES]; hd.mKeyIpad = new byte[PAD_BYTES]; diff --git a/pki/base/util/src/com/netscape/cmsutil/util/Utils.java b/pki/base/util/src/com/netscape/cmsutil/util/Utils.java index 36933da8..6f4ba497 100644 --- a/pki/base/util/src/com/netscape/cmsutil/util/Utils.java +++ b/pki/base/util/src/com/netscape/cmsutil/util/Utils.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.util; - import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.ByteArrayOutputStream; @@ -36,64 +35,64 @@ import java.util.Date; import java.util.Vector; public class Utils { - /** - * Checks if this is NT. - */ - public static boolean isNT() { - return ((File.separator).equals("\\")); - } + /** + * Checks if this is NT. + */ + public static boolean isNT() { + return ((File.separator).equals("\\")); + } - public static boolean exec(String cmd) { - try { - String cmds[] = null; - if (isNT()) { - // NT - cmds = new String[3]; - cmds[0] = "cmd"; - cmds[1] = "/c"; - cmds[2] = cmd; - } else { - // UNIX - cmds = new String[3]; - cmds[0] = "/bin/sh"; - cmds[1] = "-c"; - cmds[2] = cmd; - } - Process process = Runtime.getRuntime().exec(cmds); - process.waitFor(); - BufferedReader pOut = null; - String l = null; + public static boolean exec(String cmd) { + try { + String cmds[] = null; + if (isNT()) { + // NT + cmds = new String[3]; + cmds[0] = "cmd"; + cmds[1] = "/c"; + cmds[2] = cmd; + } else { + // UNIX + cmds = new String[3]; + cmds[0] = "/bin/sh"; + cmds[1] = "-c"; + cmds[2] = cmd; + } + Process process = Runtime.getRuntime().exec(cmds); + process.waitFor(); + BufferedReader pOut = null; + String l = null; - if (process.exitValue() == 0) { - /** - pOut = new BufferedReader( - new InputStreamReader(process.getInputStream())); - while ((l = pOut.readLine()) != null) { - System.out.println(l); - } - **/ - return true; - } else { - /** - pOut = new BufferedReader( - new InputStreamReader(process.getErrorStream())); - l = null; - while ((l = pOut.readLine()) != null) { - System.out.println(l); - } - **/ - return false; - } - } catch (Exception e) { - return false; - } - } + if (process.exitValue() == 0) { + /** + * pOut = new BufferedReader( + * new InputStreamReader(process.getInputStream())); + * while ((l = pOut.readLine()) != null) { + * System.out.println(l); + * } + **/ + return true; + } else { + /** + * pOut = new BufferedReader( + * new InputStreamReader(process.getErrorStream())); + * l = null; + * while ((l = pOut.readLine()) != null) { + * System.out.println(l); + * } + **/ + return false; + } + } catch (Exception e) { + return false; + } + } - public static String SpecialURLDecode(String s) { + public static String SpecialURLDecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); - + for (int i = 0; i < s.length(); i++) { int c = (int) s.charAt(i); @@ -111,11 +110,11 @@ public class Utils { return out.toString(); } - public static byte[] SpecialDecode(String s) { + public static byte[] SpecialDecode(String s) { if (s == null) return null; ByteArrayOutputStream out = new ByteArrayOutputStream(s.length()); - + for (int i = 0; i < s.length(); i++) { int c = (int) s.charAt(i); @@ -133,17 +132,17 @@ public class Utils { return out.toByteArray(); } - public static String SpecialEncode(byte data[]) { + public static String SpecialEncode(byte data[]) { StringBuffer sb = new StringBuffer(); for (int i = 0; i < data.length; i++) { - sb.append("%"); - if ((data[i] & 0xff) < 16) { - sb.append("0"); - } - sb.append(Integer.toHexString((data[i] & 0xff))); + sb.append("%"); + if ((data[i] & 0xff) < 16) { + sb.append("0"); + } + sb.append(Integer.toHexString((data[i] & 0xff))); } return sb.toString().toUpperCase(); - } + } public static void checkHost(String hostname) throws UnknownHostException { InetAddress addr = InetAddress.getByName(hostname); @@ -151,17 +150,17 @@ public class Utils { public static void copy(String orig, String dest) { try { - BufferedReader in = new BufferedReader(new FileReader(orig)); - PrintWriter out = new PrintWriter( - new BufferedWriter(new FileWriter(dest))); - String line = ""; - while (in.ready()) { - line = in.readLine(); - if (line != null) - out.println(line); - } - in.close(); - out.close(); + BufferedReader in = new BufferedReader(new FileReader(orig)); + PrintWriter out = new PrintWriter( + new BufferedWriter(new FileWriter(dest))); + String line = ""; + while (in.ready()) { + line = in.readLine(); + if (line != null) + out.println(line); + } + in.close(); + out.close(); } catch (Exception ee) { } } @@ -230,9 +229,10 @@ public class Utils { } return true; } - + /** * strips out double quotes around String parameter + * * @param s the string potentially bracketed with double quotes * @return string stripped of surrounding double quotes */ diff --git a/pki/base/util/src/com/netscape/cmsutil/xml/XMLObject.java b/pki/base/util/src/com/netscape/cmsutil/xml/XMLObject.java index a012f1a0..8890d79f 100644 --- a/pki/base/util/src/com/netscape/cmsutil/xml/XMLObject.java +++ b/pki/base/util/src/com/netscape/cmsutil/xml/XMLObject.java @@ -16,6 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.cmsutil.xml; + import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; @@ -43,8 +44,7 @@ import org.w3c.dom.NodeList; import org.w3c.dom.Text; import org.xml.sax.SAXException; -public class XMLObject -{ +public class XMLObject { private Document mDoc = null; public XMLObject() throws ParserConfigurationException { @@ -53,15 +53,15 @@ public class XMLObject mDoc = docBuilder.newDocument(); } - public XMLObject(InputStream s) - throws SAXException, IOException, ParserConfigurationException { + public XMLObject(InputStream s) + throws SAXException, IOException, ParserConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder docBuilder = factory.newDocumentBuilder(); mDoc = docBuilder.parse(s); } - public XMLObject(File f) - throws SAXException, IOException, ParserConfigurationException { + public XMLObject(File f) + throws SAXException, IOException, ParserConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder docBuilder = factory.newDocumentBuilder(); mDoc = docBuilder.parse(f); @@ -77,14 +77,14 @@ public class XMLObject public Node createRoot(String name) { Element root = mDoc.createElement(name); mDoc.appendChild(root); - return (Node)root; + return (Node) root; } public Node getRoot() { return mDoc.getFirstChild(); } - /** + /** * If you have duplicate containers, then this method will return the * first container in the list. */ @@ -98,7 +98,7 @@ public class XMLObject public Node createContainer(Node containerParent, String containerName) { Element node = mDoc.createElement(containerName); containerParent.appendChild(node); - return (Node)node; + return (Node) node; } public void addItemToContainer(Node container, String tagname, String value) { @@ -109,7 +109,7 @@ public class XMLObject } public String getValue(String tagname) { - Node n = getContainer(tagname); + Node n = getContainer(tagname); if (n != null) { NodeList c = n.getChildNodes(); @@ -125,7 +125,7 @@ public class XMLObject public Vector getAllValues(String tagname) { Vector v = new Vector(); NodeList nodes = mDoc.getElementsByTagName(tagname); - for (int i=0; i<nodes.getLength(); i++) { + for (int i = 0; i < nodes.getLength(); i++) { Node n = nodes.item(i); NodeList c = n.getChildNodes(); if (c.getLength() > 0) { @@ -141,7 +141,7 @@ public class XMLObject Vector v = new Vector(); NodeList c = container.getChildNodes(); int len = c.getLength(); - for (int i=0; i<len; i++) { + for (int i = 0; i < len; i++) { Node subchild = c.item(i); if (subchild.getNodeName().equals(tagname)) { NodeList grandchildren = subchild.getChildNodes(); @@ -166,8 +166,8 @@ public class XMLObject return bos.toByteArray(); } - public void output(OutputStream os) - throws TransformerConfigurationException, TransformerException { + public void output(OutputStream os) + throws TransformerConfigurationException, TransformerException { TransformerFactory tranFactory = TransformerFactory.newInstance(); Transformer aTransformer = tranFactory.newTransformer(); Source src = new DOMSource(mDoc); @@ -183,5 +183,5 @@ public class XMLObject transformer.transform(src, dest); String xmlString = dest.getWriter().toString(); return xmlString; - } + } } diff --git a/pki/base/util/src/netscape/net/NetworkClient.java b/pki/base/util/src/netscape/net/NetworkClient.java index c9d004d9..ae8cdfcf 100644 --- a/pki/base/util/src/netscape/net/NetworkClient.java +++ b/pki/base/util/src/netscape/net/NetworkClient.java @@ -27,60 +27,61 @@ import java.net.UnknownHostException; /** * This is the base class for network clients. - * - * @version 1.21, 08/07/97 - * @author Jonathan Payne + * + * @version 1.21, 08/07/97 + * @author Jonathan Payne */ public class NetworkClient { /** Socket for communicating with server. */ - protected Socket serverSocket = null; + protected Socket serverSocket = null; /** Stream for printing to the server. */ - public PrintStream serverOutput; + public PrintStream serverOutput; /** Buffered stream for reading replies from server. */ - public InputStream serverInput; + public InputStream serverInput; /** Open a connection to the server. */ public void openServer(String server, int port) - throws IOException, UnknownHostException { - if (serverSocket != null) - closeServer(); - serverSocket = doConnect (server, port); - serverOutput = new PrintStream(new BufferedOutputStream(serverSocket.getOutputStream()), - true); - serverInput = new BufferedInputStream(serverSocket.getInputStream()); + throws IOException, UnknownHostException { + if (serverSocket != null) + closeServer(); + serverSocket = doConnect(server, port); + serverOutput = new PrintStream(new BufferedOutputStream(serverSocket.getOutputStream()), + true); + serverInput = new BufferedInputStream(serverSocket.getInputStream()); } /** * Return a socket connected to the server, with any * appropriate options pre-established */ - protected Socket doConnect (String server, int port) - throws IOException, UnknownHostException { - return new Socket (server, port); + protected Socket doConnect(String server, int port) + throws IOException, UnknownHostException { + return new Socket(server, port); } /** Close an open connection to the server. */ public void closeServer() throws IOException { - if (! serverIsOpen()) { - return; - } - serverSocket.close(); - serverSocket = null; - serverInput = null; - serverOutput = null; + if (!serverIsOpen()) { + return; + } + serverSocket.close(); + serverSocket = null; + serverInput = null; + serverOutput = null; } /** Return server connection status */ public boolean serverIsOpen() { - return serverSocket != null; + return serverSocket != null; } /** Create connection with host <i>host</i> on port <i>port</i> */ public NetworkClient(String host, int port) throws IOException { - openServer(host, port); + openServer(host, port); } - public NetworkClient() {} + public NetworkClient() { + } } diff --git a/pki/base/util/src/netscape/net/TransferProtocolClient.java b/pki/base/util/src/netscape/net/TransferProtocolClient.java index 23f13317..cadacaa0 100644 --- a/pki/base/util/src/netscape/net/TransferProtocolClient.java +++ b/pki/base/util/src/netscape/net/TransferProtocolClient.java @@ -23,103 +23,105 @@ import java.util.Vector; /** * This class implements that basic intefaces of transfer protocols. * It is used by subclasses implementing specific protocols. - * - * @version 1.25, 08/07/97 - * @author Jonathan Payne + * + * @version 1.25, 08/07/97 + * @author Jonathan Payne */ public class TransferProtocolClient extends NetworkClient { static final boolean debug = false; - /** Array of strings (usually 1 entry) for the last reply - from the server. */ - protected Vector serverResponse = new Vector(1); + /** + * Array of strings (usually 1 entry) for the last reply + * from the server. + */ + protected Vector serverResponse = new Vector(1); /** code for last reply */ - protected int lastReplyCode; - + protected int lastReplyCode; /** * Pulls the response from the server and returns the code as a * number. Returns -1 on failure. */ public int readServerResponse() throws IOException { - StringBuffer replyBuf = new StringBuffer(32); - int c; - int continuingCode = -1; - int code; - String response; + StringBuffer replyBuf = new StringBuffer(32); + int c; + int continuingCode = -1; + int code; + String response; - serverResponse.setSize(0); - while (true) { - while ((c = serverInput.read()) != -1) { - if (c == '\r') { - if ((c = serverInput.read()) != '\n') - replyBuf.append('\r'); - } - replyBuf.append((char)c); - if (c == '\n') - break; - } - response = replyBuf.toString(); - replyBuf.setLength(0); - if (debug) { - System.out.print(response); - } - try { - code = Integer.parseInt(response.substring(0, 3)); - } catch (NumberFormatException e) { - code = -1; - } catch (StringIndexOutOfBoundsException e) { - /* this line doesn't contain a response code, so - we just completely ignore it */ - continue; - } - serverResponse.addElement(response); - if (continuingCode != -1) { - /* we've seen a XXX- sequence */ - if (code != continuingCode || - (response.length() >= 4 && response.charAt(3) == '-')) { - continue; - } else { - /* seen the end of code sequence */ - continuingCode = -1; - break; - } - } else if (response.length() >= 4 && response.charAt(3) == '-') { - continuingCode = code; - continue; - } else { - break; - } - } + serverResponse.setSize(0); + while (true) { + while ((c = serverInput.read()) != -1) { + if (c == '\r') { + if ((c = serverInput.read()) != '\n') + replyBuf.append('\r'); + } + replyBuf.append((char) c); + if (c == '\n') + break; + } + response = replyBuf.toString(); + replyBuf.setLength(0); + if (debug) { + System.out.print(response); + } + try { + code = Integer.parseInt(response.substring(0, 3)); + } catch (NumberFormatException e) { + code = -1; + } catch (StringIndexOutOfBoundsException e) { + /* this line doesn't contain a response code, so + we just completely ignore it */ + continue; + } + serverResponse.addElement(response); + if (continuingCode != -1) { + /* we've seen a XXX- sequence */ + if (code != continuingCode || + (response.length() >= 4 && response.charAt(3) == '-')) { + continue; + } else { + /* seen the end of code sequence */ + continuingCode = -1; + break; + } + } else if (response.length() >= 4 && response.charAt(3) == '-') { + continuingCode = code; + continue; + } else { + break; + } + } - return lastReplyCode = code; + return lastReplyCode = code; } /** Sends command <i>cmd</i> to the server. */ public void sendServer(String cmd) { - serverOutput.print(cmd); - if (debug) { - System.out.print("Sending: " + cmd); - } + serverOutput.print(cmd); + if (debug) { + System.out.print("Sending: " + cmd); + } } /** converts the server response into a string. */ public String getResponseString() { - return (String) serverResponse.elementAt(0); + return (String) serverResponse.elementAt(0); } /** Returns all server response strings. */ public Vector getResponseStrings() { - return serverResponse; + return serverResponse; } /** standard constructor to host <i>host</i>, port <i>port</i>. */ public TransferProtocolClient(String host, int port) throws IOException { - super(host, port); + super(host, port); } /** creates an uninitialized instance of this class. */ - public TransferProtocolClient() {} + public TransferProtocolClient() { + } } diff --git a/pki/base/util/src/netscape/net/smtp/SmtpClient.java b/pki/base/util/src/netscape/net/smtp/SmtpClient.java index 83ff6c09..40b927b8 100644 --- a/pki/base/util/src/netscape/net/smtp/SmtpClient.java +++ b/pki/base/util/src/netscape/net/smtp/SmtpClient.java @@ -31,9 +31,9 @@ import netscape.net.TransferProtocolClient; * sender, calling startMessage to return a stream to which you write * the message (with RFC733 headers) and then you finally close the Smtp * Client. - * - * @version 1.17, 12 Dec 1994 - * @author James Gosling + * + * @version 1.17, 12 Dec 1994 + * @author James Gosling */ public class SmtpClient extends TransferProtocolClient { @@ -43,122 +43,122 @@ public class SmtpClient extends TransferProtocolClient { * issue the QUIT command to the SMTP server and close the connection. */ public void closeServer() throws IOException { - if (serverIsOpen()) { - closeMessage(); - issueCommand("QUIT\r\n", 221); - super.closeServer(); - } + if (serverIsOpen()) { + closeMessage(); + issueCommand("QUIT\r\n", 221); + super.closeServer(); + } } void issueCommand(String cmd, int expect) throws IOException { - sendServer(cmd); - int reply; - while ((reply = readServerResponse()) != expect) - if (reply != 220) { - throw new SmtpProtocolException(getResponseString()); - } + sendServer(cmd); + int reply; + while ((reply = readServerResponse()) != expect) + if (reply != 220) { + throw new SmtpProtocolException(getResponseString()); + } } private void toCanonical(String s) throws IOException { - issueCommand("rcpt to: " + s + "\r\n", 250); + issueCommand("rcpt to: " + s + "\r\n", 250); } public void to(String s) throws IOException { - int st = 0; - int limit = s.length(); - int pos = 0; - int lastnonsp = 0; - int parendepth = 0; - boolean ignore = false; - while (pos < limit) { - int c = s.charAt(pos); - if (parendepth > 0) { - if (c == '(') - parendepth++; - else if (c == ')') - parendepth--; - if (parendepth == 0) - if (lastnonsp > st) - ignore = true; - else - st = pos + 1; - } else if (c == '(') - parendepth++; - else if (c == '<') - st = lastnonsp = pos + 1; - else if (c == '>') - ignore = true; - else if (c == ',') { - if (lastnonsp > st) - toCanonical(s.substring(st, lastnonsp)); - st = pos + 1; - ignore = false; - } else { - if (c > ' ' && !ignore) - lastnonsp = pos + 1; - else if (st == pos) - st++; - } - pos++; - } - if (lastnonsp > st) - toCanonical(s.substring(st, lastnonsp)); + int st = 0; + int limit = s.length(); + int pos = 0; + int lastnonsp = 0; + int parendepth = 0; + boolean ignore = false; + while (pos < limit) { + int c = s.charAt(pos); + if (parendepth > 0) { + if (c == '(') + parendepth++; + else if (c == ')') + parendepth--; + if (parendepth == 0) + if (lastnonsp > st) + ignore = true; + else + st = pos + 1; + } else if (c == '(') + parendepth++; + else if (c == '<') + st = lastnonsp = pos + 1; + else if (c == '>') + ignore = true; + else if (c == ',') { + if (lastnonsp > st) + toCanonical(s.substring(st, lastnonsp)); + st = pos + 1; + ignore = false; + } else { + if (c > ' ' && !ignore) + lastnonsp = pos + 1; + else if (st == pos) + st++; + } + pos++; + } + if (lastnonsp > st) + toCanonical(s.substring(st, lastnonsp)); } public void from(String s) throws IOException { - issueCommand("mail from: " + s + "\r\n", 250); + issueCommand("mail from: " + s + "\r\n", 250); } /** open a SMTP connection to host <i>host</i>. */ private void openServer(String host) throws IOException { - openServer(host, 25); - issueCommand("helo "+InetAddress.getLocalHost().getHostName()+"\r\n", 250); + openServer(host, 25); + issueCommand("helo " + InetAddress.getLocalHost().getHostName() + "\r\n", 250); } public PrintStream startMessage() throws IOException { - issueCommand("data\r\n", 354); - return message = new SmtpPrintStream(serverOutput, this); + issueCommand("data\r\n", 354); + return message = new SmtpPrintStream(serverOutput, this); } void closeMessage() throws IOException { - if (message != null) - message.close(); + if (message != null) + message.close(); } /** New SMTP client connected to host <i>host</i>. */ - public SmtpClient (String host) throws IOException { - super(); - if (host != null) { - try { - openServer(host); - return; - } catch(Exception e) { - } - } - try { - String s; - try { -// java.security.AccessController.beginPrivileged(); - s = System.getProperty("mail.host"); - } finally { -// java.security.AccessController.endPrivileged(); - } - if (s != null) { - openServer(s); - return; - } - } catch(Exception e) { - } - try { - openServer("localhost"); - } catch(Exception e) { - openServer("mailhost"); - } + public SmtpClient(String host) throws IOException { + super(); + if (host != null) { + try { + openServer(host); + return; + } catch (Exception e) { + } + } + try { + String s; + try { + // java.security.AccessController.beginPrivileged(); + s = System.getProperty("mail.host"); + } finally { + // java.security.AccessController.endPrivileged(); + } + if (s != null) { + openServer(s); + return; + } + } catch (Exception e) { + } + try { + openServer("localhost"); + } catch (Exception e) { + openServer("mailhost"); + } } /** Create an uninitialized SMTP client. */ - public SmtpClient () throws IOException { - this(null); + public SmtpClient() throws IOException { + this(null); } } @@ -166,69 +166,70 @@ class SmtpPrintStream extends java.io.PrintStream { private SmtpClient target; private int lastc = '\n'; - SmtpPrintStream (OutputStream fos, SmtpClient cl) { - super(fos); - target = cl; + SmtpPrintStream(OutputStream fos, SmtpClient cl) { + super(fos); + target = cl; } public void close() { - if (target == null) - return; - if (lastc != '\n') { - write('\r'); - write('\n'); - } - try { - target.issueCommand(".\r\n", 250); - target.message = null; - out = null; - target = null; - } catch (IOException e) { - } + if (target == null) + return; + if (lastc != '\n') { + write('\r'); + write('\n'); + } + try { + target.issueCommand(".\r\n", 250); + target.message = null; + out = null; + target = null; + } catch (IOException e) { + } } public void write(int b) { - try { - // quote a dot at the beginning of a line - if (lastc == '\n' && b == '.') { - out.write('.'); - } - - // translate NL to CRLF - if (b == '\n') { - out.write('\r'); - } - out.write(b); - lastc = b; - } catch (IOException e) { - } + try { + // quote a dot at the beginning of a line + if (lastc == '\n' && b == '.') { + out.write('.'); + } + + // translate NL to CRLF + if (b == '\n') { + out.write('\r'); + } + out.write(b); + lastc = b; + } catch (IOException e) { + } } public void write(byte b[], int off, int len) { - try { - int lc = lastc; - while (--len >= 0) { - int c = b[off++]; - - // quote a dot at the beginning of a line - if (lc == '\n' && c == '.') - out.write('.'); - - // translate NL to CRLF - if (c == '\n') { - out.write('\r'); - } - out.write(c); - lc = c; - } - lastc = lc; - } catch (IOException e) { - } + try { + int lc = lastc; + while (--len >= 0) { + int c = b[off++]; + + // quote a dot at the beginning of a line + if (lc == '\n' && c == '.') + out.write('.'); + + // translate NL to CRLF + if (c == '\n') { + out.write('\r'); + } + out.write(c); + lc = c; + } + lastc = lc; + } catch (IOException e) { + } } + public void print(String s) { - int len = s.length(); - for (int i = 0; i < len; i++) { - write(s.charAt(i)); - } + int len = s.length(); + for (int i = 0; i < len; i++) { + write(s.charAt(i)); + } } } diff --git a/pki/base/util/src/netscape/net/smtp/SmtpProtocolException.java b/pki/base/util/src/netscape/net/smtp/SmtpProtocolException.java index bb015f90..9ffe5d95 100644 --- a/pki/base/util/src/netscape/net/smtp/SmtpProtocolException.java +++ b/pki/base/util/src/netscape/net/smtp/SmtpProtocolException.java @@ -30,7 +30,6 @@ public class SmtpProtocolException extends IOException { private static final long serialVersionUID = -5586603317525864401L; SmtpProtocolException(String s) { - super(s); + super(s); } } - diff --git a/pki/base/util/src/netscape/security/acl/AclEntryImpl.java b/pki/base/util/src/netscape/security/acl/AclEntryImpl.java index 47186881..46365f5d 100644 --- a/pki/base/util/src/netscape/security/acl/AclEntryImpl.java +++ b/pki/base/util/src/netscape/security/acl/AclEntryImpl.java @@ -25,10 +25,11 @@ import java.util.Enumeration; import java.util.Vector; /** - * This is a class that describes one entry that associates users + * This is a class that describes one entry that associates users * or groups with permissions in the ACL. * The entry may be used as a way of granting or denying permissions. - * @author Satish Dharmaraj + * + * @author Satish Dharmaraj */ public class AclEntryImpl implements AclEntry { private Principal user = null; @@ -36,12 +37,13 @@ public class AclEntryImpl implements AclEntry { private boolean negative = false; /** - * Construct an ACL entry that associates a user with permissions + * Construct an ACL entry that associates a user with permissions * in the ACL. + * * @param user The user that is associated with this entry. */ public AclEntryImpl(Principal user) { - this.user = user; + this.user = user; } /** @@ -51,128 +53,130 @@ public class AclEntryImpl implements AclEntry { } /** - * Sets the principal in the entity. If a group or a - * principal had already been set, a false value is + * Sets the principal in the entity. If a group or a + * principal had already been set, a false value is * returned, otherwise a true value is returned. + * * @param user The user that is associated with this entry. - * @return true if the principal is set, false if there is - * one already. + * @return true if the principal is set, false if there is + * one already. */ public boolean setPrincipal(Principal user) { - if (this.user != null) - return false; - this.user = user; - return true; + if (this.user != null) + return false; + this.user = user; + return true; } /** - * This method sets the ACL to have negative permissions. - * That is the user or group is denied the permission set + * This method sets the ACL to have negative permissions. + * That is the user or group is denied the permission set * specified in the entry. */ public void setNegativePermissions() { - negative = true; + negative = true; } /** * Returns true if this is a negative ACL. */ public boolean isNegative() { - return negative; + return negative; } /** - * A principal or a group can be associated with multiple + * A principal or a group can be associated with multiple * permissions. This method adds a permission to the ACL entry. - * @param permission The permission to be associated with - * the principal or the group in the entry. - * @return true if the permission was added, false if the - * permission was already part of the permission set. + * + * @param permission The permission to be associated with + * the principal or the group in the entry. + * @return true if the permission was added, false if the + * permission was already part of the permission set. */ public boolean addPermission(Permission permission) { - if (permissionSet.contains(permission)) - return false; + if (permissionSet.contains(permission)) + return false; - permissionSet.addElement(permission); + permissionSet.addElement(permission); - return true; + return true; } /** * The method disassociates the permission from the Principal - * or the Group in this ACL entry. - * @param permission The permission to be disassociated with - * the principal or the group in the entry. - * @return true if the permission is removed, false if the - * permission is not part of the permission set. + * or the Group in this ACL entry. + * + * @param permission The permission to be disassociated with + * the principal or the group in the entry. + * @return true if the permission is removed, false if the + * permission is not part of the permission set. */ public boolean removePermission(Permission permission) { - return permissionSet.removeElement(permission); + return permissionSet.removeElement(permission); } /** - * Checks if the passed permission is part of the allowed + * Checks if the passed permission is part of the allowed * permission set in this entry. - * @param permission The permission that has to be part of - * the permission set in the entry. - * @return true if the permission passed is part of the - * permission set in the entry, false otherwise. + * + * @param permission The permission that has to be part of + * the permission set in the entry. + * @return true if the permission passed is part of the + * permission set in the entry, false otherwise. */ public boolean checkPermission(Permission permission) { - return permissionSet.contains(permission); + return permissionSet.contains(permission); } /** * return an enumeration of the permissions in this ACL entry. */ public Enumeration<Permission> permissions() { - return permissionSet.elements(); + return permissionSet.elements(); } /** - * Return a string representation of the contents of the ACL entry. + * Return a string representation of the contents of the ACL entry. */ public String toString() { - StringBuffer s = new StringBuffer(); - if (negative) - s.append("-"); - else - s.append("+"); - if (user instanceof Group) - s.append("Group."); - else - s.append("User."); - s.append(user + "="); - Enumeration<Permission> e = permissions(); - while(e.hasMoreElements()) { - Permission p = (Permission) e.nextElement(); - s.append(p); - if (e.hasMoreElements()) - s.append(","); - } - return new String(s); + StringBuffer s = new StringBuffer(); + if (negative) + s.append("-"); + else + s.append("+"); + if (user instanceof Group) + s.append("Group."); + else + s.append("User."); + s.append(user + "="); + Enumeration<Permission> e = permissions(); + while (e.hasMoreElements()) { + Permission p = (Permission) e.nextElement(); + s.append(p); + if (e.hasMoreElements()) + s.append(","); + } + return new String(s); } /** * Clones an AclEntry. */ public synchronized Object clone() { - AclEntryImpl cloned; - cloned = new AclEntryImpl(user); - cloned.permissionSet = new Vector<Permission>(permissionSet); - cloned.negative = negative; - return cloned; + AclEntryImpl cloned; + cloned = new AclEntryImpl(user); + cloned.permissionSet = new Vector<Permission>(permissionSet); + cloned.negative = negative; + return cloned; } /** - * Return the Principal associated in this ACL entry. - * The method returns null if the entry uses a group + * Return the Principal associated in this ACL entry. + * The method returns null if the entry uses a group * instead of a principal. */ public Principal getPrincipal() { - return user; + return user; } } - - diff --git a/pki/base/util/src/netscape/security/acl/AclImpl.java b/pki/base/util/src/netscape/security/acl/AclImpl.java index 6a5d4fd2..76750b7b 100644 --- a/pki/base/util/src/netscape/security/acl/AclImpl.java +++ b/pki/base/util/src/netscape/security/acl/AclImpl.java @@ -30,7 +30,8 @@ import java.util.Vector; /** * An Access Control List (ACL) is encapsulated by this class. - * @author Satish Dharmaraj + * + * @author Satish Dharmaraj */ public class AclImpl extends OwnerImpl implements Acl { // @@ -43,210 +44,212 @@ public class AclImpl extends OwnerImpl implements Acl { private Hashtable<Principal, AclEntry> deniedUsersTable = new Hashtable<Principal, AclEntry>(23); private Hashtable<Principal, AclEntry> deniedGroupsTable = new Hashtable<Principal, AclEntry>(23); private String aclName = null; - private Vector<Permission> zeroSet = new Vector<Permission>(1,1); - + private Vector<Permission> zeroSet = new Vector<Permission>(1, 1); /** * Constructor for creating an empty ACL. */ public AclImpl(Principal owner, String name) { - super(owner); - try { - setName(owner, name); - } catch (Exception e) {} - } + super(owner); + try { + setName(owner, name); + } catch (Exception e) { + } + } /** * Sets the name of the ACL. - * @param caller the principal who is invoking this method. + * + * @param caller the principal who is invoking this method. * @param name the name of the ACL. * @exception NotOwnerException if the caller principal is - * not on the owners list of the Acl. + * not on the owners list of the Acl. */ public void setName(Principal caller, String name) - throws NotOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); + throws NotOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); - aclName = name; + aclName = name; } /** - * Returns the name of the ACL. + * Returns the name of the ACL. + * * @return the name of the ACL. */ public String getName() { - return aclName; + return aclName; } /** - * Adds an ACL entry to this ACL. An entry associates a - * group or a principal with a set of permissions. Each - * user or group can have one positive ACL entry and one - * negative ACL entry. If there is one of the type (negative + * Adds an ACL entry to this ACL. An entry associates a + * group or a principal with a set of permissions. Each + * user or group can have one positive ACL entry and one + * negative ACL entry. If there is one of the type (negative * or positive) already in the table, a false value is returned. - * The caller principal must be a part of the owners list of + * The caller principal must be a part of the owners list of * the ACL in order to invoke this method. - * @param caller the principal who is invoking this method. - * @param entry the ACL entry that must be added to the ACL. + * + * @param caller the principal who is invoking this method. + * @param entry the ACL entry that must be added to the ACL. * @return true on success, false if the entry is already present. - * @exception NotOwnerException if the caller principal - * is not on the owners list of the Acl. + * @exception NotOwnerException if the caller principal + * is not on the owners list of the Acl. */ - public synchronized boolean addEntry(Principal caller, AclEntry entry) - throws NotOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); + public synchronized boolean addEntry(Principal caller, AclEntry entry) + throws NotOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); - Hashtable<Principal, AclEntry> aclTable = findTable(entry); - Principal key = entry.getPrincipal(); + Hashtable<Principal, AclEntry> aclTable = findTable(entry); + Principal key = entry.getPrincipal(); - if (aclTable.get(key) != null) - return false; + if (aclTable.get(key) != null) + return false; - aclTable.put(key, entry); - return true; + aclTable.put(key, entry); + return true; } /** * Removes an ACL entry from this ACL. - * The caller principal must be a part of the owners list of the ACL + * The caller principal must be a part of the owners list of the ACL * in order to invoke this method. - * @param caller the principal who is invoking this method. + * + * @param caller the principal who is invoking this method. * @param entry the ACL entry that must be removed from the ACL. * @return true on success, false if the entry is not part of the ACL. * @exception NotOwnerException if the caller principal is not - * the owners list of the Acl. + * the owners list of the Acl. */ - public synchronized boolean removeEntry(Principal caller, AclEntry entry) - throws NotOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); + public synchronized boolean removeEntry(Principal caller, AclEntry entry) + throws NotOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); - Hashtable<Principal, AclEntry> aclTable = findTable(entry); - Object key = entry.getPrincipal(); + Hashtable<Principal, AclEntry> aclTable = findTable(entry); + Object key = entry.getPrincipal(); - Object o = aclTable.remove(key); - return (o != null); + Object o = aclTable.remove(key); + return (o != null); } + /** - * This method returns the set of allowed permissions for the + * This method returns the set of allowed permissions for the * specified principal. This set of allowed permissions is calculated * as follows: - * - * If there is no entry for a group or a principal an empty permission + * + * If there is no entry for a group or a principal an empty permission * set is assumed. * - * The group positive permission set is the union of all + * The group positive permission set is the union of all * the positive permissions of each group that the individual belongs to. - * The group negative permission set is the union of all + * The group negative permission set is the union of all * the negative permissions of each group that the individual belongs to. - * If there is a specific permission that occurs in both - * the postive permission set and the negative permission set, - * it is removed from both. The group positive and negatoive permission + * If there is a specific permission that occurs in both + * the postive permission set and the negative permission set, + * it is removed from both. The group positive and negatoive permission * sets are calculated. - * - * The individial positive permission set and the individual negative + * + * The individial positive permission set and the individual negative * permission set is then calculated. Again abscence of an entry means * the empty set. - * + * * The set of permissions granted to the principal is then calculated using - * the simple rule: Individual permissions always override the Group permissions. - * Specifically, individual negative permission set (specific + * the simple rule: Individual permissions always override the Group permissions. + * Specifically, individual negative permission set (specific * denial of permissions) overrides the group positive permission set. - * And the individual positive permission set override the group negative - * permission set. - * + * And the individual positive permission set override the group negative + * permission set. + * * @param user the principal for which the ACL entry is returned. - * @return The resulting permission set that the principal is allowed. + * @return The resulting permission set that the principal is allowed. */ public synchronized Enumeration<Permission> getPermissions(Principal user) { - Enumeration<Permission> individualPositive; - Enumeration<Permission> individualNegative; - Enumeration<Permission> groupPositive; - Enumeration<Permission> groupNegative; - - // - // canonicalize the sets. That is remove common permissions from - // positive and negative sets. - // - groupPositive = subtract(getGroupPositive(user), getGroupNegative(user)); - groupNegative = subtract(getGroupNegative(user), getGroupPositive(user)); - individualPositive = subtract(getIndividualPositive(user), getIndividualNegative(user)); - individualNegative = subtract(getIndividualNegative(user), getIndividualPositive(user)); - - // - // net positive permissions is individual positive permissions - // plus (group positive - individual negative). - // - Enumeration<Permission> temp1 = subtract(groupPositive, individualNegative); - Enumeration<Permission> netPositive = union(individualPositive, temp1); - - // recalculate the enumeration since we lost it in performing the - // subtraction - // - individualPositive = subtract(getIndividualPositive(user), getIndividualNegative(user)); - individualNegative = subtract(getIndividualNegative(user), getIndividualPositive(user)); - - // - // net negative permissions is individual negative permissions - // plus (group negative - individual positive). - // - temp1 = subtract(groupNegative, individualPositive); - Enumeration<Permission> netNegative = union(individualNegative, temp1); - - return subtract(netPositive, netNegative); + Enumeration<Permission> individualPositive; + Enumeration<Permission> individualNegative; + Enumeration<Permission> groupPositive; + Enumeration<Permission> groupNegative; + + // + // canonicalize the sets. That is remove common permissions from + // positive and negative sets. + // + groupPositive = subtract(getGroupPositive(user), getGroupNegative(user)); + groupNegative = subtract(getGroupNegative(user), getGroupPositive(user)); + individualPositive = subtract(getIndividualPositive(user), getIndividualNegative(user)); + individualNegative = subtract(getIndividualNegative(user), getIndividualPositive(user)); + + // + // net positive permissions is individual positive permissions + // plus (group positive - individual negative). + // + Enumeration<Permission> temp1 = subtract(groupPositive, individualNegative); + Enumeration<Permission> netPositive = union(individualPositive, temp1); + + // recalculate the enumeration since we lost it in performing the + // subtraction + // + individualPositive = subtract(getIndividualPositive(user), getIndividualNegative(user)); + individualNegative = subtract(getIndividualNegative(user), getIndividualPositive(user)); + + // + // net negative permissions is individual negative permissions + // plus (group negative - individual positive). + // + temp1 = subtract(groupNegative, individualPositive); + Enumeration<Permission> netNegative = union(individualNegative, temp1); + + return subtract(netPositive, netNegative); } /** * This method checks whether or not the specified principal - * has the required permission. If permission is denied + * has the required permission. If permission is denied * permission false is returned, a true value is returned otherwise. - * This method does not authenticate the principal. It presumes that + * This method does not authenticate the principal. It presumes that * the principal is a valid authenticated principal. + * * @param principal the name of the authenticated principal * @param permission the permission that the principal must have. - * @return true of the principal has the permission desired, false - * otherwise. + * @return true of the principal has the permission desired, false + * otherwise. */ - public boolean checkPermission(Principal principal, Permission permission) - { - Enumeration<Permission> permSet = getPermissions(principal); - while (permSet.hasMoreElements()) { - Permission p = (Permission) permSet.nextElement(); - if (p.equals(permission)) - return true; - } - return false; + public boolean checkPermission(Principal principal, Permission permission) { + Enumeration<Permission> permSet = getPermissions(principal); + while (permSet.hasMoreElements()) { + Permission p = (Permission) permSet.nextElement(); + if (p.equals(permission)) + return true; + } + return false; } /** * returns an enumeration of the entries in this ACL. */ public synchronized Enumeration<AclEntry> entries() { - return new AclEnumerator(this, - allowedUsersTable, allowedGroupsTable, - deniedUsersTable, deniedGroupsTable); + return new AclEnumerator(this, + allowedUsersTable, allowedGroupsTable, + deniedUsersTable, deniedGroupsTable); } /** - * return a stringified version of the + * return a stringified version of the * ACL. */ public String toString() { - StringBuffer sb = new StringBuffer(); - Enumeration<AclEntry> entries = entries(); - while (entries.hasMoreElements()) { - AclEntry entry = (AclEntry) entries.nextElement(); - sb.append(entry.toString().trim()); - sb.append("\n"); - } - - return sb.toString(); + StringBuffer sb = new StringBuffer(); + Enumeration<AclEntry> entries = entries(); + while (entries.hasMoreElements()) { + AclEntry entry = (AclEntry) entries.nextElement(); + sb.append(entry.toString().trim()); + sb.append("\n"); + } + + return sb.toString(); } // @@ -257,99 +260,99 @@ public class AclImpl extends OwnerImpl implements Acl { // table is the one that this AclEntry belongs to. // private Hashtable<Principal, AclEntry> findTable(AclEntry entry) { - Hashtable<Principal, AclEntry> aclTable = null; - - Principal p = entry.getPrincipal(); - if (p instanceof Group) { - if (entry.isNegative()) - aclTable = deniedGroupsTable; - else - aclTable = allowedGroupsTable; - } else { - if (entry.isNegative()) - aclTable = deniedUsersTable; - else - aclTable = allowedUsersTable; - } - return aclTable; + Hashtable<Principal, AclEntry> aclTable = null; + + Principal p = entry.getPrincipal(); + if (p instanceof Group) { + if (entry.isNegative()) + aclTable = deniedGroupsTable; + else + aclTable = allowedGroupsTable; + } else { + if (entry.isNegative()) + aclTable = deniedUsersTable; + else + aclTable = allowedUsersTable; + } + return aclTable; } // // returns the set e1 U e2. // - private <T> Enumeration<T> union(Enumeration<T> e1, Enumeration<T> e2) { - Vector<T> v = new Vector<T>(20, 20); - - while (e1.hasMoreElements()) - v.addElement(e1.nextElement()); - - while (e2.hasMoreElements()) { - T o = e2.nextElement(); - if (!v.contains(o)) - v.addElement(o); - } - - return v.elements(); + private <T> Enumeration<T> union(Enumeration<T> e1, Enumeration<T> e2) { + Vector<T> v = new Vector<T>(20, 20); + + while (e1.hasMoreElements()) + v.addElement(e1.nextElement()); + + while (e2.hasMoreElements()) { + T o = e2.nextElement(); + if (!v.contains(o)) + v.addElement(o); + } + + return v.elements(); } // // returns the set e1 - e2. // private <T> Enumeration<T> subtract(Enumeration<T> e1, Enumeration<T> e2) { - Vector<T> v = new Vector<T> (20, 20); - - while (e1.hasMoreElements()) - v.addElement(e1.nextElement()); - - while (e2.hasMoreElements()) { - T o = e2.nextElement(); - if (v.contains(o)) - v.removeElement(o); - } - - return v.elements(); + Vector<T> v = new Vector<T>(20, 20); + + while (e1.hasMoreElements()) + v.addElement(e1.nextElement()); + + while (e2.hasMoreElements()) { + T o = e2.nextElement(); + if (v.contains(o)) + v.removeElement(o); + } + + return v.elements(); } private Enumeration<Permission> getGroupPositive(Principal user) { - Enumeration<Permission> groupPositive = zeroSet.elements(); - Enumeration<Principal> e = allowedGroupsTable.keys(); - while (e.hasMoreElements()) { - Group g = (Group) e.nextElement(); - if (g.isMember(user)) { - AclEntry ae = (AclEntry) allowedGroupsTable.get(g); - groupPositive = union(ae.permissions(), groupPositive); - } - } - return groupPositive; + Enumeration<Permission> groupPositive = zeroSet.elements(); + Enumeration<Principal> e = allowedGroupsTable.keys(); + while (e.hasMoreElements()) { + Group g = (Group) e.nextElement(); + if (g.isMember(user)) { + AclEntry ae = (AclEntry) allowedGroupsTable.get(g); + groupPositive = union(ae.permissions(), groupPositive); + } + } + return groupPositive; } private Enumeration<Permission> getGroupNegative(Principal user) { - Enumeration<Permission> groupNegative = zeroSet.elements(); - Enumeration<Principal> e = deniedGroupsTable.keys(); - while (e.hasMoreElements()) { - Group g = (Group) e.nextElement(); - if (g.isMember(user)) { - AclEntry ae = (AclEntry) deniedGroupsTable.get(g); - groupNegative = union(ae.permissions(), groupNegative); - } - } - return groupNegative; + Enumeration<Permission> groupNegative = zeroSet.elements(); + Enumeration<Principal> e = deniedGroupsTable.keys(); + while (e.hasMoreElements()) { + Group g = (Group) e.nextElement(); + if (g.isMember(user)) { + AclEntry ae = (AclEntry) deniedGroupsTable.get(g); + groupNegative = union(ae.permissions(), groupNegative); + } + } + return groupNegative; } private Enumeration<Permission> getIndividualPositive(Principal user) { - Enumeration<Permission> individualPositive = zeroSet.elements(); - AclEntry ae = (AclEntry) allowedUsersTable.get(user); - if (ae != null) - individualPositive = ae.permissions(); - return individualPositive; + Enumeration<Permission> individualPositive = zeroSet.elements(); + AclEntry ae = (AclEntry) allowedUsersTable.get(user); + if (ae != null) + individualPositive = ae.permissions(); + return individualPositive; } private Enumeration<Permission> getIndividualNegative(Principal user) { - Enumeration<Permission> individualNegative = zeroSet.elements(); - AclEntry ae = (AclEntry) deniedUsersTable.get(user); - if (ae != null) - individualNegative = ae.permissions(); - return individualNegative; + Enumeration<Permission> individualNegative = zeroSet.elements(); + AclEntry ae = (AclEntry) deniedUsersTable.get(user); + if (ae != null) + individualNegative = ae.permissions(); + return individualNegative; } } @@ -358,33 +361,31 @@ final class AclEnumerator implements Enumeration<AclEntry> { Enumeration<AclEntry> u1, u2, g1, g2; AclEnumerator(Acl acl, Hashtable<Principal, AclEntry> u1, Hashtable<Principal, AclEntry> g1, - Hashtable<Principal, AclEntry> u2, Hashtable<Principal, AclEntry> g2) { - this.acl = acl; - this.u1 = u1.elements(); - this.u2 = u2.elements(); - this.g1 = g1.elements(); - this.g2 = g2.elements(); + Hashtable<Principal, AclEntry> u2, Hashtable<Principal, AclEntry> g2) { + this.acl = acl; + this.u1 = u1.elements(); + this.u2 = u2.elements(); + this.g1 = g1.elements(); + this.g2 = g2.elements(); } public boolean hasMoreElements() { - return (u1.hasMoreElements() || - u2.hasMoreElements() || - g1.hasMoreElements() || - g2.hasMoreElements()); + return (u1.hasMoreElements() || + u2.hasMoreElements() || + g1.hasMoreElements() || g2.hasMoreElements()); } - public AclEntry nextElement() - { - synchronized (acl) { - if (u1.hasMoreElements()) - return u1.nextElement(); - if (u2.hasMoreElements()) - return u2.nextElement(); - if (g1.hasMoreElements()) - return g1.nextElement(); - if (g2.hasMoreElements()) - return g2.nextElement(); - } - throw new NoSuchElementException("Acl Enumerator"); + public AclEntry nextElement() { + synchronized (acl) { + if (u1.hasMoreElements()) + return u1.nextElement(); + if (u2.hasMoreElements()) + return u2.nextElement(); + if (g1.hasMoreElements()) + return g1.nextElement(); + if (g2.hasMoreElements()) + return g2.nextElement(); + } + throw new NoSuchElementException("Acl Enumerator"); } } diff --git a/pki/base/util/src/netscape/security/acl/AllPermissionsImpl.java b/pki/base/util/src/netscape/security/acl/AllPermissionsImpl.java index 4f63712c..f2b57742 100644 --- a/pki/base/util/src/netscape/security/acl/AllPermissionsImpl.java +++ b/pki/base/util/src/netscape/security/acl/AllPermissionsImpl.java @@ -21,21 +21,23 @@ import java.security.acl.Permission; /** * This class implements the principal interface for the set of all permissions. + * * @author Satish Dharmaraj */ public class AllPermissionsImpl extends PermissionImpl { public AllPermissionsImpl(String s) { - super(s); + super(s); } /** - * This function returns true if the permission passed matches the permission represented in + * This function returns true if the permission passed matches the permission represented in * this interface. + * * @param another The Permission object to compare with. * @return true always */ public boolean equals(Permission another) { - return true; + return true; } } diff --git a/pki/base/util/src/netscape/security/acl/GroupImpl.java b/pki/base/util/src/netscape/security/acl/GroupImpl.java index 50c68bdb..fc50714f 100644 --- a/pki/base/util/src/netscape/security/acl/GroupImpl.java +++ b/pki/base/util/src/netscape/security/acl/GroupImpl.java @@ -24,7 +24,8 @@ import java.util.Vector; /** * This class implements a group of principals. - * @author Satish Dharmaraj + * + * @author Satish Dharmaraj */ public class GroupImpl implements Group { private Vector groupMembers = new Vector(50, 100); @@ -32,96 +33,101 @@ public class GroupImpl implements Group { /** * Constructs a Group object with no members. + * * @param groupName the name of the group */ public GroupImpl(String groupName) { - this.group = groupName; + this.group = groupName; } /** * adds the specified member to the group. + * * @param user The principal to add to the group. - * @return true if the member was added - false if the - * member could not be added. + * @return true if the member was added - false if the + * member could not be added. */ public boolean addMember(Principal user) { - if (groupMembers.contains(user)) - return false; + if (groupMembers.contains(user)) + return false; - // do not allow groups to be added to itself. - if (group.equals(user.toString())) - throw new IllegalArgumentException(); + // do not allow groups to be added to itself. + if (group.equals(user.toString())) + throw new IllegalArgumentException(); - groupMembers.addElement(user); - return true; + groupMembers.addElement(user); + return true; } /** * removes the specified member from the group. + * * @param user The principal to remove from the group. - * @param true if the principal was removed false if - * the principal was not a member + * @param true if the principal was removed false if + * the principal was not a member */ public boolean removeMember(Principal user) { - return groupMembers.removeElement(user); + return groupMembers.removeElement(user); } /** * returns the enumeration of the members in the group. */ public Enumeration members() { - return groupMembers.elements(); + return groupMembers.elements(); } /** - * This function returns true if the group passed matches + * This function returns true if the group passed matches * the group represented in this interface. + * * @param another The group to compare this group to. */ public boolean equals(Group another) { - return group.equals(another.toString()); + return group.equals(another.toString()); } - + /** * Prints a stringified version of the group. */ public String toString() { - return group; + return group; } /** * return a hashcode for the principal. */ public int hashCode() { - return group.hashCode(); + return group.hashCode(); } /** * returns true if the passed principal is a member of the group. + * * @param member The principal whose membership must be checked for. - * @return true if the principal is a member of this group, - * false otherwise + * @return true if the principal is a member of this group, + * false otherwise */ public boolean isMember(Principal member) { - - // - // if the member is part of the group (common case), return true. - // if not, recursively search depth first in the group looking for the - // principal. - // - if (groupMembers.contains(member)) { - return true; - } else { - Vector alreadySeen = new Vector(10); - return isMemberRecurse(member, alreadySeen); - } + + // + // if the member is part of the group (common case), return true. + // if not, recursively search depth first in the group looking for the + // principal. + // + if (groupMembers.contains(member)) { + return true; + } else { + Vector alreadySeen = new Vector(10); + return isMemberRecurse(member, alreadySeen); + } } /** * return the name of the principal. */ public String getName() { - return group; + return group; } // @@ -131,37 +137,37 @@ public class GroupImpl implements Group { // thereby avoiding loops. // boolean isMemberRecurse(Principal member, Vector alreadySeen) { - Enumeration e = members(); - while (e.hasMoreElements()) { - boolean mem = false; - Principal p = (Principal) e.nextElement(); - - // if the member is in this collection, return true - if (p.equals(member)) { - return true; - } else if (p instanceof GroupImpl) { - // - // if not recurse if the group has not been checked already. - // Can call method in this package only if the object is an - // instance of this class. Otherwise call the method defined - // in the interface. (This can lead to a loop if a mixture of - // implementations form a loop, but we live with this improbable - // case rather than clutter the interface by forcing the - // implementation of this method.) - // - GroupImpl g = (GroupImpl) p; - alreadySeen.addElement(this); - if (!alreadySeen.contains(g)) - mem = g.isMemberRecurse(member, alreadySeen); - } else if (p instanceof Group) { - Group g = (Group) p; - if (!alreadySeen.contains(g)) - mem = g.isMember(member); - } - - if (mem) - return mem; - } - return false; + Enumeration e = members(); + while (e.hasMoreElements()) { + boolean mem = false; + Principal p = (Principal) e.nextElement(); + + // if the member is in this collection, return true + if (p.equals(member)) { + return true; + } else if (p instanceof GroupImpl) { + // + // if not recurse if the group has not been checked already. + // Can call method in this package only if the object is an + // instance of this class. Otherwise call the method defined + // in the interface. (This can lead to a loop if a mixture of + // implementations form a loop, but we live with this improbable + // case rather than clutter the interface by forcing the + // implementation of this method.) + // + GroupImpl g = (GroupImpl) p; + alreadySeen.addElement(this); + if (!alreadySeen.contains(g)) + mem = g.isMemberRecurse(member, alreadySeen); + } else if (p instanceof Group) { + Group g = (Group) p; + if (!alreadySeen.contains(g)) + mem = g.isMember(member); + } + + if (mem) + return mem; + } + return false; } } diff --git a/pki/base/util/src/netscape/security/acl/OwnerImpl.java b/pki/base/util/src/netscape/security/acl/OwnerImpl.java index 7296590e..2e96cfaa 100644 --- a/pki/base/util/src/netscape/security/acl/OwnerImpl.java +++ b/pki/base/util/src/netscape/security/acl/OwnerImpl.java @@ -26,78 +26,80 @@ import java.util.Enumeration; /** * Class implementing the Owner interface. The - * initial owner principal is configured as + * initial owner principal is configured as * part of the constructor. - * @author Satish Dharmaraj + * + * @author Satish Dharmaraj */ public class OwnerImpl implements Owner { private Group ownerGroup; public OwnerImpl(Principal owner) { - ownerGroup = new GroupImpl("AclOwners"); - ownerGroup.addMember(owner); + ownerGroup = new GroupImpl("AclOwners"); + ownerGroup.addMember(owner); } /** - * Adds an owner. Owners can modify ACL contents and can disassociate + * Adds an owner. Owners can modify ACL contents and can disassociate * ACLs from the objects they protect in the AclConfig interface. - * The caller principal must be a part of the owners list of the ACL in + * The caller principal must be a part of the owners list of the ACL in * order to invoke this method. The initial owner is configured - * at ACL construction time. - * @param caller the principal who is invoking this method. + * at ACL construction time. + * + * @param caller the principal who is invoking this method. * @param owner The owner that should be added to the owners list. * @return true if success, false if already an owner. - * @exception NotOwnerException if the caller principal is not on - * the owners list of the Acl. + * @exception NotOwnerException if the caller principal is not on + * the owners list of the Acl. */ public synchronized boolean addOwner(Principal caller, Principal owner) - throws NotOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); + throws NotOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); - ownerGroup.addMember(owner); - return false; + ownerGroup.addMember(owner); + return false; } - /** - * Delete owner. If this is the last owner in the ACL, an exception is + /** + * Delete owner. If this is the last owner in the ACL, an exception is * raised. - * The caller principal must be a part of the owners list of the ACL in - * order to invoke this method. - * @param caller the principal who is invoking this method. + * The caller principal must be a part of the owners list of the ACL in + * order to invoke this method. + * + * @param caller the principal who is invoking this method. * @param owner The owner to be removed from the owners list. - * @return true if the owner is removed, false if the owner is not part - * of the owners list. - * @exception NotOwnerException if the caller principal is not on - * the owners list of the Acl. + * @return true if the owner is removed, false if the owner is not part + * of the owners list. + * @exception NotOwnerException if the caller principal is not on + * the owners list of the Acl. * @exception LastOwnerException if there is only one owner left in the group, then - * deleteOwner would leave the ACL owner-less. This exception is raised in such a case. + * deleteOwner would leave the ACL owner-less. This exception is raised in such a case. */ - public synchronized boolean deleteOwner(Principal caller, Principal owner) - throws NotOwnerException, LastOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); - - Enumeration<? extends Principal> e = ownerGroup.members(); - // - // check if there is atleast 2 members left. - // - Object o = e.nextElement(); - if (e.hasMoreElements()) - return ownerGroup.removeMember(owner); - else - throw new LastOwnerException(); - - } + public synchronized boolean deleteOwner(Principal caller, Principal owner) + throws NotOwnerException, LastOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); + + Enumeration<? extends Principal> e = ownerGroup.members(); + // + // check if there is atleast 2 members left. + // + Object o = e.nextElement(); + if (e.hasMoreElements()) + return ownerGroup.removeMember(owner); + else + throw new LastOwnerException(); + + } /** * returns if the given principal belongs to the owner list. + * * @param owner The owner to check if part of the owners list * @return true if the passed principal is in the owner list, false if not. */ public synchronized boolean isOwner(Principal owner) { - return ownerGroup.isMember(owner); + return ownerGroup.isMember(owner); } } diff --git a/pki/base/util/src/netscape/security/acl/PermissionImpl.java b/pki/base/util/src/netscape/security/acl/PermissionImpl.java index bfd8861c..2e73d3c7 100644 --- a/pki/base/util/src/netscape/security/acl/PermissionImpl.java +++ b/pki/base/util/src/netscape/security/acl/PermissionImpl.java @@ -20,8 +20,9 @@ package netscape.security.acl; import java.security.acl.Permission; /** - * The PermissionImpl class implements the permission + * The PermissionImpl class implements the permission * interface for permissions that are strings. + * * @author Satish Dharmaraj */ public class PermissionImpl implements Permission { @@ -30,33 +31,35 @@ public class PermissionImpl implements Permission { /** * Construct a permission object using a string. + * * @param permission the stringified version of the permission. */ public PermissionImpl(String permission) { - this.permission = permission; + this.permission = permission; } /** - * This function returns true if the object passed matches the permission + * This function returns true if the object passed matches the permission * represented in this interface. + * * @param another The Permission object to compare with. * @return true if the Permission objects are equal, false otherwise */ public boolean equals(Object another) { - if (another instanceof Permission) { - Permission p = (Permission) another; - return permission.equals(p.toString()); - } else { - return false; - } + if (another instanceof Permission) { + Permission p = (Permission) another; + return permission.equals(p.toString()); + } else { + return false; + } } - + /** * Prints a stringified version of the permission. + * * @return the string representation of the Permission. */ public String toString() { - return permission; + return permission; } } - diff --git a/pki/base/util/src/netscape/security/acl/PrincipalImpl.java b/pki/base/util/src/netscape/security/acl/PrincipalImpl.java index c2779abe..25fa1109 100644 --- a/pki/base/util/src/netscape/security/acl/PrincipalImpl.java +++ b/pki/base/util/src/netscape/security/acl/PrincipalImpl.java @@ -21,8 +21,8 @@ import java.security.Principal; /** * This class implements the principal interface. - * - * @author Satish Dharmaraj + * + * @author Satish Dharmaraj */ public class PrincipalImpl implements Principal { @@ -30,53 +30,48 @@ public class PrincipalImpl implements Principal { /** * Construct a principal from a string user name. + * * @param user The string form of the principal name. */ public PrincipalImpl(String user) { - this.user = user; + this.user = user; } /** - * This function returns true if the object passed matches + * This function returns true if the object passed matches * the principal represented in this implementation + * * @param another the Principal to compare with. - * @return true if the Principal passed is the same as that - * encapsulated in this object, false otherwise + * @return true if the Principal passed is the same as that + * encapsulated in this object, false otherwise */ public boolean equals(Object another) { - if (another instanceof PrincipalImpl) { - PrincipalImpl p = (PrincipalImpl) another; - return user.equals(p.toString()); - } else - return false; + if (another instanceof PrincipalImpl) { + PrincipalImpl p = (PrincipalImpl) another; + return user.equals(p.toString()); + } else + return false; } - + /** * Prints a stringified version of the principal. */ public String toString() { - return user; + return user; } /** * return a hashcode for the principal. */ public int hashCode() { - return user.hashCode(); + return user.hashCode(); } /** * return the name of the principal. */ public String getName() { - return user; + return user; } } - - - - - - - diff --git a/pki/base/util/src/netscape/security/acl/WorldGroupImpl.java b/pki/base/util/src/netscape/security/acl/WorldGroupImpl.java index fa9c75bd..2f885cbe 100644 --- a/pki/base/util/src/netscape/security/acl/WorldGroupImpl.java +++ b/pki/base/util/src/netscape/security/acl/WorldGroupImpl.java @@ -21,20 +21,22 @@ import java.security.Principal; /** * This class implements a group of principals. + * * @author Satish Dharmaraj */ public class WorldGroupImpl extends GroupImpl { public WorldGroupImpl(String s) { - super(s); + super(s); } /** * returns true for all passed principals + * * @param member The principal whose membership must be checked in this Group. * @return true always since this is the "world" group. */ public boolean isMember(Principal member) { - return true; + return true; } } diff --git a/pki/base/util/src/netscape/security/extensions/AccessDescription.java b/pki/base/util/src/netscape/security/extensions/AccessDescription.java index 89b4d829..f13c937e 100644 --- a/pki/base/util/src/netscape/security/extensions/AccessDescription.java +++ b/pki/base/util/src/netscape/security/extensions/AccessDescription.java @@ -25,7 +25,6 @@ import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; import netscape.security.x509.GeneralName; - public class AccessDescription implements Serializable { ObjectIdentifier mOID = null; GeneralName mLocation = null; @@ -49,7 +48,7 @@ public class AccessDescription implements Serializable { * why we need to define our own serialization method. */ private void writeObject(java.io.ObjectOutputStream out) - throws IOException { + throws IOException { DerOutputStream seq = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); @@ -65,7 +64,7 @@ public class AccessDescription implements Serializable { * why we need to define our own serialization method. */ private void readObject(java.io.ObjectInputStream in) - throws IOException { + throws IOException { DerValue val = new DerValue(in); DerValue seq = val.data.getDerValue(); diff --git a/pki/base/util/src/netscape/security/extensions/AuthInfoAccessExtension.java b/pki/base/util/src/netscape/security/extensions/AuthInfoAccessExtension.java index 5f21db5b..ba469be6 100644 --- a/pki/base/util/src/netscape/security/extensions/AuthInfoAccessExtension.java +++ b/pki/base/util/src/netscape/security/extensions/AuthInfoAccessExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -37,29 +36,28 @@ import netscape.security.x509.Extension; import netscape.security.x509.GeneralName; import netscape.security.x509.URIName; - /** * This represents the authority information access extension * as defined in RFC2459. - * + * * id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) - * internet(1) security(5) mechanisms(5) - * pkix(7) } } + * internet(1) security(5) mechanisms(5) + * pkix(7) } } * id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } * AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName - * } + * accessMethod OBJECT IDENTIFIER, + * accessLocation GeneralName + * } * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } - * + * * Need to make sure the following is added to CMS.cfg: * oidmap.auth_info_access.class=com.netscape.certsrv.cert.AuthInfoAccessExtension * oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1 - * + * * @author thomask * @version $Revision$, $Date$ */ @@ -69,12 +67,12 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { public static final String NAME2 = "AuthorityInformationAccess"; public static final int OID_OCSP[] = { 1, 3, 6, 1, 5, 5, 7, 48, 1 }; - public static final ObjectIdentifier METHOD_OCSP = new - ObjectIdentifier(OID_OCSP); + public static final ObjectIdentifier METHOD_OCSP = new + ObjectIdentifier(OID_OCSP); public static final int OID_CA_ISSUERS[] = { 1, 3, 6, 1, 5, 5, 7, 48, 2 }; - public static final ObjectIdentifier METHOD_CA_ISSUERS = new - ObjectIdentifier(OID_CA_ISSUERS); + public static final ObjectIdentifier METHOD_CA_ISSUERS = new + ObjectIdentifier(OID_CA_ISSUERS); public static final int OID[] = { 1, 3, 6, 1, 5, 5, 7, 1, 1 }; public static final ObjectIdentifier ID = new ObjectIdentifier(OID); @@ -83,7 +81,7 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. @@ -94,8 +92,8 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { this.extensionValue = null; // build this when encodeThis() is called } - public AuthInfoAccessExtension(Boolean critical, Object value) - throws IOException { + public AuthInfoAccessExtension(Boolean critical, Object value) + throws IOException { this.extensionId = ID; this.critical = critical.booleanValue(); this.extensionValue = (byte[]) ((byte[]) value).clone(); @@ -140,14 +138,13 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { return null; } - /** * Adds Access Description. */ public void addAccessDescription( - ObjectIdentifier method, - GeneralName gn) { - clearValue(); + ObjectIdentifier method, + GeneralName gn) { + clearValue(); mDesc.addElement(new AccessDescription(method, gn)); } @@ -177,7 +174,7 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { } } - private void encodeThis() throws IOException { + private void encodeThis() throws IOException { DerOutputStream seq = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); @@ -192,10 +189,10 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { seq.write(DerValue.tag_Sequence, tmp); this.extensionValue = seq.toByteArray(); } - + /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -234,7 +231,7 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { GeneralName caIssuersName = new GeneralName(new URIName("http://ocsp.netscape.com")); - aia.addAccessDescription(METHOD_CA_ISSUERS, caIssuersName); + aia.addAccessDescription(METHOD_CA_ISSUERS, caIssuersName); ByteArrayOutputStream os = new ByteArrayOutputStream(); try { @@ -256,7 +253,7 @@ public class AuthInfoAccessExtension extends Extension implements CertAttrSet { bos.toByteArray()); ObjectInputStream ois = new ObjectInputStream(bis); AuthInfoAccessExtension clone = (AuthInfoAccessExtension) - ois.readObject(); + ois.readObject(); System.out.println(clone); } catch (Exception e) { diff --git a/pki/base/util/src/netscape/security/extensions/CertInfo.java b/pki/base/util/src/netscape/security/extensions/CertInfo.java index 548a60f6..ab88ec8a 100644 --- a/pki/base/util/src/netscape/security/extensions/CertInfo.java +++ b/pki/base/util/src/netscape/security/extensions/CertInfo.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.IOException; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; @@ -34,9 +33,8 @@ import netscape.security.x509.CertificateVersion; import netscape.security.x509.X500Name; import netscape.security.x509.X509CertInfo; - /** - * Extends X509CertInfo class so that minimal fields are initialized at + * Extends X509CertInfo class so that minimal fields are initialized at * creation time so an object of this type is always serializable. */ public class CertInfo extends X509CertInfo { @@ -54,21 +52,21 @@ public class CertInfo extends X509CertInfo { static { try { // force version 3 - FORCE_VERSION_3 = + FORCE_VERSION_3 = new CertificateVersion(CertificateVersion.V3); - SERIALIZE_SUBJECT = + SERIALIZE_SUBJECT = new CertificateSubjectName( - new X500Name("cn=uninitialized")); - SERIALIZE_ISSUER = + new X500Name("cn=uninitialized")); + SERIALIZE_ISSUER = new CertificateIssuerName( - new X500Name("cn=uninitialized")); - SERIALIZE_VALIDITY = + new X500Name("cn=uninitialized")); + SERIALIZE_VALIDITY = new CertificateValidity(new Date(0), new Date(0)); - SERIALIZE_SERIALNO = + SERIALIZE_SERIALNO = new CertificateSerialNumber(new BigInteger("0")); - SERIALIZE_ALGOR = + SERIALIZE_ALGOR = new CertificateAlgorithmId( - AlgorithmId.getAlgorithmId("MD5withRSA")); + AlgorithmId.getAlgorithmId("MD5withRSA")); } catch (IOException e) { // should never happen. If does, system is hosed. System.out.println("**** Impossible Error encountered ****"); @@ -81,7 +79,7 @@ public class CertInfo extends X509CertInfo { } /** - * Initializes most fields required by der encoding so object will + * Initializes most fields required by der encoding so object will * serialize properly. */ // XXX should write a class to use something else for serialization @@ -114,7 +112,7 @@ public class CertInfo extends X509CertInfo { } // key is set later in the request. } // these exceptions shouldn't happen here unless the - // whole process is hosed. + // whole process is hosed. catch (CertificateException e) { } catch (IOException e) { } diff --git a/pki/base/util/src/netscape/security/extensions/CertificateRenewalWindowExtension.java b/pki/base/util/src/netscape/security/extensions/CertificateRenewalWindowExtension.java index 8a1e0a6f..b2b034a2 100644 --- a/pki/base/util/src/netscape/security/extensions/CertificateRenewalWindowExtension.java +++ b/pki/base/util/src/netscape/security/extensions/CertificateRenewalWindowExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -31,29 +30,28 @@ import netscape.security.util.ObjectIdentifier; import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; - /** * This represents the CertificateRenewalWindow extension * as defined in draft-thayes-cert-renewal-00 - * - * CertificateRenewalWindow ::= SEQUENCE { - * beginTime GeneralizedTime, - * endTime GeneralizedTime OPTIONAL } - * + * + * CertificateRenewalWindow ::= SEQUENCE { + * beginTime GeneralizedTime, + * endTime GeneralizedTime OPTIONAL } + * * @author thomask * @version $Revision$, $Date$ */ -public class CertificateRenewalWindowExtension extends Extension - implements CertAttrSet { +public class CertificateRenewalWindowExtension extends Extension + implements CertAttrSet { private static final long serialVersionUID = 4470220533545299271L; - public static final int OID[] = { 2, 16, 840, 1, 113730, 1, 15}; + public static final int OID[] = { 2, 16, 840, 1, 113730, 1, 15 }; public static final ObjectIdentifier ID = new ObjectIdentifier(OID); private Date mBeginTime = null; private Date mEndTime = null; // optional public CertificateRenewalWindowExtension(boolean critical, Date beginTime, - Date endTime) throws IOException { + Date endTime) throws IOException { this.extensionId = ID; this.critical = critical; mBeginTime = beginTime; @@ -67,8 +65,8 @@ public class CertificateRenewalWindowExtension extends Extension this.extensionValue = null; // build this when encodeThis() is called } - public CertificateRenewalWindowExtension(Boolean critical, Object value) - throws IOException { + public CertificateRenewalWindowExtension(Boolean critical, Object value) + throws IOException { this.extensionId = ID; this.critical = critical.booleanValue(); this.extensionValue = (byte[]) ((byte[]) value).clone(); @@ -144,7 +142,7 @@ public class CertificateRenewalWindowExtension extends Extension } } - private void encodeThis() throws IOException { + private void encodeThis() throws IOException { DerOutputStream seq = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); @@ -155,10 +153,10 @@ public class CertificateRenewalWindowExtension extends Extension seq.write(DerValue.tag_Sequence, tmp); this.extensionValue = seq.toByteArray(); } - + /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ diff --git a/pki/base/util/src/netscape/security/extensions/CertificateScopeEntry.java b/pki/base/util/src/netscape/security/extensions/CertificateScopeEntry.java index 39c87407..527093cc 100644 --- a/pki/base/util/src/netscape/security/extensions/CertificateScopeEntry.java +++ b/pki/base/util/src/netscape/security/extensions/CertificateScopeEntry.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.IOException; import netscape.security.util.BigInt; @@ -28,13 +27,13 @@ import netscape.security.x509.GeneralName; /** * This represents the CertificateScopeOfUse extension * as defined in draft-thayes-cert-scope-00 - * + * * CertificateScopeEntry ::= SEQUENCE { - * name GeneralName, -- pattern, as for NameConstraints - * portNumber INTEGER OPTIONAL + * name GeneralName, -- pattern, as for NameConstraints + * portNumber INTEGER OPTIONAL * } * CertificateScopeOfUse ::= SEQUENCE OF CertificateScopeEntry - * + * * @author thomask * @version $Revision$, $Date$ */ diff --git a/pki/base/util/src/netscape/security/extensions/CertificateScopeOfUseExtension.java b/pki/base/util/src/netscape/security/extensions/CertificateScopeOfUseExtension.java index b50e55d9..b7f33295 100644 --- a/pki/base/util/src/netscape/security/extensions/CertificateScopeOfUseExtension.java +++ b/pki/base/util/src/netscape/security/extensions/CertificateScopeOfUseExtension.java @@ -34,24 +34,24 @@ import netscape.security.x509.OIDMap; /** * This represents the CertificateScopeOfUse extension * as defined in draft-thayes-cert-scope-00 - * + * * CertificateScopeEntry ::= SEQUENCE { - * name GeneralName, -- pattern, as for NameConstraints - * portNumber INTEGER OPTIONAL + * name GeneralName, -- pattern, as for NameConstraints + * portNumber INTEGER OPTIONAL * } * CertificateScopeOfUse ::= SEQUENCE OF CertificateScopeEntry - * + * * @author thomask * @version $Revision$, $Date$ */ -public class CertificateScopeOfUseExtension extends Extension - implements CertAttrSet { +public class CertificateScopeOfUseExtension extends Extension + implements CertAttrSet { /** * */ private static final long serialVersionUID = 2143292831971567770L; public static final String NAME = "CertificateScopeOfUse"; - public static final int OID[] = { 2, 16, 840, 1, 113730, 1, 17}; + public static final int OID[] = { 2, 16, 840, 1, 113730, 1, 17 }; public static final ObjectIdentifier ID = new ObjectIdentifier(OID); private Vector<CertificateScopeEntry> mEntries = null; @@ -59,13 +59,13 @@ public class CertificateScopeOfUseExtension extends Extension static { try { OIDMap.addAttribute(CertificateScopeOfUseExtension.class.getName(), - ID.toString(), NAME); + ID.toString(), NAME); } catch (CertificateException e) { } } public CertificateScopeOfUseExtension(boolean critical, Vector<CertificateScopeEntry> scopeEntries) - throws IOException { + throws IOException { this.extensionId = ID; this.critical = critical; this.extensionValue = null; // build this when encodeThis() is called @@ -79,8 +79,8 @@ public class CertificateScopeOfUseExtension extends Extension this.extensionValue = null; // build this when encodeThis() is called } - public CertificateScopeOfUseExtension(Boolean critical, Object value) - throws IOException { + public CertificateScopeOfUseExtension(Boolean critical, Object value) + throws IOException { this.extensionId = ID; this.critical = critical.booleanValue(); this.extensionValue = (byte[]) ((byte[]) value).clone(); @@ -142,7 +142,7 @@ public class CertificateScopeOfUseExtension extends Extension } } - private void encodeThis() throws IOException { + private void encodeThis() throws IOException { DerOutputStream seq = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); @@ -151,7 +151,7 @@ public class CertificateScopeOfUseExtension extends Extension for (int i = 0; i < mEntries.size(); i++) { CertificateScopeEntry se = (CertificateScopeEntry) - mEntries.elementAt(i); + mEntries.elementAt(i); se.encode(tmp); } @@ -159,10 +159,10 @@ public class CertificateScopeOfUseExtension extends Extension seq.write(DerValue.tag_Sequence, tmp); this.extensionValue = seq.toByteArray(); } - + /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -185,7 +185,7 @@ public class CertificateScopeOfUseExtension extends Extension if (mEntries != null) { for (int i = 0; i < mEntries.size(); i++) { CertificateScopeEntry se = (CertificateScopeEntry) - mEntries.elementAt(i); + mEntries.elementAt(i); s += se.toString(); } diff --git a/pki/base/util/src/netscape/security/extensions/ExtendedKeyUsageExtension.java b/pki/base/util/src/netscape/security/extensions/ExtendedKeyUsageExtension.java index 73602f6b..5ed3feb7 100644 --- a/pki/base/util/src/netscape/security/extensions/ExtendedKeyUsageExtension.java +++ b/pki/base/util/src/netscape/security/extensions/ExtendedKeyUsageExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -32,7 +31,6 @@ import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; import netscape.security.x509.OIDMap; - /** * This represents the extended key usage extension. */ @@ -46,15 +44,15 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet public static final String OID_OCSPSigning = "1.3.6.1.5.5.7.3.9"; public static final String OID_CODESigning = "1.3.6.1.5.5.7.3.3"; - public static final int OID_OCSP_SIGNING_STR[] = + public static final int OID_OCSP_SIGNING_STR[] = { 1, 3, 6, 1, 5, 5, 7, 3, 9 }; public static final ObjectIdentifier OID_OCSP_SIGNING = new - ObjectIdentifier(OID_OCSP_SIGNING_STR); + ObjectIdentifier(OID_OCSP_SIGNING_STR); - public static final int OID_CODE_SIGNING_STR[] = + public static final int OID_CODE_SIGNING_STR[] = { 1, 3, 6, 1, 5, 5, 7, 3, 3 }; public static final ObjectIdentifier OID_CODE_SIGNING = new - ObjectIdentifier(OID_OCSP_SIGNING_STR); + ObjectIdentifier(OID_OCSP_SIGNING_STR); private Vector<ObjectIdentifier> oidSet = null; private byte mCached[] = null; @@ -62,7 +60,7 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet static { try { OIDMap.addAttribute(ExtendedKeyUsageExtension.class.getName(), - OID, ExtendedKeyUsageExtension.class.getSimpleName()); + OID, ExtendedKeyUsageExtension.class.getSimpleName()); } catch (CertificateException e) { } } @@ -74,7 +72,7 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet public ExtendedKeyUsageExtension(boolean crit, Vector<ObjectIdentifier> oids) { try { extensionId = ObjectIdentifier.getObjectIdentifier(OID); - } catch (IOException e) { + } catch (IOException e) { // never here } critical = crit; @@ -86,8 +84,8 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet encodeExtValue(); } - public ExtendedKeyUsageExtension(Boolean crit, Object byteVal) - throws IOException { + public ExtendedKeyUsageExtension(Boolean crit, Object byteVal) + throws IOException { extensionId = ObjectIdentifier.getObjectIdentifier(OID); critical = crit.booleanValue(); extensionValue = (byte[]) ((byte[]) byteVal).clone(); @@ -100,7 +98,7 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet mCached = null; } } - + public Enumeration<ObjectIdentifier> getOIDs() { if (oidSet == null) return null; @@ -109,24 +107,25 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet public void deleteAllOIDs() { if (oidSet == null) - return; - oidSet.clear(); + return; + oidSet.clear(); } public void addOID(ObjectIdentifier oid) { if (oidSet == null) { oidSet = new Vector<ObjectIdentifier>(); } - - if (oidSet.contains(oid)) return; + + if (oidSet.contains(oid)) + return; oidSet.addElement(oid); mCached = null; } - + public void encode(DerOutputStream out) throws IOException { if (mCached == null) { encodeExtValue(); - super.encode(out); + super.encode(out); mCached = out.toByteArray(); } } @@ -143,17 +142,17 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet for (int i = 0; i < extensionValue.length; i++) { extByteValue += (extensionValue[i] + " "); } - presentation += extByteValue; + presentation += extByteValue; } return presentation; } - public void decode(InputStream in) - throws CertificateException, IOException { + public void decode(InputStream in) + throws CertificateException, IOException { } - public void encode(OutputStream out) - throws CertificateException, IOException { + public void encode(OutputStream out) + throws CertificateException, IOException { if (mCached == null) { DerOutputStream temp = new DerOutputStream(); @@ -162,8 +161,8 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet out.write(mCached); } - public void set(String name, Object obj) - throws CertificateException, IOException { + public void set(String name, Object obj) + throws CertificateException, IOException { // NOT USED } @@ -176,9 +175,8 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet return null; } - - public void delete(String name) - throws CertificateException, IOException { + public void delete(String name) + throws CertificateException, IOException { // NOT USED } @@ -186,8 +184,7 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet DerValue val = new DerValue(this.extensionValue); if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding of AuthInfoAccess extension" - ); + throw new IOException("Invalid encoding of AuthInfoAccess extension"); } if (oidSet == null) oidSet = new Vector<ObjectIdentifier>(); @@ -201,7 +198,7 @@ public class ExtendedKeyUsageExtension extends Extension implements CertAttrSet private void encodeExtValue() { DerOutputStream out = new DerOutputStream(); DerOutputStream temp = new DerOutputStream(); - + if (!oidSet.isEmpty()) { Enumeration<ObjectIdentifier> oidList = oidSet.elements(); diff --git a/pki/base/util/src/netscape/security/extensions/GenericASN1Extension.java b/pki/base/util/src/netscape/security/extensions/GenericASN1Extension.java index 116977da..f9ac337c 100644 --- a/pki/base/util/src/netscape/security/extensions/GenericASN1Extension.java +++ b/pki/base/util/src/netscape/security/extensions/GenericASN1Extension.java @@ -38,13 +38,11 @@ import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; import netscape.security.x509.OIDMap; - - /** * Represent the AsnInteger Extension. */ -public class GenericASN1Extension extends Extension -implements CertAttrSet { +public class GenericASN1Extension extends Extension + implements CertAttrSet { public String getName() { return name; } @@ -77,25 +75,22 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ private String name; public static String OID = null; public static Hashtable<String, String> mConfig = null; public static String pattern = null; private int index = 0; - // Encode this value - private void encodeThis() - throws IOException, ParseException - { + private void encodeThis() + throws IOException, ParseException { this.extensionValue = encodePattern(); } - + // Encode pattern - private byte[] encodePattern() - throws IOException, ParseException - { + private byte[] encodePattern() + throws IOException, ParseException { DerOutputStream os = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); String type = null; @@ -104,87 +99,77 @@ implements CertAttrSet { while (index < pattern.length()) { char ch = pattern.charAt(index); switch (ch) { - case '{' : - index++; - byte[] buff = encodePattern(); - tmp.putDerValue(new DerValue(buff)); - break; - case '}' : - os.write(DerValue.tag_Sequence, tmp); - return os.toByteArray(); - default : - type = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_TYPE); - if (type.equalsIgnoreCase("integer")) { - int num = Integer.parseInt((String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE)); - PutInteger(tmp, num); - } - else if (type.equalsIgnoreCase("ia5string")) { - source = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_SOURCE); - value = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE); - if (source.equalsIgnoreCase("file")) - PutIA5String(tmp, getFromFile(value)); - else - PutIA5String(tmp, value); - } - else if (type.equalsIgnoreCase("octetstring")) { - source = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_SOURCE); - value = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE); - // It should be colon seperated ASCII Hexdecimal String - if (source.equalsIgnoreCase("file")) - PutOctetString(tmp, getFromFile(value)); - else - PutOctetString(tmp, value); - } - else if (type.equalsIgnoreCase("bmpstring")) { - source = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_SOURCE); - value = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE); - if (source.equalsIgnoreCase("file")) - PutBMPString(tmp, getFromFile(value)); - else - PutBMPString(tmp, value); - } - else if (type.equalsIgnoreCase("printablestring")) { - source = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_SOURCE); - value = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE); - if (source.equalsIgnoreCase("file")) - PutPrintableString(tmp, getFromFile(value)); - else - PutPrintableString(tmp, value); - } - else if (type.equalsIgnoreCase("visiblestring")) { - source = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_SOURCE); - value = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE); - if (source.equalsIgnoreCase("file")) - PutVisibleString(tmp, getFromFile(value)); - else - PutVisibleString(tmp, value); - } - else if (type.equalsIgnoreCase("utctime")) { - value = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE); - PutUTCtime(tmp, value); - } - else if (type.equalsIgnoreCase("oid")) { - value = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE); - PutOID(tmp, value); - } - else if (type.equalsIgnoreCase("boolean")) { - boolean bool = false; - String b = (String)mConfig.get(PROP_ATTRIBUTE+"."+ch+"."+PROP_VALUE); - if (b.equalsIgnoreCase("true")) - bool = true; - else - bool = false; - PutBoolean(tmp, bool); - } - else if (type.equalsIgnoreCase("null")) { - tmp.putNull(); - } - else { - throw new ParseException("Unknown Attribute Type", 0); - } + case '{': + index++; + byte[] buff = encodePattern(); + tmp.putDerValue(new DerValue(buff)); + break; + case '}': + os.write(DerValue.tag_Sequence, tmp); + return os.toByteArray(); + default: + type = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE); + if (type.equalsIgnoreCase("integer")) { + int num = Integer.parseInt((String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE)); + PutInteger(tmp, num); + } else if (type.equalsIgnoreCase("ia5string")) { + source = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE); + value = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE); + if (source.equalsIgnoreCase("file")) + PutIA5String(tmp, getFromFile(value)); + else + PutIA5String(tmp, value); + } else if (type.equalsIgnoreCase("octetstring")) { + source = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE); + value = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE); + // It should be colon seperated ASCII Hexdecimal String + if (source.equalsIgnoreCase("file")) + PutOctetString(tmp, getFromFile(value)); + else + PutOctetString(tmp, value); + } else if (type.equalsIgnoreCase("bmpstring")) { + source = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE); + value = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE); + if (source.equalsIgnoreCase("file")) + PutBMPString(tmp, getFromFile(value)); + else + PutBMPString(tmp, value); + } else if (type.equalsIgnoreCase("printablestring")) { + source = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE); + value = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE); + if (source.equalsIgnoreCase("file")) + PutPrintableString(tmp, getFromFile(value)); + else + PutPrintableString(tmp, value); + } else if (type.equalsIgnoreCase("visiblestring")) { + source = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE); + value = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE); + if (source.equalsIgnoreCase("file")) + PutVisibleString(tmp, getFromFile(value)); + else + PutVisibleString(tmp, value); + } else if (type.equalsIgnoreCase("utctime")) { + value = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE); + PutUTCtime(tmp, value); + } else if (type.equalsIgnoreCase("oid")) { + value = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE); + PutOID(tmp, value); + } else if (type.equalsIgnoreCase("boolean")) { + boolean bool = false; + String b = (String) mConfig.get(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE); + if (b.equalsIgnoreCase("true")) + bool = true; + else + bool = false; + PutBoolean(tmp, bool); + } else if (type.equalsIgnoreCase("null")) { + tmp.putNull(); + } else { + throw new ParseException("Unknown Attribute Type", 0); + } } index++; - } + } return tmp.toByteArray(); } @@ -192,22 +177,22 @@ implements CertAttrSet { /** * Create a GenericASN1Extension with the value and oid. * The criticality is set to false. - * + * * @param the values to be set for the extension. */ public GenericASN1Extension(String name, String oid, String pattern, boolean critical, Hashtable<String, String> config) - throws IOException, ParseException - { + throws IOException, ParseException { ObjectIdentifier tmpid = new ObjectIdentifier(oid); this.name = name; OID = oid; mConfig = config; this.pattern = pattern; - + try { if (OIDMap.getName(tmpid) == null) OIDMap.addAttribute("netscape.security.x509.GenericASN1Extension", oid, name); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } this.extensionId = tmpid; this.critical = critical; @@ -217,51 +202,50 @@ implements CertAttrSet { /** * Create a GenericASN1Extension with the value and oid. * The criticality is set to false. - * + * * @param the values to be set for the extension. */ public GenericASN1Extension(Hashtable<String, String> config) - throws IOException, ParseException - { + throws IOException, ParseException { mConfig = config; - ObjectIdentifier tmpid = new ObjectIdentifier((String)mConfig.get(PROP_OID)); - this.name = (String)mConfig.get(PROP_NAME); - OID = (String)mConfig.get(PROP_OID); - pattern = (String)mConfig.get(PROP_PATTERN); - + ObjectIdentifier tmpid = new ObjectIdentifier((String) mConfig.get(PROP_OID)); + this.name = (String) mConfig.get(PROP_NAME); + OID = (String) mConfig.get(PROP_OID); + pattern = (String) mConfig.get(PROP_PATTERN); + try { if (OIDMap.getName(tmpid) == null) OIDMap.addAttribute("GenericASN1Extension", OID, this.name); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } this.extensionId = tmpid; this.critical = false; - String b = (String)mConfig.get(PROP_CRITICAL); - if (b.equalsIgnoreCase("true")) - this.critical = true; - else - this.critical = false; + String b = (String) mConfig.get(PROP_CRITICAL); + if (b.equalsIgnoreCase("true")) + this.critical = true; + else + this.critical = false; encodeThis(); } /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public GenericASN1Extension(Boolean critical, Object value) - throws IOException - { + throws IOException { this.extensionId = new ObjectIdentifier(OID); this.critical = critical.booleanValue(); int len = Array.getLength(value); - byte[] extValue = new byte[len]; - for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); - } + byte[] extValue = new byte[len]; + for (int i = 0; i < len; i++) { + extValue[i] = Array.getByte(value, i); + } this.extensionValue = extValue; } @@ -295,7 +279,7 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -305,14 +289,13 @@ implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ - public void encode(OutputStream out) - throws IOException - { - DerOutputStream tmp = new DerOutputStream(); + public void encode(OutputStream out) + throws IOException { + DerOutputStream tmp = new DerOutputStream(); try { if (this.extensionValue == null) { @@ -320,106 +303,107 @@ implements CertAttrSet { this.critical = true; encodeThis(); } + } catch (ParseException e) { } - catch (ParseException e) {} - + super.encode(tmp); out.write(tmp.toByteArray()); } - /** * Set the name of this attribute. */ - public void setName (String name) { + public void setName(String name) { this.name = name; } - + /** * Return the OID of this attribute. */ - public String getOID () { + public String getOID() { return (OID); } + /** * Set the OID of this attribute. */ - public void setOID (String oid) { + public void setOID(String oid) { OID = oid; } + /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement("octet"); - return (elements.elements()); + return (elements.elements()); } - + private void PutInteger(DerOutputStream os, int number) - throws IOException, ParseException { + throws IOException, ParseException { os.putInteger(new BigInt(number)); return; } - - private void PutIA5String(DerOutputStream os, String value) - throws IOException, ParseException { + + private void PutIA5String(DerOutputStream os, String value) + throws IOException, ParseException { os.putIA5String(value); return; } - private void PutOctetString(DerOutputStream os, String value) - throws IOException, ParseException { + private void PutOctetString(DerOutputStream os, String value) + throws IOException, ParseException { StringTokenizer token = new StringTokenizer(value, ":"); byte[] octets = new byte[token.countTokens()]; for (int i = 0; token.hasMoreElements(); i++) { - String num = (String)token.nextElement(); + String num = (String) token.nextElement(); octets[i] = (byte) Integer.parseInt(num, 16); } - + os.putOctetString(octets); return; } - private void PutBMPString(DerOutputStream os, String value) - throws IOException, ParseException { + private void PutBMPString(DerOutputStream os, String value) + throws IOException, ParseException { os.putBMPString(value); return; } - private void PutPrintableString(DerOutputStream os, String value) - throws IOException, ParseException { + private void PutPrintableString(DerOutputStream os, String value) + throws IOException, ParseException { os.putPrintableString(value); return; } - private void PutVisibleString(DerOutputStream os, String value) - throws IOException, ParseException { + private void PutVisibleString(DerOutputStream os, String value) + throws IOException, ParseException { os.putVisibleString(value); return; } - private void PutUTCtime(DerOutputStream os, String value) - throws IOException, ParseException { + private void PutUTCtime(DerOutputStream os, String value) + throws IOException, ParseException { DateFormat df = DateFormat.getDateInstance(DateFormat.SHORT); os.putUTCTime(df.parse(value)); return; } - private void PutOID(DerOutputStream os, String value) - throws IOException, ParseException { + private void PutOID(DerOutputStream os, String value) + throws IOException, ParseException { os.putOID(new ObjectIdentifier(value)); return; } private void PutBoolean(DerOutputStream os, boolean value) - throws IOException, ParseException { + throws IOException, ParseException { os.putBoolean(value); return; } - + private String getFromFile(String fname) throws IOException { String s = null; byte[] buff = null; @@ -427,33 +411,34 @@ implements CertAttrSet { int j = 0; if ((fname == null) || (fname.equals(""))) { throw new IOException("File name is not provided."); - } - + } + FileInputStream fis = new FileInputStream(fname); int n = 0; while ((n = fis.available()) > 0) { buff = new byte[n]; int result = fis.read(buff); - if (result == -1) break; + if (result == -1) + break; s = new String(buff); } - + for (i = 0, j = 0; j < s.length(); j++) { - int ch = (int)s.charAt(j); + int ch = (int) s.charAt(j); if (ch == 10 || ch == 13 || ch == 9) continue; i++; - } + } buff = new byte[i]; for (i = 0, j = 0; j < s.length(); j++) { - int ch = (int)s.charAt(j); + int ch = (int) s.charAt(j); if (ch == 10 || ch == 13 || ch == 9) continue; - buff[i++] = (byte)ch; - } - + buff[i++] = (byte) ch; + } + s = new String(buff); - - return s; - } + + return s; + } } diff --git a/pki/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java b/pki/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java index ce1268ad..1564489d 100644 --- a/pki/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java +++ b/pki/base/util/src/netscape/security/extensions/InhibitAnyPolicyExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -34,17 +33,16 @@ import netscape.security.x509.Extension; import netscape.security.x509.OIDMap; /** - * RFC3280: - * - * id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } + * RFC3280: + * + * id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } * - * InhibitAnyPolicy ::= SkipCerts + * InhibitAnyPolicy ::= SkipCerts * - * SkipCerts ::= INTEGER (0..MAX) + * SkipCerts ::= INTEGER (0..MAX) */ -public class InhibitAnyPolicyExtension - extends Extension implements CertAttrSet -{ +public class InhibitAnyPolicyExtension + extends Extension implements CertAttrSet { /** * @@ -57,7 +55,7 @@ public class InhibitAnyPolicyExtension static { try { OIDMap.addAttribute(InhibitAnyPolicyExtension.class.getName(), - OID, InhibitAnyPolicyExtension.class.getSimpleName()); + OID, InhibitAnyPolicyExtension.class.getSimpleName()); } catch (CertificateException e) { } } @@ -69,23 +67,23 @@ public class InhibitAnyPolicyExtension public InhibitAnyPolicyExtension(boolean crit, BigInt skipCerts) { try { extensionId = ObjectIdentifier.getObjectIdentifier(OID); - } catch (IOException e) { + } catch (IOException e) { // never here } critical = crit; - mSkipCerts = skipCerts; + mSkipCerts = skipCerts; encodeExtValue(); } - public InhibitAnyPolicyExtension(Boolean crit, Object value) - throws IOException { + public InhibitAnyPolicyExtension(Boolean crit, Object value) + throws IOException { extensionId = ObjectIdentifier.getObjectIdentifier(OID); critical = crit.booleanValue(); //extensionValue = (byte[]) ((byte[]) byteVal).clone(); int len = Array.getLength(value); byte[] extValue = new byte[len]; for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); + extValue[i] = Array.getByte(value, i); } extensionValue = extValue; @@ -97,7 +95,7 @@ public class InhibitAnyPolicyExtension critical = newValue; } } - + public BigInt getSkipCerts() { return mSkipCerts; } @@ -113,17 +111,17 @@ public class InhibitAnyPolicyExtension if (extensionValue != null) { String extByteValue = new String(" skipCerts=" + mSkipCerts); - presentation += extByteValue; + presentation += extByteValue; } return presentation; } - public void decode(InputStream in) - throws CertificateException, IOException { + public void decode(InputStream in) + throws CertificateException, IOException { } - public void set(String name, Object obj) - throws CertificateException, IOException { + public void set(String name, Object obj) + throws CertificateException, IOException { // NOT USED } @@ -136,9 +134,8 @@ public class InhibitAnyPolicyExtension return null; } - - public void delete(String name) - throws CertificateException, IOException { + public void delete(String name) + throws CertificateException, IOException { // NOT USED } @@ -149,27 +146,27 @@ public class InhibitAnyPolicyExtension } public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); - if (this.extensionValue == null) { + if (this.extensionValue == null) { try { extensionId = ObjectIdentifier.getObjectIdentifier(OID); - } catch (IOException e) { + } catch (IOException e) { // never here } DerOutputStream os = new DerOutputStream(); os.putInteger(mSkipCerts); this.extensionValue = os.toByteArray(); - } + } - super.encode(tmp); - out.write(tmp.toByteArray()); + super.encode(tmp); + out.write(tmp.toByteArray()); } private void encodeExtValue() { DerOutputStream out = new DerOutputStream(); try { - out.putInteger(mSkipCerts); + out.putInteger(mSkipCerts); } catch (IOException e) { } extensionValue = out.toByteArray(); diff --git a/pki/base/util/src/netscape/security/extensions/KerberosName.java b/pki/base/util/src/netscape/security/extensions/KerberosName.java index 0aeda430..0a6a6e21 100644 --- a/pki/base/util/src/netscape/security/extensions/KerberosName.java +++ b/pki/base/util/src/netscape/security/extensions/KerberosName.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; import java.io.IOException; @@ -32,26 +31,26 @@ import netscape.security.util.ObjectIdentifier; /** * This represents a KerberosName as defined in * RFC 1510. - * - * KerberosName ::= SEQUENCE { - * realm [0] Realm, - * principalName [1] CertPrincipalName -- defined above - * } - * - * CertPrincipalName ::= SEQUENCE { - * name-type[0] INTEGER, - * name-string[1] SEQUENCE OF UTF8String - * } - * + * + * KerberosName ::= SEQUENCE { + * realm [0] Realm, + * principalName [1] CertPrincipalName -- defined above + * } + * + * CertPrincipalName ::= SEQUENCE { + * name-type[0] INTEGER, + * name-string[1] SEQUENCE OF UTF8String + * } + * * @author thomask * @version $Revision$, $Date$ */ public class KerberosName { public static final int OID[] = { 1, 3, 6, 1, 5, 2, 2 }; - public static final ObjectIdentifier KRB5_PRINCIPAL_NAME = new - ObjectIdentifier(OID); - + public static final ObjectIdentifier KRB5_PRINCIPAL_NAME = new + ObjectIdentifier(OID); + private String m_realm = null; private int m_name_type = 0; private Vector<String> m_name_strings = null; @@ -64,7 +63,7 @@ public class KerberosName { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -75,48 +74,48 @@ public class KerberosName { DerOutputStream realm = new DerOutputStream(); realm.putGeneralString(m_realm); tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)0), realm); + true, (byte) 0), realm); DerOutputStream seq1 = new DerOutputStream(); DerOutputStream tmp1 = new DerOutputStream(); DerOutputStream name_type = new DerOutputStream(); name_type.putInteger(new BigInt(m_name_type)); tmp1.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)0), name_type); + true, (byte) 0), name_type); DerOutputStream name_strings = new DerOutputStream(); DerOutputStream name_string = new DerOutputStream(); for (int i = 0; i < m_name_strings.size(); i++) { - name_string.putGeneralString((String)m_name_strings.elementAt(i)); + name_string.putGeneralString((String) m_name_strings.elementAt(i)); } name_strings.write(DerValue.tag_SequenceOf, name_string); tmp1.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)1), name_strings); + true, (byte) 1), name_strings); seq1.write(DerValue.tag_Sequence, tmp1); tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)1), seq1); + true, (byte) 1), seq1); seq.write(DerValue.tag_Sequence, tmp); out.write(seq.toByteArray()); } public byte[] toByteArray() throws IOException { - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - encode(bos); - return bos.toByteArray(); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + encode(bos); + return bos.toByteArray(); } public String toString() { - String strings = null; - for (int i = 0; i < m_name_strings.size(); i++) { - if (strings == null) { - strings = (String)m_name_strings.elementAt(i); - } else { - strings += ","; - strings += (String)m_name_strings.elementAt(i); - } - } - return "Realm: " + m_realm + " Name Type: " + m_name_type + " Name String(s):" + strings; + String strings = null; + for (int i = 0; i < m_name_strings.size(); i++) { + if (strings == null) { + strings = (String) m_name_strings.elementAt(i); + } else { + strings += ","; + strings += (String) m_name_strings.elementAt(i); + } + } + return "Realm: " + m_realm + " Name Type: " + m_name_type + " Name String(s):" + strings; } public static void main(String[] argv) { @@ -126,11 +125,11 @@ public class KerberosName { System.out.println(k.toString()); try { - FileOutputStream os = new FileOutputStream("/tmp/out.der"); - k.encode(os); - os.close(); + FileOutputStream os = new FileOutputStream("/tmp/out.der"); + k.encode(os); + os.close(); } catch (Exception e) { - System.out.println(e.toString()); + System.out.println(e.toString()); } } } diff --git a/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java b/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java index f8b357e8..a0eda067 100644 --- a/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java +++ b/pki/base/util/src/netscape/security/extensions/NSCertTypeExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -34,12 +33,10 @@ import netscape.security.x509.Extension; /** * NSCertTypeExtension * Represents Netscape Certificate Type Extension - * - * <p>This deprecated extension, if present, defines both the purpose - * (e.g., encipherment, signature, certificate signing) and the application - * (e.g., SSL, S/Mime or Object Signing of the key contained in the - * certificate. - * + * + * <p> + * This deprecated extension, if present, defines both the purpose (e.g., encipherment, signature, certificate signing) and the application (e.g., SSL, S/Mime or Object Signing of the key contained in the certificate. + * * @author galperin * @version $Revision$, $Date$ */ @@ -57,32 +54,32 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { * Identifies the particular public key used to sign the certificate. */ public static final ObjectIdentifier CertType_Id = new - ObjectIdentifier(CertType_data); - - /** - * Attribute names. - */ - public static final String SSL_CLIENT = "ssl_client"; - public static final String SSL_SERVER = "ssl_server"; - public static final String EMAIL = "email"; - public static final String OBJECT_SIGNING = "object_signing"; - public static final String SSL_CA = "ssl_ca"; - public static final String EMAIL_CA = "email_ca"; - public static final String OBJECT_SIGNING_CA = "object_signing_ca"; - - /** - * Attribute names. - */ - public static final int SSL_CLIENT_BIT = 0; - public static final int SSL_SERVER_BIT = 1; - public static final int EMAIL_BIT = 2; - public static final int OBJECT_SIGNING_BIT = 3; - // 4 is reserved. - public static final int SSL_CA_BIT = 5; - public static final int EMAIL_CA_BIT = 6; - public static final int OBJECT_SIGNING_CA_BIT = 7; - - public static final int NBITS = 8; + ObjectIdentifier(CertType_data); + + /** + * Attribute names. + */ + public static final String SSL_CLIENT = "ssl_client"; + public static final String SSL_SERVER = "ssl_server"; + public static final String EMAIL = "email"; + public static final String OBJECT_SIGNING = "object_signing"; + public static final String SSL_CA = "ssl_ca"; + public static final String EMAIL_CA = "email_ca"; + public static final String OBJECT_SIGNING_CA = "object_signing_ca"; + + /** + * Attribute names. + */ + public static final int SSL_CLIENT_BIT = 0; + public static final int SSL_SERVER_BIT = 1; + public static final int EMAIL_BIT = 2; + public static final int OBJECT_SIGNING_BIT = 3; + // 4 is reserved. + public static final int SSL_CA_BIT = 5; + public static final int EMAIL_CA_BIT = 6; + public static final int OBJECT_SIGNING_CA_BIT = 7; + + public static final int NBITS = 8; /** * Identifier for this attribute, to be used with the @@ -105,14 +102,14 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { private static MapEntry[] mMapData = { - new MapEntry(SSL_CLIENT, 0), - new MapEntry(SSL_SERVER, 1), - new MapEntry(EMAIL, 2), - new MapEntry(OBJECT_SIGNING, 3), - // note that bit 4 is reserved - new MapEntry(SSL_CA, 5), - new MapEntry(EMAIL_CA, 6), - new MapEntry(OBJECT_SIGNING_CA, 7), + new MapEntry(SSL_CLIENT, 0), + new MapEntry(SSL_SERVER, 1), + new MapEntry(EMAIL, 2), + new MapEntry(OBJECT_SIGNING, 3), + // note that bit 4 is reserved + new MapEntry(SSL_CA, 5), + new MapEntry(EMAIL_CA, 6), + new MapEntry(OBJECT_SIGNING_CA, 7), }; private static Vector<String> mAttributeNames = new Vector<String>(); @@ -143,7 +140,7 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { /** * Check if bit is set. - * + * * @param position the position in the bit string to check. */ public boolean isSet(int position) { @@ -202,7 +199,7 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { /** * Create a NSCertTypeExtension with the passed bit settings. * The criticality is set to false. - * + * * @param bitString the bits to be set for the extension. */ public NSCertTypeExtension(boolean critical, byte[] bitString) throws IOException { @@ -221,19 +218,19 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public NSCertTypeExtension(Boolean critical, Object value) - throws IOException { + throws IOException { /** - Debug.trace("NSCertTypeExtension"); - this.mBitString = new byte[1]; - this.mBitString[0] = (byte)0x00; - return; + * Debug.trace("NSCertTypeExtension"); + * this.mBitString = new byte[1]; + * this.mBitString[0] = (byte)0x00; + * return; **/ this.extensionId = CertType_Id; @@ -253,10 +250,10 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { this.extensionId = CertType_Id; this.critical = false; this.mBitString = new byte[0]; - try { - encodeThis(); - } catch (Exception e) { - } + try { + encodeThis(); + } catch (Exception e) { + } } /** @@ -264,8 +261,7 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { */ public void set(String name, Object obj) throws CertificateException { if (!(obj instanceof Boolean)) { - throw new CertificateException - ("Attribute must be of type Boolean."); + throw new CertificateException("Attribute must be of type Boolean."); } boolean val = ((Boolean) obj).booleanValue(); @@ -333,7 +329,7 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -343,12 +339,12 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); encodeThis(); if (this.extensionValue == null) { @@ -367,7 +363,6 @@ public class NSCertTypeExtension extends Extension implements CertAttrSet { return mAttributeNames.elements(); } - public static void main(String[] argv) { } } diff --git a/pki/base/util/src/netscape/security/extensions/OCSPNoCheckExtension.java b/pki/base/util/src/netscape/security/extensions/OCSPNoCheckExtension.java index 544d5959..0a308d8e 100644 --- a/pki/base/util/src/netscape/security/extensions/OCSPNoCheckExtension.java +++ b/pki/base/util/src/netscape/security/extensions/OCSPNoCheckExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -30,7 +29,6 @@ import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; import netscape.security.x509.OIDMap; - /** * This represents the OCSPNoCheck extension. */ @@ -47,7 +45,7 @@ public class OCSPNoCheckExtension extends Extension implements CertAttrSet { static { try { OIDMap.addAttribute(OCSPNoCheckExtension.class.getName(), - OID, OCSPNoCheckExtension.class.getSimpleName()); + OID, OCSPNoCheckExtension.class.getSimpleName()); } catch (CertificateException e) { } } @@ -81,7 +79,7 @@ public class OCSPNoCheckExtension extends Extension implements CertAttrSet { critical = crit.booleanValue(); extensionValue = (byte[]) ((byte[]) byteVal).clone(); } - + public void setCritical(boolean newValue) { if (critical != newValue) { critical = newValue; @@ -95,7 +93,7 @@ public class OCSPNoCheckExtension extends Extension implements CertAttrSet { mCached = out.toByteArray(); } } - + public String toString() { String presentation = "oid=" + OID + " "; @@ -108,18 +106,18 @@ public class OCSPNoCheckExtension extends Extension implements CertAttrSet { for (int i = 0; i < extensionValue.length; i++) { extByteValue += (extensionValue[i] + " "); } - presentation += extByteValue; + presentation += extByteValue; } return presentation; } - public void decode(InputStream in) - throws CertificateException, IOException { + public void decode(InputStream in) + throws CertificateException, IOException { // NOT USED } - public void encode(OutputStream out) - throws CertificateException, IOException { + public void encode(OutputStream out) + throws CertificateException, IOException { if (mCached == null) { DerOutputStream temp = new DerOutputStream(); @@ -128,8 +126,8 @@ public class OCSPNoCheckExtension extends Extension implements CertAttrSet { out.write(mCached); } - public void set(String name, Object obj) - throws CertificateException, IOException { + public void set(String name, Object obj) + throws CertificateException, IOException { // NOT USED } @@ -143,8 +141,8 @@ public class OCSPNoCheckExtension extends Extension implements CertAttrSet { return null; } - public void delete(String name) - throws CertificateException, IOException { + public void delete(String name) + throws CertificateException, IOException { // NOT USED } } diff --git a/pki/base/util/src/netscape/security/extensions/PresenceServerExtension.java b/pki/base/util/src/netscape/security/extensions/PresenceServerExtension.java index ecd8f4f6..15222cb3 100644 --- a/pki/base/util/src/netscape/security/extensions/PresenceServerExtension.java +++ b/pki/base/util/src/netscape/security/extensions/PresenceServerExtension.java @@ -33,8 +33,7 @@ import netscape.security.util.ObjectIdentifier; import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extension; -public class PresenceServerExtension extends Extension implements CertAttrSet -{ +public class PresenceServerExtension extends Extension implements CertAttrSet { /** * */ @@ -53,173 +52,161 @@ public class PresenceServerExtension extends Extension implements CertAttrSet public static final String OID = "2.16.840.1.113730.1.18"; -/* - public PresenceServerExtension() - { - } -*/ + /* + public PresenceServerExtension() + { + } + */ public PresenceServerExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = new ObjectIdentifier(OID); - this.critical = critical.booleanValue(); - this.extensionValue = (byte[]) ((byte[]) value).clone(); - decodeThis(); - } + throws IOException { + this.extensionId = new ObjectIdentifier(OID); + this.critical = critical.booleanValue(); + this.extensionValue = (byte[]) ((byte[]) value).clone(); + decodeThis(); + } public PresenceServerExtension( - boolean critical, - int version, - String streetAddress, - String telephoneNumber, - String rfc822Name, - String ID, - String hostName, - int portNumber, - int maxUsers, - int serviceLevel) - throws IOException - { - mCritical = critical; - mVersion = version; - mStreetAddress = streetAddress; - mTelephoneNumber = telephoneNumber; - mRFC822Name = rfc822Name; - mID = ID; - mHostName = hostName; - mPortNumber = portNumber; - mMaxUsers = maxUsers; - mServiceLevel = serviceLevel; - - this.extensionId = new ObjectIdentifier(OID); - this.critical = mCritical; - encodeThis(); + boolean critical, + int version, + String streetAddress, + String telephoneNumber, + String rfc822Name, + String ID, + String hostName, + int portNumber, + int maxUsers, + int serviceLevel) + throws IOException { + mCritical = critical; + mVersion = version; + mStreetAddress = streetAddress; + mTelephoneNumber = telephoneNumber; + mRFC822Name = rfc822Name; + mID = ID; + mHostName = hostName; + mPortNumber = portNumber; + mMaxUsers = maxUsers; + mServiceLevel = serviceLevel; + + this.extensionId = new ObjectIdentifier(OID); + this.critical = mCritical; + encodeThis(); + } + + public int getVersion() { + return mVersion; + } + + public String getStreetAddress() { + return mStreetAddress; } - public int getVersion() - { - return mVersion; - } - - public String getStreetAddress() - { - return mStreetAddress; - } - - public String getTelephoneNumber() - { - return mTelephoneNumber; - } - - public String getRFC822() - { - return mRFC822Name; - } - - public String getID() - { - return mID; - } - - public String getHostName() - { - return mHostName; - } - - public int getPortNumber() - { - return mPortNumber; - } - - public int getMaxUsers() - { - return mMaxUsers; - } - - public int getServiceLevel() - { - return mServiceLevel; - } - - public void encodeThis() throws IOException - { - DerOutputStream out = new DerOutputStream(); - DerOutputStream temp = new DerOutputStream(); - temp.putInteger(new BigInt(mVersion)); - temp.putOctetString(mStreetAddress.getBytes()); - temp.putOctetString(mTelephoneNumber.getBytes()); - temp.putOctetString(mRFC822Name.getBytes()); - temp.putOctetString(mID.getBytes()); - temp.putOctetString(mHostName.getBytes()); - temp.putInteger(new BigInt(mPortNumber)); - temp.putInteger(new BigInt(mMaxUsers)); - temp.putInteger(new BigInt(mServiceLevel)); - out.write(DerValue.tag_Sequence, temp); - this.extensionValue = out.toByteArray(); + public String getTelephoneNumber() { + return mTelephoneNumber; } - public void decodeThis() throws IOException - { - DerInputStream val = new DerInputStream(this.extensionValue); - byte data[] = null; - DerValue seq[] = val.getSequence(0); + public String getRFC822() { + return mRFC822Name; + } + + public String getID() { + return mID; + } + + public String getHostName() { + return mHostName; + } + + public int getPortNumber() { + return mPortNumber; + } + + public int getMaxUsers() { + return mMaxUsers; + } + + public int getServiceLevel() { + return mServiceLevel; + } + + public void encodeThis() throws IOException { + DerOutputStream out = new DerOutputStream(); + DerOutputStream temp = new DerOutputStream(); + temp.putInteger(new BigInt(mVersion)); + temp.putOctetString(mStreetAddress.getBytes()); + temp.putOctetString(mTelephoneNumber.getBytes()); + temp.putOctetString(mRFC822Name.getBytes()); + temp.putOctetString(mID.getBytes()); + temp.putOctetString(mHostName.getBytes()); + temp.putInteger(new BigInt(mPortNumber)); + temp.putInteger(new BigInt(mMaxUsers)); + temp.putInteger(new BigInt(mServiceLevel)); + out.write(DerValue.tag_Sequence, temp); + this.extensionValue = out.toByteArray(); + } + + public void decodeThis() throws IOException { + DerInputStream val = new DerInputStream(this.extensionValue); + byte data[] = null; + DerValue seq[] = val.getSequence(0); mVersion = seq[0].getInteger().toInt(); - data = null; - if (seq[1].length() > 0) { - data = seq[1].getOctetString(); - } - if (data == null) { - mStreetAddress = ""; - } else { - mStreetAddress = new String(data); - } - data = null; - if (seq[2].length() > 0) - data = seq[2].getOctetString(); - if (data == null) { - mTelephoneNumber = ""; - } else { - mTelephoneNumber = new String(data); - } - data = null; - if (seq[3].length() > 0) - data = seq[3].getOctetString(); - if (data == null) { - mRFC822Name = ""; - } else { - mRFC822Name = new String(data); - } - data = null; - if (seq[4].length() > 0) - data = seq[4].getOctetString(); - if (data == null) { - mID = ""; - } else { - mID = new String(data); - } - data = null; - if (seq[5].length() > 0) - data = seq[5].getOctetString(); - if (data == null) { - mHostName = ""; - } else { - mHostName = new String(data); - } + data = null; + if (seq[1].length() > 0) { + data = seq[1].getOctetString(); + } + if (data == null) { + mStreetAddress = ""; + } else { + mStreetAddress = new String(data); + } + data = null; + if (seq[2].length() > 0) + data = seq[2].getOctetString(); + if (data == null) { + mTelephoneNumber = ""; + } else { + mTelephoneNumber = new String(data); + } + data = null; + if (seq[3].length() > 0) + data = seq[3].getOctetString(); + if (data == null) { + mRFC822Name = ""; + } else { + mRFC822Name = new String(data); + } + data = null; + if (seq[4].length() > 0) + data = seq[4].getOctetString(); + if (data == null) { + mID = ""; + } else { + mID = new String(data); + } + data = null; + if (seq[5].length() > 0) + data = seq[5].getOctetString(); + if (data == null) { + mHostName = ""; + } else { + mHostName = new String(data); + } mPortNumber = seq[6].getInteger().toInt(); mMaxUsers = seq[7].getInteger().toInt(); mServiceLevel = seq[8].getInteger().toInt(); } - public void decode(InputStream in) - throws CertificateException, IOException { + public void decode(InputStream in) + throws CertificateException, IOException { } public void encode(OutputStream out) - throws CertificateException, IOException { - DerOutputStream dos = new DerOutputStream(); - super.encode(dos); - out.write(dos.toByteArray()); + throws CertificateException, IOException { + DerOutputStream dos = new DerOutputStream(); + super.encode(dos); + out.write(dos.toByteArray()); } /** @@ -243,84 +230,83 @@ public class PresenceServerExtension extends Extension implements CertAttrSet throw new IOException("Method not to be called directly."); } - public Enumeration<String> getAttributeNames () { - return null; + public Enumeration<String> getAttributeNames() { + return null; } /** * Set the name of this attribute. */ - public void setName (String name) { + public void setName(String name) { } /** * Return the OID of this attribute. */ - public String getOID () { - return OID; + public String getOID() { + return OID; } /** * Set the OID of this attribute. */ - public void setOID (String oid) { + public void setOID(String oid) { } - public static void main(String args[]) throws Exception - { -/* - 0 30 115: SEQUENCE { - 2 06 9: OBJECT IDENTIFIER '2 16 840 1 113730 1 100' - 13 04 102: OCTET STRING, encapsulates { - 15 30 100: SEQUENCE { - 17 02 1: INTEGER 0 - 20 04 31: OCTET STRING - : 34 30 31 45 20 4D 69 64 64 6C 65 66 69 65 6C 64 - : 20 52 64 2E 2C 4D 56 2C 43 41 39 34 30 34 31 - 53 04 12: OCTET STRING - : 36 35 30 2D 31 31 31 2D 31 31 31 31 - 67 04 18: OCTET STRING - : 61 64 6D 69 6E 40 6E 65 74 73 63 61 70 65 2E 63 - : 6F 6D - 87 04 10: OCTET STRING - : 70 73 2D 63 61 70 69 74 6F 6C - 99 04 7: OCTET STRING - : 63 61 70 69 74 6F 6C - 108 02 1: INTEGER 80 - 111 02 1: INTEGER 10 - 114 02 1: INTEGER 1 - : } - : } - : } - */ - boolean critical = false; - int version = 1; - String streetAddress = "401E Middlefield Rd.,MV,CA94041"; - String telephoneNumber = "650-111-1111"; - String rfc822Name = "admin@netscape.com"; - String ID = "ps-capitol"; - String hostName = "capitol"; - int portNumber = 80; - int maxUsers = 10; - int serviceLevel = 1; - - PresenceServerExtension ext = new PresenceServerExtension( - critical, - version, streetAddress, telephoneNumber, - rfc822Name, ID, hostName, portNumber, - maxUsers, serviceLevel); - - // encode - - ByteArrayOutputStream dos = new ByteArrayOutputStream(); - ext.encode(dos); - FileOutputStream fos = new FileOutputStream("pse.der"); - fos.write(dos.toByteArray()); - fos.close(); - - Extension ext1 = new Extension(new DerValue(dos.toByteArray())); - PresenceServerExtension ext2 = new PresenceServerExtension( - new Boolean(false), ext1.getExtensionValue()); + public static void main(String args[]) throws Exception { + /* + 0 30 115: SEQUENCE { + 2 06 9: OBJECT IDENTIFIER '2 16 840 1 113730 1 100' + 13 04 102: OCTET STRING, encapsulates { + 15 30 100: SEQUENCE { + 17 02 1: INTEGER 0 + 20 04 31: OCTET STRING + : 34 30 31 45 20 4D 69 64 64 6C 65 66 69 65 6C 64 + : 20 52 64 2E 2C 4D 56 2C 43 41 39 34 30 34 31 + 53 04 12: OCTET STRING + : 36 35 30 2D 31 31 31 2D 31 31 31 31 + 67 04 18: OCTET STRING + : 61 64 6D 69 6E 40 6E 65 74 73 63 61 70 65 2E 63 + : 6F 6D + 87 04 10: OCTET STRING + : 70 73 2D 63 61 70 69 74 6F 6C + 99 04 7: OCTET STRING + : 63 61 70 69 74 6F 6C + 108 02 1: INTEGER 80 + 111 02 1: INTEGER 10 + 114 02 1: INTEGER 1 + : } + : } + : } + */ + boolean critical = false; + int version = 1; + String streetAddress = "401E Middlefield Rd.,MV,CA94041"; + String telephoneNumber = "650-111-1111"; + String rfc822Name = "admin@netscape.com"; + String ID = "ps-capitol"; + String hostName = "capitol"; + int portNumber = 80; + int maxUsers = 10; + int serviceLevel = 1; + + PresenceServerExtension ext = new PresenceServerExtension( + critical, + version, streetAddress, telephoneNumber, + rfc822Name, ID, hostName, portNumber, + maxUsers, serviceLevel); + + // encode + + ByteArrayOutputStream dos = new ByteArrayOutputStream(); + ext.encode(dos); + FileOutputStream fos = new FileOutputStream("pse.der"); + fos.write(dos.toByteArray()); + fos.close(); + + Extension ext1 = new Extension(new DerValue(dos.toByteArray())); + PresenceServerExtension ext2 = new PresenceServerExtension( + new Boolean(false), ext1.getExtensionValue()); } } diff --git a/pki/base/util/src/netscape/security/extensions/SubjectInfoAccessExtension.java b/pki/base/util/src/netscape/security/extensions/SubjectInfoAccessExtension.java index 36be1fff..f9ad051e 100644 --- a/pki/base/util/src/netscape/security/extensions/SubjectInfoAccessExtension.java +++ b/pki/base/util/src/netscape/security/extensions/SubjectInfoAccessExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.extensions; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -37,11 +36,10 @@ import netscape.security.x509.Extension; import netscape.security.x509.GeneralName; import netscape.security.x509.URIName; - /** * This represents the subject information access extension * as defined in RFC3280. - * + * * @author thomask * @version $Revision$, $Date$ */ @@ -49,12 +47,12 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet private static final long serialVersionUID = 7237321566602583325L; public static final int OID_OCSP[] = { 1, 3, 6, 1, 5, 5, 7, 48, 1 }; - public static final ObjectIdentifier METHOD_OCSP = new - ObjectIdentifier(OID_OCSP); + public static final ObjectIdentifier METHOD_OCSP = new + ObjectIdentifier(OID_OCSP); public static final int OID_CA_ISSUERS[] = { 1, 3, 6, 1, 5, 5, 7, 48, 2 }; - public static final ObjectIdentifier METHOD_CA_ISSUERS = new - ObjectIdentifier(OID_CA_ISSUERS); + public static final ObjectIdentifier METHOD_CA_ISSUERS = new + ObjectIdentifier(OID_CA_ISSUERS); public static final int OID[] = { 1, 3, 6, 1, 5, 5, 7, 1, 11 }; public static final ObjectIdentifier ID = new ObjectIdentifier(OID); @@ -63,7 +61,7 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. @@ -74,8 +72,8 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet this.extensionValue = null; // build this when encodeThis() is called } - public SubjectInfoAccessExtension(Boolean critical, Object value) - throws IOException { + public SubjectInfoAccessExtension(Boolean critical, Object value) + throws IOException { this.extensionId = ID; this.critical = critical.booleanValue(); this.extensionValue = (byte[]) ((byte[]) value).clone(); @@ -120,14 +118,13 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet return null; } - /** * Adds Access Description. */ public void addAccessDescription( - ObjectIdentifier method, - GeneralName gn) { - clearValue(); + ObjectIdentifier method, + GeneralName gn) { + clearValue(); mDesc.addElement(new AccessDescription(method, gn)); } @@ -157,7 +154,7 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet } } - private void encodeThis() throws IOException { + private void encodeThis() throws IOException { DerOutputStream seq = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); @@ -172,10 +169,10 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet seq.write(DerValue.tag_Sequence, tmp); this.extensionValue = seq.toByteArray(); } - + /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -214,7 +211,7 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet GeneralName caIssuersName = new GeneralName(new URIName("http://ocsp.netscape.com")); - aia.addAccessDescription(METHOD_CA_ISSUERS, caIssuersName); + aia.addAccessDescription(METHOD_CA_ISSUERS, caIssuersName); ByteArrayOutputStream os = new ByteArrayOutputStream(); try { @@ -236,7 +233,7 @@ public class SubjectInfoAccessExtension extends Extension implements CertAttrSet bos.toByteArray()); ObjectInputStream ois = new ObjectInputStream(bis); AuthInfoAccessExtension clone = (AuthInfoAccessExtension) - ois.readObject(); + ois.readObject(); System.out.println(clone); } catch (Exception e) { diff --git a/pki/base/util/src/netscape/security/pkcs/ContentInfo.java b/pki/base/util/src/netscape/security/pkcs/ContentInfo.java index f09f4b62..9825494c 100644 --- a/pki/base/util/src/netscape/security/pkcs/ContentInfo.java +++ b/pki/base/util/src/netscape/security/pkcs/ContentInfo.java @@ -26,114 +26,114 @@ import netscape.security.util.ObjectIdentifier; /** * A ContentInfo type, as defined in PKCS#7. - * + * * @version 1.12 - * @author Benjamin Renaud + * @author Benjamin Renaud */ public class ContentInfo { // pkcs7 pre-defined content types - private static int[] pkcs7 = {1, 2, 840, 113549, 1, 7}; - private static int[] data = {1, 2, 840, 113549, 1, 7, 1}; - private static int[] sdata = {1, 2, 840, 113549, 1, 7, 2}; - private static int[] edata = {1, 2, 840, 113549, 1, 7, 3}; - private static int[] sedata = {1, 2, 840, 113549, 1, 7, 4}; - private static int[] ddata = {1, 2, 840, 113549, 1, 7, 5}; - private static int[] crdata = {1, 2, 840, 113549, 1, 7, 6}; - - public static final ObjectIdentifier PKCS7_OID = - new ObjectIdentifier(pkcs7); - - public static final ObjectIdentifier DATA_OID = - new ObjectIdentifier(data); - - public static final ObjectIdentifier SIGNED_DATA_OID = - new ObjectIdentifier(sdata); + private static int[] pkcs7 = { 1, 2, 840, 113549, 1, 7 }; + private static int[] data = { 1, 2, 840, 113549, 1, 7, 1 }; + private static int[] sdata = { 1, 2, 840, 113549, 1, 7, 2 }; + private static int[] edata = { 1, 2, 840, 113549, 1, 7, 3 }; + private static int[] sedata = { 1, 2, 840, 113549, 1, 7, 4 }; + private static int[] ddata = { 1, 2, 840, 113549, 1, 7, 5 }; + private static int[] crdata = { 1, 2, 840, 113549, 1, 7, 6 }; + + public static final ObjectIdentifier PKCS7_OID = + new ObjectIdentifier(pkcs7); + + public static final ObjectIdentifier DATA_OID = + new ObjectIdentifier(data); + + public static final ObjectIdentifier SIGNED_DATA_OID = + new ObjectIdentifier(sdata); public static final ObjectIdentifier ENVELOPED_DATA_OID = - new ObjectIdentifier(edata); + new ObjectIdentifier(edata); public static final ObjectIdentifier SIGNED_AND_ENVELOPED_DATA_OID = - new ObjectIdentifier(sedata); + new ObjectIdentifier(sedata); - public static final ObjectIdentifier DIGESTED_DATA_OID = - new ObjectIdentifier(ddata); + public static final ObjectIdentifier DIGESTED_DATA_OID = + new ObjectIdentifier(ddata); - public static final ObjectIdentifier ENCRYPTED_DATA_OID = - new ObjectIdentifier(crdata); + public static final ObjectIdentifier ENCRYPTED_DATA_OID = + new ObjectIdentifier(crdata); ObjectIdentifier contentType; DerValue content; // OPTIONAL public ContentInfo(ObjectIdentifier contentType, DerValue content) { - this.contentType = contentType; - this.content = content; + this.contentType = contentType; + this.content = content; } /** * Make a contentInfo of type data. */ public ContentInfo(byte[] bytes) { - DerValue octetString = new DerValue(DerValue.tag_OctetString, bytes); - this.contentType = DATA_OID; - this.content = octetString; + DerValue octetString = new DerValue(DerValue.tag_OctetString, bytes); + this.contentType = DATA_OID; + this.content = octetString; } - public ContentInfo(DerInputStream derin) - throws IOException, ParsingException { + public ContentInfo(DerInputStream derin) + throws IOException, ParsingException { DerInputStream disType; - DerInputStream disTaggedContent; - DerValue type; - DerValue taggedContent; - DerValue[] typeAndContent; - DerValue[] contents; - - typeAndContent = derin.getSequence(2); - - // Parse the content type - type = typeAndContent[0]; - disType = new DerInputStream(type.toByteArray()); - contentType = disType.getOID(); - - // Parse the content (OPTIONAL field). - // Skip the [0] EXPLICIT tag by pretending that the content is the one - // and only element in an implicitly tagged set - if (typeAndContent.length > 1) { // content is OPTIONAL - taggedContent = typeAndContent[1]; - disTaggedContent = new DerInputStream(taggedContent.toByteArray()); - contents = disTaggedContent.getSet(1, true); - content = contents[0]; - } + DerInputStream disTaggedContent; + DerValue type; + DerValue taggedContent; + DerValue[] typeAndContent; + DerValue[] contents; + + typeAndContent = derin.getSequence(2); + + // Parse the content type + type = typeAndContent[0]; + disType = new DerInputStream(type.toByteArray()); + contentType = disType.getOID(); + + // Parse the content (OPTIONAL field). + // Skip the [0] EXPLICIT tag by pretending that the content is the one + // and only element in an implicitly tagged set + if (typeAndContent.length > 1) { // content is OPTIONAL + taggedContent = typeAndContent[1]; + disTaggedContent = new DerInputStream(taggedContent.toByteArray()); + contents = disTaggedContent.getSet(1, true); + content = contents[0]; + } } public DerValue getContent() { - return content; + return content; } public byte[] getData() throws IOException { - if (contentType.equals(DATA_OID)) { - return content.getOctetString(); - } - throw new IOException("content type is not DATA: " + contentType); + if (contentType.equals(DATA_OID)) { + return content.getOctetString(); + } + throw new IOException("content type is not DATA: " + contentType); } public void encode(DerOutputStream out) throws IOException { - DerOutputStream contentDerCode; - DerOutputStream seq; - DerValue taggedContent; + DerOutputStream contentDerCode; + DerOutputStream seq; + DerValue taggedContent; - contentDerCode = new DerOutputStream(); - content.encode(contentDerCode); - // Add the [0] EXPLICIT tag in front of the content encoding - taggedContent = new DerValue((byte)0xA0, - contentDerCode.toByteArray()); + contentDerCode = new DerOutputStream(); + content.encode(contentDerCode); + // Add the [0] EXPLICIT tag in front of the content encoding + taggedContent = new DerValue((byte) 0xA0, + contentDerCode.toByteArray()); - seq = new DerOutputStream(); - seq.putOID(contentType); - seq.putDerValue(taggedContent); + seq = new DerOutputStream(); + seq.putOID(contentType); + seq.putDerValue(taggedContent); - out.write(DerValue.tag_Sequence, seq); + out.write(DerValue.tag_Sequence, seq); } /** @@ -141,15 +141,15 @@ public class ContentInfo { * the content field. */ public byte[] getContentBytes() throws IOException { - DerInputStream dis = new DerInputStream(content.toByteArray()); - return dis.getOctetString(); + DerInputStream dis = new DerInputStream(content.toByteArray()); + return dis.getOctetString(); } - + public String toString() { - String out = ""; - - out += "Content Info Sequence\n\tContent type: " + contentType + "\n"; - out += "\tContent: " + content; - return out; + String out = ""; + + out += "Content Info Sequence\n\tContent type: " + contentType + "\n"; + out += "\tContent: " + content; + return out; } } diff --git a/pki/base/util/src/netscape/security/pkcs/EncodingException.java b/pki/base/util/src/netscape/security/pkcs/EncodingException.java index 6ccd1d40..cb495e99 100644 --- a/pki/base/util/src/netscape/security/pkcs/EncodingException.java +++ b/pki/base/util/src/netscape/security/pkcs/EncodingException.java @@ -24,10 +24,10 @@ public class EncodingException extends Exception { private static final long serialVersionUID = -6126764125859196917L; public EncodingException() { - super(); + super(); } public EncodingException(String s) { - super(s); + super(s); } } diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS10.java b/pki/base/util/src/netscape/security/pkcs/PKCS10.java index dc28c7e9..b8c0aedc 100644 --- a/pki/base/util/src/netscape/security/pkcs/PKCS10.java +++ b/pki/base/util/src/netscape/security/pkcs/PKCS10.java @@ -38,21 +38,22 @@ import netscape.security.x509.X509Key; /** * PKCS #10 certificate requests are created and sent to Certificate * Authorities, which then create X.509 certificates and return them to - * the entity which created the certificate request. These cert requests + * the entity which created the certificate request. These cert requests * basically consist of the subject's X.500 name and public key, signed * using the corresponding private key. - * + * * The ASN.1 syntax for a Certification Request is: + * * <pre> * CertificationRequest ::= SEQUENCE { * certificationRequestInfo CertificationRequestInfo, * signatureAlgorithm SignatureAlgorithmIdentifier, * signature Signature * } - * + * * SignatureAlgorithmIdentifier ::= AlgorithmIdentifier * Signature ::= BIT STRING - * + * * CertificationRequestInfo ::= SEQUENCE { * version Version, * subject Name, @@ -61,298 +62,283 @@ import netscape.security.x509.X509Key; * } * Attributes ::= SET OF Attribute * </pre> - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.28 */ -public class PKCS10 -{ +public class PKCS10 { /** - * Constructs an unsigned PKCS #10 certificate request. Before this - * request may be used, it must be encoded and signed. Then it + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it * must be retrieved in some conventional format (e.g. string). * * @param publicKey the public key that should be placed - * into the certificate generated by the CA. + * into the certificate generated by the CA. */ - public PKCS10 (X509Key publicKey) - { - subjectPublicKeyInfo = publicKey; - attributeSet = new PKCS10Attributes(); + public PKCS10(X509Key publicKey) { + subjectPublicKeyInfo = publicKey; + attributeSet = new PKCS10Attributes(); } - /** - * Constructs an unsigned PKCS #10 certificate request. Before this - * request may be used, it must be encoded and signed. Then it + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it * must be retrieved in some conventional format (e.g. string). * * @param publicKey the public key that should be placed - * into the certificate generated by the CA. + * into the certificate generated by the CA. * @param attributes additonal set of PKCS10 attributes requested - * for in the certificate. + * for in the certificate. */ - public PKCS10 (X509Key publicKey, PKCS10Attributes attributes) - { - subjectPublicKeyInfo = publicKey; - if (attributes != null) - attributeSet = attributes; - else - attributeSet = new PKCS10Attributes(); + public PKCS10(X509Key publicKey, PKCS10Attributes attributes) { + subjectPublicKeyInfo = publicKey; + if (attributes != null) + attributeSet = attributes; + else + attributeSet = new PKCS10Attributes(); } - /** * Parses an encoded, signed PKCS #10 certificate request, verifying - * the request's signature as it does so. This constructor would + * the request's signature as it does so. This constructor would * typically be used by a Certificate Authority, from which a new * certificate would then be constructed. - * + * * @param data the DER-encoded PKCS #10 request. * @param sigver boolean specifies signature verification enabled or not * @exception IOException for low level errors reading the data * @exception SignatureException when the signature is invalid * @exception NoSuchAlgorithmException when the signature - * algorithm is not supported in this environment + * algorithm is not supported in this environment */ - public PKCS10 (byte data [], boolean sigver) - throws IOException, SignatureException, NoSuchAlgorithmException,java.security.NoSuchProviderException - { - DerInputStream in; - DerValue seq []; - AlgorithmId id; - byte sigData []; - Signature sig; - - certificateRequest = data; - - // - // Outer sequence: request, signature algorithm, signature. - // Parse, and prepare to verify later. - // - in = new DerInputStream (data); - seq = in.getSequence (3); - - if (seq.length != 3) - throw new IllegalArgumentException ("not a PKCS #10 request"); - - data = seq [0].toByteArray (); // reusing this variable - certRequestInfo = seq[0].toByteArray(); // make a copy - id = AlgorithmId.parse (seq [1]); - sigData = seq [2].getBitString (); - - // - // Inner sequence: version, name, key, attributes - // - BigInt serial; - DerValue val; - - serial = seq [0].data.getInteger (); -/* - if (serial.toInt () != 0) - throw new IllegalArgumentException ("not PKCS #10 v1"); -*/ - - subject = new X500Name (seq [0].data); - - - byte val1[] = seq [0].data.getDerValue ().toByteArray(); - subjectPublicKeyInfo = X509Key.parse (new DerValue(val1)); - PublicKey publicKey = X509Key.parsePublicKey (new DerValue(val1)); - - String keystr = subjectPublicKeyInfo.toString(); - - // Cope with a somewhat common illegal PKCS #10 format - if (seq [0].data.available () != 0) - attributeSet = new PKCS10Attributes(seq [0].data); - else - attributeSet = new PKCS10Attributes(); - - // - // OK, we parsed it all ... validate the signature using the - // key and signature algorithm we found. - // temporary commented out - try { - String idName = id.getName (); - if(idName.equals("MD5withRSA")) - idName = "MD5/RSA"; - else if(idName.equals("MD2withRSA")) - idName = "MD2/RSA"; - else if(idName.equals("SHA1withRSA")) - idName = "SHA1/RSA"; - else if(idName.equals("SHA1withDSA")) - idName = "SHA1/DSA"; - else if(idName.equals("SHA1withEC")) - idName = "SHA1/EC"; - else if(idName.equals("SHA256withEC")) - idName = "SHA256/EC"; - else if(idName.equals("SHA384withEC")) - idName = "SHA384/EC"; - else if(idName.equals("SHA512withEC")) - idName = "SHA512/EC"; - - if (sigver) { - sig = Signature.getInstance(idName,"Mozilla-JSS"); - - sig.initVerify (publicKey); - sig.update (data); - if (!sig.verify (sigData)) - throw new SignatureException ("Invalid PKCS #10 signature"); + public PKCS10(byte data[], boolean sigver) + throws IOException, SignatureException, NoSuchAlgorithmException, java.security.NoSuchProviderException { + DerInputStream in; + DerValue seq[]; + AlgorithmId id; + byte sigData[]; + Signature sig; + + certificateRequest = data; + + // + // Outer sequence: request, signature algorithm, signature. + // Parse, and prepare to verify later. + // + in = new DerInputStream(data); + seq = in.getSequence(3); + + if (seq.length != 3) + throw new IllegalArgumentException("not a PKCS #10 request"); + + data = seq[0].toByteArray(); // reusing this variable + certRequestInfo = seq[0].toByteArray(); // make a copy + id = AlgorithmId.parse(seq[1]); + sigData = seq[2].getBitString(); + + // + // Inner sequence: version, name, key, attributes + // + BigInt serial; + DerValue val; + + serial = seq[0].data.getInteger(); + /* + if (serial.toInt () != 0) + throw new IllegalArgumentException ("not PKCS #10 v1"); + */ + + subject = new X500Name(seq[0].data); + + byte val1[] = seq[0].data.getDerValue().toByteArray(); + subjectPublicKeyInfo = X509Key.parse(new DerValue(val1)); + PublicKey publicKey = X509Key.parsePublicKey(new DerValue(val1)); + + String keystr = subjectPublicKeyInfo.toString(); + + // Cope with a somewhat common illegal PKCS #10 format + if (seq[0].data.available() != 0) + attributeSet = new PKCS10Attributes(seq[0].data); + else + attributeSet = new PKCS10Attributes(); + + // + // OK, we parsed it all ... validate the signature using the + // key and signature algorithm we found. + // temporary commented out + try { + String idName = id.getName(); + if (idName.equals("MD5withRSA")) + idName = "MD5/RSA"; + else if (idName.equals("MD2withRSA")) + idName = "MD2/RSA"; + else if (idName.equals("SHA1withRSA")) + idName = "SHA1/RSA"; + else if (idName.equals("SHA1withDSA")) + idName = "SHA1/DSA"; + else if (idName.equals("SHA1withEC")) + idName = "SHA1/EC"; + else if (idName.equals("SHA256withEC")) + idName = "SHA256/EC"; + else if (idName.equals("SHA384withEC")) + idName = "SHA384/EC"; + else if (idName.equals("SHA512withEC")) + idName = "SHA512/EC"; + + if (sigver) { + sig = Signature.getInstance(idName, "Mozilla-JSS"); + + sig.initVerify(publicKey); + sig.update(data); + if (!sig.verify(sigData)) + throw new SignatureException("Invalid PKCS #10 signature"); + } + } catch (InvalidKeyException e) { + throw new SignatureException("invalid key"); } - } catch (InvalidKeyException e) { - throw new SignatureException ("invalid key"); - } } - public PKCS10 (byte data []) - throws IOException, SignatureException, NoSuchAlgorithmException,java.security.NoSuchProviderException - { + public PKCS10(byte data[]) + throws IOException, SignatureException, NoSuchAlgorithmException, java.security.NoSuchProviderException { this(data, true); } /** - * Create the signed certificate request. This will later be + * Create the signed certificate request. This will later be * retrieved in either string or binary format. - * + * * @param requester identifies the signer (by X.500 name) - * and provides the private key used to sign. + * and provides the private key used to sign. * @exception IOException on errors. * @exception CertificateException on certificate handling errors. * @exception SignatureException on signature handling errors. */ - public void encodeAndSign (X500Signer requester) - throws CertificateException, IOException, SignatureException - { - DerOutputStream out, scratch; - byte certificateRequestInfo []; - byte sig []; - - if (certificateRequest != null) - throw new SignatureException ("request is already signed"); - - subject = requester.getSigner (); - - /* - * Encode cert request info, wrap in a sequence for signing - */ - scratch = new DerOutputStream (); - scratch.putInteger (new BigInt (0)); // version zero - subject.encode (scratch); // X.500 name - subjectPublicKeyInfo.encode (scratch); // public key - attributeSet.encode (scratch); - - out = new DerOutputStream (); - out.write (DerValue.tag_Sequence, scratch); // wrap it! - certificateRequestInfo = out.toByteArray (); - scratch = out; - - /* - * Sign it ... - */ - requester.update (certificateRequestInfo, 0, - certificateRequestInfo.length); - sig = requester.sign (); - - /* - * Build guts of SIGNED macro - */ - requester.getAlgorithmId ().encode (scratch); // sig algorithm - scratch.putBitString (sig); // sig - - /* - * Wrap those guts in a sequence - */ - out = new DerOutputStream (); - out.write (DerValue.tag_Sequence, scratch); - certificateRequest = out.toByteArray (); + public void encodeAndSign(X500Signer requester) + throws CertificateException, IOException, SignatureException { + DerOutputStream out, scratch; + byte certificateRequestInfo[]; + byte sig[]; + + if (certificateRequest != null) + throw new SignatureException("request is already signed"); + + subject = requester.getSigner(); + + /* + * Encode cert request info, wrap in a sequence for signing + */ + scratch = new DerOutputStream(); + scratch.putInteger(new BigInt(0)); // version zero + subject.encode(scratch); // X.500 name + subjectPublicKeyInfo.encode(scratch); // public key + attributeSet.encode(scratch); + + out = new DerOutputStream(); + out.write(DerValue.tag_Sequence, scratch); // wrap it! + certificateRequestInfo = out.toByteArray(); + scratch = out; + + /* + * Sign it ... + */ + requester.update(certificateRequestInfo, 0, + certificateRequestInfo.length); + sig = requester.sign(); + + /* + * Build guts of SIGNED macro + */ + requester.getAlgorithmId().encode(scratch); // sig algorithm + scratch.putBitString(sig); // sig + + /* + * Wrap those guts in a sequence + */ + out = new DerOutputStream(); + out.write(DerValue.tag_Sequence, scratch); + certificateRequest = out.toByteArray(); } - /** * Returns the subject's name. */ - public X500Name getSubjectName () - { return subject; } - + public X500Name getSubjectName() { + return subject; + } /** * Returns the subject's public key. */ - public X509Key getSubjectPublicKeyInfo () - { return subjectPublicKeyInfo; } - + public X509Key getSubjectPublicKeyInfo() { + return subjectPublicKeyInfo; + } /** * Returns the additional attributes requested. */ - public PKCS10Attributes getAttributes () - { return attributeSet; } + public PKCS10Attributes getAttributes() { + return attributeSet; + } /** * Returns the encoded and signed certificate request as a * DER-encoded byte array. - * + * * @return the certificate request, or null if encodeAndSign() - * has not yet been called. + * has not yet been called. */ - public byte [] toByteArray () - { - return certificateRequest; + public byte[] toByteArray() { + return certificateRequest; } - /** * Prints an E-Mailable version of the certificate request on the print - * stream passed. The format is a common base64 encoded one, supported + * stream passed. The format is a common base64 encoded one, supported * by most Certificate Authorities because Netscape web servers have - * used this for some time. Some certificate authorities expect some + * used this for some time. Some certificate authorities expect some * more information, in particular contact information for the web * server administrator. - * + * * @param out the print stream where the certificate request - * will be printed. + * will be printed. * @exception IOException when an output operation failed * @exception SignatureException when the certificate request was - * not yet signed. + * not yet signed. */ - public void print (PrintStream out) - throws IOException, SignatureException - { - if (certificateRequest == null) - throw new SignatureException ("Cert request was not signed"); - - - out.println ("-----BEGIN NEW CERTIFICATE REQUEST-----"); - out.println (com.netscape.osutil.OSUtil.BtoA(certificateRequest)); - out.println ("-----END NEW CERTIFICATE REQUEST-----"); + public void print(PrintStream out) + throws IOException, SignatureException { + if (certificateRequest == null) + throw new SignatureException("Cert request was not signed"); + + out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); + out.println(com.netscape.osutil.OSUtil.BtoA(certificateRequest)); + out.println("-----END NEW CERTIFICATE REQUEST-----"); } /** * Provides a short description of this request. */ - public String toString () - { - return "[PKCS #10 certificate request:\n" - + subjectPublicKeyInfo.toString() - + " subject: <" + subject + ">" + "\n" - + " attributes: " + attributeSet.toString() - + "\n]"; + public String toString() { + return "[PKCS #10 certificate request:\n" + + subjectPublicKeyInfo.toString() + + " subject: <" + subject + ">" + "\n" + + " attributes: " + attributeSet.toString() + + "\n]"; } /** * Retrieve the PKCS10 CertificateRequestInfo as a byte array */ - public byte[] getCertRequestInfo() - { - return certRequestInfo; + public byte[] getCertRequestInfo() { + return certRequestInfo; } - private X500Name subject; - private X509Key subjectPublicKeyInfo; - private PKCS10Attributes attributeSet; + private X500Name subject; + private X509Key subjectPublicKeyInfo; + private PKCS10Attributes attributeSet; - private byte certificateRequest []; // signed - private byte certRequestInfo []; // inner content signed + private byte certificateRequest[]; // signed + private byte certRequestInfo[]; // inner content signed } diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java b/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java index dd74ead9..8638f6a8 100644 --- a/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java +++ b/pki/base/util/src/netscape/security/pkcs/PKCS10Attribute.java @@ -35,19 +35,17 @@ import netscape.security.x509.CertAttrSet; import netscape.security.x509.Extensions; import netscape.security.x509.OIDMap; - /** * Represent a PKCS Attribute. - * - * <p>Attributes are addiitonal attributes which can be inserted in a PKCS - * certificate request. For example a "Driving License Certificate" could have - * the driving license number as a attribute. - * - * <p>Attributes are represented as a sequence of the attribute identifier - * (Object Identifier) and a set of DER encoded attribute values. The current - * implementation only supports one value per attribute. - * + * + * <p> + * Attributes are addiitonal attributes which can be inserted in a PKCS certificate request. For example a "Driving License Certificate" could have the driving license number as a attribute. + * + * <p> + * Attributes are represented as a sequence of the attribute identifier (Object Identifier) and a set of DER encoded attribute values. The current implementation only supports one value per attribute. + * * ASN.1 definition of Attribute: + * * <pre> * Attribute :: SEQUENCE { * type AttributeValue, @@ -55,7 +53,7 @@ import netscape.security.x509.OIDMap; * } * AttributeValue ::= ANY * </pre> - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.13 @@ -65,11 +63,11 @@ public class PKCS10Attribute implements DerEncoder, Serializable { * */ private static final long serialVersionUID = 2002480042340316170L; - protected ObjectIdentifier attributeId = null; - protected CertAttrSet attributeValue = null; + protected ObjectIdentifier attributeId = null; + protected CertAttrSet attributeValue = null; /** - * Default constructor. Used only by sub-classes. + * Default constructor. Used only by sub-classes. */ public PKCS10Attribute() { } @@ -79,65 +77,63 @@ public class PKCS10Attribute implements DerEncoder, Serializable { */ public PKCS10Attribute(DerValue derVal) throws IOException { if (derVal.tag != DerValue.tag_Sequence) { - throw new IOException("Sequence tag missing for PKCS10Attribute."); - } + throw new IOException("Sequence tag missing for PKCS10Attribute."); + } DerInputStream in = derVal.toDerInputStream(); // Object identifier attributeId = in.getOID(); - // System.out.println("attribute ID in pkcs10 "+attributeId.toString()); - - // Rest of the stuff is attribute value(s), wrapped in a SET. - // For now, assume there is only one attribute value present. - DerValue[] inAttrValues = in.getSet(1); - int attrValueNum = inAttrValues.length; - if (attrValueNum > 1) { - throw new IOException("More than one value per attribute not supported"); - } - - // Read the first attribute value - DerValue inAttrValue = inAttrValues[0]; - - if (attributeId.equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) { - //pkcs9 extensionAttr - try{ - // remove the tag - //DerValue dv = inAttrValue.data.getDerValue(); - // hack. toDerInputStream only gives one extension. - DerInputStream fi = new DerInputStream(inAttrValue.toByteArray()); - attributeValue = (CertAttrSet) new - Extensions(fi); - //CertificateExtensions(fi); - return; - } catch(Exception e) { - throw new IOException(e.toString()); - } - } - byte[] val = inAttrValue.toByteArray(); + // System.out.println("attribute ID in pkcs10 "+attributeId.toString()); + + // Rest of the stuff is attribute value(s), wrapped in a SET. + // For now, assume there is only one attribute value present. + DerValue[] inAttrValues = in.getSet(1); + int attrValueNum = inAttrValues.length; + if (attrValueNum > 1) { + throw new IOException("More than one value per attribute not supported"); + } + + // Read the first attribute value + DerValue inAttrValue = inAttrValues[0]; + + if (attributeId.equals(PKCS9Attribute.EXTENSION_REQUEST_OID)) { + //pkcs9 extensionAttr + try { + // remove the tag + //DerValue dv = inAttrValue.data.getDerValue(); + // hack. toDerInputStream only gives one extension. + DerInputStream fi = new DerInputStream(inAttrValue.toByteArray()); + attributeValue = (CertAttrSet) new + Extensions(fi); + //CertificateExtensions(fi); + return; + } catch (Exception e) { + throw new IOException(e.toString()); + } + } + byte[] val = inAttrValue.toByteArray(); Class<?>[] params = { Object.class }; try { - @SuppressWarnings("unchecked") - Class<CertAttrSet> extClass = (Class<CertAttrSet>) OIDMap.getClass(attributeId); - if (extClass != null) { - Constructor<CertAttrSet> cons = (Constructor<CertAttrSet>) extClass.getConstructor(params); - Object value = Array.newInstance(byte.class,val.length); - for (int i = 0; i < val.length; i++) { - Array.setByte(value,i,val[i]); - } - Object[] passed = new Object[] {value}; - attributeValue = cons.newInstance(passed); - } else { - // attribute classes are usable for PKCS10 attributes. - // this is used where the attributes are not actual - // implemented extensions. - attributeValue = new ACertAttrSet(inAttrValue); - } - } - catch (InvocationTargetException invk) { - throw new IOException(invk.getTargetException().getMessage()); - } - catch (Exception e) { - throw new IOException(e.toString()); + @SuppressWarnings("unchecked") + Class<CertAttrSet> extClass = (Class<CertAttrSet>) OIDMap.getClass(attributeId); + if (extClass != null) { + Constructor<CertAttrSet> cons = (Constructor<CertAttrSet>) extClass.getConstructor(params); + Object value = Array.newInstance(byte.class, val.length); + for (int i = 0; i < val.length; i++) { + Array.setByte(value, i, val[i]); + } + Object[] passed = new Object[] { value }; + attributeValue = cons.newInstance(passed); + } else { + // attribute classes are usable for PKCS10 attributes. + // this is used where the attributes are not actual + // implemented extensions. + attributeValue = new ACertAttrSet(inAttrValue); + } + } catch (InvocationTargetException invk) { + throw new IOException(invk.getTargetException().getMessage()); + } catch (Exception e) { + throw new IOException(e.toString()); } } @@ -167,52 +163,51 @@ public class PKCS10Attribute implements DerEncoder, Serializable { /** * Write the output to the DerOutputStream. - * + * * @param out the OutputStream to write the attribute to. * @exception CertificateException on certificate encoding errors. * @exception IOException on encoding errors. */ public void encode(OutputStream out) - throws CertificateException, IOException { + throws CertificateException, IOException { // Encode the attribute value - DerOutputStream outAttrValue = new DerOutputStream(); - attributeValue.encode(outAttrValue); + DerOutputStream outAttrValue = new DerOutputStream(); + attributeValue.encode(outAttrValue); - // Wrap the encoded attribute value into a SET - DerValue outAttrValueSet = new DerValue(DerValue.tag_Set, - outAttrValue.toByteArray()); + // Wrap the encoded attribute value into a SET + DerValue outAttrValueSet = new DerValue(DerValue.tag_Set, + outAttrValue.toByteArray()); - // Create the attribute + // Create the attribute DerOutputStream outAttr = new DerOutputStream(); outAttr.putOID(attributeId); - outAttr.putDerValue(outAttrValueSet); + outAttr.putDerValue(outAttrValueSet); - // Wrap the OID and the set of attribute values into a SEQUENCE + // Wrap the OID and the set of attribute values into a SEQUENCE DerOutputStream tmp = new DerOutputStream(); tmp.write(DerValue.tag_Sequence, outAttr); - // write the results to out - out.write(tmp.toByteArray()); + // write the results to out + out.write(tmp.toByteArray()); } /** * DER encode this object onto an output stream. * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the OutputStream on which to write the DER encoding. - * + * + * @param out + * the OutputStream on which to write the DER encoding. + * * @exception IOException on encoding errors. */ - public void derEncode (OutputStream out) throws IOException - { - try { - encode(out); - } catch (CertificateException ce) { - IOException ioe = new IOException(ce.toString()); - ioe.fillInStackTrace(); - throw ioe; - } + public void derEncode(OutputStream out) throws IOException { + try { + encode(out); + } catch (CertificateException ce) { + IOException ioe = new IOException(ce.toString()); + ioe.fillInStackTrace(); + throw ioe; + } } /** @@ -234,11 +229,8 @@ public class PKCS10Attribute implements DerEncoder, Serializable { */ public String toString() { String s = "AttributeId: " + attributeId.toString() + "\n"; - s += "AttributeValue: " + attributeValue.toString(); + s += "AttributeValue: " + attributeValue.toString(); return (s); } } - - - diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS10Attributes.java b/pki/base/util/src/netscape/security/pkcs/PKCS10Attributes.java index 441d7da2..46b309cc 100644 --- a/pki/base/util/src/netscape/security/pkcs/PKCS10Attributes.java +++ b/pki/base/util/src/netscape/security/pkcs/PKCS10Attributes.java @@ -30,7 +30,7 @@ import netscape.security.util.DerValue; /** * This class defines the PKCS10 attributes for the request. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.10 @@ -52,55 +52,54 @@ public class PKCS10Attributes extends Vector implements DerEncoder { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the attributes from. * @exception IOException on decoding errors. */ public PKCS10Attributes(DerInputStream in) - throws IOException { + throws IOException { map = new Hashtable(); - DerValue [] attrs = in.getSet(5,true); - - if (attrs != null) { - for (int i = 0; i < attrs.length; i++) { - PKCS10Attribute attr = new PKCS10Attribute(attrs[i]); - addElement(attr); - map.put(attr.getAttributeValue().getName(),attr); - } - } + DerValue[] attrs = in.getSet(5, true); + + if (attrs != null) { + for (int i = 0; i < attrs.length; i++) { + PKCS10Attribute attr = new PKCS10Attribute(attrs[i]); + addElement(attr); + map.put(attr.getAttributeValue().getName(), attr); + } + } } - /** * Encode the attributes in DER form to the stream. - * + * * @param out the OutputStream to marshal the contents to. - * + * * @exception IOException on encoding errors. */ public void encode(OutputStream out) - throws IOException { - derEncode(out); - } + throws IOException { + derEncode(out); + } /** * Encode the attributes in DER form to the stream. * Implements the <code>DerEncoder</code> interface. - * + * * @param out the OutputStream to marshal the contents to. * @exception IOException on encoding errors. */ public void derEncode(OutputStream out) - throws IOException { + throws IOException { - // first copy the elements into an array - PKCS10Attribute[] attribs = new PKCS10Attribute[size()]; - copyInto(attribs); + // first copy the elements into an array + PKCS10Attribute[] attribs = new PKCS10Attribute[size()]; + copyInto(attribs); - DerOutputStream attrOut = new DerOutputStream(); - attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT,true,(byte)0), - attribs); + DerOutputStream attrOut = new DerOutputStream(); + attrOut.putOrderedSetOf(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), + attribs); out.write(attrOut.toByteArray()); } @@ -109,7 +108,7 @@ public class PKCS10Attributes extends Vector implements DerEncoder { * Set the attribute value. */ public void setAttribute(String name, Object obj) throws IOException { - map.put(name,obj); + map.put(name, obj); addElement(obj); } @@ -118,11 +117,11 @@ public class PKCS10Attributes extends Vector implements DerEncoder { */ public Object getAttribute(String name) throws IOException { Object obj = map.get(name); - /* + /* if (obj == null) { throw new IOException("No attribute found with name " + name); } - */ + */ return (obj); } @@ -142,7 +141,7 @@ public class PKCS10Attributes extends Vector implements DerEncoder { * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration getElements () { + public Enumeration getElements() { return (map.elements()); } } diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS7.java b/pki/base/util/src/netscape/security/pkcs/PKCS7.java index c31e1245..b28c570c 100644 --- a/pki/base/util/src/netscape/security/pkcs/PKCS7.java +++ b/pki/base/util/src/netscape/security/pkcs/PKCS7.java @@ -40,12 +40,12 @@ import netscape.security.x509.X509CertImpl; /** * PKCS7 as defined in RSA Laboratories PKCS7 Technical Note. Profile * Supports only <tt>SignedData</tt> ContentInfo - * type, where to the type of data signed is plain Data. + * type, where to the type of data signed is plain Data. * For signedData, <tt>crls</tt>, <tt>attributes</tt> and * PKCS#6 Extended Certificates are not supported. - * + * * @version 1.33 97/12/10 - * @author Benjamin Renaud + * @author Benjamin Renaud */ public class PKCS7 { @@ -61,390 +61,389 @@ public class PKCS7 { /** * Unmarshals a PKCS7 block from its encoded form, parsing the * encoded bytes from the InputStream. - * + * * @param in an input stream holding at least one PKCS7 block. * @exception ParsingException on parsing errors. * @exception IOException on other errors. */ public PKCS7(InputStream in) throws ParsingException, IOException { - DataInputStream dis = new DataInputStream(in); - - int len = 0; - byte[] newbuf = new byte[len]; - byte[] oldbuf = new byte[len]; - byte[] data = new byte[len]; - - do { - newbuf = new byte[dis.available()]; - len += dis.available(); - dis.readFully(newbuf); - data = new byte[len]; - - System.arraycopy(oldbuf, 0, data, 0, oldbuf.length); - System.arraycopy(newbuf, 0, data, oldbuf.length, newbuf.length); - oldbuf = new byte[len]; - System.arraycopy(data, 0, oldbuf, 0, data.length); - - } while (dis.available() > 0); - - parse(new DerInputStream(data)); + DataInputStream dis = new DataInputStream(in); + + int len = 0; + byte[] newbuf = new byte[len]; + byte[] oldbuf = new byte[len]; + byte[] data = new byte[len]; + + do { + newbuf = new byte[dis.available()]; + len += dis.available(); + dis.readFully(newbuf); + data = new byte[len]; + + System.arraycopy(oldbuf, 0, data, 0, oldbuf.length); + System.arraycopy(newbuf, 0, data, oldbuf.length, newbuf.length); + oldbuf = new byte[len]; + System.arraycopy(data, 0, oldbuf, 0, data.length); + + } while (dis.available() > 0); + + parse(new DerInputStream(data)); } - + /** * Unmarshals a PKCS7 block from its encoded form, parsing the * encoded bytes from the DerInputStream. - * + * * @param derin a DerInputStream holding at least one PKCS7 block. * @exception ParsingException on parsing errors. */ public PKCS7(DerInputStream derin) throws ParsingException { - parse(derin); + parse(derin); } /** * Unmarshals a PKCS7 block from its encoded form, parsing the * encoded bytes. - * + * * @param bytes the encoded bytes. * @exception ParsingException on parsing errors. */ public PKCS7(byte[] bytes) throws ParsingException { - DerInputStream derin = new DerInputStream(bytes); - parse(derin); + DerInputStream derin = new DerInputStream(bytes); + parse(derin); } private void parse(DerInputStream derin) throws ParsingException { - try { - ContentInfo contentInfo = new ContentInfo(derin); - contentType = contentInfo.contentType; - if (contentType.equals(ContentInfo.SIGNED_DATA_OID)) { - parseSignedData(contentInfo.getContent()); - } else { - throw new ParsingException("content type " + contentType + - " not supported."); - } - } catch (IOException e) { - ParsingException pe = - new ParsingException("IOException: " + e.getMessage()); - pe.fillInStackTrace(); - throw pe; - } + try { + ContentInfo contentInfo = new ContentInfo(derin); + contentType = contentInfo.contentType; + if (contentType.equals(ContentInfo.SIGNED_DATA_OID)) { + parseSignedData(contentInfo.getContent()); + } else { + throw new ParsingException("content type " + contentType + + " not supported."); + } + } catch (IOException e) { + ParsingException pe = + new ParsingException("IOException: " + e.getMessage()); + pe.fillInStackTrace(); + throw pe; + } } /** - * Construct an initialized PKCS7 block. - * + * Construct an initialized PKCS7 block. + * * @param digestAlgorithmIds the message digest algorithm identifiers. * @param contentInfo the content information. * @param certificates an array of X.509 certificates. * @param signerInfos an array of signer information. */ public PKCS7(AlgorithmId[] digestAlgorithmIds, - ContentInfo contentInfo, - X509Certificate[] certificates, - SignerInfo[] signerInfos) { - - version = new BigInt(1); - this.digestAlgorithmIds = digestAlgorithmIds; - this.contentInfo = contentInfo; - this.certificates = certificates; - this.signerInfos = signerInfos; + ContentInfo contentInfo, + X509Certificate[] certificates, + SignerInfo[] signerInfos) { + + version = new BigInt(1); + this.digestAlgorithmIds = digestAlgorithmIds; + this.contentInfo = contentInfo; + this.certificates = certificates; + this.signerInfos = signerInfos; } private void parseSignedData(DerValue val) - throws ParsingException, IOException { - - DerInputStream dis = val.toDerInputStream(); - - // Version - version = dis.getInteger(); - - // digestAlgorithmIds - DerValue[] digestAlgorithmIdVals = dis.getSet(1); - int len = digestAlgorithmIdVals.length; - digestAlgorithmIds = new AlgorithmId[len]; - try { - for (int i = 0; i < len; i++) { - DerValue oid = digestAlgorithmIdVals[i]; - digestAlgorithmIds[i] = AlgorithmId.parse(oid); - } - - } catch (IOException e) { - ParsingException pe = - new ParsingException("Error parsing digest AlgorithmId IDs: " + - e.getMessage()); - pe.fillInStackTrace(); - throw pe; - } - // contentInfo - contentInfo = new ContentInfo(dis); - - /* - * check if certificates (implicit tag) are provided - * (certificates are OPTIONAL) - */ - if ((byte)(dis.peekByte()) == (byte)0xA0) { - DerValue[] certificateVals = dis.getSet(2, true); - - len = certificateVals.length; - certificates = new X509Certificate[len]; - - for (int i = 0; i < len; i++) { - try { - X509Certificate cert = (X509Certificate) new + throws ParsingException, IOException { + + DerInputStream dis = val.toDerInputStream(); + + // Version + version = dis.getInteger(); + + // digestAlgorithmIds + DerValue[] digestAlgorithmIdVals = dis.getSet(1); + int len = digestAlgorithmIdVals.length; + digestAlgorithmIds = new AlgorithmId[len]; + try { + for (int i = 0; i < len; i++) { + DerValue oid = digestAlgorithmIdVals[i]; + digestAlgorithmIds[i] = AlgorithmId.parse(oid); + } + + } catch (IOException e) { + ParsingException pe = + new ParsingException("Error parsing digest AlgorithmId IDs: " + + e.getMessage()); + pe.fillInStackTrace(); + throw pe; + } + // contentInfo + contentInfo = new ContentInfo(dis); + + /* + * check if certificates (implicit tag) are provided + * (certificates are OPTIONAL) + */ + if ((byte) (dis.peekByte()) == (byte) 0xA0) { + DerValue[] certificateVals = dis.getSet(2, true); + + len = certificateVals.length; + certificates = new X509Certificate[len]; + + for (int i = 0; i < len; i++) { + try { + X509Certificate cert = (X509Certificate) new X509CertImpl(certificateVals[i]); - certificates[i] = cert; - } catch (CertificateException e) { - ParsingException pe = - new ParsingException("CertificateException: " + - e.getMessage()); - pe.fillInStackTrace(); - throw pe; - } - } - } - - // check if crls (implicit tag) are provided (crls are OPTIONAL) - if ((byte)(dis.peekByte()) == (byte)0xA1) { - dis.getSet(0, true); - } - - // signerInfos - DerValue[] signerInfoVals = dis.getSet(1); - - len = signerInfoVals.length; - signerInfos = new SignerInfo[len]; - - for (int i = 0; i < len; i++) { - DerInputStream in = signerInfoVals[i].toDerInputStream(); - signerInfos[i] = new SignerInfo(in); - } + certificates[i] = cert; + } catch (CertificateException e) { + ParsingException pe = + new ParsingException("CertificateException: " + + e.getMessage()); + pe.fillInStackTrace(); + throw pe; + } + } + } + + // check if crls (implicit tag) are provided (crls are OPTIONAL) + if ((byte) (dis.peekByte()) == (byte) 0xA1) { + dis.getSet(0, true); + } + + // signerInfos + DerValue[] signerInfoVals = dis.getSet(1); + + len = signerInfoVals.length; + signerInfos = new SignerInfo[len]; + + for (int i = 0; i < len; i++) { + DerInputStream in = signerInfoVals[i].toDerInputStream(); + signerInfos[i] = new SignerInfo(in); + } } /** * Encodes the signed data to an output stream. - * + * * @param out the output stream to write the encoded data to. * @exception IOException on encoding errors. */ public void encodeSignedData(OutputStream out) throws IOException { - DerOutputStream derout = new DerOutputStream(); - encodeSignedData(derout, true); - out.write(derout.toByteArray()); + DerOutputStream derout = new DerOutputStream(); + encodeSignedData(derout, true); + out.write(derout.toByteArray()); } /** - * Like method above but not sorted. + * Like method above but not sorted. */ - public void encodeSignedData(OutputStream out, boolean sort) - throws IOException { - DerOutputStream derout = new DerOutputStream(); - encodeSignedData(derout, sort); - out.write(derout.toByteArray()); + public void encodeSignedData(OutputStream out, boolean sort) + throws IOException { + DerOutputStream derout = new DerOutputStream(); + encodeSignedData(derout, sort); + out.write(derout.toByteArray()); } /** * encode signed data, sort certs by default. */ public void encodeSignedData(DerOutputStream out) - throws IOException { - encodeSignedData(out, true); + throws IOException { + encodeSignedData(out, true); } /** * Encodes the signed data to a DerOutputStream. - * + * * @param out the DerOutputStream to write the encoded data to. * @exception IOException on encoding errors. */ - public void encodeSignedData(DerOutputStream out, boolean sort) - throws IOException { + public void encodeSignedData(DerOutputStream out, boolean sort) + throws IOException { - DerOutputStream signedData = new DerOutputStream(); + DerOutputStream signedData = new DerOutputStream(); - // version - signedData.putInteger(version); - - // digestAlgorithmIds - signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds); + // version + signedData.putInteger(version); - // contentInfo - contentInfo.encode(signedData); - - // certificates - DerOutputStream certs = new DerOutputStream(); + // digestAlgorithmIds + signedData.putOrderedSetOf(DerValue.tag_Set, digestAlgorithmIds); - // cast to X509CertImpl[] since X509CertImpl implements DerEncoder + // contentInfo + contentInfo.encode(signedData); + + // certificates + DerOutputStream certs = new DerOutputStream(); + + // cast to X509CertImpl[] since X509CertImpl implements DerEncoder X509CertImpl implCerts[] = new X509CertImpl[certificates.length]; - try { - for (int i = 0; i < certificates.length; i++) { - implCerts[i] = (X509CertImpl) certificates[i]; + try { + for (int i = 0; i < certificates.length; i++) { + implCerts[i] = (X509CertImpl) certificates[i]; } - } catch (ClassCastException e) { - IOException ioe = - new IOException("Certificates in PKCS7 " + - "must be of class " + - "netscape.security.X509CertImpl"); - ioe.fillInStackTrace(); - } - - // Add the certificate set (tagged with [0] IMPLICIT) - // to the signed data - if (sort) { - signedData.putOrderedSetOf((byte)0xA0, implCerts); - } - else { - signedData.putSet((byte)0xA0, implCerts); - } - - // no crls (OPTIONAL field) - - // signerInfos - signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos); - - // making it a signed data block - DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, - signedData.toByteArray()); - - // making it a content info sequence - ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, - signedDataSeq); - - // writing out the contentInfo sequence - block.encode(out); + } catch (ClassCastException e) { + IOException ioe = + new IOException("Certificates in PKCS7 " + + "must be of class " + + "netscape.security.X509CertImpl"); + ioe.fillInStackTrace(); + } + + // Add the certificate set (tagged with [0] IMPLICIT) + // to the signed data + if (sort) { + signedData.putOrderedSetOf((byte) 0xA0, implCerts); + } else { + signedData.putSet((byte) 0xA0, implCerts); + } + + // no crls (OPTIONAL field) + + // signerInfos + signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos); + + // making it a signed data block + DerValue signedDataSeq = new DerValue(DerValue.tag_Sequence, + signedData.toByteArray()); + + // making it a content info sequence + ContentInfo block = new ContentInfo(ContentInfo.SIGNED_DATA_OID, + signedDataSeq); + + // writing out the contentInfo sequence + block.encode(out); } /** * This verifies a given SignerInfo. - * + * * @param info the signer information. * @param bytes the DER encoded content information. - * + * * @exception NoSuchAlgorithmException on unrecognized algorithms. * @exception SignatureException on signature handling errors. */ - public SignerInfo verify(SignerInfo info, byte[] bytes) - throws NoSuchAlgorithmException, SignatureException { - return info.verify(this, bytes); + public SignerInfo verify(SignerInfo info, byte[] bytes) + throws NoSuchAlgorithmException, SignatureException { + return info.verify(this, bytes); } - /** + /** * Returns all signerInfos which self-verify. - * + * * @param bytes the DER encoded content information. - * + * * @exception NoSuchAlgorithmException on unrecognized algorithms. * @exception SignatureException on signature handling errors. */ public SignerInfo[] verify(byte[] bytes) - throws NoSuchAlgorithmException, SignatureException { - - Vector intResult = new Vector(); - for (int i = 0; i < signerInfos.length; i++) { - - SignerInfo signerInfo = verify(signerInfos[i], bytes); - if (signerInfo != null) { - intResult.addElement(signerInfo); - } - } - if (intResult.size() != 0) { - - SignerInfo[] result = new SignerInfo[intResult.size()]; - intResult.copyInto(result); - return result; - } - return null; + throws NoSuchAlgorithmException, SignatureException { + + Vector intResult = new Vector(); + for (int i = 0; i < signerInfos.length; i++) { + + SignerInfo signerInfo = verify(signerInfos[i], bytes); + if (signerInfo != null) { + intResult.addElement(signerInfo); + } + } + if (intResult.size() != 0) { + + SignerInfo[] result = new SignerInfo[intResult.size()]; + intResult.copyInto(result); + return result; + } + return null; } - /** + /** * Returns all signerInfos which self-verify. - * + * * @exception NoSuchAlgorithmException on unrecognized algorithms. * @exception SignatureException on signature handling errors. */ - public SignerInfo[] verify() - throws NoSuchAlgorithmException, SignatureException { - return verify(null); + public SignerInfo[] verify() + throws NoSuchAlgorithmException, SignatureException { + return verify(null); } - - /** + + /** * Returns the version number of this PKCS7 block. */ - public BigInt getVersion() { - return version; + public BigInt getVersion() { + return version; } - /** + /** * Returns the message digest algorithms specified in this PKCS7 block. */ public AlgorithmId[] getDigestAlgorithmIds() { - return digestAlgorithmIds; + return digestAlgorithmIds; } - /** + /** * Returns the content information specified in this PKCS7 block. */ public ContentInfo getContentInfo() { - return contentInfo; + return contentInfo; } - /** + /** * Returns the X.509 certificates listed in this PKCS7 block. */ public X509Certificate[] getCertificates() { - return certificates; + return certificates; } - /** + /** * Returns the signer's information specified in this PKCS7 block. */ public SignerInfo[] getSignerInfos() { - return signerInfos; + return signerInfos; } - /** + /** * Returns the X.509 certificate listed in this PKCS7 block * which has a matching serial number and Issuer name, or * null if one is not found. - * + * * @param serial the serial number of the certificate to retrieve. * @param name the Distinguished Name of the Issuer. */ public X509Certificate getCertificate(BigInt serial, X500Name name) { - for (int i = 0; i < certificates.length; i++) { - X509Certificate cert = certificates[i]; - X500Name thisName = (X500Name)cert.getIssuerDN(); - BigInteger tmpSerial = (BigInteger)cert.getSerialNumber(); - BigInt thisSerial = new BigInt(tmpSerial); - if (serial.equals(thisSerial) && name.equals(thisName)) { - return cert; - } - } - return null; + for (int i = 0; i < certificates.length; i++) { + X509Certificate cert = certificates[i]; + X500Name thisName = (X500Name) cert.getIssuerDN(); + BigInteger tmpSerial = (BigInteger) cert.getSerialNumber(); + BigInt thisSerial = new BigInt(tmpSerial); + if (serial.equals(thisSerial) && name.equals(thisName)) { + return cert; + } + } + return null; } - /** + /** * Returns the PKCS7 block in a printable string form. */ public String toString() { - String out = ""; - - out += "PKCS7 :: version: " + version + "\n"; - out += "PKCS7 :: digest AlgorithmIds: \n"; - for (int i = 0; i < digestAlgorithmIds.length; i++) { - out += "\t" + digestAlgorithmIds[i] + "\n"; - } - out += contentInfo + "\n"; - out += "PKCS7 :: certificates: \n"; - for (int i = 0; i < certificates.length; i++) { - out += "\t" + i + ". " + certificates[i] + "\n"; - } - out += "PKCS7 :: signer infos: \n"; - for (int i = 0; i < signerInfos.length; i++) { - out += ("\t" + i + ". " + signerInfos[i] + "\n"); - } - return out; + String out = ""; + + out += "PKCS7 :: version: " + version + "\n"; + out += "PKCS7 :: digest AlgorithmIds: \n"; + for (int i = 0; i < digestAlgorithmIds.length; i++) { + out += "\t" + digestAlgorithmIds[i] + "\n"; + } + out += contentInfo + "\n"; + out += "PKCS7 :: certificates: \n"; + for (int i = 0; i < certificates.length; i++) { + out += "\t" + i + ". " + certificates[i] + "\n"; + } + out += "PKCS7 :: signer infos: \n"; + for (int i = 0; i < signerInfos.length; i++) { + out += ("\t" + i + ". " + signerInfos[i] + "\n"); + } + return out; } } diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java b/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java index eb4478fc..f3df3d94 100644 --- a/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java +++ b/pki/base/util/src/netscape/security/pkcs/PKCS8Key.java @@ -40,7 +40,7 @@ import netscape.security.x509.AlgorithmId; /** * Holds a PKCS#8 key, for example a private key - * + * * @version 1.30, 97/12/10 * @author Dave Brownell * @author Benjamin Renaud @@ -61,73 +61,70 @@ public class PKCS8Key implements PrivateKey { /* The version for this key */ public static final BigInteger VERSION = BigInteger.valueOf(0); - + /** - * Default constructor. The key constructed must have its key + * Default constructor. The key constructed must have its key * and algorithm initialized before it may be used, for example * by using <code>decode</code>. */ - public PKCS8Key() { } + public PKCS8Key() { + } /** - * Construct PKCS#8 subject public key from a DER value. If + * Construct PKCS#8 subject public key from a DER value. If * the runtime environment is configured with a specific class for - * this kind of key, a subclass is returned. Otherwise, a generic + * this kind of key, a subclass is returned. Otherwise, a generic * PKCS8Key object is returned. * - * <P>This mechanism gurantees that keys (and algorithms) may be - * freely manipulated and transferred, without risk of losing - * information. Also, when a key (or algorithm) needs some special - * handling, that specific need can be accomodated. - * + * <P> + * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be accomodated. + * * @param in the DER-encoded SubjectPublicKeyInfo value * @exception IOException on data format errors */ - public static PKCS8Key parse (DerValue in) throws IOException - { - AlgorithmId algorithm; - PKCS8Key subjectKey; - - if (in.tag != DerValue.tag_Sequence) - throw new IOException ("corrupt private key"); - - BigInteger parsedVersion = in.data.getInteger().toBigInteger(); - if (!VERSION.equals(parsedVersion)) { - throw new IOException("version mismatch: (supported: " + - VERSION + ", parsed: " + - parsedVersion); - } - - algorithm = AlgorithmId.parse (in.data.getDerValue ()); - - try { - subjectKey = buildPKCS8Key (algorithm, in.data.getOctetString ()); - - } catch (InvalidKeyException e) { - throw new IOException("corrupt private key"); - } - - if (in.data.available () != 0) - throw new IOException ("excess private key"); - return subjectKey; + public static PKCS8Key parse(DerValue in) throws IOException { + AlgorithmId algorithm; + PKCS8Key subjectKey; + + if (in.tag != DerValue.tag_Sequence) + throw new IOException("corrupt private key"); + + BigInteger parsedVersion = in.data.getInteger().toBigInteger(); + if (!VERSION.equals(parsedVersion)) { + throw new IOException("version mismatch: (supported: " + + VERSION + ", parsed: " + + parsedVersion); + } + + algorithm = AlgorithmId.parse(in.data.getDerValue()); + + try { + subjectKey = buildPKCS8Key(algorithm, in.data.getOctetString()); + + } catch (InvalidKeyException e) { + throw new IOException("corrupt private key"); + } + + if (in.data.available() != 0) + throw new IOException("excess private key"); + return subjectKey; } /** - * Parse the key bits. This may be redefined by subclasses to take - * advantage of structure within the key. For example, RSA public + * Parse the key bits. This may be redefined by subclasses to take + * advantage of structure within the key. For example, RSA public * keys encapsulate two unsigned integers (modulus and exponent) as * DER values within the <code>key</code> bits; Diffie-Hellman and * DSS/DSA keys encapsulate a single unsigned integer. - * - * <P>This function is called when creating PKCS#8 SubjectPublicKeyInfo - * values using the PKCS8Key member functions, such as <code>parse</code> - * and <code>decode</code>. - * + * + * <P> + * This function is called when creating PKCS#8 SubjectPublicKeyInfo values using the PKCS8Key member functions, such as <code>parse</code> and <code>decode</code>. + * * @exception IOException if a parsing error occurs. * @exception InvalidKeyException if the key encoding is invalid. */ - protected void parseKeyBits () throws IOException, InvalidKeyException { - encode(); + protected void parseKeyBits() throws IOException, InvalidKeyException { + encode(); } /* @@ -135,203 +132,198 @@ public class PKCS8Key implements PrivateKey { * specific algorithm ID or else returning this generic base class. * See the description above. */ - public static PKCS8Key buildPKCS8Key (AlgorithmId algid, byte[] key) - throws IOException, InvalidKeyException - { - /* - * Use the algid and key parameters to produce the ASN.1 encoding - * of the key, which will then be used as the input to the - * key factory. - */ - DerOutputStream pkcs8EncodedKeyStream = new DerOutputStream(); - encode(pkcs8EncodedKeyStream, algid, key); - PKCS8EncodedKeySpec pkcs8KeySpec - = new PKCS8EncodedKeySpec(pkcs8EncodedKeyStream.toByteArray()); - - try { - // Instantiate the key factory of the appropriate algorithm - KeyFactory keyFac = KeyFactory.getInstance(algid.getName()); - - // Generate the private key - PrivateKey privKey = keyFac.generatePrivate(pkcs8KeySpec); - - if (privKey instanceof PKCS8Key) { - /* - * Return specialized PKCS8Key, where the structure within the - * key has been parsed - */ - return (PKCS8Key)privKey; - } - } catch (NoSuchAlgorithmException e) { - // Return generic PKCS8Key with opaque key data (see below) - } catch (InvalidKeySpecException e) { - // Return generic PKCS8Key with opaque key data (see below) - } - - /* - * Try again using JDK1.1-style for backwards compatibility. - */ - String classname = ""; - try { - Properties props; - String keytype; - Provider sunProvider; - - sunProvider = Security.getProvider("SUN"); - if (sunProvider == null) - throw new InstantiationException(); - classname = sunProvider.getProperty("PrivateKey.PKCS#8." + - algid.getName()); - if (classname == null) { - throw new InstantiationException(); - } - - Class keyClass = Class.forName(classname); - Object inst; - PKCS8Key result; - - inst = keyClass.newInstance(); - if (inst instanceof PKCS8Key) { - result = (PKCS8Key) inst; - result.algid = algid; - result.key = key; - result.parseKeyBits(); - return result; - } - } catch (ClassNotFoundException e) { - } catch (InstantiationException e) { - } catch (IllegalAccessException e) { - // this should not happen. - throw new IOException (classname + " [internal error]"); - } - - PKCS8Key result = new PKCS8Key(); - result.algid = algid; - result.key = key; - return result; + public static PKCS8Key buildPKCS8Key(AlgorithmId algid, byte[] key) + throws IOException, InvalidKeyException { + /* + * Use the algid and key parameters to produce the ASN.1 encoding + * of the key, which will then be used as the input to the + * key factory. + */ + DerOutputStream pkcs8EncodedKeyStream = new DerOutputStream(); + encode(pkcs8EncodedKeyStream, algid, key); + PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(pkcs8EncodedKeyStream.toByteArray()); + + try { + // Instantiate the key factory of the appropriate algorithm + KeyFactory keyFac = KeyFactory.getInstance(algid.getName()); + + // Generate the private key + PrivateKey privKey = keyFac.generatePrivate(pkcs8KeySpec); + + if (privKey instanceof PKCS8Key) { + /* + * Return specialized PKCS8Key, where the structure within the + * key has been parsed + */ + return (PKCS8Key) privKey; + } + } catch (NoSuchAlgorithmException e) { + // Return generic PKCS8Key with opaque key data (see below) + } catch (InvalidKeySpecException e) { + // Return generic PKCS8Key with opaque key data (see below) + } + + /* + * Try again using JDK1.1-style for backwards compatibility. + */ + String classname = ""; + try { + Properties props; + String keytype; + Provider sunProvider; + + sunProvider = Security.getProvider("SUN"); + if (sunProvider == null) + throw new InstantiationException(); + classname = sunProvider.getProperty("PrivateKey.PKCS#8." + + algid.getName()); + if (classname == null) { + throw new InstantiationException(); + } + + Class keyClass = Class.forName(classname); + Object inst; + PKCS8Key result; + + inst = keyClass.newInstance(); + if (inst instanceof PKCS8Key) { + result = (PKCS8Key) inst; + result.algid = algid; + result.key = key; + result.parseKeyBits(); + return result; + } + } catch (ClassNotFoundException e) { + } catch (InstantiationException e) { + } catch (IllegalAccessException e) { + // this should not happen. + throw new IOException(classname + " [internal error]"); + } + + PKCS8Key result = new PKCS8Key(); + result.algid = algid; + result.key = key; + return result; } /** * Returns the algorithm to be used with this key. */ - public String getAlgorithm() { - return algid.getName(); + public String getAlgorithm() { + return algid.getName(); } /** * Returns the algorithm ID to be used with this key. */ - public AlgorithmId getAlgorithmId () { return algid; } + public AlgorithmId getAlgorithmId() { + return algid; + } /** * PKCS#8 sequence on the DER output stream. */ - public final void encode(DerOutputStream out) throws IOException - { - encode(out, this.algid, this.key); + public final void encode(DerOutputStream out) throws IOException { + encode(out, this.algid, this.key); } /** * Returns the DER-encoded form of the key as a byte array. */ public synchronized byte[] getEncoded() { - byte[] result = null; - try { - result = encode(); - } catch (InvalidKeyException e) { - } - return result; + byte[] result = null; + try { + result = encode(); + } catch (InvalidKeyException e) { + } + return result; } /** * Returns the format for this key: "PKCS#8" */ public String getFormat() { - return "PKCS#8"; + return "PKCS#8"; } /** * Returns the DER-encoded form of the key as a byte array. - * + * * @exception InvalidKeyException if an encoding error occurs. */ public byte[] encode() throws InvalidKeyException { - if (encodedKey == null) { - try { - DerOutputStream out; - - out = new DerOutputStream (); - encode (out); - encodedKey = out.toByteArray(); - - } catch (IOException e) { - throw new InvalidKeyException ("IOException : " + - e.getMessage()); - } - } - return copyEncodedKey(encodedKey); + if (encodedKey == null) { + try { + DerOutputStream out; + + out = new DerOutputStream(); + encode(out); + encodedKey = out.toByteArray(); + + } catch (IOException e) { + throw new InvalidKeyException("IOException : " + + e.getMessage()); + } + } + return copyEncodedKey(encodedKey); } /* * Returns a printable representation of the key */ - public String toString () - { - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String keybits = pp.toHexString(key); - - return "algorithm = " + algid.toString () - + ", unparsed keybits = \n" + keybits; + public String toString() { + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String keybits = pp.toHexString(key); + + return "algorithm = " + algid.toString() + + ", unparsed keybits = \n" + keybits; } - /** - * Initialize an PKCS8Key object from an input stream. The data + /** + * Initialize an PKCS8Key object from an input stream. The data * on that input stream must be encoded using DER, obeying the * PKCS#8 format: a sequence consisting of a version, an algorithm - * ID and a bit string which holds the key. (That bit string is + * ID and a bit string which holds the key. (That bit string is * often used to encapsulate another DER encoded sequence.) - * - * <P>Subclasses should not normally redefine this method; they should - * instead provide a <code>parseKeyBits</code> method to parse any - * fields inside the <code>key</code> member. - * + * + * <P> + * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code> method to parse any fields inside the <code>key</code> member. + * * @param in an input stream with a DER-encoded PKCS#8 - * SubjectPublicKeyInfo value - * + * SubjectPublicKeyInfo value + * * @exception InvalidKeyException if a parsing error occurs. */ - public void decode(InputStream in) throws InvalidKeyException - { - DerValue val; - - try { - val = new DerValue (in); - if (val.tag != DerValue.tag_Sequence) - throw new InvalidKeyException ("invalid key format"); - - - BigInteger version = val.data.getInteger().toBigInteger(); - if (!version.equals(PKCS8Key.VERSION)) { - throw new IOException("version mismatch: (supported: " + - PKCS8Key.VERSION + ", parsed: " + - version); - } - algid = AlgorithmId.parse (val.data.getDerValue ()); - key = val.data.getOctetString (); - parseKeyBits (); - if (val.data.available () != 0) - throw new InvalidKeyException ("excess key data"); - - } catch (IOException e) { - // e.printStackTrace (); - throw new InvalidKeyException("IOException : " + - e.getMessage()); - } + public void decode(InputStream in) throws InvalidKeyException { + DerValue val; + + try { + val = new DerValue(in); + if (val.tag != DerValue.tag_Sequence) + throw new InvalidKeyException("invalid key format"); + + BigInteger version = val.data.getInteger().toBigInteger(); + if (!version.equals(PKCS8Key.VERSION)) { + throw new IOException("version mismatch: (supported: " + + PKCS8Key.VERSION + ", parsed: " + + version); + } + algid = AlgorithmId.parse(val.data.getDerValue()); + key = val.data.getOctetString(); + parseKeyBits(); + if (val.data.available() != 0) + throw new InvalidKeyException("excess key data"); + + } catch (IOException e) { + // e.printStackTrace (); + throw new InvalidKeyException("IOException : " + + e.getMessage()); + } } public void decode(byte[] encodedKey) throws InvalidKeyException { - decode(new ByteArrayInputStream(encodedKey)); + decode(new ByteArrayInputStream(encodedKey)); } /** @@ -339,48 +331,48 @@ public class PKCS8Key implements PrivateKey { * themselves, and they're parsed when they get read back. */ private synchronized void - writeObject (java.io.ObjectOutputStream stream) - throws IOException { - stream.write(getEncoded()); + writeObject(java.io.ObjectOutputStream stream) + throws IOException { + stream.write(getEncoded()); } /** * Serialization read ... PKCS#8 keys serialize as * themselves, and they're parsed when they get read back. */ - private synchronized void readObject (ObjectInputStream stream) - throws IOException { + private synchronized void readObject(ObjectInputStream stream) + throws IOException { - try { - decode(stream); + try { + decode(stream); - } catch (InvalidKeyException e) { - e.printStackTrace(); - throw new IOException("deserialized key is invalid: " + - e.getMessage()); - } + } catch (InvalidKeyException e) { + e.printStackTrace(); + throw new IOException("deserialized key is invalid: " + + e.getMessage()); + } } /* * Make a copy of the encoded key. */ private byte[] copyEncodedKey(byte[] encodedKey) { - int len = encodedKey.length; - byte[] copy = new byte[len]; - System.arraycopy(encodedKey, 0, copy, 0, len); - return copy; + int len = encodedKey.length; + byte[] copy = new byte[len]; + System.arraycopy(encodedKey, 0, copy, 0, len); + return copy; } /* * Produce PKCS#8 encoding from algorithm id and key material. */ static void encode(DerOutputStream out, AlgorithmId algid, byte[] key) - throws IOException { - DerOutputStream tmp = new DerOutputStream(); - tmp.putInteger(new BigInt(VERSION.toByteArray())); - algid.encode(tmp); - tmp.putOctetString(key); - out.write(DerValue.tag_Sequence, tmp); + throws IOException { + DerOutputStream tmp = new DerOutputStream(); + tmp.putInteger(new BigInt(VERSION.toByteArray())); + algid.encode(tmp); + tmp.putOctetString(key); + out.write(DerValue.tag_Sequence, tmp); } /** @@ -388,42 +380,42 @@ public class PKCS8Key implements PrivateKey { * to compare is not of type <code>Key</code>. * Otherwise, the encoding of this key object is compared with the * encoding of the given key object. - * + * * @param object the object with which to compare * @return <code>true</code> if this key has the same encoding as the - * object argument; <code>false</code> otherwise. + * object argument; <code>false</code> otherwise. */ public boolean equals(Object object) { - if (this == object) { - return true; - } - - if (object instanceof Key) { - - // this encoding - byte[] b1; - if (encodedKey != null) { - b1 = encodedKey; - } else { - b1 = getEncoded(); - } - - // that encoding - byte[] b2 = ((Key)object).getEncoded(); - - // do the comparison - int i; - if (b1.length != b2.length) - return false; - for (i = 0; i < b1.length; i++) { - if (b1[i] != b2[i]) { - return false; - } - } - return true; - } - - return false; + if (this == object) { + return true; + } + + if (object instanceof Key) { + + // this encoding + byte[] b1; + if (encodedKey != null) { + b1 = encodedKey; + } else { + b1 = getEncoded(); + } + + // that encoding + byte[] b2 = ((Key) object).getEncoded(); + + // do the comparison + int i; + if (b1.length != b2.length) + return false; + for (i = 0; i < b1.length; i++) { + if (b1[i] != b2[i]) { + return false; + } + } + return true; + } + + return false; } /** @@ -432,11 +424,11 @@ public class PKCS8Key implements PrivateKey { */ public int hashCode() { int retval = 0; - byte[] b1 = getEncoded(); + byte[] b1 = getEncoded(); for (int i = 1; i < b1.length; i++) { retval += b1[i] * i; } - return(retval); + return (retval); } } diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java b/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java index fc25e8d8..e24a3d92 100644 --- a/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java +++ b/pki/base/util/src/netscape/security/pkcs/PKCS9Attribute.java @@ -32,9 +32,9 @@ import netscape.security.x509.CertificateExtensions; /** * Class supporting any PKCS9 attribute except - * ExtendedCertificateAttribute. Supports DER decoding and access to + * ExtendedCertificateAttribute. Supports DER decoding and access to * attribute values, but not DER encoding or setting of values. - * + * * @version 1.2 97/12/10 * @author Douglas Hoover */ @@ -50,17 +50,17 @@ public class PKCS9Attribute implements DerEncoder { /** * Array of attribute OIDs defined in PKCS9, by number. */ - static final ObjectIdentifier[] PKCS9_OIDS = - //new ObjectIdentifier[10]; - // There are some Obsolete(?) attribute identifiers. - // This is mainly for extensionRequest (14) in pkcs10. - // We just add the other 4 as by products. - new ObjectIdentifier[15]; - - static { // static initializer for PKCS9_OIDS - for (int i = 1; i < PKCS9_OIDS.length; i++) { - PKCS9_OIDS[i] = new ObjectIdentifier(PKCS9_str + "." + i); - } + static final ObjectIdentifier[] PKCS9_OIDS = + //new ObjectIdentifier[10]; + // There are some Obsolete(?) attribute identifiers. + // This is mainly for extensionRequest (14) in pkcs10. + // We just add the other 4 as by products. + new ObjectIdentifier[15]; + + static { // static initializer for PKCS9_OIDS + for (int i = 1; i < PKCS9_OIDS.length; i++) { + PKCS9_OIDS[i] = new ObjectIdentifier(PKCS9_str + "." + i); + } } public static final ObjectIdentifier EMAIL_ADDRESS_OID = PKCS9_OIDS[1]; @@ -71,19 +71,13 @@ public class PKCS9Attribute implements DerEncoder { public static final ObjectIdentifier COUNTERSIGNATURE_OID = PKCS9_OIDS[6]; public static final ObjectIdentifier CHALLENGE_PASSWORD_OID = PKCS9_OIDS[7]; public static final ObjectIdentifier UNSTRUCTURED_ADDRESS_OID = PKCS9_OIDS[8]; - public static final ObjectIdentifier - EXTENDED_CERTIFICATE_ATTRIBUTES_OID = PKCS9_OIDS[9]; - - public static final ObjectIdentifier - ISSUER_AND_SERIALNUMBER_OID = PKCS9_OIDS[10]; - public static final ObjectIdentifier - PASSWORD_CHECK_OID = PKCS9_OIDS[11]; - public static final ObjectIdentifier - PUBLIC_KEY_OID = PKCS9_OIDS[12]; - public static final ObjectIdentifier - SIGNING_DESCRIPTION_OID = PKCS9_OIDS[13]; - public static final ObjectIdentifier - EXTENSION_REQUEST_OID = PKCS9_OIDS[14]; + public static final ObjectIdentifier EXTENDED_CERTIFICATE_ATTRIBUTES_OID = PKCS9_OIDS[9]; + + public static final ObjectIdentifier ISSUER_AND_SERIALNUMBER_OID = PKCS9_OIDS[10]; + public static final ObjectIdentifier PASSWORD_CHECK_OID = PKCS9_OIDS[11]; + public static final ObjectIdentifier PUBLIC_KEY_OID = PKCS9_OIDS[12]; + public static final ObjectIdentifier SIGNING_DESCRIPTION_OID = PKCS9_OIDS[13]; + public static final ObjectIdentifier EXTENSION_REQUEST_OID = PKCS9_OIDS[14]; public static final String EMAIL_ADDRESS_STR = "EmailAddress"; public static final String UNSTRUCTURED_NAME_STR = "UnstructuredName"; @@ -93,43 +87,37 @@ public class PKCS9Attribute implements DerEncoder { public static final String COUNTERSIGNATURE_STR = "Countersignature"; public static final String CHALLENGE_PASSWORD_STR = "ChallengePassword"; public static final String UNSTRUCTURED_ADDRESS_STR = "UnstructuredAddress"; - public static final String - EXTENDED_CERTIFICATE_ATTRIBUTES_STR = "ExtendedCertificateAttributes"; - - public static final String - ISSUER_AND_SERIALNUMBER_STR = "IssuerAndSerialNumber"; - public static final String - PASSWORD_CHECK_STR = "PasswordCheck"; - public static final String - PUBLIC_KEY_STR = "PublicKey"; - public static final String - SIGNING_DESCRIPTION_STR = "SigningDescription"; - public static final String - EXTENSION_REQUEST_STR = "ExtensionRequest"; - - /** - * Hashtable mapping names and variant names of supported - * attributes to their OIDs. This table contains all name forms + public static final String EXTENDED_CERTIFICATE_ATTRIBUTES_STR = "ExtendedCertificateAttributes"; + + public static final String ISSUER_AND_SERIALNUMBER_STR = "IssuerAndSerialNumber"; + public static final String PASSWORD_CHECK_STR = "PasswordCheck"; + public static final String PUBLIC_KEY_STR = "PublicKey"; + public static final String SIGNING_DESCRIPTION_STR = "SigningDescription"; + public static final String EXTENSION_REQUEST_STR = "ExtensionRequest"; + + /** + * Hashtable mapping names and variant names of supported + * attributes to their OIDs. This table contains all name forms * that occur in PKCS9, in lower case. */ private static final Hashtable<String, ObjectIdentifier> NAME_OID_TABLE = new Hashtable<String, ObjectIdentifier>(28); static { // static initializer for PCKS9_NAMES - NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]); - NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]); - NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]); - NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]); - NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]); - NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]); - NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]); - NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]); - NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]); - - NAME_OID_TABLE.put("issuerandserialNumber", PKCS9_OIDS[10]); - NAME_OID_TABLE.put("passwordcheck", PKCS9_OIDS[11]); - NAME_OID_TABLE.put("publickey", PKCS9_OIDS[12]); - NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]); - NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]); + NAME_OID_TABLE.put("emailaddress", PKCS9_OIDS[1]); + NAME_OID_TABLE.put("unstructuredname", PKCS9_OIDS[2]); + NAME_OID_TABLE.put("contenttype", PKCS9_OIDS[3]); + NAME_OID_TABLE.put("messagedigest", PKCS9_OIDS[4]); + NAME_OID_TABLE.put("signingtime", PKCS9_OIDS[5]); + NAME_OID_TABLE.put("countersignature", PKCS9_OIDS[6]); + NAME_OID_TABLE.put("challengepassword", PKCS9_OIDS[7]); + NAME_OID_TABLE.put("unstructuredaddress", PKCS9_OIDS[8]); + NAME_OID_TABLE.put("extendedcertificateattributes", PKCS9_OIDS[9]); + + NAME_OID_TABLE.put("issuerandserialNumber", PKCS9_OIDS[10]); + NAME_OID_TABLE.put("passwordcheck", PKCS9_OIDS[11]); + NAME_OID_TABLE.put("publickey", PKCS9_OIDS[12]); + NAME_OID_TABLE.put("signingdescription", PKCS9_OIDS[13]); + NAME_OID_TABLE.put("extensionrequest", PKCS9_OIDS[14]); }; /** @@ -137,1008 +125,1003 @@ public class PKCS9Attribute implements DerEncoder { * corresponding attribute value type. */ private static final Hashtable<ObjectIdentifier, String> OID_NAME_TABLE = new Hashtable<ObjectIdentifier, String>(14); - static { - OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR); - - OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_AND_SERIALNUMBER_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[11], PASSWORD_CHECK_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[12], PUBLIC_KEY_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[13], SIGNING_DESCRIPTION_STR); - OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR); + static { + OID_NAME_TABLE.put(PKCS9_OIDS[1], EMAIL_ADDRESS_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[2], UNSTRUCTURED_NAME_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[3], CONTENT_TYPE_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[4], MESSAGE_DIGEST_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[5], SIGNING_TIME_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[6], COUNTERSIGNATURE_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[7], CHALLENGE_PASSWORD_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[8], UNSTRUCTURED_ADDRESS_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[9], EXTENDED_CERTIFICATE_ATTRIBUTES_STR); + + OID_NAME_TABLE.put(PKCS9_OIDS[10], ISSUER_AND_SERIALNUMBER_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[11], PASSWORD_CHECK_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[12], PUBLIC_KEY_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[13], SIGNING_DESCRIPTION_STR); + OID_NAME_TABLE.put(PKCS9_OIDS[14], EXTENSION_REQUEST_STR); } /** * Acceptable ASN.1 tags for DER encodings of values of PKCS9 * attributes, by index in <code>PKCS9_OIDS</code>. - * Sets of acceptable tags are represented as arrays. + * Sets of acceptable tags are represented as arrays. */ private static final Byte[][] PKCS9_VALUE_TAGS = { - null, - {Byte.valueOf(DerValue.tag_IA5String)}, // EMailAddress - {Byte.valueOf(DerValue.tag_IA5String)}, // UnstructuredName - {Byte.valueOf(DerValue.tag_ObjectId)}, // ContentType - {Byte.valueOf(DerValue.tag_OctetString)}, // MessageDigest - {Byte.valueOf(DerValue.tag_UtcTime)}, // SigningTime - {Byte.valueOf(DerValue.tag_Sequence)}, // Countersignature - {Byte.valueOf(DerValue.tag_PrintableString), - Byte.valueOf(DerValue.tag_T61String)}, // ChallengePassword - {Byte.valueOf(DerValue.tag_PrintableString), - Byte.valueOf(DerValue.tag_T61String)}, // UnstructuredAddress - {Byte.valueOf(DerValue.tag_SetOf)}, // ExtendedCertificateAttributes - - null, //IssuerAndSerialNumber - null, //PasswordCheck - null, //PublicKey - null, //SigningDescription - {Byte.valueOf(DerValue.tag_Sequence)} //ExtensionRequest - }; + null, + { Byte.valueOf(DerValue.tag_IA5String) }, // EMailAddress + { Byte.valueOf(DerValue.tag_IA5String) }, // UnstructuredName + { Byte.valueOf(DerValue.tag_ObjectId) }, // ContentType + { Byte.valueOf(DerValue.tag_OctetString) }, // MessageDigest + { Byte.valueOf(DerValue.tag_UtcTime) }, // SigningTime + { Byte.valueOf(DerValue.tag_Sequence) }, // Countersignature + { Byte.valueOf(DerValue.tag_PrintableString), + Byte.valueOf(DerValue.tag_T61String) }, // ChallengePassword + { Byte.valueOf(DerValue.tag_PrintableString), + Byte.valueOf(DerValue.tag_T61String) }, // UnstructuredAddress + { Byte.valueOf(DerValue.tag_SetOf) }, // ExtendedCertificateAttributes + + null, //IssuerAndSerialNumber + null, //PasswordCheck + null, //PublicKey + null, //SigningDescription + { Byte.valueOf(DerValue.tag_Sequence) } //ExtensionRequest + }; - /** - * Class types required for values for a given PKCS9 - * attribute type. - * - * <P> The following table shows the correspondence between - * attribute types and value component classes. - * + /** + * Class types required for values for a given PKCS9 + * attribute type. + * + * <P> + * The following table shows the correspondence between attribute types and value component classes. + * * <P> * <TABLE BORDER CELLPADDING=8 ALIGN=CENTER> - * + * * <TR> * <TH>OID</TH> * <TH>Attribute Type Name</TH> * <TH>Kind</TH> * <TH>Value Class</TH> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.1</TD> * <TD>EmailAddress</TD> * <TD>Multiple-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.2</TD> * <TD>UnstructuredName</TD> * <TD>Multiple-valued</TD> * <TD><code>String</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.3</TD> * <TD>ContentType</TD> * <TD>Single-valued</TD> * <TD><code>ObjectIdentifier</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.4</TD> * <TD>MessageDigest</TD> * <TD>Single-valued</TD> * <TD><code>byte[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.5</TD> * <TD>SigningTime</TD> * <TD>Single-valued</TD> * <TD><code>Date</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.6</TD> * <TD>Countersignature</TD> * <TD>Multiple-valued</TD> * <TD><code>SignerInfo</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.7</TD> * <TD>ChallengePassword</TD> * <TD>Single-valued</TD> * <TD><code>String</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.8</TD> * <TD>UnstructuredAddress</TD> * <TD>Single-valued</TD> * <TD><code>String</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.9</TD> * <TD>ExtendedCertificateAttributes</TD> * <TD>Multiple-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.10</TD> * <TD>IssuerAndSerialNumber</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.11</TD> * <TD>PasswordCheck</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.12</TD> * <TD>PublicKey</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.13</TD> * <TD>SigningDescription</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.14</TD> * <TD>ExtensionRequest</TD> * <TD>Single-valued</TD> * <TD><code>Sequence</code></TD> * </TR> - * + * * </TABLE> */ private static final Class<?>[] VALUE_CLASSES = new Class[15]; static { - try { - VALUE_CLASSES[0] = null; // not used - VALUE_CLASSES[1] = java.lang.String.class; // EMailAddress - VALUE_CLASSES[2] = java.lang.String.class; // UnstructuredName - VALUE_CLASSES[3] = // ContentType - Class.forName("netscape.security.util.ObjectIdentifier"); - VALUE_CLASSES[4] = Class.forName("[B"); // MessageDigest (byte[]) - VALUE_CLASSES[5] = Class.forName("java.util.Date"); // SigningTime - VALUE_CLASSES[6] = // Countersignature - Class.forName("[Lnetscape.security.pkcs.SignerInfo;"); - VALUE_CLASSES[7] = // ChallengePassword - Class.forName("java.lang.String"); - VALUE_CLASSES[8] = java.lang.String.class; // UnstructuredAddress - VALUE_CLASSES[9] = null; // ExtendedCertificateAttributes - - VALUE_CLASSES[10] = null; // IssuerAndSerialNumber - VALUE_CLASSES[11] = null; // PasswordCheck - VALUE_CLASSES[12] = null; // PublicKey - VALUE_CLASSES[13] = null; // SigningDescription - VALUE_CLASSES[14] = // ExtensionRequest - Class.forName("netscape.security.x509.CertificateExtensions"); //xxxx - } catch (ClassNotFoundException e) { - throw new ExceptionInInitializerError(e.toString()); - } + try { + VALUE_CLASSES[0] = null; // not used + VALUE_CLASSES[1] = java.lang.String.class; // EMailAddress + VALUE_CLASSES[2] = java.lang.String.class; // UnstructuredName + VALUE_CLASSES[3] = // ContentType + Class.forName("netscape.security.util.ObjectIdentifier"); + VALUE_CLASSES[4] = Class.forName("[B"); // MessageDigest (byte[]) + VALUE_CLASSES[5] = Class.forName("java.util.Date"); // SigningTime + VALUE_CLASSES[6] = // Countersignature + Class.forName("[Lnetscape.security.pkcs.SignerInfo;"); + VALUE_CLASSES[7] = // ChallengePassword + Class.forName("java.lang.String"); + VALUE_CLASSES[8] = java.lang.String.class; // UnstructuredAddress + VALUE_CLASSES[9] = null; // ExtendedCertificateAttributes + + VALUE_CLASSES[10] = null; // IssuerAndSerialNumber + VALUE_CLASSES[11] = null; // PasswordCheck + VALUE_CLASSES[12] = null; // PublicKey + VALUE_CLASSES[13] = null; // SigningDescription + VALUE_CLASSES[14] = // ExtensionRequest + Class.forName("netscape.security.x509.CertificateExtensions"); //xxxx + } catch (ClassNotFoundException e) { + throw new ExceptionInInitializerError(e.toString()); + } } /** * Array indicating which PKCS9 attributes are single-valued, * by index in <code>PKCS9_OIDS</code>. */ - private static final boolean[] SINGLE_VALUED = - { false, - false, // EMailAddress - false, // UnstructuredName - true, // ContentType - true, // MessageDigest - true, // SigningTime - false, // Countersignature - true, // ChallengePassword - false, // UnstructuredAddress - false, // ExtendedCertificateAttributes - - true, // IssuerAndSerialNumber - true, // PasswordCheck - true, // PublicKey - true, // SigningDescription - true // ExtensionRequest - }; + private static final boolean[] SINGLE_VALUED = + { false, + false, // EMailAddress + false, // UnstructuredName + true, // ContentType + true, // MessageDigest + true, // SigningTime + false, // Countersignature + true, // ChallengePassword + false, // UnstructuredAddress + false, // ExtendedCertificateAttributes + + true, // IssuerAndSerialNumber + true, // PasswordCheck + true, // PublicKey + true, // SigningDescription + true // ExtensionRequest + }; /** * The OID of this attribute is <code>PKCS9_OIDS[index]</code>. */ private int index; - + /** - * Value set of this attribute. Its class is given by - * <code>VALUE_CLASSES[index]</code>. + * Value set of this attribute. Its class is given by <code>VALUE_CLASSES[index]</code>. */ private Object value; - /** + /** * Construct an attribute object from the attribute's OID and - * value. If the attribute is single-valued, provide only one - * value. If the attribute is + * value. If the attribute is single-valued, provide only one + * value. If the attribute is * multiple-valued, provide an array containing all the values. * Arrays of length zero are accepted, though probably useless. - * - * <P> The following table gives the class that <code>value</code> - * must have for a given attribute. - * + * + * <P> + * The following table gives the class that <code>value</code> must have for a given attribute. + * * <P> * <TABLE BORDER CELLPADDING=8 ALIGN=CENTER> - * + * * <TR> * <TH>OID</TH> * <TH>Attribute Type Name</TH> * <TH>Kind</TH> * <TH>Value Class</TH> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.1</TD> * <TD>EmailAddress</TD> * <TD>Multiple-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.2</TD> * <TD>UnstructuredName</TD> * <TD>Multiple-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.3</TD> * <TD>ContentType</TD> * <TD>Single-valued</TD> * <TD><code>ObjectIdentifier</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.4</TD> * <TD>MessageDigest</TD> * <TD>Single-valued</TD> * <TD><code>byte[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.5</TD> * <TD>SigningTime</TD> * <TD>Single-valued</TD> * <TD><code>Date</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.6</TD> * <TD>Countersignature</TD> * <TD>Multiple-valued</TD> * <TD><code>SignerInfo[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.7</TD> * <TD>ChallengePassword</TD> * <TD>Single-valued</TD> * <TD><code>String</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.8</TD> * <TD>UnstructuredAddress</TD> * <TD>Single-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.9</TD> * <TD>ExtendedCertificateAttributes</TD> * <TD>Multiple-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.10</TD> * <TD>IssuerAndSerialNumber</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.11</TD> * <TD>PasswordCheck</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.12</TD> * <TD>PublicKey</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.13</TD> * <TD>SigningDescription</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.14</TD> * <TD>ExtensionRequest</TD> * <TD>Single-valued</TD> * <TD><code>Sequence</code></TD> * </TR> - * + * * </TABLE> */ - public PKCS9Attribute(ObjectIdentifier oid, Object value) - throws IllegalArgumentException { + public PKCS9Attribute(ObjectIdentifier oid, Object value) + throws IllegalArgumentException { - init(oid, value); + init(oid, value); } - /** + /** * Construct an attribute object from the attribute's name and - * value. If the attribute is single-valued, provide only one - * value. If the attribute is + * value. If the attribute is single-valued, provide only one + * value. If the attribute is * multiple-valued, provide an array containing all the values. * Arrays of length zero are accepted, though probably useless. - * - * <P> The following table gives the class that <code>value</code> - * must have for a given attribute. Reasonable variants of these - * attributes are accepted; in particular, case does not matter. - * + * + * <P> + * The following table gives the class that <code>value</code> must have for a given attribute. Reasonable variants of these attributes are accepted; in particular, case does not matter. + * * <P> * <TABLE BORDER CELLPADDING=8 ALIGN=CENTER> - * + * * <TR> * <TH>OID</TH> * <TH>Attribute Type Name</TH> * <TH>Kind</TH> * <TH>Value Class</TH> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.1</TD> * <TD>EmailAddress</TD> * <TD>Multiple-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.2</TD> * <TD>UnstructuredName</TD> * <TD>Multiple-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.3</TD> * <TD>ContentType</TD> * <TD>Single-valued</TD> * <TD><code>ObjectIdentifier</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.4</TD> * <TD>MessageDigest</TD> * <TD>Single-valued</TD> * <TD><code>byte[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.5</TD> * <TD>SigningTime</TD> * <TD>Single-valued</TD> * <TD><code>Date</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.6</TD> * <TD>Countersignature</TD> * <TD>Multiple-valued</TD> * <TD><code>SignerInfo[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.7</TD> * <TD>ChallengePassword</TD> * <TD>Single-valued</TD> * <TD><code>String</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.8</TD> * <TD>UnstructuredAddress</TD> * <TD>Single-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.9</TD> * <TD>ExtendedCertificateAttributes</TD> * <TD>Multiple-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.10</TD> * <TD>IssuerAndSerialNumber</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.11</TD> * <TD>PasswordCheck</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.12</TD> * <TD>PublicKey</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.13</TD> * <TD>SigningDescription</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.14</TD> * <TD>ExtensionRequest</TD> * <TD>Single-valued</TD> * <TD><code>Sequence</code></TD> * </TR> - * + * * </TABLE> - * + * * @exception IllegalArgumentException - * if the <code>name</code> is not recognized of the - * <code>value</code> has the wrong type. + * if the <code>name</code> is not recognized of the <code>value</code> has the wrong type. */ - public PKCS9Attribute(String name, Object value) - throws IllegalArgumentException { - ObjectIdentifier oid = getOID(name); + public PKCS9Attribute(String name, Object value) + throws IllegalArgumentException { + ObjectIdentifier oid = getOID(name); - if (oid == null) - throw new IllegalArgumentException( - "Unrecognized attribute name " + name + - " constructing PKCS9Attribute."); + if (oid == null) + throw new IllegalArgumentException( + "Unrecognized attribute name " + name + + " constructing PKCS9Attribute."); - init(oid,value); + init(oid, value); } - private void init(ObjectIdentifier oid, Object value) - throws IllegalArgumentException { - - index = indexOf(oid,PKCS9_OIDS,1); - - if (index == -1) - throw new IllegalArgumentException( - "Unsupported OID " + oid + - " constructing PKCS9Attribute."); - - if (!VALUE_CLASSES[index].isInstance(value)) - throw new IllegalArgumentException( - "Wrong value class " + - " for attribute " + oid + - " constructing PKCS9Attribute; was " + - value.getClass().toString() + ", should be " + - VALUE_CLASSES[index].toString()); - - this.value = value; - } + private void init(ObjectIdentifier oid, Object value) + throws IllegalArgumentException { + + index = indexOf(oid, PKCS9_OIDS, 1); + if (index == -1) + throw new IllegalArgumentException( + "Unsupported OID " + oid + + " constructing PKCS9Attribute."); - /** + if (!VALUE_CLASSES[index].isInstance(value)) + throw new IllegalArgumentException( + "Wrong value class " + + " for attribute " + oid + + " constructing PKCS9Attribute; was " + + value.getClass().toString() + ", should be " + + VALUE_CLASSES[index].toString()); + + this.value = value; + } + + /** * Construct a PKCS9Attribute from its encoding on an input * stream. - * + * * @exception IOException on parsing error. */ public PKCS9Attribute(DerValue derVal) throws IOException { - decode(derVal); + decode(derVal); } /** * Decode a PKCS9 attribute. - * - * @param val - * the DerValue representing the DER encoding of the attribute. + * + * @param val + * the DerValue representing the DER encoding of the attribute. */ private void decode(DerValue derVal) throws IOException { - DerInputStream derIn = new DerInputStream(derVal.toByteArray()); - DerValue[] val = derIn.getSequence(2); - - if (derIn.available() != 0) - throw new IOException("Excess data parsing PKCS9Attribute"); - - if (val.length != 2) - throw new IOException("PKCS9Attribute doesn't have two components"); - - DerValue[] elems; - - // get the oid - ObjectIdentifier oid = val[0].getOID(); - - index = indexOf(oid,PKCS9_OIDS,1); - Byte tag; - - if (index == -1) - throw new IOException("Invalid OID for PKCS9 attribute: " + - oid); - - elems = new DerInputStream(val[1].toByteArray()).getSet(1); - - // check single valued have only one value - if (SINGLE_VALUED[index] && elems.length > 1) - throwSingleValuedException(); - - // check for illegal element tags - for (int i=0; i < elems.length; i++) { - tag = Byte.valueOf(elems[i].tag); - - if (indexOf(tag, PKCS9_VALUE_TAGS[index], 0) == -1) - throwTagException(tag); - } - - switch (index) { - case 1: // email address - case 2: // unstructured name - case 8: // unstructured address - { // open scope - String[] values = new String[elems.length]; - - for (int i=0; i < elems.length; i++) - values[i] = elems[i].getAsString(); - value = values; - } // close scope - break; - - case 3: // content type - value = elems[0].getOID(); - break; - - case 4: // message digest - value = elems[0].getOctetString(); - break; - - case 5: // signing time - value = (new DerInputStream(elems[0].toByteArray())).getUTCTime(); - break; - - case 6: // countersignature - { // open scope - SignerInfo[] values = new SignerInfo[elems.length]; - for (int i=0; i < elems.length; i++) - values[i] = - new SignerInfo(elems[i].toDerInputStream()); - value = values; - } // close scope - break; - - case 7: // challenge password - value = elems[0].getAsString(); - break; - - case 9: // extended-certificate attribute -- not - // supported - throw new IOException("PKCS9 extended-certificate " + - "attribute not supported."); - - case 10: // IssuerAndSerialNumber attribute -- not - // supported - throw new IOException("PKCS9 IssuerAndSerialNumber " + - "attribute not supported."); - - case 11: // passwordCheck attribute -- not - // supported - throw new IOException("PKCS9 passwordCheck " + - "attribute not supported."); - case 12: // PublicKey attribute -- not - // supported - throw new IOException("PKCS9 PublicKey " + - "attribute not supported."); - case 13: // SigningDescription attribute -- not - // supported - throw new IOException("PKCS9 SigningDescription " + - "attribute not supported."); - case 14: // ExtensionRequest attribute - value = - new CertificateExtensions(elems[0].toDerInputStream()); - - // break unnecessary - - default: // can't happen - } + DerInputStream derIn = new DerInputStream(derVal.toByteArray()); + DerValue[] val = derIn.getSequence(2); + + if (derIn.available() != 0) + throw new IOException("Excess data parsing PKCS9Attribute"); + + if (val.length != 2) + throw new IOException("PKCS9Attribute doesn't have two components"); + + DerValue[] elems; + + // get the oid + ObjectIdentifier oid = val[0].getOID(); + + index = indexOf(oid, PKCS9_OIDS, 1); + Byte tag; + + if (index == -1) + throw new IOException("Invalid OID for PKCS9 attribute: " + + oid); + + elems = new DerInputStream(val[1].toByteArray()).getSet(1); + + // check single valued have only one value + if (SINGLE_VALUED[index] && elems.length > 1) + throwSingleValuedException(); + + // check for illegal element tags + for (int i = 0; i < elems.length; i++) { + tag = Byte.valueOf(elems[i].tag); + + if (indexOf(tag, PKCS9_VALUE_TAGS[index], 0) == -1) + throwTagException(tag); + } + + switch (index) { + case 1: // email address + case 2: // unstructured name + case 8: // unstructured address + { // open scope + String[] values = new String[elems.length]; + + for (int i = 0; i < elems.length; i++) + values[i] = elems[i].getAsString(); + value = values; + } // close scope + break; + + case 3: // content type + value = elems[0].getOID(); + break; + + case 4: // message digest + value = elems[0].getOctetString(); + break; + + case 5: // signing time + value = (new DerInputStream(elems[0].toByteArray())).getUTCTime(); + break; + + case 6: // countersignature + { // open scope + SignerInfo[] values = new SignerInfo[elems.length]; + for (int i = 0; i < elems.length; i++) + values[i] = + new SignerInfo(elems[i].toDerInputStream()); + value = values; + } // close scope + break; + + case 7: // challenge password + value = elems[0].getAsString(); + break; + + case 9: // extended-certificate attribute -- not + // supported + throw new IOException("PKCS9 extended-certificate " + + "attribute not supported."); + + case 10: // IssuerAndSerialNumber attribute -- not + // supported + throw new IOException("PKCS9 IssuerAndSerialNumber " + + "attribute not supported."); + + case 11: // passwordCheck attribute -- not + // supported + throw new IOException("PKCS9 passwordCheck " + + "attribute not supported."); + case 12: // PublicKey attribute -- not + // supported + throw new IOException("PKCS9 PublicKey " + + "attribute not supported."); + case 13: // SigningDescription attribute -- not + // supported + throw new IOException("PKCS9 SigningDescription " + + "attribute not supported."); + case 14: // ExtensionRequest attribute + value = + new CertificateExtensions(elems[0].toDerInputStream()); + + // break unnecessary + + default: // can't happen + } } /** * Write the DER encoding of this attribute to an output stream. * - * <P> N.B.: This method always encodes values of - * ChallengePassword and UnstructuredAddress attributes as ASN.1 - * <code>PrintableString</code>s, without checking whether they - * should be encoded as <code>T61String</code>s. + * <P> + * N.B.: This method always encodes values of ChallengePassword and UnstructuredAddress attributes as ASN.1 <code>PrintableString</code>s, without checking whether they should be encoded as <code>T61String</code>s. */ public void derEncode(OutputStream out) throws IOException { - DerOutputStream temp = new DerOutputStream(); - temp.putOID(getOID()); - switch (index) { - case 1: // email address - case 2: // unstructured name - { // open scope - String[] values = (String[]) value; - DerOutputStream[] temps = new - DerOutputStream[values.length]; - - for (int i=0; i < values.length; i++) { - temps[i] = new DerOutputStream(); - - temps[i].putIA5String( values[i]); - } - temp.putOrderedSetOf(DerValue.tag_Set, temps); - } // close scope - break; - - case 3: // content type - { - DerOutputStream temp2 = new DerOutputStream(); - temp2.putOID((ObjectIdentifier) value); - temp.write(DerValue.tag_Set, temp2.toByteArray()); - } - break; - - case 4: // message digest - { - DerOutputStream temp2 = new DerOutputStream(); - temp2.putOctetString((byte[]) value); - temp.write(DerValue.tag_Set, temp2.toByteArray()); - } - break; - - case 5: // signing time - { - DerOutputStream temp2 = new DerOutputStream(); - temp2.putUTCTime((Date) value); - temp.write(DerValue.tag_Set, temp2.toByteArray()); - } - break; - - case 6: // countersignature - temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value); - break; - - case 7: // challenge password - { - DerOutputStream temp2 = new DerOutputStream(); - temp2.putPrintableString((String) value); - temp.write(DerValue.tag_Set, temp2.toByteArray()); - } - break; - - case 8: // unstructured address - { // open scope - String[] values = (String[]) value; - DerOutputStream[] temps = new - DerOutputStream[values.length]; - - for (int i=0; i < values.length; i++) { - temps[i] = new DerOutputStream(); - - temps[i].putPrintableString(values[i]); - } - temp.putOrderedSetOf(DerValue.tag_Set, temps); - } // close scope - break; - - case 9: // extended-certificate attribute -- not - // supported - throw new IOException("PKCS9 extended-certificate " + - "attribute not supported."); - - case 10: // IssuerAndSerialNumber attribute -- not - // supported - throw new IOException("PKCS9 IssuerAndSerialNumber " + - "attribute not supported."); - - case 11: // passwordCheck attribute -- not - // supported - throw new IOException("PKCS9 passwordCheck " + - "attribute not supported."); - case 12: // PublicKey attribute -- not - // supported - throw new IOException("PKCS9 PublicKey " + - "attribute not supported."); - case 13: // SigningDescription attribute -- not - // supported - throw new IOException("PKCS9 SigningDescription " + - "attribute not supported."); - case 14: // ExtensionRequest attribute - try { - DerOutputStream temp2 = new DerOutputStream(); - //temp2.putSequence((CertificateExtensions) value); - ((CertificateExtensions)value).encode(temp2); - temp.write(DerValue.tag_Sequence, temp2.toByteArray()); - } catch (CertificateException e) { - throw new IOException("PKCS9 extension attributes not encoded"); - } - - // break unnecessary - default: // can't happen - } - - DerOutputStream derOut = new DerOutputStream(); - derOut.write(DerValue.tag_Sequence, temp.toByteArray()); - - out.write(derOut.toByteArray()); - + DerOutputStream temp = new DerOutputStream(); + temp.putOID(getOID()); + switch (index) { + case 1: // email address + case 2: // unstructured name + { // open scope + String[] values = (String[]) value; + DerOutputStream[] temps = new + DerOutputStream[values.length]; + + for (int i = 0; i < values.length; i++) { + temps[i] = new DerOutputStream(); + + temps[i].putIA5String(values[i]); + } + temp.putOrderedSetOf(DerValue.tag_Set, temps); + } // close scope + break; + + case 3: // content type + { + DerOutputStream temp2 = new DerOutputStream(); + temp2.putOID((ObjectIdentifier) value); + temp.write(DerValue.tag_Set, temp2.toByteArray()); + } + break; + + case 4: // message digest + { + DerOutputStream temp2 = new DerOutputStream(); + temp2.putOctetString((byte[]) value); + temp.write(DerValue.tag_Set, temp2.toByteArray()); + } + break; + + case 5: // signing time + { + DerOutputStream temp2 = new DerOutputStream(); + temp2.putUTCTime((Date) value); + temp.write(DerValue.tag_Set, temp2.toByteArray()); + } + break; + + case 6: // countersignature + temp.putOrderedSetOf(DerValue.tag_Set, (DerEncoder[]) value); + break; + + case 7: // challenge password + { + DerOutputStream temp2 = new DerOutputStream(); + temp2.putPrintableString((String) value); + temp.write(DerValue.tag_Set, temp2.toByteArray()); + } + break; + + case 8: // unstructured address + { // open scope + String[] values = (String[]) value; + DerOutputStream[] temps = new + DerOutputStream[values.length]; + + for (int i = 0; i < values.length; i++) { + temps[i] = new DerOutputStream(); + + temps[i].putPrintableString(values[i]); + } + temp.putOrderedSetOf(DerValue.tag_Set, temps); + } // close scope + break; + + case 9: // extended-certificate attribute -- not + // supported + throw new IOException("PKCS9 extended-certificate " + + "attribute not supported."); + + case 10: // IssuerAndSerialNumber attribute -- not + // supported + throw new IOException("PKCS9 IssuerAndSerialNumber " + + "attribute not supported."); + + case 11: // passwordCheck attribute -- not + // supported + throw new IOException("PKCS9 passwordCheck " + + "attribute not supported."); + case 12: // PublicKey attribute -- not + // supported + throw new IOException("PKCS9 PublicKey " + + "attribute not supported."); + case 13: // SigningDescription attribute -- not + // supported + throw new IOException("PKCS9 SigningDescription " + + "attribute not supported."); + case 14: // ExtensionRequest attribute + try { + DerOutputStream temp2 = new DerOutputStream(); + //temp2.putSequence((CertificateExtensions) value); + ((CertificateExtensions) value).encode(temp2); + temp.write(DerValue.tag_Sequence, temp2.toByteArray()); + } catch (CertificateException e) { + throw new IOException("PKCS9 extension attributes not encoded"); + } + + // break unnecessary + default: // can't happen + } + + DerOutputStream derOut = new DerOutputStream(); + derOut.write(DerValue.tag_Sequence, temp.toByteArray()); + + out.write(derOut.toByteArray()); + } /** - * Get the value of this attribute. If the attribute is - * single-valued, return just the one value. If the attribute is + * Get the value of this attribute. If the attribute is + * single-valued, return just the one value. If the attribute is * multiple-valued, return an array containing all the values. * It is possible for this array to be of length 0. - * - * <P> The following table gives the class of the value returned, - * depending on the type of this attribute. - + * + * <P> + * The following table gives the class of the value returned, depending on the type of this attribute. + * * <P> * <TABLE BORDER CELLPADDING=8 ALIGN=CENTER> - * + * * <TR> * <TH>OID</TH> * <TH>Attribute Type Name</TH> * <TH>Kind</TH> * <TH>Value Class</TH> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.1</TD> * <TD>EmailAddress</TD> * <TD>Multiple-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.2</TD> * <TD>UnstructuredName</TD> * <TD>Multiple-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.3</TD> * <TD>ContentType</TD> * <TD>Single-valued</TD> * <TD><code>ObjectIdentifier</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.4</TD> * <TD>MessageDigest</TD> * <TD>Single-valued</TD> * <TD><code>byte[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.5</TD> * <TD>SigningTime</TD> * <TD>Single-valued</TD> * <TD><code>Date</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.6</TD> * <TD>Countersignature</TD> * <TD>Multiple-valued</TD> * <TD><code>SignerInfo[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.7</TD> * <TD>ChallengePassword</TD> * <TD>Single-valued</TD> * <TD><code>String</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.8</TD> * <TD>UnstructuredAddress</TD> * <TD>Single-valued</TD> * <TD><code>String[]</code></TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.9</TD> * <TD>ExtendedCertificateAttributes</TD> * <TD>Multiple-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.10</TD> * <TD>IssuerAndSerialNumber</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.11</TD> * <TD>PasswordCheck</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.12</TD> * <TD>PublicKey</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.13</TD> * <TD>SigningDescription</TD> * <TD>Single-valued</TD> * <TD>(not supported)</TD> * </TR> - * + * * <TR> * <TD>1.2.840.113549.1.9.14</TD> * <TD>ExtensionRequest</TD> * <TD>Single-valued</TD> * <TD><code>Sequence</code></TD> * </TR> - * + * * </TABLE> - * + * */ public Object getValue() { - return value; + return value; } - /** + /** * Show whether this attribute is single-valued. */ public boolean isSingleValued() { - return SINGLE_VALUED[index]; + return SINGLE_VALUED[index]; } - /** - * Return the OID of this attribute. + /** + * Return the OID of this attribute. */ public ObjectIdentifier getOID() { - return PKCS9_OIDS[index]; + return PKCS9_OIDS[index]; } - /** - * Return the name of this attribute. + /** + * Return the name of this attribute. */ public String getName() { - return (String) OID_NAME_TABLE.get(PKCS9_OIDS[index]); + return (String) OID_NAME_TABLE.get(PKCS9_OIDS[index]); } - /** + /** * Return the OID for a given attribute name or null if we don't recognize * the name. */ public static ObjectIdentifier getOID(String name) { - return (ObjectIdentifier) NAME_OID_TABLE.get(name.toLowerCase()); + return (ObjectIdentifier) NAME_OID_TABLE.get(name.toLowerCase()); } - /** + /** * Return the attribute name for a given OID or null if we don't recognize * the oid. */ public static String getName(ObjectIdentifier oid) { - return (String) OID_NAME_TABLE.get(oid); + return (String) OID_NAME_TABLE.get(oid); } - /** + /** * Returns a string representation of this attribute. */ public String toString() { - StringBuffer buf = new StringBuffer(100); - - buf.append("["); - - buf.append(OID_NAME_TABLE.get(PKCS9_OIDS[index])); - buf.append(": "); - - if (SINGLE_VALUED[index]) { - if (value instanceof byte[]) { // special case for octet string - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String valuebits = pp.toHexString(((byte[])value)); - buf.append(valuebits); - } else { - buf.append(value.toString()); - } - buf.append("]"); - return buf.toString(); - } else { // multiple-valued - boolean first = true; - Object[] values = (Object[]) value; - - for (int j=0; j < values.length; j++) { - if (first) - first = false; - else - buf.append(", "); - - buf.append(values[j].toString()); - } - return buf.toString(); - } + StringBuffer buf = new StringBuffer(100); + + buf.append("["); + + buf.append(OID_NAME_TABLE.get(PKCS9_OIDS[index])); + buf.append(": "); + + if (SINGLE_VALUED[index]) { + if (value instanceof byte[]) { // special case for octet string + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String valuebits = pp.toHexString(((byte[]) value)); + buf.append(valuebits); + } else { + buf.append(value.toString()); + } + buf.append("]"); + return buf.toString(); + } else { // multiple-valued + boolean first = true; + Object[] values = (Object[]) value; + + for (int j = 0; j < values.length; j++) { + if (first) + first = false; + else + buf.append(", "); + + buf.append(values[j].toString()); + } + return buf.toString(); + } } - /** + /** * Beginning the search at <code>start</code>, find the first - * index <code>i</code> such that <code>a[i] = obj</code>. - * + * index <code>i</code> such that <code>a[i] = obj</code>. + * * @return the index, if found, and -1 otherwise. */ static int indexOf(Object obj, Object[] a, int start) { - for (int i=start; i < a.length; i++) { - if (obj.equals(a[i])) return i; - } - return -1; + for (int i = start; i < a.length; i++) { + if (obj.equals(a[i])) + return i; + } + return -1; } - /** + /** * Throw an exception when there are multiple values for * a single-valued attribute. */ private void throwSingleValuedException() throws IOException { - throw new IOException("Single-value attribute " + - getOID() + " (" + getName() + ")" + - " has multiple values."); + throw new IOException("Single-value attribute " + + getOID() + " (" + getName() + ")" + + " has multiple values."); } - /** - * Throw an exception when the tag on a value encoding is + /** + * Throw an exception when the tag on a value encoding is * wrong for the attribute whose value it is. */ private void throwTagException(Byte tag) - throws IOException { - Byte[] expectedTags = PKCS9_VALUE_TAGS[index]; - StringBuffer msg = new StringBuffer(100); + throws IOException { + Byte[] expectedTags = PKCS9_VALUE_TAGS[index]; + StringBuffer msg = new StringBuffer(100); msg.append("Value of attribute "); - msg.append(getOID().toString()); - msg.append(" ("); - msg.append(getName()); - msg.append(") has wrong tag: "); - msg.append(tag.toString()); - msg.append(". Expected tags: "); - - msg.append(expectedTags[0].toString()); - - for (int i = 1; i < expectedTags.length; i++) { - msg.append(", "); - msg.append(expectedTags[i].toString()); - } - msg.append("."); - throw new IOException(msg.toString()); + msg.append(getOID().toString()); + msg.append(" ("); + msg.append(getName()); + msg.append(") has wrong tag: "); + msg.append(tag.toString()); + msg.append(". Expected tags: "); + + msg.append(expectedTags[0].toString()); + + for (int i = 1; i < expectedTags.length; i++) { + msg.append(", "); + msg.append(expectedTags[i].toString()); + } + msg.append("."); + throw new IOException(msg.toString()); } } diff --git a/pki/base/util/src/netscape/security/pkcs/PKCS9Attributes.java b/pki/base/util/src/netscape/security/pkcs/PKCS9Attributes.java index aff0ee0f..6f7ce6ab 100644 --- a/pki/base/util/src/netscape/security/pkcs/PKCS9Attributes.java +++ b/pki/base/util/src/netscape/security/pkcs/PKCS9Attributes.java @@ -27,180 +27,177 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - /** - * A set of attributes of class PKCS9Attribute. - * + * A set of attributes of class PKCS9Attribute. + * * @version 1.2 97/12/10 * @author Douglas Hoover */ public class PKCS9Attributes { /** - * Attributes in this set indexed by OID. + * Attributes in this set indexed by OID. */ private final Hashtable attributes = new Hashtable(3); /** - * The keys of this hashtable are the OIDs of permitted attributes. + * The keys of this hashtable are the OIDs of permitted attributes. */ private final Hashtable permittedAttributes; /** - * The DER encoding of this attribute set. The tag byte must be + * The DER encoding of this attribute set. The tag byte must be * DerValue.tag_SetOf. - */ + */ private final byte[] derEncoding; /** * Construct a set of PKCS9 Attributes from its * DER encoding on a DerInputStream, accepting only attributes - * with OIDs on the given - * list. If the array is null, accept all attributes supported by + * with OIDs on the given + * list. If the array is null, accept all attributes supported by * class PKCS9Attribute. - * + * * @param permittedAttributes - * Array of attribute OIDs that will be accepted. + * Array of attribute OIDs that will be accepted. * @param buf - * the contents of the DER encoding of the attribute set. - * + * the contents of the DER encoding of the attribute set. + * * @exception IOException - * on i/o error, encoding syntax error, unacceptable or - * unsupported attribute, or duplicate attribute. - * + * on i/o error, encoding syntax error, unacceptable or + * unsupported attribute, or duplicate attribute. + * * @see PKCS9Attribute */ public PKCS9Attributes(ObjectIdentifier[] permittedAttributes, - DerInputStream in) throws IOException { - if (permittedAttributes != null) { - this.permittedAttributes = - new Hashtable(permittedAttributes.length); - - for (int i = 0; i < permittedAttributes.length; i++) - this.permittedAttributes.put(permittedAttributes[i], - permittedAttributes[i]); - } else { - this.permittedAttributes = null; - } - - // derEncoding initialized in <code>decode()</code> - derEncoding = decode(in); + DerInputStream in) throws IOException { + if (permittedAttributes != null) { + this.permittedAttributes = + new Hashtable(permittedAttributes.length); + + for (int i = 0; i < permittedAttributes.length; i++) + this.permittedAttributes.put(permittedAttributes[i], + permittedAttributes[i]); + } else { + this.permittedAttributes = null; + } + + // derEncoding initialized in <code>decode()</code> + derEncoding = decode(in); } /** * Construct a set of PKCS9 Attributes from its contents of its - * DER encoding on a DerInputStream. Accept all attributes + * DER encoding on a DerInputStream. Accept all attributes * supported by class PKCS9Attribute. - * + * * @exception IOException - * on i/o error, encoding syntax error, or unsupported or - * duplicate attribute. - * + * on i/o error, encoding syntax error, or unsupported or + * duplicate attribute. + * * @see PKCS9Attribute */ public PKCS9Attributes(DerInputStream in) throws IOException { - // anything goes - // derEncoding initialized in <code>decode()</code> - derEncoding = decode(in); - permittedAttributes = null; + // anything goes + // derEncoding initialized in <code>decode()</code> + derEncoding = decode(in); + permittedAttributes = null; } /** * Construct a set of PKCS9 Attributes from the given array of * PCK9 attributes. - * DER encoding on a DerInputStream. All attributes in - * <code>attribs</code> must be + * DER encoding on a DerInputStream. All attributes in <code>attribs</code> must be * supported by class PKCS9Attribute. - * + * * @exception IOException - * on i/o error, encoding syntax error, or unsupported or - * duplicate attribute. - * + * on i/o error, encoding syntax error, or unsupported or + * duplicate attribute. + * * @see PKCS9Attribute */ - public PKCS9Attributes(PKCS9Attribute[] attribs) - throws IllegalArgumentException, IOException { - ObjectIdentifier oid; - for (int i=0; i < attribs.length; i++) { - oid = attribs[i].getOID(); - if (attributes.containsKey(oid)) - throw new IllegalArgumentException( - "PKCSAttribute " + attribs[i].getOID() + - " duplicated while constructing " + - "PKCS9Attributes."); - - attributes.put(oid, attribs[i]); - } - derEncoding = generateDerEncoding(); - permittedAttributes = null; + public PKCS9Attributes(PKCS9Attribute[] attribs) + throws IllegalArgumentException, IOException { + ObjectIdentifier oid; + for (int i = 0; i < attribs.length; i++) { + oid = attribs[i].getOID(); + if (attributes.containsKey(oid)) + throw new IllegalArgumentException( + "PKCSAttribute " + attribs[i].getOID() + + " duplicated while constructing " + + "PKCS9Attributes."); + + attributes.put(oid, attribs[i]); + } + derEncoding = generateDerEncoding(); + permittedAttributes = null; } - /** * Decode this set of PKCS9 attribute set from the contents of its * DER encoding. - * + * * @param buf - * the contents of the DER encoding of the attribute set. - * + * the contents of the DER encoding of the attribute set. + * * @exception IOException - * on i/o error, encoding syntax error, unacceptable or - * unsupported attribute, or duplicate attribute. + * on i/o error, encoding syntax error, unacceptable or + * unsupported attribute, or duplicate attribute. */ private byte[] decode(DerInputStream in) throws IOException { - DerValue val = in.getDerValue(); + DerValue val = in.getDerValue(); - // save the DER encoding with its proper tag byte. - byte[] derEncoding = val.toByteArray(); - derEncoding[0] = DerValue.tag_SetOf; + // save the DER encoding with its proper tag byte. + byte[] derEncoding = val.toByteArray(); + derEncoding[0] = DerValue.tag_SetOf; - DerInputStream derIn = new DerInputStream(derEncoding); - DerValue[] derVals = derIn.getSet(3,true); + DerInputStream derIn = new DerInputStream(derEncoding); + DerValue[] derVals = derIn.getSet(3, true); - PKCS9Attribute attrib; - ObjectIdentifier oid; - int index; + PKCS9Attribute attrib; + ObjectIdentifier oid; + int index; - for (int i=0; i < derVals.length; i++) { - attrib = new PKCS9Attribute(derVals[i]); - oid = attrib.getOID(); + for (int i = 0; i < derVals.length; i++) { + attrib = new PKCS9Attribute(derVals[i]); + oid = attrib.getOID(); - if (attributes.get(oid) != null) - throw new IOException("Duplicate PKCS9 attribute: " + oid); + if (attributes.get(oid) != null) + throw new IOException("Duplicate PKCS9 attribute: " + oid); - if (permittedAttributes != null && - !permittedAttributes.containsKey(oid)) - throw new IOException("Attribute " + oid + - " not permitted in this attribute set"); - - attributes.put(oid,attrib); - } - return derEncoding; + if (permittedAttributes != null && + !permittedAttributes.containsKey(oid)) + throw new IOException("Attribute " + oid + + " not permitted in this attribute set"); + + attributes.put(oid, attrib); + } + return derEncoding; } /** * Put the DER encoding of this PKCS9 attribute set on an * DerOutputStream, tagged with the given implicit tag. - * + * * @param tag the implicit tag to use in the DER encoding. * @param out the output stream on which to put the DER encoding. - * - * @exception IOException on output error. + * + * @exception IOException on output error. */ public void encode(byte tag, OutputStream out) throws IOException { - out.write(tag); - out.write(derEncoding, 1, derEncoding.length -1); + out.write(tag); + out.write(derEncoding, 1, derEncoding.length - 1); } private byte[] generateDerEncoding() throws IOException { - DerOutputStream out = new DerOutputStream(); - Object[] attribVals = attributes.values().toArray(); - - out.putOrderedSetOf(DerValue.tag_SetOf, - castToDerEncoder(attribVals)); - return out.toByteArray(); + DerOutputStream out = new DerOutputStream(); + Object[] attribVals = attributes.values().toArray(); + + out.putOrderedSetOf(DerValue.tag_SetOf, + castToDerEncoder(attribVals)); + return out.toByteArray(); } /** @@ -208,113 +205,111 @@ public class PKCS9Attributes { * DerValue.tag_SetOf. */ public byte[] getDerEncoding() throws IOException { - return (byte[]) derEncoding.clone(); - + return (byte[]) derEncoding.clone(); + } /** * Get an attribute from this set. - */ + */ public PKCS9Attribute getAttribute(ObjectIdentifier oid) { - return (PKCS9Attribute) attributes.get(oid); + return (PKCS9Attribute) attributes.get(oid); } /** * Get an attribute from this set. - */ + */ public PKCS9Attribute getAttribute(String name) { - return (PKCS9Attribute) attributes.get(PKCS9Attribute.getOID(name)); + return (PKCS9Attribute) attributes.get(PKCS9Attribute.getOID(name)); } - /** * Get an array of all attributes in this set, in order of OID. - */ + */ public PKCS9Attribute[] getAttributes() { - PKCS9Attribute[] attribs = new PKCS9Attribute[attributes.size()]; - ObjectIdentifier oid; - - int j = 0; - for (int i=1; i < PKCS9Attribute.PKCS9_OIDS.length && - j < attribs.length; i++) { - attribs[j] = getAttribute(PKCS9Attribute.PKCS9_OIDS[i]); - - if (attribs[j] != null) - j++; - } - return attribs; + PKCS9Attribute[] attribs = new PKCS9Attribute[attributes.size()]; + ObjectIdentifier oid; + + int j = 0; + for (int i = 1; i < PKCS9Attribute.PKCS9_OIDS.length && + j < attribs.length; i++) { + attribs[j] = getAttribute(PKCS9Attribute.PKCS9_OIDS[i]); + + if (attribs[j] != null) + j++; + } + return attribs; } /** * Get an attribute value by OID. */ - public Object getAttributeValue(ObjectIdentifier oid) - throws IOException { - try { - Object value = getAttribute(oid).getValue(); - return value; - } catch (NullPointerException ex) { - throw new IOException("No value found for attribute " + oid); - } + public Object getAttributeValue(ObjectIdentifier oid) + throws IOException { + try { + Object value = getAttribute(oid).getValue(); + return value; + } catch (NullPointerException ex) { + throw new IOException("No value found for attribute " + oid); + } } - /** - * Get an attribute value by type name. + /** + * Get an attribute value by type name. */ - public Object getAttributeValue(String name) throws IOException { - ObjectIdentifier oid = PKCS9Attribute.getOID(name); + public Object getAttributeValue(String name) throws IOException { + ObjectIdentifier oid = PKCS9Attribute.getOID(name); - if (oid == null) - throw new IOException("Attribute name " + name + - " not recognized or not supported."); - - return getAttributeValue(oid); - } + if (oid == null) + throw new IOException("Attribute name " + name + + " not recognized or not supported."); + return getAttributeValue(oid); + } - /** + /** * Returns the PKCS9 block in a printable string form. */ public String toString() { - StringBuffer buf = new StringBuffer(200); - buf.append("PKCS9 Attributes: [\n\t"); - - ObjectIdentifier oid; - PKCS9Attribute value; + StringBuffer buf = new StringBuffer(200); + buf.append("PKCS9 Attributes: [\n\t"); + + ObjectIdentifier oid; + PKCS9Attribute value; - boolean first = true; - for (int i = 1; i < PKCS9Attribute.PKCS9_OIDS.length; i++) { - value = getAttribute(PKCS9Attribute.PKCS9_OIDS[i]); + boolean first = true; + for (int i = 1; i < PKCS9Attribute.PKCS9_OIDS.length; i++) { + value = getAttribute(PKCS9Attribute.PKCS9_OIDS[i]); - if (value == null) continue; + if (value == null) + continue; - // we have a value; print it - if (first) - first = false; - else - buf.append(";\n\t"); + // we have a value; print it + if (first) + first = false; + else + buf.append(";\n\t"); - buf.append(value.toString()); - } + buf.append(value.toString()); + } - buf.append("\n\t] (end PKCS9 Attributes)"); + buf.append("\n\t] (end PKCS9 Attributes)"); - return buf.toString(); + return buf.toString(); } - - /** - * Cast an object array whose components are - * <code>DerEncoder</code>s to <code>DerEncoder[]</code>. + + /** + * Cast an object array whose components are <code>DerEncoder</code>s to <code>DerEncoder[]</code>. */ static DerEncoder[] castToDerEncoder(Object[] objs) { - DerEncoder[] encoders = new DerEncoder[objs.length]; + DerEncoder[] encoders = new DerEncoder[objs.length]; - for (int i=0; i < encoders.length; i++) - encoders[i] = (DerEncoder) objs[i]; + for (int i = 0; i < encoders.length; i++) + encoders[i] = (DerEncoder) objs[i]; - return encoders; + return encoders; } } diff --git a/pki/base/util/src/netscape/security/pkcs/ParsingException.java b/pki/base/util/src/netscape/security/pkcs/ParsingException.java index 64f67570..88e91a8d 100644 --- a/pki/base/util/src/netscape/security/pkcs/ParsingException.java +++ b/pki/base/util/src/netscape/security/pkcs/ParsingException.java @@ -26,10 +26,10 @@ public class ParsingException extends IOException { private static final long serialVersionUID = -8135726194372647410L; public ParsingException() { - super(); + super(); } public ParsingException(String s) { - super(s); + super(s); } } diff --git a/pki/base/util/src/netscape/security/pkcs/SignerInfo.java b/pki/base/util/src/netscape/security/pkcs/SignerInfo.java index d02fb03d..adb0115c 100644 --- a/pki/base/util/src/netscape/security/pkcs/SignerInfo.java +++ b/pki/base/util/src/netscape/security/pkcs/SignerInfo.java @@ -38,8 +38,8 @@ import netscape.security.x509.X500Name; /** * A SignerInfo, as defined in PKCS#7's signedData type. - * - * @author Benjamin Renaud + * + * @author Benjamin Renaud * @version 1.27 97/12/10 */ public class SignerInfo implements DerEncoder { @@ -54,301 +54,294 @@ public class SignerInfo implements DerEncoder { PKCS9Attributes authenticatedAttributes; PKCS9Attributes unauthenticatedAttributes; - public SignerInfo(X500Name issuerName, - BigInt serial, - AlgorithmId digestAlgorithmId, - AlgorithmId digestEncryptionAlgorithmId, - byte[] encryptedDigest) { - this.version = new BigInt(1); - this.issuerName = issuerName; - this.certificateSerialNumber = serial; - this.digestAlgorithmId = digestAlgorithmId; - this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId; - this.encryptedDigest = encryptedDigest; + public SignerInfo(X500Name issuerName, + BigInt serial, + AlgorithmId digestAlgorithmId, + AlgorithmId digestEncryptionAlgorithmId, + byte[] encryptedDigest) { + this.version = new BigInt(1); + this.issuerName = issuerName; + this.certificateSerialNumber = serial; + this.digestAlgorithmId = digestAlgorithmId; + this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId; + this.encryptedDigest = encryptedDigest; } - public SignerInfo(X500Name issuerName, - BigInt serial, - AlgorithmId digestAlgorithmId, - PKCS9Attributes authenticatedAttributes, - AlgorithmId digestEncryptionAlgorithmId, - byte[] encryptedDigest, - PKCS9Attributes unauthenticatedAttributes) { - this.version = new BigInt(1); - this.issuerName = issuerName; - this.certificateSerialNumber = serial; - this.digestAlgorithmId = digestAlgorithmId; - this.authenticatedAttributes = authenticatedAttributes; - this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId; - this.encryptedDigest = encryptedDigest; - this.unauthenticatedAttributes = unauthenticatedAttributes; + public SignerInfo(X500Name issuerName, + BigInt serial, + AlgorithmId digestAlgorithmId, + PKCS9Attributes authenticatedAttributes, + AlgorithmId digestEncryptionAlgorithmId, + byte[] encryptedDigest, + PKCS9Attributes unauthenticatedAttributes) { + this.version = new BigInt(1); + this.issuerName = issuerName; + this.certificateSerialNumber = serial; + this.digestAlgorithmId = digestAlgorithmId; + this.authenticatedAttributes = authenticatedAttributes; + this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId; + this.encryptedDigest = encryptedDigest; + this.unauthenticatedAttributes = unauthenticatedAttributes; } - public SignerInfo(DerInputStream derin) - throws IOException, ParsingException { - - // version - version = derin.getInteger(); - - // issuerAndSerialNumber - DerValue[] issuerAndSerialNumber = derin.getSequence(2); - byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray(); - issuerName = new X500Name(new DerValue(DerValue.tag_Sequence, - issuerBytes)); - certificateSerialNumber = issuerAndSerialNumber[1].getInteger(); - - // digestAlgorithmId - DerValue tmp = derin.getDerValue(); - - digestAlgorithmId = AlgorithmId.parse(tmp); - - /* - * check if set of auth attributes (implicit tag) is provided - * (auth attributes are OPTIONAL) - */ - if ((byte)(derin.peekByte()) == (byte)0xA0) { - authenticatedAttributes = new PKCS9Attributes(derin); - } - - // digestEncryptionAlgorithmId - little RSA naming scheme - - // signature == encryption... - tmp = derin.getDerValue(); - - digestEncryptionAlgorithmId = AlgorithmId.parse(tmp); - - // encryptedDigest - encryptedDigest = derin.getOctetString(); - - /* - * check if set of unauth attributes (implicit tag) is provided - * (unauth attributes are OPTIONAL) - */ - if (derin.available() != 0 && (byte)(derin.peekByte()) == (byte)0xA1) { - unauthenticatedAttributes = new PKCS9Attributes(derin); - } - - // all done - if (derin.available() != 0) { - throw new ParsingException("extra data at the end"); - } + public SignerInfo(DerInputStream derin) + throws IOException, ParsingException { + + // version + version = derin.getInteger(); + + // issuerAndSerialNumber + DerValue[] issuerAndSerialNumber = derin.getSequence(2); + byte[] issuerBytes = issuerAndSerialNumber[0].toByteArray(); + issuerName = new X500Name(new DerValue(DerValue.tag_Sequence, + issuerBytes)); + certificateSerialNumber = issuerAndSerialNumber[1].getInteger(); + + // digestAlgorithmId + DerValue tmp = derin.getDerValue(); + + digestAlgorithmId = AlgorithmId.parse(tmp); + + /* + * check if set of auth attributes (implicit tag) is provided + * (auth attributes are OPTIONAL) + */ + if ((byte) (derin.peekByte()) == (byte) 0xA0) { + authenticatedAttributes = new PKCS9Attributes(derin); + } + + // digestEncryptionAlgorithmId - little RSA naming scheme - + // signature == encryption... + tmp = derin.getDerValue(); + + digestEncryptionAlgorithmId = AlgorithmId.parse(tmp); + + // encryptedDigest + encryptedDigest = derin.getOctetString(); + + /* + * check if set of unauth attributes (implicit tag) is provided + * (unauth attributes are OPTIONAL) + */ + if (derin.available() != 0 && (byte) (derin.peekByte()) == (byte) 0xA1) { + unauthenticatedAttributes = new PKCS9Attributes(derin); + } + + // all done + if (derin.available() != 0) { + throw new ParsingException("extra data at the end"); + } } public void encode(DerOutputStream out) throws IOException { - - derEncode(out); + + derEncode(out); } /** * DER encode this object onto an output stream. * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the output stream on which to write the DER encoding. - * + * + * @param out + * the output stream on which to write the DER encoding. + * * @exception IOException on encoding error. */ public void derEncode(OutputStream out) throws IOException { - DerOutputStream seq = new DerOutputStream(); - seq.putInteger(version); - DerOutputStream issuerAndSerialNumber = new DerOutputStream(); - issuerName.encode(issuerAndSerialNumber); - issuerAndSerialNumber.putInteger(certificateSerialNumber); - seq.write(DerValue.tag_Sequence, issuerAndSerialNumber); - - digestAlgorithmId.encode(seq); - - // encode authenticated attributes if there are any - if (authenticatedAttributes != null) - authenticatedAttributes.encode((byte)0xA0, seq); - - digestEncryptionAlgorithmId.encode(seq); - - seq.putOctetString(encryptedDigest); - - // encode unauthenticated attributes if there are any - if (unauthenticatedAttributes != null) - unauthenticatedAttributes.encode((byte)0xA1, seq); - - DerOutputStream tmp = new DerOutputStream(); - tmp.write(DerValue.tag_Sequence, seq); - - out.write(tmp.toByteArray()); - } + DerOutputStream seq = new DerOutputStream(); + seq.putInteger(version); + DerOutputStream issuerAndSerialNumber = new DerOutputStream(); + issuerName.encode(issuerAndSerialNumber); + issuerAndSerialNumber.putInteger(certificateSerialNumber); + seq.write(DerValue.tag_Sequence, issuerAndSerialNumber); + + digestAlgorithmId.encode(seq); + + // encode authenticated attributes if there are any + if (authenticatedAttributes != null) + authenticatedAttributes.encode((byte) 0xA0, seq); + + digestEncryptionAlgorithmId.encode(seq); + + seq.putOctetString(encryptedDigest); + // encode unauthenticated attributes if there are any + if (unauthenticatedAttributes != null) + unauthenticatedAttributes.encode((byte) 0xA1, seq); + DerOutputStream tmp = new DerOutputStream(); + tmp.write(DerValue.tag_Sequence, seq); + + out.write(tmp.toByteArray()); + } public X509Certificate getCertificate(PKCS7 block) - throws IOException { - return block.getCertificate(certificateSerialNumber, issuerName); + throws IOException { + return block.getCertificate(certificateSerialNumber, issuerName); } /* Returns null if verify fails, this signerInfo if verify succeeds. */ - SignerInfo verify(PKCS7 block, byte[] data) - throws NoSuchAlgorithmException, SignatureException { - - try { - - ContentInfo content = block.getContentInfo(); - if (data == null) { - data = content.getContentBytes(); - } - - String digestAlgname = - getDigestAlgorithmId().getName(); - - byte[] dataSigned; - - // if there are authenticate attributes, get the message - // digest and compare it with the digest of data - if (authenticatedAttributes == null) { - dataSigned = data; - } else { - - // first, check content type - ObjectIdentifier contentType = (ObjectIdentifier) - authenticatedAttributes.getAttributeValue( - PKCS9Attribute.CONTENT_TYPE_OID); - if (contentType == null || - !contentType.equals(content.contentType)) - return null; // contentType does not match, bad SignerInfo - - // now, check message digest - byte[] messageDigest = (byte[]) - authenticatedAttributes.getAttributeValue( - PKCS9Attribute.MESSAGE_DIGEST_OID); - - if (messageDigest == null) // fail if there is no message digest - return null; - - MessageDigest md = MessageDigest.getInstance(digestAlgname); - byte[] computedMessageDigest = md.digest(data); - - if (messageDigest.length != computedMessageDigest.length) - return null; - for (int i = 0; i < messageDigest.length; i++) { - if (messageDigest[i] != computedMessageDigest[i]) - return null; - } - - // message digest attribute matched - // digest of original data - - // the data actually signed is the DER encoding of - // the authenticated attributes (tagged with - // the "SET OF" tag, not 0xA0). - dataSigned = authenticatedAttributes.getDerEncoding(); - } - - // put together digest algorithm and encryption algorithm - // to form signing algorithm - String encryptionAlgname = - getDigestEncryptionAlgorithmId().getName(); - - String algname; - if (encryptionAlgname.equals("DSA") || - encryptionAlgname.equals("SHA1withDSA")) { - algname = "DSA"; - } else { - algname = digestAlgname + "/" + encryptionAlgname; - } - - Signature sig = Signature.getInstance(algname); - X509Certificate cert = getCertificate(block); - - if (cert == null) { - return null; - } - - PublicKey key = cert.getPublicKey(); - sig.initVerify(key); - - sig.update(dataSigned); - - if (sig.verify(encryptedDigest)) { - return this; - } - - } catch (IOException e) { - throw new SignatureException("IO error verifying signature:\n" + - e.getMessage()); - - } catch (InvalidKeyException e) { - throw new SignatureException("InvalidKey: " + e.getMessage()); - - } - return null; + SignerInfo verify(PKCS7 block, byte[] data) + throws NoSuchAlgorithmException, SignatureException { + + try { + + ContentInfo content = block.getContentInfo(); + if (data == null) { + data = content.getContentBytes(); + } + + String digestAlgname = + getDigestAlgorithmId().getName(); + + byte[] dataSigned; + + // if there are authenticate attributes, get the message + // digest and compare it with the digest of data + if (authenticatedAttributes == null) { + dataSigned = data; + } else { + + // first, check content type + ObjectIdentifier contentType = (ObjectIdentifier) + authenticatedAttributes.getAttributeValue( + PKCS9Attribute.CONTENT_TYPE_OID); + if (contentType == null || + !contentType.equals(content.contentType)) + return null; // contentType does not match, bad SignerInfo + + // now, check message digest + byte[] messageDigest = (byte[]) + authenticatedAttributes.getAttributeValue( + PKCS9Attribute.MESSAGE_DIGEST_OID); + + if (messageDigest == null) // fail if there is no message digest + return null; + + MessageDigest md = MessageDigest.getInstance(digestAlgname); + byte[] computedMessageDigest = md.digest(data); + + if (messageDigest.length != computedMessageDigest.length) + return null; + for (int i = 0; i < messageDigest.length; i++) { + if (messageDigest[i] != computedMessageDigest[i]) + return null; + } + + // message digest attribute matched + // digest of original data + + // the data actually signed is the DER encoding of + // the authenticated attributes (tagged with + // the "SET OF" tag, not 0xA0). + dataSigned = authenticatedAttributes.getDerEncoding(); + } + + // put together digest algorithm and encryption algorithm + // to form signing algorithm + String encryptionAlgname = + getDigestEncryptionAlgorithmId().getName(); + + String algname; + if (encryptionAlgname.equals("DSA") || + encryptionAlgname.equals("SHA1withDSA")) { + algname = "DSA"; + } else { + algname = digestAlgname + "/" + encryptionAlgname; + } + + Signature sig = Signature.getInstance(algname); + X509Certificate cert = getCertificate(block); + + if (cert == null) { + return null; + } + + PublicKey key = cert.getPublicKey(); + sig.initVerify(key); + + sig.update(dataSigned); + + if (sig.verify(encryptedDigest)) { + return this; + } + + } catch (IOException e) { + throw new SignatureException("IO error verifying signature:\n" + + e.getMessage()); + + } catch (InvalidKeyException e) { + throw new SignatureException("InvalidKey: " + e.getMessage()); + + } + return null; } - + /* Verify the content of the pkcs7 block. */ SignerInfo verify(PKCS7 block) - throws NoSuchAlgorithmException, SignatureException { - return verify(block, null); + throws NoSuchAlgorithmException, SignatureException { + return verify(block, null); } - public BigInt getVersion() { - return version; + return version; } public X500Name getIssuerName() { - return issuerName; + return issuerName; } public BigInt getCertificateSerialNumber() { - return certificateSerialNumber; + return certificateSerialNumber; } public AlgorithmId getDigestAlgorithmId() { - return digestAlgorithmId; + return digestAlgorithmId; } public PKCS9Attributes getAuthenticatedAttributes() { - return authenticatedAttributes; + return authenticatedAttributes; } public AlgorithmId getDigestEncryptionAlgorithmId() { - return digestEncryptionAlgorithmId; + return digestEncryptionAlgorithmId; } public byte[] getEncryptedDigest() { - return encryptedDigest; + return encryptedDigest; } public PKCS9Attributes getUnauthenticatedAttributes() { - return unauthenticatedAttributes; + return unauthenticatedAttributes; } public String toString() { - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String digestbits = pp.toHexString(encryptedDigest); - - String out = ""; - - out += "Signer Info for (issuer): " + issuerName + "\n"; - out += "\tversion: " + version + "\n"; - out += "\tcertificateSerialNumber: " + certificateSerialNumber + - "\n"; - out += "\tdigestAlgorithmId: " + digestAlgorithmId + "\n"; - if (authenticatedAttributes != null) { - out += "\tauthenticatedAttributes: " + authenticatedAttributes + - "\n"; - } - out += "\tdigestEncryptionAlgorithmId: " + digestEncryptionAlgorithmId + - "\n"; - - out += "\tencryptedDigest: " + "\n" + - digestbits + "\n"; - if (unauthenticatedAttributes != null) { - out += "\tunauthenticatedAttributes: " + - unauthenticatedAttributes + "\n"; - } - return out; + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String digestbits = pp.toHexString(encryptedDigest); + + String out = ""; + + out += "Signer Info for (issuer): " + issuerName + "\n"; + out += "\tversion: " + version + "\n"; + out += "\tcertificateSerialNumber: " + certificateSerialNumber + + "\n"; + out += "\tdigestAlgorithmId: " + digestAlgorithmId + "\n"; + if (authenticatedAttributes != null) { + out += "\tauthenticatedAttributes: " + authenticatedAttributes + + "\n"; + } + out += "\tdigestEncryptionAlgorithmId: " + digestEncryptionAlgorithmId + + "\n"; + + out += "\tencryptedDigest: " + "\n" + + digestbits + "\n"; + if (unauthenticatedAttributes != null) { + out += "\tunauthenticatedAttributes: " + + unauthenticatedAttributes + "\n"; + } + return out; } } - - - - diff --git a/pki/base/util/src/netscape/security/provider/CMS.java b/pki/base/util/src/netscape/security/provider/CMS.java index d89c6c4c..fffa00de 100644 --- a/pki/base/util/src/netscape/security/provider/CMS.java +++ b/pki/base/util/src/netscape/security/provider/CMS.java @@ -19,33 +19,34 @@ package netscape.security.provider; import java.security.AccessController; import java.security.Provider; + /** * The CMS Security Provider. */ public final class CMS extends Provider { - /** + /** * */ private static final long serialVersionUID = 1065207998900104219L; private static final String INFO = "CMS " + - "(DSA key/parameter generation; DSA signing; " + - "SHA-1, MD5 digests; SecureRandom; X.509 certificates)"; + "(DSA key/parameter generation; DSA signing; " + + "SHA-1, MD5 digests; SecureRandom; X.509 certificates)"; public CMS() { - /* We are the SUN provider */ + /* We are the SUN provider */ super("CMS", 1.0, INFO); AccessController.doPrivileged(new java.security.PrivilegedAction() { - public Object run() { - /* - * Certificates - */ - put("CertificateFactory.X.509", "netscape.security.provider.X509CertificateFactory"); - put("Alg.Alias.CertificateFactory.X.509", "X.509"); - return null; - } - }); - } + public Object run() { + /* + * Certificates + */ + put("CertificateFactory.X.509", "netscape.security.provider.X509CertificateFactory"); + put("Alg.Alias.CertificateFactory.X.509", "X.509"); + return null; + } + }); + } } diff --git a/pki/base/util/src/netscape/security/provider/DSA.java b/pki/base/util/src/netscape/security/provider/DSA.java index 9fa5b9f6..26209557 100644 --- a/pki/base/util/src/netscape/security/provider/DSA.java +++ b/pki/base/util/src/netscape/security/provider/DSA.java @@ -40,11 +40,11 @@ import netscape.security.util.DerValue; * The Digital Signature Standard (using the Digital Signature * Algorithm), as described in fips186 of the National Instute of * Standards and Technology (NIST), using fips180-1 (SHA-1). - * + * * @author Benjamin Renaud - * + * * @version 1.86, 97/09/17 - * + * * @see DSAPublicKey * @see DSAPrivateKey */ @@ -65,7 +65,7 @@ public final class DSA extends Signature { /* The private key, if any */ private BigInteger presetX; - + /* The SHA hash for the data */ private MessageDigest dataSHA; @@ -89,8 +89,8 @@ public final class DSA extends Signature { * initialized before being usable for signing or verifying. */ public DSA() throws NoSuchAlgorithmException { - super("SHA/DSA"); - dataSHA = MessageDigest.getInstance("SHA"); + super("SHA/DSA"); + dataSHA = MessageDigest.getInstance("SHA"); } /** @@ -99,19 +99,19 @@ public final class DSA extends Signature { * @param privateKey the DSA private key * * @exception InvalidKeyException if the key is not a valid DSA private - * key. + * key. */ protected void engineInitSign(PrivateKey privateKey) - throws InvalidKeyException { - if (!(privateKey instanceof java.security.interfaces.DSAPrivateKey)) { - throw new InvalidKeyException("not a DSA private key: " + - privateKey); - } - java.security.interfaces.DSAPrivateKey priv = - (java.security.interfaces.DSAPrivateKey)privateKey; - - this.presetX = priv.getX(); - initialize(priv.getParams()); + throws InvalidKeyException { + if (!(privateKey instanceof java.security.interfaces.DSAPrivateKey)) { + throw new InvalidKeyException("not a DSA private key: " + + privateKey); + } + java.security.interfaces.DSAPrivateKey priv = + (java.security.interfaces.DSAPrivateKey) privateKey; + + this.presetX = priv.getX(); + initialize(priv.getParams()); } /** @@ -120,138 +120,138 @@ public final class DSA extends Signature { * @param publicKey the DSA public key. * * @exception InvalidKeyException if the key is not a valid DSA public - * key. + * key. */ protected void engineInitVerify(PublicKey publicKey) - throws InvalidKeyException { - if (!(publicKey instanceof java.security.interfaces.DSAPublicKey)) { - throw new InvalidKeyException("not a DSA public key: " + - publicKey); - } - java.security.interfaces.DSAPublicKey pub = - (java.security.interfaces.DSAPublicKey)publicKey; - this.presetY = pub.getY(); - initialize(pub.getParams()); + throws InvalidKeyException { + if (!(publicKey instanceof java.security.interfaces.DSAPublicKey)) { + throw new InvalidKeyException("not a DSA public key: " + + publicKey); + } + java.security.interfaces.DSAPublicKey pub = + (java.security.interfaces.DSAPublicKey) publicKey; + this.presetY = pub.getY(); + initialize(pub.getParams()); } private void initialize(DSAParams params) { - dataSHA.reset(); - setParams(params); + dataSHA.reset(); + setParams(params); } /** * Sign all the data thus far updated. The signature is formatted * according to the Canonical Encoding Rules, returned as a DER * sequence of Integer, r and s. - * + * * @return a signature block formatted according to the Canonical - * Encoding Rules. - * + * Encoding Rules. + * * @exception SignatureException if the signature object was not - * properly initialized, or if another exception occurs. + * properly initialized, or if another exception occurs. * * @see netscape.security.provider.DSA#engineUpdate * @see netscape.security.provider.DSA#engineVerify */ - protected byte[] engineSign() throws SignatureException { - BigInteger k = generateK(presetQ); - BigInteger r = generateR(presetP, presetQ, presetG, k); - BigInteger s = generateS(presetX, presetQ, r, k); - - // got to convert to BigInt... - BigInt rAsBigInt = new BigInt(r.toByteArray()); - BigInt sAsBigInt = new BigInt(s.toByteArray()); - - try { - DerOutputStream outseq = new DerOutputStream(100); - outseq.putInteger(rAsBigInt); - outseq.putInteger(sAsBigInt); - DerValue result = new DerValue(DerValue.tag_Sequence, - outseq.toByteArray()); - - return result.toByteArray(); - - } catch (IOException e) { - throw new SignatureException("error encoding signature"); - } + protected byte[] engineSign() throws SignatureException { + BigInteger k = generateK(presetQ); + BigInteger r = generateR(presetP, presetQ, presetG, k); + BigInteger s = generateS(presetX, presetQ, r, k); + + // got to convert to BigInt... + BigInt rAsBigInt = new BigInt(r.toByteArray()); + BigInt sAsBigInt = new BigInt(s.toByteArray()); + + try { + DerOutputStream outseq = new DerOutputStream(100); + outseq.putInteger(rAsBigInt); + outseq.putInteger(sAsBigInt); + DerValue result = new DerValue(DerValue.tag_Sequence, + outseq.toByteArray()); + + return result.toByteArray(); + + } catch (IOException e) { + throw new SignatureException("error encoding signature"); + } } /** - * Verify all the data thus far updated. - * + * Verify all the data thus far updated. + * * @param signature the alledged signature, encoded using the - * Canonical Encoding Rules, as a sequence of integers, r and s. - * + * Canonical Encoding Rules, as a sequence of integers, r and s. + * * @exception SignatureException if the signature object was not - * properly initialized, or if another exception occurs. - * + * properly initialized, or if another exception occurs. + * * @see netscape.security.provider.DSA#engineUpdate - * @see netscape.security.provider.DSA#engineSign + * @see netscape.security.provider.DSA#engineSign */ - protected boolean engineVerify(byte[] signature) - throws SignatureException { - - BigInteger r = null; - BigInteger s = null; - // first decode the signature. - try { - DerInputStream in = new DerInputStream(signature); - DerValue[] values = in.getSequence(2); - - r = values[0].getInteger().toBigInteger(); - s = values[1].getInteger().toBigInteger(); - - } catch (IOException e) { - throw new SignatureException("invalid encoding for signature"); - } - BigInteger w = generateW(presetP, presetQ, presetG, s); - BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r); - - return v.equals(r); + protected boolean engineVerify(byte[] signature) + throws SignatureException { + + BigInteger r = null; + BigInteger s = null; + // first decode the signature. + try { + DerInputStream in = new DerInputStream(signature); + DerValue[] values = in.getSequence(2); + + r = values[0].getInteger().toBigInteger(); + s = values[1].getInteger().toBigInteger(); + + } catch (IOException e) { + throw new SignatureException("invalid encoding for signature"); + } + BigInteger w = generateW(presetP, presetQ, presetG, s); + BigInteger v = generateV(presetY, presetP, presetQ, presetG, w, r); + + return v.equals(r); } BigInteger generateR(BigInteger p, BigInteger q, BigInteger g, - BigInteger k) { - BigInteger temp = g.modPow(k, p); - return temp.remainder(q); - - } - - BigInteger generateS(BigInteger x, BigInteger q, - BigInteger r, BigInteger k) { - - byte[] s2 = dataSHA.digest(); - BigInteger temp = new BigInteger(1, s2); - BigInteger k1 = k.modInverse(q); - - BigInteger s = x.multiply(r); - s = temp.add(s); - s = k1.multiply(s); - return s.remainder(q); + BigInteger k) { + BigInteger temp = g.modPow(k, p); + return temp.remainder(q); + + } + + BigInteger generateS(BigInteger x, BigInteger q, + BigInteger r, BigInteger k) { + + byte[] s2 = dataSHA.digest(); + BigInteger temp = new BigInteger(1, s2); + BigInteger k1 = k.modInverse(q); + + BigInteger s = x.multiply(r); + s = temp.add(s); + s = k1.multiply(s); + return s.remainder(q); } BigInteger generateW(BigInteger p, BigInteger q, - BigInteger g, BigInteger s) { - return s.modInverse(q); + BigInteger g, BigInteger s) { + return s.modInverse(q); } BigInteger generateV(BigInteger y, BigInteger p, - BigInteger q, BigInteger g, - BigInteger w, BigInteger r) { - - byte[] s2 = dataSHA.digest(); - BigInteger temp = new BigInteger(1, s2); - - temp = temp.multiply(w); - BigInteger u1 = temp.remainder(q); - - BigInteger u2 = (r.multiply(w)).remainder(q); - - BigInteger t1 = g.modPow(u1,p); - BigInteger t2 = y.modPow(u2,p); - BigInteger t3 = t1.multiply(t2); - BigInteger t5 = t3.remainder(p); - return t5.remainder(q); + BigInteger q, BigInteger g, + BigInteger w, BigInteger r) { + + byte[] s2 = dataSHA.digest(); + BigInteger temp = new BigInteger(1, s2); + + temp = temp.multiply(w); + BigInteger u1 = temp.remainder(q); + + BigInteger u2 = (r.multiply(w)).remainder(q); + + BigInteger t1 = g.modPow(u1, p); + BigInteger t2 = y.modPow(u2, p); + BigInteger t3 = t1.multiply(t2); + BigInteger t5 = t3.remainder(p); + return t5.remainder(q); } /* @@ -260,271 +260,272 @@ public final class DSA extends Signature { */ BigInteger generateK(BigInteger q) { - BigInteger k = null; - - // The application specified a Kseed for us to use. - // Note that we do not allow usage of the same Kseed twice in a row - if (Kseed != null && compareSeeds(Kseed, previousKseed) != 0) { - k = generateK(Kseed, q); - if (k.signum() > 0 && k.compareTo(q) < 0) { - previousKseed = new int [Kseed.length]; - System.arraycopy(Kseed, 0, previousKseed, 0, Kseed.length); - return k; - } - } - - // The application did not specify a Kseed for us to use. - // We'll generate a new Kseed by getting random bytes from - // a SecureRandom object. - SecureRandom random = getSigningRandom(); - - while (true) { - int[] seed = new int[5]; - - for (int i = 0; i < 5; i++) - seed[i] = random.nextInt(); - k = generateK(seed, q); - if (k.signum() > 0 && k.compareTo(q) < 0) { - previousKseed = new int [seed.length]; - System.arraycopy(seed, 0, previousKseed, 0, seed.length); - return k; - } - } + BigInteger k = null; + + // The application specified a Kseed for us to use. + // Note that we do not allow usage of the same Kseed twice in a row + if (Kseed != null && compareSeeds(Kseed, previousKseed) != 0) { + k = generateK(Kseed, q); + if (k.signum() > 0 && k.compareTo(q) < 0) { + previousKseed = new int[Kseed.length]; + System.arraycopy(Kseed, 0, previousKseed, 0, Kseed.length); + return k; + } + } + + // The application did not specify a Kseed for us to use. + // We'll generate a new Kseed by getting random bytes from + // a SecureRandom object. + SecureRandom random = getSigningRandom(); + + while (true) { + int[] seed = new int[5]; + + for (int i = 0; i < 5; i++) + seed[i] = random.nextInt(); + k = generateK(seed, q); + if (k.signum() > 0 && k.compareTo(q) < 0) { + previousKseed = new int[seed.length]; + System.arraycopy(seed, 0, previousKseed, 0, seed.length); + return k; + } + } } // Use the application-specified SecureRandom Object if provided. // Otherwise, use our default SecureRandom Object. private SecureRandom getSigningRandom() { - if (signingRandom == null) { - if (appRandom != null) - signingRandom = appRandom; - else - signingRandom = new SecureRandom(); - } - return signingRandom; + if (signingRandom == null) { + if (appRandom != null) + signingRandom = appRandom; + else + signingRandom = new SecureRandom(); + } + return signingRandom; } /* * return 0 if equal * return 1 if not equal */ - private int compareSeeds(int []seed1, int []seed2) { + private int compareSeeds(int[] seed1, int[] seed2) { - if ((seed1 == null && seed1 == null) || - (seed1 == null && seed2 != null) || - (seed1 != null && seed2 == null) || - seed1.length != seed2.length) - return 1; + if ((seed1 == null && seed1 == null) || + (seed1 == null && seed2 != null) || + (seed1 != null && seed2 == null) || + seed1.length != seed2.length) + return 1; - for (int i = 0; i < seed1.length; i++) { - if (seed1[i] != seed2[i]) - return 1; - } + for (int i = 0; i < seed1.length; i++) { + if (seed1[i] != seed2[i]) + return 1; + } - return 0; + return 0; } /** * Compute k for a DSA signature. - * + * * @param seed the seed for generating k. This seed should be - * secure. This is what is refered to as the KSEED in the DSA - * specification. - * + * secure. This is what is refered to as the KSEED in the DSA + * specification. + * * @param g the g parameter from the DSA key pair. */ BigInteger generateK(int[] seed, BigInteger q) { - // check out t in the spec. - int[] t = { 0xEFCDAB89, 0x98BADCFE, 0x10325476, - 0xC3D2E1F0, 0x67452301 }; - // - int[] tmp = DSA.SHA_7(seed, t); - byte[] tmpBytes = new byte[tmp.length * 4]; - for (int i = 0; i < tmp.length; i++) { - int k = tmp[i]; - for (int j = 0; j < 4; j++) { - tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8))); - } - } - BigInteger k = new BigInteger(1, tmpBytes).mod(q); - return k; + // check out t in the spec. + int[] t = { 0xEFCDAB89, 0x98BADCFE, 0x10325476, + 0xC3D2E1F0, 0x67452301 }; + // + int[] tmp = DSA.SHA_7(seed, t); + byte[] tmpBytes = new byte[tmp.length * 4]; + for (int i = 0; i < tmp.length; i++) { + int k = tmp[i]; + for (int j = 0; j < 4; j++) { + tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8))); + } + } + BigInteger k = new BigInteger(1, tmpBytes).mod(q); + return k; } - // Constants for each round + // Constants for each round private static final int round1_kt = 0x5a827999; private static final int round2_kt = 0x6ed9eba1; private static final int round3_kt = 0x8f1bbcdc; private static final int round4_kt = 0xca62c1d6; - /** - * Computes set 1 thru 7 of SHA-1 on m1. */ - static int[] SHA_7(int [] m1, int[] h) { - - int[] W = new int[80]; - System.arraycopy(m1,0,W,0,m1.length); - int temp = 0; - - for (int t = 16; t <= 79; t++){ - temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; - W[t] = ((temp << 1) | (temp >>>(32 - 1))); - } - - int a = h[0],b = h[1],c = h[2], d = h[3], e = h[4]; - for (int i = 0; i < 20; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - ((b&c)|((~b)&d))+ e + W[i] + round1_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 2 - for (int i = 20; i < 40; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - (b ^ c ^ d) + e + W[i] + round2_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 3 - for (int i = 40; i < 60; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 4 - for (int i = 60; i < 80; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - (b ^ c ^ d) + e + W[i] + round4_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - int[] md = new int[5]; - md[0] = h[0] + a; - md[1] = h[1] + b; - md[2] = h[2] + c; - md[3] = h[3] + d; - md[4] = h[4] + e; - return md; - } - + /** + * Computes set 1 thru 7 of SHA-1 on m1. + */ + static int[] SHA_7(int[] m1, int[] h) { + + int[] W = new int[80]; + System.arraycopy(m1, 0, W, 0, m1.length); + int temp = 0; + + for (int t = 16; t <= 79; t++) { + temp = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; + W[t] = ((temp << 1) | (temp >>> (32 - 1))); + } + + int a = h[0], b = h[1], c = h[2], d = h[3], e = h[4]; + for (int i = 0; i < 20; i++) { + temp = ((a << 5) | (a >>> (32 - 5))) + + ((b & c) | ((~b) & d)) + e + W[i] + round1_kt; + e = d; + d = c; + c = ((b << 30) | (b >>> (32 - 30))); + b = a; + a = temp; + } + + // Round 2 + for (int i = 20; i < 40; i++) { + temp = ((a << 5) | (a >>> (32 - 5))) + + (b ^ c ^ d) + e + W[i] + round2_kt; + e = d; + d = c; + c = ((b << 30) | (b >>> (32 - 30))); + b = a; + a = temp; + } + + // Round 3 + for (int i = 40; i < 60; i++) { + temp = ((a << 5) | (a >>> (32 - 5))) + + ((b & c) | (b & d) | (c & d)) + e + W[i] + round3_kt; + e = d; + d = c; + c = ((b << 30) | (b >>> (32 - 30))); + b = a; + a = temp; + } + + // Round 4 + for (int i = 60; i < 80; i++) { + temp = ((a << 5) | (a >>> (32 - 5))) + + (b ^ c ^ d) + e + W[i] + round4_kt; + e = d; + d = c; + c = ((b << 30) | (b >>> (32 - 30))); + b = a; + a = temp; + } + int[] md = new int[5]; + md[0] = h[0] + a; + md[1] = h[1] + b; + md[2] = h[2] + c; + md[3] = h[3] + d; + md[4] = h[4] + e; + return md; + } /** - * This implementation recognizes the following parameter:<dl> - * - * <dt><tt>Kseed</tt> + * This implementation recognizes the following parameter: + * <dl> + * + * <dt><tt>Kseed</tt> * * <dd>a byte array. - * + * * </dl> - * + * * @deprecated */ protected void engineSetParameter(String key, Object param) { - if (key.equals("KSEED")) { + if (key.equals("KSEED")) { - if (param instanceof byte[]) { + if (param instanceof byte[]) { - Kseed = byteArray2IntArray((byte[])param); - KseedAsByteArray = (byte[])param; + Kseed = byteArray2IntArray((byte[]) param); + KseedAsByteArray = (byte[]) param; - } else { - debug("unrecognized param: " + key); - throw new InvalidParameterException("Kseed not a byte array"); - } + } else { + debug("unrecognized param: " + key); + throw new InvalidParameterException("Kseed not a byte array"); + } - } else { - throw new InvalidParameterException("invalid parameter"); - } + } else { + throw new InvalidParameterException("invalid parameter"); + } } /** * Return the value of the requested parameter. Recognized - * parameters are: - * + * parameters are: + * * <dl> - * - * <dt><tt>Kseed</tt> + * + * <dt><tt>Kseed</tt> * * <dd>a byte array. - * + * * </dl> - * + * * @return the value of the requested parameter. - * + * * @deprecated */ protected Object engineGetParameter(String key) { - if (key.equals("KSEED")) { - return KseedAsByteArray; - } else { - return null; - } - } + if (key.equals("KSEED")) { + return KseedAsByteArray; + } else { + return null; + } + } /** * Set the algorithm object. */ private void setParams(DSAParams params) { - this.params = params; - this.presetP = params.getP(); - this.presetQ = params.getQ(); - this.presetG = params.getG(); + this.params = params; + this.presetP = params.getP(); + this.presetQ = params.getQ(); + this.presetG = params.getG(); } /** * Update a byte to be signed or verified. - * + * * @param b the byte to updated. */ protected void engineUpdate(byte b) { - dataSHA.update(b); + dataSHA.update(b); } - + /** * Update an array of bytes to be signed or verified. * * @param data the bytes to be updated. */ protected void engineUpdate(byte[] data, int off, int len) { - dataSHA.update(data, off, len); + dataSHA.update(data, off, len); } /** * Return a human readable rendition of the engine. */ public String toString() { - String printable = "DSA Signature"; - if (presetP != null && presetQ != null && presetG != null) { - printable += "\n\tp: " + presetP.toString(16); - printable += "\n\tq: " + presetQ.toString(16); - printable += "\n\tg: " + presetG.toString(16); - } else { - printable += "\n\t P, Q or G not initialized."; - } - if (presetY != null) { - printable += "\n\ty: " + presetY.toString(16); - } - if (presetY == null && presetX == null) { - printable += "\n\tUNINIIALIZED"; - } - return printable; + String printable = "DSA Signature"; + if (presetP != null && presetQ != null && presetG != null) { + printable += "\n\tp: " + presetP.toString(16); + printable += "\n\tq: " + presetQ.toString(16); + printable += "\n\tg: " + presetG.toString(16); + } else { + printable += "\n\t P, Q or G not initialized."; + } + if (presetY != null) { + printable += "\n\ty: " + presetY.toString(16); + } + if (presetY == null && presetX == null) { + printable += "\n\tUNINIIALIZED"; + } + return printable; } /* @@ -532,31 +533,39 @@ public final class DSA extends Signature { */ private int[] byteArray2IntArray(byte[] byteArray) { - int j = 0; - byte[] newBA; - int mod = byteArray.length % 4; - - // guarantee that the incoming byteArray is a multiple of 4 - // (pad with 0's) - switch (mod) { - case 3: newBA = new byte[byteArray.length + 1]; break; - case 2: newBA = new byte[byteArray.length + 2]; break; - case 1: newBA = new byte[byteArray.length + 3]; break; - default: newBA = new byte[byteArray.length + 0]; break; - } - System.arraycopy(byteArray, 0, newBA, 0, byteArray.length); - - // copy each set of 4 bytes in the byte array into an integer - int[] newSeed = new int[newBA.length / 4]; - for (int i = 0; i < newBA.length; i += 4) { - newSeed[j] = newBA[i + 3] & 0xFF; - newSeed[j] |= (newBA[i + 2] << 8) & 0xFF00; - newSeed[j] |= (newBA[i + 1] << 16) & 0xFF0000; - newSeed[j] |= (newBA[i + 0] << 24) & 0xFF000000; - j++; - } - - return newSeed; + int j = 0; + byte[] newBA; + int mod = byteArray.length % 4; + + // guarantee that the incoming byteArray is a multiple of 4 + // (pad with 0's) + switch (mod) { + case 3: + newBA = new byte[byteArray.length + 1]; + break; + case 2: + newBA = new byte[byteArray.length + 2]; + break; + case 1: + newBA = new byte[byteArray.length + 3]; + break; + default: + newBA = new byte[byteArray.length + 0]; + break; + } + System.arraycopy(byteArray, 0, newBA, 0, byteArray.length); + + // copy each set of 4 bytes in the byte array into an integer + int[] newSeed = new int[newBA.length / 4]; + for (int i = 0; i < newBA.length; i += 4) { + newSeed[j] = newBA[i + 3] & 0xFF; + newSeed[j] |= (newBA[i + 2] << 8) & 0xFF00; + newSeed[j] |= (newBA[i + 1] << 16) & 0xFF0000; + newSeed[j] |= (newBA[i + 0] << 24) & 0xFF000000; + j++; + } + + return newSeed; } /* We include the test vectors from the DSA specification, FIPS @@ -565,87 +574,87 @@ public final class DSA extends Signature { the message hash. */ static void testDSA() throws Exception { - PrintStream p = System.out; - - DSA dsa = new DSA(); - int[] Kseed = { 0x687a66d9, 0x0648f993, 0x867e121f, - 0x4ddf9ddb, 0x1205584 }; - BigInteger k = dsa.generateK(Kseed, q512); - p.println("k: " + k.toString(16)); - BigInteger r = dsa.generateR(p512, q512, g512, k); - p.println("r: " + r.toString(16)); - byte[] abc = { 0x61, 0x62, 0x63 }; - dsa.dataSHA.update(abc); - BigInteger s = dsa.generateS(x512, q512, r, k); - p.println("s: " + s.toString(16)); - - dsa.dataSHA.update(abc); - BigInteger w = dsa.generateW(p512, q512, g512, s); - p.println("w: " + w.toString(16)); - BigInteger v = dsa.generateV(y512, p512, q512, g512, w, r); - p.println("v: " + v.toString(16)); - if (v.equals(r)) { - p.println("signature verifies."); - } else { - p.println("signature does not verify."); - } + PrintStream p = System.out; + + DSA dsa = new DSA(); + int[] Kseed = { 0x687a66d9, 0x0648f993, 0x867e121f, + 0x4ddf9ddb, 0x1205584 }; + BigInteger k = dsa.generateK(Kseed, q512); + p.println("k: " + k.toString(16)); + BigInteger r = dsa.generateR(p512, q512, g512, k); + p.println("r: " + r.toString(16)); + byte[] abc = { 0x61, 0x62, 0x63 }; + dsa.dataSHA.update(abc); + BigInteger s = dsa.generateS(x512, q512, r, k); + p.println("s: " + s.toString(16)); + + dsa.dataSHA.update(abc); + BigInteger w = dsa.generateW(p512, q512, g512, s); + p.println("w: " + w.toString(16)); + BigInteger v = dsa.generateV(y512, p512, q512, g512, w, r); + p.println("v: " + v.toString(16)); + if (v.equals(r)) { + p.println("signature verifies."); + } else { + p.println("signature does not verify."); + } } /* Test vector: 512-bit keys generated by our key generator. */ - static BigInteger p512 = - new BigInteger("fca682ce8e12caba26efccf7110e526db078b05edecb" + - "cd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e1" + - "2ed0899bcd132acd50d99151bdc43ee737592e17", 16); + static BigInteger p512 = + new BigInteger("fca682ce8e12caba26efccf7110e526db078b05edecb" + + "cd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e1" + + "2ed0899bcd132acd50d99151bdc43ee737592e17", 16); + + static BigInteger q512 = + new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16); - static BigInteger q512 = - new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16); - - static BigInteger g512 = - new BigInteger("678471b27a9cf44ee91a49c5147db1a9aaf244f05a43" + - "4d6486931d2d14271b9e35030b71fd73da179069b32e" + - "2935630e1c2062354d0da20a6c416e50be794ca4", 16); + static BigInteger g512 = + new BigInteger("678471b27a9cf44ee91a49c5147db1a9aaf244f05a43" + + "4d6486931d2d14271b9e35030b71fd73da179069b32e" + + "2935630e1c2062354d0da20a6c416e50be794ca4", 16); - static BigInteger x512 = - new BigInteger("3406c2d71b04b5fc0db62afcad58a6607d3de688", 16); + static BigInteger x512 = + new BigInteger("3406c2d71b04b5fc0db62afcad58a6607d3de688", 16); static BigInteger y512 = - new BigInteger("2d335d76b8ec9d610aa8f2cbb4b149fd96fdd" + - "3a9a6e62bd6c2e01d406be4d1d72718a2fe08bea6d12f5e452474461f70f4" + - "dea60508e9fe2eaec23d2ec5d1a866", 16); + new BigInteger("2d335d76b8ec9d610aa8f2cbb4b149fd96fdd" + + "3a9a6e62bd6c2e01d406be4d1d72718a2fe08bea6d12f5e452474461f70f4" + + "dea60508e9fe2eaec23d2ec5d1a866", 16); /* Official NIST 512-bit test keys */ static String pString = "8df2a494492276aa3d25759bb06869cbeac0d83afb8d0" + - "cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec" + - "0736ee31c80291"; + "cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec" + + "0736ee31c80291"; static BigInteger testP = new BigInteger(pString, 16); static String gString = "626d027839ea0a13413163a55b4cb500299d5522956ce" + - "fcb3bff10f399ce2c2e71cb9de5fa24babf58e5b79521925c9cc42e9f6f464b088cc5" + - "72af53e6d78802"; + "fcb3bff10f399ce2c2e71cb9de5fa24babf58e5b79521925c9cc42e9f6f464b088cc5" + + "72af53e6d78802"; static BigInteger testG = new BigInteger(gString, 16); static BigInteger testQ = new BigInteger("c773218c737ec8ee993b4f2ded30" + - "f48edace915f", 16); + "f48edace915f", 16); - static BigInteger testX = new BigInteger("2070b3223dba372fde1c0ffc7b2e" + - "3b498b260614", 16); + static BigInteger testX = new BigInteger("2070b3223dba372fde1c0ffc7b2e" + + "3b498b260614", 16); static String yString = "19131871d75b1612a819f29d78d1b0d7346f7aa77" + - "bb62a859bfd6c5675da9d212d3a36ef1672ef660b8c7c255cc0ec74858fba33f44c06" + - "699630a76b030ee333"; + "bb62a859bfd6c5675da9d212d3a36ef1672ef660b8c7c255cc0ec74858fba33f44c06" + + "699630a76b030ee333"; static BigInteger testY = new BigInteger(yString, 16); /* End test vector values */ private static void debug(String s) { - if (debug) { - System.err.println(s); - } + if (debug) { + System.err.println(s); + } } } diff --git a/pki/base/util/src/netscape/security/provider/DSAKeyFactory.java b/pki/base/util/src/netscape/security/provider/DSAKeyFactory.java index f2292e34..1d77a728 100755 --- a/pki/base/util/src/netscape/security/provider/DSAKeyFactory.java +++ b/pki/base/util/src/netscape/security/provider/DSAKeyFactory.java @@ -32,11 +32,11 @@ import java.security.spec.X509EncodedKeySpec; /** * This class implements the DSA key factory of the Sun provider. - * + * * @author Jan Luehe - * + * * @version 1.8, 97/12/10 - * + * * @since JDK1.2 */ @@ -45,202 +45,189 @@ public class DSAKeyFactory extends KeyFactorySpi { /** * Generates a public key object from the provided key specification * (key material). - * + * * @param keySpec the specification (key material) of the public key - * + * * @return the public key - * + * * @exception InvalidKeySpecException if the given key specification - * is inappropriate for this key factory to produce a public key. + * is inappropriate for this key factory to produce a public key. */ protected PublicKey engineGeneratePublic(KeySpec keySpec) - throws InvalidKeySpecException { - try { - if (keySpec instanceof DSAPublicKeySpec) { - DSAPublicKeySpec dsaPubKeySpec = (DSAPublicKeySpec)keySpec; - return new DSAPublicKey(dsaPubKeySpec.getY(), - dsaPubKeySpec.getP(), - dsaPubKeySpec.getQ(), - dsaPubKeySpec.getG()); - - } else if (keySpec instanceof X509EncodedKeySpec) { - return new DSAPublicKey - (((X509EncodedKeySpec)keySpec).getEncoded()); - - } else { - throw new InvalidKeySpecException - ("Inappropriate key specification"); - } - } catch (InvalidKeyException e) { - throw new InvalidKeySpecException - ("Inappropriate key specification: " + e.getMessage()); - } + throws InvalidKeySpecException { + try { + if (keySpec instanceof DSAPublicKeySpec) { + DSAPublicKeySpec dsaPubKeySpec = (DSAPublicKeySpec) keySpec; + return new DSAPublicKey(dsaPubKeySpec.getY(), + dsaPubKeySpec.getP(), + dsaPubKeySpec.getQ(), + dsaPubKeySpec.getG()); + + } else if (keySpec instanceof X509EncodedKeySpec) { + return new DSAPublicKey(((X509EncodedKeySpec) keySpec).getEncoded()); + + } else { + throw new InvalidKeySpecException("Inappropriate key specification"); + } + } catch (InvalidKeyException e) { + throw new InvalidKeySpecException("Inappropriate key specification: " + e.getMessage()); + } } /** * Generates a private key object from the provided key specification * (key material). - * + * * @param keySpec the specification (key material) of the private key - * + * * @return the private key - * + * * @exception InvalidKeySpecException if the given key specification - * is inappropriate for this key factory to produce a private key. + * is inappropriate for this key factory to produce a private key. */ protected PrivateKey engineGeneratePrivate(KeySpec keySpec) - throws InvalidKeySpecException { - try { - if (keySpec instanceof DSAPrivateKeySpec) { - DSAPrivateKeySpec dsaPrivKeySpec = (DSAPrivateKeySpec)keySpec; - return new DSAPrivateKey(dsaPrivKeySpec.getX(), - dsaPrivKeySpec.getP(), - dsaPrivKeySpec.getQ(), - dsaPrivKeySpec.getG()); - - } else if (keySpec instanceof PKCS8EncodedKeySpec) { - return new DSAPrivateKey - (((PKCS8EncodedKeySpec)keySpec).getEncoded()); - - } else { - throw new InvalidKeySpecException - ("Inappropriate key specification"); - } - } catch (InvalidKeyException e) { - throw new InvalidKeySpecException - ("Inappropriate key specification: " + e.getMessage()); - } + throws InvalidKeySpecException { + try { + if (keySpec instanceof DSAPrivateKeySpec) { + DSAPrivateKeySpec dsaPrivKeySpec = (DSAPrivateKeySpec) keySpec; + return new DSAPrivateKey(dsaPrivKeySpec.getX(), + dsaPrivKeySpec.getP(), + dsaPrivKeySpec.getQ(), + dsaPrivKeySpec.getG()); + + } else if (keySpec instanceof PKCS8EncodedKeySpec) { + return new DSAPrivateKey(((PKCS8EncodedKeySpec) keySpec).getEncoded()); + + } else { + throw new InvalidKeySpecException("Inappropriate key specification"); + } + } catch (InvalidKeyException e) { + throw new InvalidKeySpecException("Inappropriate key specification: " + e.getMessage()); + } } /** * Returns a specification (key material) of the given key object * in the requested format. - * - * @param key the key - * + * + * @param key the key + * * @param keySpec the requested format in which the key material shall be - * returned - * + * returned + * * @return the underlying key specification (key material) in the - * requested format - * + * requested format + * * @exception InvalidKeySpecException if the requested key specification is - * inappropriate for the given key, or the given key cannot be processed - * (e.g., the given key has an unrecognized algorithm or format). + * inappropriate for the given key, or the given key cannot be processed + * (e.g., the given key has an unrecognized algorithm or format). */ protected KeySpec engineGetKeySpec(Key key, Class keySpec) - throws InvalidKeySpecException { - - DSAParams params; - - try { - - if (key instanceof java.security.interfaces.DSAPublicKey) { - - // Determine valid key specs - Class dsaPubKeySpec = Class.forName - ("java.security.spec.DSAPublicKeySpec"); - Class x509KeySpec = Class.forName - ("java.security.spec.X509EncodedKeySpec"); - - if (dsaPubKeySpec.isAssignableFrom(keySpec)) { - java.security.interfaces.DSAPublicKey dsaPubKey - = (java.security.interfaces.DSAPublicKey)key; - params = dsaPubKey.getParams(); - return new DSAPublicKeySpec(dsaPubKey.getY(), - params.getP(), - params.getQ(), - params.getG()); - - } else if (x509KeySpec.isAssignableFrom(keySpec)) { - return new X509EncodedKeySpec(key.getEncoded()); - - } else { - throw new InvalidKeySpecException - ("Inappropriate key specification"); - } - - } else if (key instanceof java.security.interfaces.DSAPrivateKey) { - - // Determine valid key specs - Class dsaPrivKeySpec = Class.forName - ("java.security.spec.DSAPrivateKeySpec"); - Class pkcs8KeySpec = Class.forName - ("java.security.spec.PKCS8EncodedKeySpec"); - - if (dsaPrivKeySpec.isAssignableFrom(keySpec)) { - java.security.interfaces.DSAPrivateKey dsaPrivKey - = (java.security.interfaces.DSAPrivateKey)key; - params = dsaPrivKey.getParams(); - return new DSAPrivateKeySpec(dsaPrivKey.getX(), - params.getP(), - params.getQ(), - params.getG()); - - } else if (pkcs8KeySpec.isAssignableFrom(keySpec)) { - return new PKCS8EncodedKeySpec(key.getEncoded()); - - } else { - throw new InvalidKeySpecException - ("Inappropriate key specification"); - } - - } else { - throw new InvalidKeySpecException("Inappropriate key type"); - } - - } catch (ClassNotFoundException e) { - throw new InvalidKeySpecException - ("Unsupported key specification: " + e.getMessage()); - } + throws InvalidKeySpecException { + + DSAParams params; + + try { + + if (key instanceof java.security.interfaces.DSAPublicKey) { + + // Determine valid key specs + Class dsaPubKeySpec = Class.forName + ("java.security.spec.DSAPublicKeySpec"); + Class x509KeySpec = Class.forName + ("java.security.spec.X509EncodedKeySpec"); + + if (dsaPubKeySpec.isAssignableFrom(keySpec)) { + java.security.interfaces.DSAPublicKey dsaPubKey = (java.security.interfaces.DSAPublicKey) key; + params = dsaPubKey.getParams(); + return new DSAPublicKeySpec(dsaPubKey.getY(), + params.getP(), + params.getQ(), + params.getG()); + + } else if (x509KeySpec.isAssignableFrom(keySpec)) { + return new X509EncodedKeySpec(key.getEncoded()); + + } else { + throw new InvalidKeySpecException("Inappropriate key specification"); + } + + } else if (key instanceof java.security.interfaces.DSAPrivateKey) { + + // Determine valid key specs + Class dsaPrivKeySpec = Class.forName + ("java.security.spec.DSAPrivateKeySpec"); + Class pkcs8KeySpec = Class.forName + ("java.security.spec.PKCS8EncodedKeySpec"); + + if (dsaPrivKeySpec.isAssignableFrom(keySpec)) { + java.security.interfaces.DSAPrivateKey dsaPrivKey = (java.security.interfaces.DSAPrivateKey) key; + params = dsaPrivKey.getParams(); + return new DSAPrivateKeySpec(dsaPrivKey.getX(), + params.getP(), + params.getQ(), + params.getG()); + + } else if (pkcs8KeySpec.isAssignableFrom(keySpec)) { + return new PKCS8EncodedKeySpec(key.getEncoded()); + + } else { + throw new InvalidKeySpecException("Inappropriate key specification"); + } + + } else { + throw new InvalidKeySpecException("Inappropriate key type"); + } + + } catch (ClassNotFoundException e) { + throw new InvalidKeySpecException("Unsupported key specification: " + e.getMessage()); + } } /** * Translates a key object, whose provider may be unknown or potentially * untrusted, into a corresponding key object of this key factory. - * + * * @param key the key whose provider is unknown or untrusted - * + * * @return the translated key - * + * * @exception InvalidKeyException if the given key cannot be processed by - * this key factory. + * this key factory. */ protected Key engineTranslateKey(Key key) throws InvalidKeyException { - try { - - if (key instanceof java.security.interfaces.DSAPublicKey) { - // Check if key originates from this factory - if (key instanceof netscape.security.provider.DSAPublicKey) { - return key; - } - // Convert key to spec - DSAPublicKeySpec dsaPubKeySpec - = (DSAPublicKeySpec)engineGetKeySpec - (key, DSAPublicKeySpec.class); - // Create key from spec, and return it - return engineGeneratePublic(dsaPubKeySpec); - - } else if (key instanceof java.security.interfaces.DSAPrivateKey) { - // Check if key originates from this factory - if (key instanceof netscape.security.provider.DSAPrivateKey) { - return key; - } - // Convert key to spec - DSAPrivateKeySpec dsaPrivKeySpec - = (DSAPrivateKeySpec)engineGetKeySpec - (key, DSAPrivateKeySpec.class); - // Create key from spec, and return it - return engineGeneratePrivate(dsaPrivKeySpec); - - } else { - throw new InvalidKeyException("Wrong algorithm type"); - } - - } catch (InvalidKeySpecException e) { - throw new InvalidKeyException("Cannot translate key: " + try { + + if (key instanceof java.security.interfaces.DSAPublicKey) { + // Check if key originates from this factory + if (key instanceof netscape.security.provider.DSAPublicKey) { + return key; + } + // Convert key to spec + DSAPublicKeySpec dsaPubKeySpec = (DSAPublicKeySpec) engineGetKeySpec + (key, DSAPublicKeySpec.class); + // Create key from spec, and return it + return engineGeneratePublic(dsaPubKeySpec); + + } else if (key instanceof java.security.interfaces.DSAPrivateKey) { + // Check if key originates from this factory + if (key instanceof netscape.security.provider.DSAPrivateKey) { + return key; + } + // Convert key to spec + DSAPrivateKeySpec dsaPrivKeySpec = (DSAPrivateKeySpec) engineGetKeySpec + (key, DSAPrivateKeySpec.class); + // Create key from spec, and return it + return engineGeneratePrivate(dsaPrivKeySpec); + + } else { + throw new InvalidKeyException("Wrong algorithm type"); + } + + } catch (InvalidKeySpecException e) { + throw new InvalidKeyException("Cannot translate key: " + e.getMessage()); - } + } } } diff --git a/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java b/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java index 4b781fa1..f9736467 100644 --- a/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java +++ b/pki/base/util/src/netscape/security/provider/DSAKeyPairGenerator.java @@ -40,119 +40,117 @@ import netscape.security.x509.AlgIdDSA; * This class generates DSA key parameters and public/private key * pairs according to the DSS standard NIST FIPS 186. It uses the * updated version of SHA, SHA-1 as described in FIPS 180-1. - * + * * @author Benjamin Renaud - * + * * @version 1.23, 97/12/10 */ -public class DSAKeyPairGenerator extends KeyPairGenerator -implements java.security.interfaces.DSAKeyPairGenerator { - +public class DSAKeyPairGenerator extends KeyPairGenerator + implements java.security.interfaces.DSAKeyPairGenerator { + private static Hashtable precomputedParams; static { - /* We support precomputed parameter for 512, 768 and 1024 bit - moduli. In this file we provide both the seed and counter - value of the generation process for each of these seeds, - for validation purposes. We also include the test vectors - from the DSA specification, FIPS 186, and the FIPS 186 - Change No 1, which updates the test vector using SHA-1 - instead of SHA (for both the G function and the message - hash. - */ - - precomputedParams = new Hashtable(); - - /* - * L = 512 - * SEED = b869c82b35d70e1b1ff91b28e37a62ecdc34409b - * counter = 123 - */ - BigInteger p512 = - new BigInteger("fca682ce8e12caba26efccf7110e526db078b05edecb" + - "cd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e1" + - "2ed0899bcd132acd50d99151bdc43ee737592e17", 16); - - BigInteger q512 = - new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16); - - BigInteger g512 = - new BigInteger("678471b27a9cf44ee91a49c5147db1a9aaf244f05a43" + - "4d6486931d2d14271b9e35030b71fd73da179069b32e" + - "2935630e1c2062354d0da20a6c416e50be794ca4", 16); - - /* - * L = 768 - * SEED = 77d0f8c4dad15eb8c4f2f8d6726cefd96d5bb399 - * counter = 263 - */ - BigInteger p768 = - new BigInteger("e9e642599d355f37c97ffd3567120b8e25c9cd43e" + - "927b3a9670fbec5d890141922d2c3b3ad24800937" + - "99869d1e846aab49fab0ad26d2ce6a22219d470bc" + - "e7d777d4a21fbe9c270b57f607002f3cef8393694" + - "cf45ee3688c11a8c56ab127a3daf", 16); - - BigInteger q768 = - new BigInteger("9cdbd84c9f1ac2f38d0f80f42ab952e7338bf511", - 16); - - BigInteger g768 = - new BigInteger("30470ad5a005fb14ce2d9dcd87e38bc7d1b1c5fac" + - "baecbe95f190aa7a31d23c4dbbcbe06174544401a" + - "5b2c020965d8c2bd2171d3668445771f74ba084d2" + - "029d83c1c158547f3a9f1a2715be23d51ae4d3e5a" + - "1f6a7064f316933a346d3f529252", 16); - - - /* - * L = 1024 - * SEED = 8d5155894229d5e689ee01e6018a237e2cae64cd - * counter = 92 - */ - BigInteger p1024 = - new BigInteger("fd7f53811d75122952df4a9c2eece4e7f611b7523c" + - "ef4400c31e3f80b6512669455d402251fb593d8d58" + - "fabfc5f5ba30f6cb9b556cd7813b801d346ff26660" + - "b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c6" + - "1bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554" + - "135a169132f675f3ae2b61d72aeff22203199dd148" + - "01c7", 16); - - BigInteger q1024 = - new BigInteger("9760508f15230bccb292b982a2eb840bf0581cf5", - 16); - - BigInteger g1024 = - new BigInteger("f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa" + - "3aea82f9574c0b3d0782675159578ebad4594fe671" + - "07108180b449167123e84c281613b7cf09328cc8a6" + - "e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f" + - "0bfa213562f1fb627a01243bcca4f1bea8519089a8" + - "83dfe15ae59f06928b665e807b552564014c3bfecf" + - "492a", 16); - - try { - AlgIdDSA alg512 = new AlgIdDSA(p512, q512, g512); - AlgIdDSA alg768 = new AlgIdDSA(p768, q768, g768); - AlgIdDSA alg1024 = new AlgIdDSA(p1024, q1024, g1024); - - precomputedParams.put(Integer.valueOf(512), alg512); - precomputedParams.put(Integer.valueOf(768), alg768); - precomputedParams.put(Integer.valueOf(1024), alg1024); - - } catch (Exception e) { - throw new InternalError("initializing precomputed " + - "algorithm parameters for Sun DSA"); - } + /* We support precomputed parameter for 512, 768 and 1024 bit + moduli. In this file we provide both the seed and counter + value of the generation process for each of these seeds, + for validation purposes. We also include the test vectors + from the DSA specification, FIPS 186, and the FIPS 186 + Change No 1, which updates the test vector using SHA-1 + instead of SHA (for both the G function and the message + hash. + */ + + precomputedParams = new Hashtable(); + + /* + * L = 512 + * SEED = b869c82b35d70e1b1ff91b28e37a62ecdc34409b + * counter = 123 + */ + BigInteger p512 = + new BigInteger("fca682ce8e12caba26efccf7110e526db078b05edecb" + + "cd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e1" + + "2ed0899bcd132acd50d99151bdc43ee737592e17", 16); + + BigInteger q512 = + new BigInteger("962eddcc369cba8ebb260ee6b6a126d9346e38c5", 16); + + BigInteger g512 = + new BigInteger("678471b27a9cf44ee91a49c5147db1a9aaf244f05a43" + + "4d6486931d2d14271b9e35030b71fd73da179069b32e" + + "2935630e1c2062354d0da20a6c416e50be794ca4", 16); + + /* + * L = 768 + * SEED = 77d0f8c4dad15eb8c4f2f8d6726cefd96d5bb399 + * counter = 263 + */ + BigInteger p768 = + new BigInteger("e9e642599d355f37c97ffd3567120b8e25c9cd43e" + + "927b3a9670fbec5d890141922d2c3b3ad24800937" + + "99869d1e846aab49fab0ad26d2ce6a22219d470bc" + + "e7d777d4a21fbe9c270b57f607002f3cef8393694" + + "cf45ee3688c11a8c56ab127a3daf", 16); + + BigInteger q768 = + new BigInteger("9cdbd84c9f1ac2f38d0f80f42ab952e7338bf511", + 16); + + BigInteger g768 = + new BigInteger("30470ad5a005fb14ce2d9dcd87e38bc7d1b1c5fac" + + "baecbe95f190aa7a31d23c4dbbcbe06174544401a" + + "5b2c020965d8c2bd2171d3668445771f74ba084d2" + + "029d83c1c158547f3a9f1a2715be23d51ae4d3e5a" + + "1f6a7064f316933a346d3f529252", 16); + + /* + * L = 1024 + * SEED = 8d5155894229d5e689ee01e6018a237e2cae64cd + * counter = 92 + */ + BigInteger p1024 = + new BigInteger("fd7f53811d75122952df4a9c2eece4e7f611b7523c" + + "ef4400c31e3f80b6512669455d402251fb593d8d58" + + "fabfc5f5ba30f6cb9b556cd7813b801d346ff26660" + + "b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c6" + + "1bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554" + + "135a169132f675f3ae2b61d72aeff22203199dd148" + + "01c7", 16); + + BigInteger q1024 = + new BigInteger("9760508f15230bccb292b982a2eb840bf0581cf5", + 16); + + BigInteger g1024 = + new BigInteger("f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa" + + "3aea82f9574c0b3d0782675159578ebad4594fe671" + + "07108180b449167123e84c281613b7cf09328cc8a6" + + "e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f" + + "0bfa213562f1fb627a01243bcca4f1bea8519089a8" + + "83dfe15ae59f06928b665e807b552564014c3bfecf" + + "492a", 16); + + try { + AlgIdDSA alg512 = new AlgIdDSA(p512, q512, g512); + AlgIdDSA alg768 = new AlgIdDSA(p768, q768, g768); + AlgIdDSA alg1024 = new AlgIdDSA(p1024, q1024, g1024); + + precomputedParams.put(Integer.valueOf(512), alg512); + precomputedParams.put(Integer.valueOf(768), alg768); + precomputedParams.put(Integer.valueOf(1024), alg1024); + + } catch (Exception e) { + throw new InternalError("initializing precomputed " + + "algorithm parameters for Sun DSA"); + } } - /* The modulus length */ private int modlen = 1024; - + /* Generate new parameters, even if we have precomputed ones. */ boolean generateNewParameters = false; @@ -163,242 +161,237 @@ implements java.security.interfaces.DSAKeyPairGenerator { SecureRandom random; public DSAKeyPairGenerator() { - super("DSA"); + super("DSA"); } public void initialize(int strength, SecureRandom random) { - if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) { - throw new InvalidParameterException - ("Modulus size must range from 512 to 1024 " - + "and be a multiple of 64"); - } - - /* Set the random */ - this.random = random; - if (this.random == null) { - this.random = new SecureRandom(); - } - - this.modlen = strength; - DSAParams params = null; - - /* Find the precomputed parameters, if any */ - if (!generateNewParameters) { - Integer mod = Integer.valueOf(this.modlen); - params = (DSAParams)precomputedParams.get(mod); - } - if (params != null) { - setParams(params); - } + if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) { + throw new InvalidParameterException("Modulus size must range from 512 to 1024 " + + "and be a multiple of 64"); + } + + /* Set the random */ + this.random = random; + if (this.random == null) { + this.random = new SecureRandom(); + } + + this.modlen = strength; + DSAParams params = null; + + /* Find the precomputed parameters, if any */ + if (!generateNewParameters) { + Integer mod = Integer.valueOf(this.modlen); + params = (DSAParams) precomputedParams.get(mod); + } + if (params != null) { + setParams(params); + } } /** - * Initializes the DSA key pair generator. If <code>genParams</code> - * is false, a set of pre-computed parameters is used. In this case, - * <code>modelen</code> must be 512, 768, or 1024. + * Initializes the DSA key pair generator. If <code>genParams</code> is false, a set of pre-computed parameters is used. In this case, <code>modelen</code> must be 512, 768, or 1024. */ public void initialize(int modlen, boolean genParams, SecureRandom random) - throws InvalidParameterException { - if (genParams == false && modlen != 512 && modlen != 768 - && modlen != 1024) { - throw new InvalidParameterException - ("No precomputed parameters for requested modulus size " - + "available"); - } - this.generateNewParameters = genParams; - initialize(modlen, random); + throws InvalidParameterException { + if (genParams == false && modlen != 512 && modlen != 768 + && modlen != 1024) { + throw new InvalidParameterException("No precomputed parameters for requested modulus size " + + "available"); + } + this.generateNewParameters = genParams; + initialize(modlen, random); } /** * Initializes the DSA object using a DSA parameter object. - * + * * @param params a fully initialized DSA parameter object. */ - public void initialize(DSAParams params, SecureRandom random) - throws InvalidParameterException { - initialize(params.getP().bitLength(), random); - setParams(params); + public void initialize(DSAParams params, SecureRandom random) + throws InvalidParameterException { + initialize(params.getP().bitLength(), random); + setParams(params); } /** * Initializes the DSA object using a parameter object. - * + * * @param params the parameter set to be used to generate - * the keys. + * the keys. * @param random the source of randomness for this generator. - * + * * @exception InvalidAlgorithmParameterException if the given parameters - * are inappropriate for this key pair generator + * are inappropriate for this key pair generator */ public void initialize(AlgorithmParameterSpec params, SecureRandom random) - throws InvalidAlgorithmParameterException { - if (!(params instanceof DSAParameterSpec)) { - throw new InvalidAlgorithmParameterException - ("Inappropriate parameter"); - } - initialize(((DSAParameterSpec)params).getP().bitLength(), - random); - setParams((DSAParameterSpec)params); + throws InvalidAlgorithmParameterException { + if (!(params instanceof DSAParameterSpec)) { + throw new InvalidAlgorithmParameterException("Inappropriate parameter"); + } + initialize(((DSAParameterSpec) params).getP().bitLength(), + random); + setParams((DSAParameterSpec) params); } /** * Generates a pair of keys usable by any JavaSecurity compliant * DSA implementation. - * + * * @param rnd the source of random bits from which the random key - * generation parameters are drawn. In particular, this includes - * the XSEED parameter. - * + * generation parameters are drawn. In particular, this includes + * the XSEED parameter. + * * @exception InvalidParameterException if the modulus is not - * between 512 and 1024. + * between 512 and 1024. */ public KeyPair generateKeyPair() { - // set random if initialize() method has been skipped - if (this.random == null) { - this.random = new SecureRandom(); - } - - if (presetP == null || presetQ == null || presetG == null || - generateNewParameters) { - - AlgorithmParameterGenerator dsaParamGen; - - try { - dsaParamGen = AlgorithmParameterGenerator.getInstance("DSA", - "SUN"); - } catch (NoSuchAlgorithmException e) { - // this should never happen, because we provide it - throw new RuntimeException(e.getMessage()); - } catch (NoSuchProviderException e) { - // this should never happen, because we provide it - throw new RuntimeException(e.getMessage()); - } - - dsaParamGen.init(modlen, random); - - DSAParameterSpec dsaParamSpec; - try { - dsaParamSpec = (DSAParameterSpec) - dsaParamGen.generateParameters().getParameterSpec - (DSAParameterSpec.class); - } catch (InvalidParameterSpecException e) { - // this should never happen - throw new RuntimeException(e.getMessage()); - } - presetP = dsaParamSpec.getP(); - presetQ = dsaParamSpec.getQ(); - presetG = dsaParamSpec.getG(); - } - - return generateKeyPair(presetP, presetQ, presetG, random); + // set random if initialize() method has been skipped + if (this.random == null) { + this.random = new SecureRandom(); + } + + if (presetP == null || presetQ == null || presetG == null || + generateNewParameters) { + + AlgorithmParameterGenerator dsaParamGen; + + try { + dsaParamGen = AlgorithmParameterGenerator.getInstance("DSA", + "SUN"); + } catch (NoSuchAlgorithmException e) { + // this should never happen, because we provide it + throw new RuntimeException(e.getMessage()); + } catch (NoSuchProviderException e) { + // this should never happen, because we provide it + throw new RuntimeException(e.getMessage()); + } + + dsaParamGen.init(modlen, random); + + DSAParameterSpec dsaParamSpec; + try { + dsaParamSpec = (DSAParameterSpec) + dsaParamGen.generateParameters().getParameterSpec + (DSAParameterSpec.class); + } catch (InvalidParameterSpecException e) { + // this should never happen + throw new RuntimeException(e.getMessage()); + } + presetP = dsaParamSpec.getP(); + presetQ = dsaParamSpec.getQ(); + presetG = dsaParamSpec.getG(); + } + + return generateKeyPair(presetP, presetQ, presetG, random); } public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g, - SecureRandom random) { + SecureRandom random) { + + BigInteger x = generateX(random, q); + BigInteger y = generateY(x, p, g); - BigInteger x = generateX(random, q); - BigInteger y = generateY(x, p, g); + try { + DSAPublicKey pub = new DSAPublicKey(y, p, q, g); + DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g); - try { - DSAPublicKey pub = new DSAPublicKey(y, p, q, g); - DSAPrivateKey priv = new DSAPrivateKey(x, p, q, g); - - KeyPair pair = new KeyPair(pub, priv); - return pair; + KeyPair pair = new KeyPair(pub, priv); + return pair; - } catch (InvalidKeyException e) { - throw new ProviderException(e.getMessage()); - } + } catch (InvalidKeyException e) { + throw new ProviderException(e.getMessage()); + } } /* Test vectors from the DSA specs. */ private static int[] testXSeed = { 0xbd029bbe, 0x7f51960b, 0xcf9edb2b, - 0x61f06f0f, 0xeb5a38b6 }; - - private int[] x_t = { 0x67452301,0xefcdab89,0x98badcfe, - 0x10325476,0xc3d2e1f0 }; + 0x61f06f0f, 0xeb5a38b6 }; + + private int[] x_t = { 0x67452301, 0xefcdab89, 0x98badcfe, + 0x10325476, 0xc3d2e1f0 }; /** * Generate the private key component of the key pair using the * provided source of random bits. This method uses the random but * source passed to generate a seed and then calls the seed-based - * generateX method. + * generateX method. */ private BigInteger generateX(SecureRandom random, BigInteger q) { - BigInteger x = null; - while (true) { - int[] seed = new int[5]; - for (int i = 0; i < 5; i++) { - seed[i] = random.nextInt(); - } - x = generateX(seed, q); - if (x.signum() > 0 && (x.compareTo(q) < 0)) { - break; - } - } - return x; + BigInteger x = null; + while (true) { + int[] seed = new int[5]; + for (int i = 0; i < 5; i++) { + seed[i] = random.nextInt(); + } + x = generateX(seed, q); + if (x.signum() > 0 && (x.compareTo(q) < 0)) { + break; + } + } + return x; } /** * Given a seed, generate the private key component of the key * pair. In the terminology used in the DSA specification * (FIPS-186) seed is the XSEED quantity. - * - * @param seed the seed to use to generate the private key. + * + * @param seed the seed to use to generate the private key. */ BigInteger generateX(int[] seed, BigInteger q) { - /* Test vector - int[] tseed = { 0xbd029bbe, 0x7f51960b, 0xcf9edb2b, - 0x61f06f0f, 0xeb5a38b6 }; - seed = tseed; - */ - // check out t in the spec. - int[] t = { 0x67452301, 0xEFCDAB89, 0x98BADCFE, - 0x10325476, 0xC3D2E1F0 }; - // - - int[] tmp = DSA.SHA_7(seed, t); - byte[] tmpBytes = new byte[tmp.length * 4]; - for (int i = 0; i < tmp.length; i++) { - int k = tmp[i]; - for (int j = 0; j < 4; j++) { - tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8))); - } - } - BigInteger x = new BigInteger(1, tmpBytes).mod(q); - return x; + /* Test vector + int[] tseed = { 0xbd029bbe, 0x7f51960b, 0xcf9edb2b, + 0x61f06f0f, 0xeb5a38b6 }; + seed = tseed; + */ + // check out t in the spec. + int[] t = { 0x67452301, 0xEFCDAB89, 0x98BADCFE, + 0x10325476, 0xC3D2E1F0 }; + // + + int[] tmp = DSA.SHA_7(seed, t); + byte[] tmpBytes = new byte[tmp.length * 4]; + for (int i = 0; i < tmp.length; i++) { + int k = tmp[i]; + for (int j = 0; j < 4; j++) { + tmpBytes[(i * 4) + j] = (byte) (k >>> (24 - (j * 8))); + } + } + BigInteger x = new BigInteger(1, tmpBytes).mod(q); + return x; } /** * Generate the public key component y of the key pair. - * + * * @param x the private key component. * * @param p the base parameter. */ BigInteger generateY(BigInteger x, BigInteger p, BigInteger g) { - BigInteger y = g.modPow(x, p); - return y; + BigInteger y = g.modPow(x, p); + return y; } - + /** * Set the parameters. */ private void setParams(DSAParams params) { - presetP = params.getP(); - presetQ = params.getQ(); - presetG = params.getG(); + presetP = params.getP(); + presetQ = params.getQ(); + presetG = params.getG(); } /** * Set the parameters. */ private void setParams(DSAParameterSpec params) { - presetP = params.getP(); - presetQ = params.getQ(); - presetG = params.getG(); + presetP = params.getP(); + presetQ = params.getQ(); + presetG = params.getG(); } } diff --git a/pki/base/util/src/netscape/security/provider/DSAParameterGenerator.java b/pki/base/util/src/netscape/security/provider/DSAParameterGenerator.java index cec2b97b..cd7b8de3 100755 --- a/pki/base/util/src/netscape/security/provider/DSAParameterGenerator.java +++ b/pki/base/util/src/netscape/security/provider/DSAParameterGenerator.java @@ -46,7 +46,7 @@ import java.security.spec.InvalidParameterSpecException; */ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { - + // the modulus length private int modLen = 1024; // default @@ -62,83 +62,82 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { private SHA sha; public DSAParameterGenerator() { - this.sha = new SHA(); + this.sha = new SHA(); } /** * Initializes this parameter generator for a certain strength * and source of randomness. - * + * * @param strength the strength (size of prime) in bits * @param random the source of randomness */ protected void engineInit(int strength, SecureRandom random) { - /* - * Bruce Schneier, "Applied Cryptography", 2nd Edition, - * Description of DSA: - * [...] The algorithm uses the following parameter: - * p=a prime number L bits long, when L ranges from 512 to 1024 and is - * a multiple of 64. [...] - */ - if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) { - throw new InvalidParameterException - ("Prime size must range from 512 to 1024 " - + "and be a multiple of 64"); - } - this.modLen = strength; - this.random = random; + /* + * Bruce Schneier, "Applied Cryptography", 2nd Edition, + * Description of DSA: + * [...] The algorithm uses the following parameter: + * p=a prime number L bits long, when L ranges from 512 to 1024 and is + * a multiple of 64. [...] + */ + if ((strength < 512) || (strength > 1024) || (strength % 64 != 0)) { + throw new InvalidParameterException("Prime size must range from 512 to 1024 " + + "and be a multiple of 64"); + } + this.modLen = strength; + this.random = random; } /** * Initializes this parameter generator with a set of * algorithm-specific parameter generation values. - * + * * @param params the set of algorithm-specific parameter generation values * @param random the source of randomness - * + * * @exception InvalidAlgorithmParameterException if the given parameter - * generation values are inappropriate for this parameter generator + * generation values are inappropriate for this parameter generator */ protected void engineInit(AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException { - throw new InvalidAlgorithmParameterException("Invalid parameter"); + SecureRandom random) + throws InvalidAlgorithmParameterException { + throw new InvalidAlgorithmParameterException("Invalid parameter"); } /** * Generates the parameters. - * + * * @return the new AlgorithmParameters object */ protected AlgorithmParameters engineGenerateParameters() { - AlgorithmParameters algParams = null; - try { - if (this.random == null) { - this.random = new SecureRandom(); - } - - BigInteger[] pAndQ = generatePandQ(this.random, this.modLen); - BigInteger paramP = pAndQ[0]; - BigInteger paramQ = pAndQ[1]; - BigInteger paramG = generateG(paramP, paramQ); - - DSAParameterSpec dsaParamSpec = new DSAParameterSpec(paramP, - paramQ, - paramG); - algParams = AlgorithmParameters.getInstance("DSA", "SUN"); - algParams.init(dsaParamSpec); - } catch (InvalidParameterSpecException e) { - // this should never happen - throw new RuntimeException(e.getMessage()); - } catch (NoSuchAlgorithmException e) { - // this should never happen, because we provide it - throw new RuntimeException(e.getMessage()); - } catch (NoSuchProviderException e) { - // this should never happen, because we provide it - throw new RuntimeException(e.getMessage()); - } - - return algParams; + AlgorithmParameters algParams = null; + try { + if (this.random == null) { + this.random = new SecureRandom(); + } + + BigInteger[] pAndQ = generatePandQ(this.random, this.modLen); + BigInteger paramP = pAndQ[0]; + BigInteger paramQ = pAndQ[1]; + BigInteger paramG = generateG(paramP, paramQ); + + DSAParameterSpec dsaParamSpec = new DSAParameterSpec(paramP, + paramQ, + paramG); + algParams = AlgorithmParameters.getInstance("DSA", "SUN"); + algParams.init(dsaParamSpec); + } catch (InvalidParameterSpecException e) { + // this should never happen + throw new RuntimeException(e.getMessage()); + } catch (NoSuchAlgorithmException e) { + // this should never happen, because we provide it + throw new RuntimeException(e.getMessage()); + } catch (NoSuchProviderException e) { + // this should never happen, because we provide it + throw new RuntimeException(e.getMessage()); + } + + return algParams; } /* @@ -155,16 +154,16 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { * <code>q</code> at index 1. */ BigInteger[] generatePandQ(SecureRandom random, int L) { - BigInteger[] result = null; - byte[] seed = new byte[20]; - - while(result == null) { - for (int i = 0; i < 20; i++) { - seed[i] = (byte)random.nextInt(); - } - result = generatePandQ(seed, L); - } - return result; + BigInteger[] result = null; + byte[] seed = new byte[20]; + + while (result == null) { + for (int i = 0; i < 20; i++) { + seed[i] = (byte) random.nextInt(); + } + result = generatePandQ(seed, L); + } + return result; } /* @@ -183,68 +182,68 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { */ BigInteger[] generatePandQ(byte[] seed, int L) { - /* Useful variables */ - int g = seed.length * 8; - int n = (L - 1) / 160; - int b = (L - 1) % 160; + /* Useful variables */ + int g = seed.length * 8; + int n = (L - 1) / 160; + int b = (L - 1) % 160; - BigInteger SEED = new BigInteger(1, seed); - BigInteger TWOG = TWO.pow(2 * g); + BigInteger SEED = new BigInteger(1, seed); + BigInteger TWOG = TWO.pow(2 * g); - /* Step 2 (Step 1 is getting seed). */ - byte[] U1 = SHA(seed); + /* Step 2 (Step 1 is getting seed). */ + byte[] U1 = SHA(seed); byte[] U2 = SHA(toByteArray((SEED.add(ONE)).mod(TWOG))); - xor(U1, U2); - byte[] U = U1; - - /* Step 3: For q by setting the msb and lsb to 1 */ - U[0] |= 0x80; - U[19] |= 1; - BigInteger q = new BigInteger(1, U); - - /* Step 5 */ - if (!q.isProbablePrime(40)) { - return null; - - } else { - BigInteger V[] = new BigInteger[n + 1]; - BigInteger offset = TWO; - - /* Step 6 */ - for (int counter = 0; counter < 4096; counter++) { - - /* Step 7 */ - for (int k = 0; k <= n; k++) { - BigInteger K = BigInteger.valueOf(k); - BigInteger tmp = (SEED.add(offset).add(K)).mod(TWOG); - V[k] = new BigInteger(1, SHA(toByteArray(tmp))); - } - - /* Step 8 */ - BigInteger W = V[0]; - for (int i = 1; i < n; i++) { - W = W.add(V[i].multiply(TWO.pow(i * 160))); - } - W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * 160))); - - BigInteger TWOLm1 = TWO.pow(L - 1); - BigInteger X = W.add(TWOLm1); - - /* Step 9 */ - BigInteger c = X.mod(q.multiply(TWO)); - BigInteger p = X.subtract(c.subtract(ONE)); - - /* Step 10 - 13 */ - if (p.compareTo(TWOLm1) > -1 && p.isProbablePrime(15)) { - BigInteger[] result = {p, q, SEED, - BigInteger.valueOf(counter)}; - return result; - } - offset = offset.add(BigInteger.valueOf(n)).add(ONE); - } - return null; - } + xor(U1, U2); + byte[] U = U1; + + /* Step 3: For q by setting the msb and lsb to 1 */ + U[0] |= 0x80; + U[19] |= 1; + BigInteger q = new BigInteger(1, U); + + /* Step 5 */ + if (!q.isProbablePrime(40)) { + return null; + + } else { + BigInteger V[] = new BigInteger[n + 1]; + BigInteger offset = TWO; + + /* Step 6 */ + for (int counter = 0; counter < 4096; counter++) { + + /* Step 7 */ + for (int k = 0; k <= n; k++) { + BigInteger K = BigInteger.valueOf(k); + BigInteger tmp = (SEED.add(offset).add(K)).mod(TWOG); + V[k] = new BigInteger(1, SHA(toByteArray(tmp))); + } + + /* Step 8 */ + BigInteger W = V[0]; + for (int i = 1; i < n; i++) { + W = W.add(V[i].multiply(TWO.pow(i * 160))); + } + W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * 160))); + + BigInteger TWOLm1 = TWO.pow(L - 1); + BigInteger X = W.add(TWOLm1); + + /* Step 9 */ + BigInteger c = X.mod(q.multiply(TWO)); + BigInteger p = X.subtract(c.subtract(ONE)); + + /* Step 10 - 13 */ + if (p.compareTo(TWOLm1) > -1 && p.isProbablePrime(15)) { + BigInteger[] result = { p, q, SEED, + BigInteger.valueOf(counter) }; + return result; + } + offset = offset.add(BigInteger.valueOf(n)).add(ONE); + } + return null; + } } /* @@ -256,23 +255,23 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { * @param the <code>g</code> */ BigInteger generateG(BigInteger p, BigInteger q) { - BigInteger h = ONE; - BigInteger pMinusOneOverQ = (p.subtract(ONE)).divide(q); - BigInteger g = ONE; - while (g.compareTo(TWO) < 0) { - g = h.modPow(pMinusOneOverQ, p); - h = h.add(ONE); - } - return g; + BigInteger h = ONE; + BigInteger pMinusOneOverQ = (p.subtract(ONE)).divide(q); + BigInteger g = ONE; + while (g.compareTo(TWO) < 0) { + g = h.modPow(pMinusOneOverQ, p); + h = h.add(ONE); + } + return g; } /* * Returns the SHA-1 digest of some data */ private byte[] SHA(byte[] array) { - sha.engineReset(); - sha.engineUpdate(array, 0, array.length); - return sha.engineDigest(); + sha.engineReset(); + sha.engineUpdate(array, 0, array.length); + return sha.engineDigest(); } /* @@ -280,21 +279,21 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { * signed magnitude representation for any positive number. */ private byte[] toByteArray(BigInteger bigInt) { - byte[] result = bigInt.toByteArray(); - if (result[0] == 0) { - byte[] tmp = new byte[result.length - 1]; - System.arraycopy(result, 1, tmp, 0, tmp.length); - result = tmp; - } - return result; + byte[] result = bigInt.toByteArray(); + if (result[0] == 0) { + byte[] tmp = new byte[result.length - 1]; + System.arraycopy(result, 1, tmp, 0, tmp.length); + result = tmp; + } + return result; } /* * XORs U2 into U1 */ private void xor(byte[] U1, byte[] U2) { - for (int i = 0; i < U1.length; i++) { - U1[i] ^= U2[i]; - } + for (int i = 0; i < U1.length; i++) { + U1[i] ^= U2[i]; + } } } diff --git a/pki/base/util/src/netscape/security/provider/DSAParameters.java b/pki/base/util/src/netscape/security/provider/DSAParameters.java index 70b7fa08..cc3012f7 100755 --- a/pki/base/util/src/netscape/security/provider/DSAParameters.java +++ b/pki/base/util/src/netscape/security/provider/DSAParameters.java @@ -32,11 +32,11 @@ import netscape.security.util.DerValue; * This class implements the parameter set used by the * Digital Signature Algorithm as specified in the FIPS 186 * standard. - * + * * @author Jan Luehe - * + * * @version 1.8, 97/12/10 - * + * * @since JDK1.2 */ @@ -51,82 +51,79 @@ public class DSAParameters extends AlgorithmParametersSpi { // the base (g) protected BigInteger g; - protected void engineInit(AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException { - if (!(paramSpec instanceof DSAParameterSpec)) { - throw new InvalidParameterSpecException - ("Inappropriate parameter specification"); - } - this.p = ((DSAParameterSpec)paramSpec).getP(); - this.q = ((DSAParameterSpec)paramSpec).getQ(); - this.g = ((DSAParameterSpec)paramSpec).getG(); + protected void engineInit(AlgorithmParameterSpec paramSpec) + throws InvalidParameterSpecException { + if (!(paramSpec instanceof DSAParameterSpec)) { + throw new InvalidParameterSpecException("Inappropriate parameter specification"); + } + this.p = ((DSAParameterSpec) paramSpec).getP(); + this.q = ((DSAParameterSpec) paramSpec).getQ(); + this.g = ((DSAParameterSpec) paramSpec).getG(); } protected void engineInit(byte[] params) throws IOException { - DerValue encodedParams = new DerValue(params); + DerValue encodedParams = new DerValue(params); - if (encodedParams.tag != DerValue.tag_Sequence) { - throw new IOException("DSA params parsing error"); - } + if (encodedParams.tag != DerValue.tag_Sequence) { + throw new IOException("DSA params parsing error"); + } - encodedParams.data.reset(); + encodedParams.data.reset(); - this.p = encodedParams.data.getInteger().toBigInteger(); - this.q = encodedParams.data.getInteger().toBigInteger(); - this.g = encodedParams.data.getInteger().toBigInteger(); + this.p = encodedParams.data.getInteger().toBigInteger(); + this.q = encodedParams.data.getInteger().toBigInteger(); + this.g = encodedParams.data.getInteger().toBigInteger(); - if (encodedParams.data.available() != 0) { - throw new IOException("encoded params have " + - encodedParams.data.available() + - " extra bytes"); - } + if (encodedParams.data.available() != 0) { + throw new IOException("encoded params have " + + encodedParams.data.available() + + " extra bytes"); + } } protected void engineInit(byte[] params, String decodingMethod) - throws IOException { - engineInit(params); + throws IOException { + engineInit(params); } protected AlgorithmParameterSpec engineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException { - try { - Class dsaParamSpec = Class.forName - ("java.security.spec.DSAParameterSpec"); - if (dsaParamSpec.isAssignableFrom(paramSpec)) { - return new DSAParameterSpec(this.p, this.q, this.g); - } else { - throw new InvalidParameterSpecException - ("Inappropriate parameter Specification"); - } - } catch (ClassNotFoundException e) { - throw new InvalidParameterSpecException - ("Unsupported parameter specification: " + e.getMessage()); - } + throws InvalidParameterSpecException { + try { + Class dsaParamSpec = Class.forName + ("java.security.spec.DSAParameterSpec"); + if (dsaParamSpec.isAssignableFrom(paramSpec)) { + return new DSAParameterSpec(this.p, this.q, this.g); + } else { + throw new InvalidParameterSpecException("Inappropriate parameter Specification"); + } + } catch (ClassNotFoundException e) { + throw new InvalidParameterSpecException("Unsupported parameter specification: " + e.getMessage()); + } } protected byte[] engineGetEncoded() throws IOException { - DerOutputStream out = new DerOutputStream(); - DerOutputStream bytes = new DerOutputStream(); - - bytes.putInteger(new BigInt(p.toByteArray())); - bytes.putInteger(new BigInt(q.toByteArray())); - bytes.putInteger(new BigInt(g.toByteArray())); - out.write(DerValue.tag_Sequence, bytes); - return out.toByteArray(); + DerOutputStream out = new DerOutputStream(); + DerOutputStream bytes = new DerOutputStream(); + + bytes.putInteger(new BigInt(p.toByteArray())); + bytes.putInteger(new BigInt(q.toByteArray())); + bytes.putInteger(new BigInt(g.toByteArray())); + out.write(DerValue.tag_Sequence, bytes); + return out.toByteArray(); } protected byte[] engineGetEncoded(String encodingMethod) - throws IOException { - return engineGetEncoded(); + throws IOException { + return engineGetEncoded(); } /* * Returns a formatted string describing the parameters. */ protected String engineToString() { - return "\n\tp: " + new BigInt(p).toString() - + "\n\tq: " + new BigInt(q).toString() - + "\n\tg: " + new BigInt(g).toString() - + "\n"; + return "\n\tp: " + new BigInt(p).toString() + + "\n\tq: " + new BigInt(q).toString() + + "\n\tg: " + new BigInt(g).toString() + + "\n"; } } diff --git a/pki/base/util/src/netscape/security/provider/DSAPrivateKey.java b/pki/base/util/src/netscape/security/provider/DSAPrivateKey.java index f480ea08..0cfc5e5e 100644 --- a/pki/base/util/src/netscape/security/provider/DSAPrivateKey.java +++ b/pki/base/util/src/netscape/security/provider/DSAPrivateKey.java @@ -33,18 +33,18 @@ import netscape.security.x509.AlgIdDSA; /** * A PKCS#8 private key for the Digital Signature Algorithm. - * + * * @author Benjamin Renaud - * + * * @version 1.47, 97/12/10 - * + * * @see DSAPublicKey * @see AlgIdDSA * @see DSA */ -public final class DSAPrivateKey extends PKCS8Key -implements java.security.interfaces.DSAPrivateKey, Serializable { +public final class DSAPrivateKey extends PKCS8Key + implements java.security.interfaces.DSAPrivateKey, Serializable { /** use serialVersionUID from JDK 1.1. for interoperability */ private static final long serialVersionUID = -3244453684193605938L; @@ -61,28 +61,28 @@ implements java.security.interfaces.DSAPrivateKey, Serializable { /** * Make a DSA private key out of a private key and three parameters. */ - public DSAPrivateKey(BigInteger x, BigInteger p, - BigInteger q, BigInteger g) - throws InvalidKeyException { - this.x = x; - algid = new AlgIdDSA(p, q, g); - - try { - key = new DerValue(DerValue.tag_Integer, - x.toByteArray()).toByteArray(); - encode(); - } catch (IOException e) { - throw new InvalidKeyException("could not DER encode x: " + - e.getMessage()); - } + public DSAPrivateKey(BigInteger x, BigInteger p, + BigInteger q, BigInteger g) + throws InvalidKeyException { + this.x = x; + algid = new AlgIdDSA(p, q, g); + + try { + key = new DerValue(DerValue.tag_Integer, + x.toByteArray()).toByteArray(); + encode(); + } catch (IOException e) { + throw new InvalidKeyException("could not DER encode x: " + + e.getMessage()); + } } /** * Make a DSA private key from its DER encoding (PKCS #8). */ public DSAPrivateKey(byte[] encoded) throws InvalidKeyException { - clearOldKey(); - decode(encoded); + clearOldKey(); + decode(encoded); } /** @@ -90,58 +90,58 @@ implements java.security.interfaces.DSAPrivateKey, Serializable { * parameters could not be parsed. */ public DSAParams getParams() { - try { - if (algid instanceof DSAParams) { - return (DSAParams)algid; - } else { - DSAParameterSpec paramSpec; - AlgorithmParameters algParams = algid.getParameters(); - if (algParams == null) { - return null; - } - paramSpec = (DSAParameterSpec)algParams.getParameterSpec - (DSAParameterSpec.class); - return (DSAParams)paramSpec; - } - } catch (InvalidParameterSpecException e) { - return null; - } + try { + if (algid instanceof DSAParams) { + return (DSAParams) algid; + } else { + DSAParameterSpec paramSpec; + AlgorithmParameters algParams = algid.getParameters(); + if (algParams == null) { + return null; + } + paramSpec = (DSAParameterSpec) algParams.getParameterSpec + (DSAParameterSpec.class); + return (DSAParams) paramSpec; + } + } catch (InvalidParameterSpecException e) { + return null; + } } /** * Get the raw private key, x, without the parameters. - * + * */ public BigInteger getX() { - return x; + return x; } private void clearOldKey() { - int i; - if (this.encodedKey != null) { - for (i = 0; i < this.encodedKey.length; i++) { - this.encodedKey[i] = (byte)0x00; - } - } - if (this.key != null) { - for (i = 0; i < this.key.length; i++) { - this.key[i] = (byte)0x00; - } - } + int i; + if (this.encodedKey != null) { + for (i = 0; i < this.encodedKey.length; i++) { + this.encodedKey[i] = (byte) 0x00; + } + } + if (this.key != null) { + for (i = 0; i < this.key.length; i++) { + this.key[i] = (byte) 0x00; + } + } } public String toString() { - return "Sun DSA Private Key \nparameters:" + algid + "\nx: " + - x.toString(16) + "\n"; + return "Sun DSA Private Key \nparameters:" + algid + "\nx: " + + x.toString(16) + "\n"; } protected void parseKeyBits() throws InvalidKeyException { - DerInputStream in = new DerInputStream(key); + DerInputStream in = new DerInputStream(key); - try { - x = in.getInteger().toBigInteger(); - } catch (IOException e) { - throw new InvalidKeyException(e.getMessage()); - } + try { + x = in.getInteger().toBigInteger(); + } catch (IOException e) { + throw new InvalidKeyException(e.getMessage()); + } } } diff --git a/pki/base/util/src/netscape/security/provider/DSAPublicKey.java b/pki/base/util/src/netscape/security/provider/DSAPublicKey.java index c3a6896c..89262809 100644 --- a/pki/base/util/src/netscape/security/provider/DSAPublicKey.java +++ b/pki/base/util/src/netscape/security/provider/DSAPublicKey.java @@ -34,18 +34,18 @@ import netscape.security.x509.X509Key; /** * An X.509 public key for the Digital Signature Algorithm. - * - * @author Benjamin Renaud - * + * + * @author Benjamin Renaud + * * @version 1.52, 97/12/10 - * + * * @see DSAPrivateKey * @see AlgIdDSA * @see DSA */ -public final class DSAPublicKey extends X509Key -implements java.security.interfaces.DSAPublicKey, Serializable { +public final class DSAPublicKey extends X509Key + implements java.security.interfaces.DSAPublicKey, Serializable { /** use serialVersionUID from JDK 1.1. for interoperability */ private static final long serialVersionUID = -2994193307391104133L; @@ -63,26 +63,26 @@ implements java.security.interfaces.DSAPublicKey, Serializable { * Make a DSA public key out of a public key and three parameters. */ public DSAPublicKey(BigInteger y, BigInteger p, BigInteger q, - BigInteger g) - throws InvalidKeyException { - this.y = y; - algid = new AlgIdDSA(p, q, g); + BigInteger g) + throws InvalidKeyException { + this.y = y; + algid = new AlgIdDSA(p, q, g); - try { - key = new DerValue(DerValue.tag_Integer, - y.toByteArray()).toByteArray(); - encode(); - } catch (IOException e) { - throw new InvalidKeyException("could not DER encode y: " + - e.getMessage()); - } + try { + key = new DerValue(DerValue.tag_Integer, + y.toByteArray()).toByteArray(); + encode(); + } catch (IOException e) { + throw new InvalidKeyException("could not DER encode y: " + + e.getMessage()); + } } /** * Make a DSA public key from its DER encoding (X.509). */ public DSAPublicKey(byte[] encoded) throws InvalidKeyException { - decode(encoded); + decode(encoded); } /** @@ -90,44 +90,44 @@ implements java.security.interfaces.DSAPublicKey, Serializable { * parameters could not be parsed. */ public DSAParams getParams() { - try { - if (algid instanceof DSAParams) { - return (DSAParams)algid; - } else { - DSAParameterSpec paramSpec; - AlgorithmParameters algParams = algid.getParameters(); - if (algParams == null) { - return null; - } - paramSpec = (DSAParameterSpec)algParams.getParameterSpec - (DSAParameterSpec.class); - return (DSAParams)paramSpec; - } - } catch (InvalidParameterSpecException e) { - return null; - } + try { + if (algid instanceof DSAParams) { + return (DSAParams) algid; + } else { + DSAParameterSpec paramSpec; + AlgorithmParameters algParams = algid.getParameters(); + if (algParams == null) { + return null; + } + paramSpec = (DSAParameterSpec) algParams.getParameterSpec + (DSAParameterSpec.class); + return (DSAParams) paramSpec; + } + } catch (InvalidParameterSpecException e) { + return null; + } } - + /** * Get the raw public value, y, without the parameters. - * + * */ public BigInteger getY() { - return y; + return y; } public String toString() { return "Sun DSA Public Key\n Parameters:" + algid - + "\n y:\n" + (new BigInt(y)).toString() + "\n"; + + "\n y:\n" + (new BigInt(y)).toString() + "\n"; } protected void parseKeyBits() throws InvalidKeyException { - try { - DerInputStream in = new DerInputStream(key); - y = in.getInteger().toBigInteger(); - } catch (IOException e) { - throw new InvalidKeyException("Invalid key: y value\n" + - e.getMessage()); - } + try { + DerInputStream in = new DerInputStream(key); + y = in.getInteger().toBigInteger(); + } catch (IOException e) { + throw new InvalidKeyException("Invalid key: y value\n" + + e.getMessage()); + } } } diff --git a/pki/base/util/src/netscape/security/provider/MD5.java b/pki/base/util/src/netscape/security/provider/MD5.java index a6adaac2..d7aeacae 100644 --- a/pki/base/util/src/netscape/security/provider/MD5.java +++ b/pki/base/util/src/netscape/security/provider/MD5.java @@ -24,10 +24,10 @@ import java.security.MessageDigestSpi; * The MD5 class is used to compute an MD5 message digest over a given * buffer of bytes. It is an implementation of the RSA Data Security Inc * MD5 algorithim as described in internet RFC 1321. - * - * @version 1.24 97/12/10 - * @author Chuck McManis - * @author Benjamin Renaud + * + * @version 1.24 97/12/10 + * @author Chuck McManis + * @author Benjamin Renaud */ public final class MD5 extends MessageDigestSpi implements Cloneable { @@ -38,7 +38,7 @@ public final class MD5 extends MessageDigestSpi implements Cloneable { private String algorithm; private int state[]; - private long count; // bit count AND buffer[] index aid + private long count; // bit count AND buffer[] index aid private byte buffer[]; private int transformBuffer[]; @@ -66,11 +66,9 @@ public final class MD5 extends MessageDigestSpi implements Cloneable { * buffers from the heap. */ public MD5() { - init(); + init(); } - - /* ********************************************************** * The MD5 Functions. These are copied verbatim from * the RFC to insure accuracy. The results of this @@ -79,151 +77,151 @@ public final class MD5 extends MessageDigestSpi implements Cloneable { */ private int F(int x, int y, int z) { - return ((x & y) | ((~x) & z)); + return ((x & y) | ((~x) & z)); } private int G(int x, int y, int z) { - return ((x & z) | (y & (~z))); + return ((x & z) | (y & (~z))); } private int H(int x, int y, int z) { - return ((x ^ y) ^ z); + return ((x ^ y) ^ z); } private int I(int x, int y, int z) { - return (y ^ (x | (~z))); + return (y ^ (x | (~z))); } private int rotateLeft(int a, int n) { - return ((a << n) | (a >>> (32 - n))); + return ((a << n) | (a >>> (32 - n))); } private int FF(int a, int b, int c, int d, int x, int s, int ac) { - a += F(b, c, d) + x + ac; - a = rotateLeft(a, s); - a += b; - return a; + a += F(b, c, d) + x + ac; + a = rotateLeft(a, s); + a += b; + return a; } private int GG(int a, int b, int c, int d, int x, int s, int ac) { - a += G(b, c, d) + x + ac; - a = rotateLeft(a, s); - a += b; - return a; + a += G(b, c, d) + x + ac; + a = rotateLeft(a, s); + a += b; + return a; } private int HH(int a, int b, int c, int d, int x, int s, int ac) { - a += H(b, c, d) + x + ac; - a = rotateLeft(a, s); - a += b; - return a; + a += H(b, c, d) + x + ac; + a = rotateLeft(a, s); + a += b; + return a; } private int II(int a, int b, int c, int d, int x, int s, int ac) { - a += I(b, c, d) + x + ac; - a = rotateLeft(a, s); - a += b; - return a; + a += I(b, c, d) + x + ac; + a = rotateLeft(a, s); + a += b; + return a; } /** * This is where the functions come together as the generic MD5 * transformation operation, it is called by update() which is - * synchronized (to protect transformBuffer). It consumes sixteen + * synchronized (to protect transformBuffer). It consumes sixteen * bytes from the buffer, beginning at the specified offset. */ void transform(byte buf[], int offset) { - int a, b, c, d; - int x[] = transformBuffer; - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - - for (int i = 0; i < 16; i++) { - x[i] = (int)buf[i*4+offset] & 0xff; - for (int j = 1; j < 4; j++) { - x[i] += ((int)buf[i*4+j+offset] & 0xff) << (j * 8); - } - } - - /* Round 1 */ - a = FF ( a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ - d = FF ( d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ - c = FF ( c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ - b = FF ( b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ - a = FF ( a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ - d = FF ( d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ - c = FF ( c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ - b = FF ( b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ - a = FF ( a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ - d = FF ( d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ - c = FF ( c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ - b = FF ( b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ - a = FF ( a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ - d = FF ( d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ - c = FF ( c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ - b = FF ( b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ - - /* Round 2 */ - a = GG ( a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ - d = GG ( d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ - c = GG ( c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ - b = GG ( b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ - a = GG ( a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ - d = GG ( d, a, b, c, x[10], S22, 0x2441453); /* 22 */ - c = GG ( c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ - b = GG ( b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ - a = GG ( a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ - d = GG ( d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ - c = GG ( c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ - b = GG ( b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ - a = GG ( a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ - d = GG ( d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ - c = GG ( c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ - b = GG ( b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ - - /* Round 3 */ - a = HH ( a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ - d = HH ( d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ - c = HH ( c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ - b = HH ( b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ - a = HH ( a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ - d = HH ( d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ - c = HH ( c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ - b = HH ( b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ - a = HH ( a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ - d = HH ( d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ - c = HH ( c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ - b = HH ( b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ - a = HH ( a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ - d = HH ( d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ - c = HH ( c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ - b = HH ( b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ - - /* Round 4 */ - a = II ( a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ - d = II ( d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ - c = II ( c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ - b = II ( b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ - a = II ( a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ - d = II ( d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ - c = II ( c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ - b = II ( b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ - a = II ( a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ - d = II ( d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ - c = II ( c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ - b = II ( b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ - a = II ( a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ - d = II ( d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ - c = II ( c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ - b = II ( b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ - - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; + int a, b, c, d; + int x[] = transformBuffer; + + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + + for (int i = 0; i < 16; i++) { + x[i] = (int) buf[i * 4 + offset] & 0xff; + for (int j = 1; j < 4; j++) { + x[i] += ((int) buf[i * 4 + j + offset] & 0xff) << (j * 8); + } + } + + /* Round 1 */ + a = FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */ + d = FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */ + c = FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */ + b = FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */ + a = FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */ + d = FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */ + c = FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */ + b = FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */ + a = FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */ + d = FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */ + c = FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ + b = FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ + a = FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ + d = FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ + c = FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ + b = FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ + + /* Round 2 */ + a = GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */ + d = GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */ + c = GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ + b = GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */ + a = GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */ + d = GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ + c = GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ + b = GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */ + a = GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */ + d = GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ + c = GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */ + b = GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */ + a = GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ + d = GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */ + c = GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */ + b = GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ + + /* Round 3 */ + a = HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */ + d = HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */ + c = HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ + b = HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ + a = HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */ + d = HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */ + c = HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */ + b = HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ + a = HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ + d = HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */ + c = HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */ + b = HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */ + a = HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */ + d = HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ + c = HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ + b = HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */ + + /* Round 4 */ + a = II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */ + d = II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */ + c = II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ + b = II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */ + a = II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ + d = II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */ + c = II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ + b = II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */ + a = II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */ + d = II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ + c = II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */ + b = II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ + a = II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */ + d = II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ + c = II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */ + b = II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */ + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; } /** @@ -232,43 +230,43 @@ public final class MD5 extends MessageDigestSpi implements Cloneable { * 2^64 bits. */ public void init() { - state = new int[4]; - transformBuffer = new int[16]; - buffer = new byte[64]; - digestBits = new byte[16]; - count = 0; - // Load magic initialization constants. - state[0] = 0x67452301; - state[1] = 0xefcdab89; - state[2] = 0x98badcfe; - state[3] = 0x10325476; - for (int i = 0; i < digestBits.length; i++) - digestBits[i] = 0; + state = new int[4]; + transformBuffer = new int[16]; + buffer = new byte[64]; + digestBits = new byte[16]; + count = 0; + // Load magic initialization constants. + state[0] = 0x67452301; + state[1] = 0xefcdab89; + state[2] = 0x98badcfe; + state[3] = 0x10325476; + for (int i = 0; i < digestBits.length; i++) + digestBits[i] = 0; } protected void engineReset() { - init(); + init(); } /** * Return the digest length in bytes */ protected int engineGetDigestLength() { - return (MD5_LENGTH); + return (MD5_LENGTH); } /** * Update adds the passed byte to the digested data. */ protected synchronized void engineUpdate(byte b) { - int index; - - index = (int) ((count >>> 3) & 0x3f); - count += 8; - buffer[index] = b; - if (index >= 63) { - transform(buffer, 0); - } + int index; + + index = (int) ((count >>> 3) & 0x3f); + count += 8; + buffer[index] = b; + if (index >= 63) { + transform(buffer, 0); + } } /** @@ -277,26 +275,26 @@ public final class MD5 extends MessageDigestSpi implements Cloneable { * it avoids data copies and reduces per-byte call overhead. */ protected synchronized void engineUpdate(byte input[], int offset, - int len) { - int i; - - for (i = offset; len > 0; ) { - int index = (int) ((count >>> 3) & 0x3f); - - if (index == 0 && len > 64) { - count += (64 * 8); - transform (input, i); - len -= 64; - i += 64; - } else { - count += 8; - buffer[index] = input [i]; - if (index >= 63) - transform (buffer, 0); - i++; - len--; - } - } + int len) { + int i; + + for (i = offset; len > 0;) { + int index = (int) ((count >>> 3) & 0x3f); + + if (index == 0 && len > 64) { + count += (64 * 8); + transform(input, i); + len -= 64; + i += 64; + } else { + count += 8; + buffer[index] = input[i]; + if (index >= 63) + transform(buffer, 0); + i++; + len--; + } + } } /** @@ -306,77 +304,75 @@ public final class MD5 extends MessageDigestSpi implements Cloneable { * init() again to do another digest. */ private void finish() { - byte bits[] = new byte[8]; - byte padding[]; - int i, index, padLen; - - for (i = 0; i < 8; i++) { - bits[i] = (byte)((count >>> (i * 8)) & 0xff); - } - - index = (int)(count >> 3) & 0x3f; - padLen = (index < 56) ? (56 - index) : (120 - index); - padding = new byte[padLen]; - padding[0] = (byte) 0x80; - engineUpdate(padding, 0, padding.length); - engineUpdate(bits, 0, bits.length); - - for (i = 0; i < 4; i++) { - for (int j = 0; j < 4; j++) { - digestBits[i*4+j] = (byte)((state[i] >>> (j * 8)) & 0xff); - } - } + byte bits[] = new byte[8]; + byte padding[]; + int i, index, padLen; + + for (i = 0; i < 8; i++) { + bits[i] = (byte) ((count >>> (i * 8)) & 0xff); + } + + index = (int) (count >> 3) & 0x3f; + padLen = (index < 56) ? (56 - index) : (120 - index); + padding = new byte[padLen]; + padding[0] = (byte) 0x80; + engineUpdate(padding, 0, padding.length); + engineUpdate(bits, 0, bits.length); + + for (i = 0; i < 4; i++) { + for (int j = 0; j < 4; j++) { + digestBits[i * 4 + j] = (byte) ((state[i] >>> (j * 8)) & 0xff); + } + } } /** */ protected byte[] engineDigest() { - finish(); - - byte[] result = new byte[MD5_LENGTH]; - System.arraycopy(digestBits, 0, result, 0, MD5_LENGTH); + finish(); + + byte[] result = new byte[MD5_LENGTH]; + System.arraycopy(digestBits, 0, result, 0, MD5_LENGTH); - init(); + init(); - return result; + return result; } /** */ protected int engineDigest(byte[] buf, int offset, int len) - throws DigestException { - finish(); - - if (len < MD5_LENGTH) - throw new DigestException("partial digests not returned"); - if (buf.length - offset < MD5_LENGTH) - throw new DigestException("insufficient space in the output " + - "buffer to store the digest"); - - System.arraycopy(digestBits, 0, buf, offset, MD5_LENGTH); - - init(); - - return MD5_LENGTH; + throws DigestException { + finish(); + + if (len < MD5_LENGTH) + throw new DigestException("partial digests not returned"); + if (buf.length - offset < MD5_LENGTH) + throw new DigestException("insufficient space in the output " + + "buffer to store the digest"); + + System.arraycopy(digestBits, 0, buf, offset, MD5_LENGTH); + + init(); + + return MD5_LENGTH; } /* * Clones this object. */ public Object clone() { - MD5 that = null; - try { - that = (MD5)super.clone(); - that.state = (int[])this.state.clone(); - that.transformBuffer = (int[])this.transformBuffer.clone(); - that.buffer = (byte[])this.buffer.clone(); - that.digestBits = (byte[])this.digestBits.clone(); - that.count = this.count; - return that; - } catch (CloneNotSupportedException e) { - } - return that; + MD5 that = null; + try { + that = (MD5) super.clone(); + that.state = (int[]) this.state.clone(); + that.transformBuffer = (int[]) this.transformBuffer.clone(); + that.buffer = (byte[]) this.buffer.clone(); + that.digestBits = (byte[]) this.digestBits.clone(); + that.count = this.count; + return that; + } catch (CloneNotSupportedException e) { + } + return that; } } - - diff --git a/pki/base/util/src/netscape/security/provider/RSAPublicKey.java b/pki/base/util/src/netscape/security/provider/RSAPublicKey.java index 4f5ec46b..4c65b4fa 100644 --- a/pki/base/util/src/netscape/security/provider/RSAPublicKey.java +++ b/pki/base/util/src/netscape/security/provider/RSAPublicKey.java @@ -31,122 +31,122 @@ import netscape.security.x509.X509Key; /** * An X.509 public key for the RSA Algorithm. - * + * * @author galperin - * + * * @version $Revision$, $Date$ - * + * */ public final class RSAPublicKey extends X509Key implements Serializable { - /* XXX This currently understands only PKCS#1 RSA Encryption OID - and parameter format - Later we may consider adding X509v3 OID for RSA keys. Besides - different OID it also has a parameter equal to modulus size - in bits (redundant!) - */ + /* XXX This currently understands only PKCS#1 RSA Encryption OID + and parameter format + Later we may consider adding X509v3 OID for RSA keys. Besides + different OID it also has a parameter equal to modulus size + in bits (redundant!) + */ - /** + /** * */ private static final long serialVersionUID = 7764823589128565374L; -private static final ObjectIdentifier ALGORITHM_OID = - AlgorithmId.RSAEncryption_oid; - - private BigInt modulus; - private BigInt publicExponent; - + private static final ObjectIdentifier ALGORITHM_OID = + AlgorithmId.RSAEncryption_oid; + + private BigInt modulus; + private BigInt publicExponent; + /* * Keep this constructor for backwards compatibility with JDK1.1. */ - public RSAPublicKey() { - } + public RSAPublicKey() { + } /** * Make a RSA public key out of a public exponent and modulus */ - public RSAPublicKey(BigInt modulus, BigInt publicExponent) - throws InvalidKeyException { - this.modulus = modulus; - this.publicExponent = publicExponent; - this.algid = new AlgorithmId(ALGORITHM_OID); - - try { - DerOutputStream out = new DerOutputStream (); - - out.putInteger (modulus); - out.putInteger (publicExponent); - key = (new DerValue(DerValue.tag_Sequence, - out.toByteArray())).toByteArray(); - encode(); - } catch (IOException ex) { - throw new InvalidKeyException("could not DER encode : " + - ex.getMessage()); - } - } - + public RSAPublicKey(BigInt modulus, BigInt publicExponent) + throws InvalidKeyException { + this.modulus = modulus; + this.publicExponent = publicExponent; + this.algid = new AlgorithmId(ALGORITHM_OID); + + try { + DerOutputStream out = new DerOutputStream(); + + out.putInteger(modulus); + out.putInteger(publicExponent); + key = (new DerValue(DerValue.tag_Sequence, + out.toByteArray())).toByteArray(); + encode(); + } catch (IOException ex) { + throw new InvalidKeyException("could not DER encode : " + + ex.getMessage()); + } + } + /** * Make a RSA public key from its DER encoding (X.509). */ - public RSAPublicKey(byte[] encoded) throws InvalidKeyException { - decode(encoded); - } - + public RSAPublicKey(byte[] encoded) throws InvalidKeyException { + decode(encoded); + } + /** * Get key size as number of bits in modulus - * (Always rounded up to a multiple of 8) - * + * (Always rounded up to a multiple of 8) + * */ - public int getKeySize() { - return this.modulus.byteLength() * 8; - } - + public int getKeySize() { + return this.modulus.byteLength() * 8; + } + /** * Get the raw public exponent - * + * */ - public BigInt getPublicExponent() { - return this.publicExponent; - } - + public BigInt getPublicExponent() { + return this.publicExponent; + } + /** * Get the raw modulus - * + * */ - public BigInt getModulus() { - return this.modulus; - } - - public String toString() { - return "RSA Public Key\n Algorithm: " + algid - + "\n modulus:\n" + this.modulus.toString() + "\n" - + "\n publicExponent:\n" + this.publicExponent.toString() - + "\n"; - } - - protected void parseKeyBits() throws InvalidKeyException { - if (!this.algid.getOID().equals(ALGORITHM_OID) && - !this.algid.getOID().equals(AlgorithmId.RSA_oid)) { - throw new InvalidKeyException("Key algorithm OID is not RSA"); - } - - try { - DerValue val = new DerValue (key); - if (val.tag != DerValue.tag_Sequence) { - throw new InvalidKeyException("Invalid RSA public key format:" + - " must be a SEQUENCE"); - } - - DerInputStream in = val.data; - - this.modulus = in.getInteger(); - this.publicExponent = in.getInteger(); - } catch (IOException e) { - throw new InvalidKeyException("Invalid RSA public key: " + - e.getMessage()); - } - } - + public BigInt getModulus() { + return this.modulus; + } + + public String toString() { + return "RSA Public Key\n Algorithm: " + algid + + "\n modulus:\n" + this.modulus.toString() + "\n" + + "\n publicExponent:\n" + this.publicExponent.toString() + + "\n"; + } + + protected void parseKeyBits() throws InvalidKeyException { + if (!this.algid.getOID().equals(ALGORITHM_OID) && + !this.algid.getOID().equals(AlgorithmId.RSA_oid)) { + throw new InvalidKeyException("Key algorithm OID is not RSA"); + } + + try { + DerValue val = new DerValue(key); + if (val.tag != DerValue.tag_Sequence) { + throw new InvalidKeyException("Invalid RSA public key format:" + + " must be a SEQUENCE"); + } + + DerInputStream in = val.data; + + this.modulus = in.getInteger(); + this.publicExponent = in.getInteger(); + } catch (IOException e) { + throw new InvalidKeyException("Invalid RSA public key: " + + e.getMessage()); + } + } + } diff --git a/pki/base/util/src/netscape/security/provider/SHA.java b/pki/base/util/src/netscape/security/provider/SHA.java index 6e4bf51e..560770f8 100644 --- a/pki/base/util/src/netscape/security/provider/SHA.java +++ b/pki/base/util/src/netscape/security/provider/SHA.java @@ -23,16 +23,15 @@ import java.security.MessageDigestSpi; /** * This class implements the Secure Hash Algorithm (SHA) developed by * the National Institute of Standards and Technology along with the - * National Security Agency. This is the updated version of SHA + * National Security Agency. This is the updated version of SHA * fip-180 as superseded by fip-180-1. - * - * <p>It implement JavaSecurity MessageDigest, and can be used by in - * the Java Security framework, as a pluggable implementation, as a - * filter for the digest stream classes. * - * @version 1.30 97/12/10 - * @author Roger Riggs - * @author Benjamin Renaud + * <p> + * It implement JavaSecurity MessageDigest, and can be used by in the Java Security framework, as a pluggable implementation, as a filter for the digest stream classes. + * + * @version 1.30 97/12/10 + * @author Roger Riggs + * @author Benjamin Renaud */ public class SHA extends MessageDigestSpi implements Cloneable { @@ -52,199 +51,201 @@ public class SHA extends MessageDigestSpi implements Cloneable { private int W[] = new int[80]; private long count = 0; private final int countmax = 64; - private final int countmask = (countmax-1); + private final int countmask = (countmax - 1); private int AA, BB, CC, DD, EE; SHA(int version) { - this(); - this.version = version; + this(); + this.version = version; } /** * Creates a new SHA object. */ public SHA() { - init(); + init(); } /** * Return the length of the digest in bytes */ protected int engineGetDigestLength() { - return (SHA_LENGTH); + return (SHA_LENGTH); } public void engineUpdate(byte b) { - engineUpdate((int)b); + engineUpdate((int) b); } /** * Update a byte. - * - * @param b the byte + * + * @param b the byte */ - private void engineUpdate(int b) { - int word; - int offset; - - /* compute word offset and bit offset within word the low bits - of count are inverted to make put the bytes in the write - order */ - word = ((int)count & countmask) >>> 2; - offset = (~(int)count & 3) << 3; - - W[word] = (W[word] & ~(0xff << offset)) | ((b & 0xff) << offset); - - /* If this is the last byte of a block, compute the partial hash */ - if (((int)count & countmask) == countmask) { - computeBlock(); - } - count++; + private void engineUpdate(int b) { + int word; + int offset; + + /* compute word offset and bit offset within word the low bits + of count are inverted to make put the bytes in the write + order */ + word = ((int) count & countmask) >>> 2; + offset = (~(int) count & 3) << 3; + + W[word] = (W[word] & ~(0xff << offset)) | ((b & 0xff) << offset); + + /* If this is the last byte of a block, compute the partial hash */ + if (((int) count & countmask) == countmask) { + computeBlock(); + } + count++; } - + /** * Update a buffer. - * - * @param b the data to be updated. - * @param off the start offset in the data - * @param len the number of bytes to be updated. + * + * @param b the data to be updated. + * @param off the start offset in the data + * @param len the number of bytes to be updated. */ public void engineUpdate(byte b[], int off, int len) { - int word; - int offset; - - if ((off < 0) || (len < 0) || (off + len > b.length)) - throw new ArrayIndexOutOfBoundsException(); - - // Use single writes until integer aligned - while ((len > 0) && - ((int)count & 3) != 0) { - engineUpdate(b[off]); - off++; - len--; - } - - /* Assemble groups of 4 bytes to be inserted in integer array */ - for (;len >= 4; len -= 4, off += 4) { - - word = ((int)count & countmask) >> 2; - - W[word] = ((b[off] & 0xff) << 24) | - ((b[off+1] & 0xff) << 16) | - ((b[off+2] & 0xff) << 8) | - ((b[off+3] & 0xff) ); - - count += 4; - if (((int)count & countmask) == 0) { - computeBlock(); - } - } - - /* Use single writes for last few bytes */ - for (; len > 0; len--, off++) { - engineUpdate(b[off]); - } + int word; + int offset; + + if ((off < 0) || (len < 0) || (off + len > b.length)) + throw new ArrayIndexOutOfBoundsException(); + + // Use single writes until integer aligned + while ((len > 0) && + ((int) count & 3) != 0) { + engineUpdate(b[off]); + off++; + len--; + } + + /* Assemble groups of 4 bytes to be inserted in integer array */ + for (; len >= 4; len -= 4, off += 4) { + + word = ((int) count & countmask) >> 2; + + W[word] = ((b[off] & 0xff) << 24) | + ((b[off + 1] & 0xff) << 16) | + ((b[off + 2] & 0xff) << 8) | + ((b[off + 3] & 0xff)); + + count += 4; + if (((int) count & countmask) == 0) { + computeBlock(); + } + } + + /* Use single writes for last few bytes */ + for (; len > 0; len--, off++) { + engineUpdate(b[off]); + } } - + /** * Resets the buffers and hash value to start a new hash. */ public void init() { - AA = 0x67452301; - BB = 0xefcdab89; - CC = 0x98badcfe; - DD = 0x10325476; - EE = 0xc3d2e1f0; - - for (int i = 0; i < 80; i++) - W[i] = 0; - count = 0; + AA = 0x67452301; + BB = 0xefcdab89; + CC = 0x98badcfe; + DD = 0x10325476; + EE = 0xc3d2e1f0; + + for (int i = 0; i < 80; i++) + W[i] = 0; + count = 0; } /** * Resets the buffers and hash value to start a new hash. */ public void engineReset() { - init(); + init(); } - + /** * Computes the final hash and returns the final value as a * byte[20] array. The object is reset to be ready for further * use, as specified in the JavaSecurity MessageDigest - * specification. */ + * specification. + */ public byte[] engineDigest() { - byte hashvalue[] = new byte[SHA_LENGTH]; - - try { - int outLen = engineDigest(hashvalue, 0, hashvalue.length); - } catch (DigestException e) { - throw new InternalError(""); - } - return hashvalue; + byte hashvalue[] = new byte[SHA_LENGTH]; + + try { + int outLen = engineDigest(hashvalue, 0, hashvalue.length); + } catch (DigestException e) { + throw new InternalError(""); + } + return hashvalue; } /** * Computes the final hash and returns the final value as a * byte[20] array. The object is reset to be ready for further * use, as specified in the JavaSecurity MessageDigest - * specification. */ + * specification. + */ public int engineDigest(byte[] hashvalue, int offset, int len) - throws DigestException { - - if (len < SHA_LENGTH) - throw new DigestException("partial digests not returned"); - if (hashvalue.length - offset < SHA_LENGTH) - throw new DigestException("insufficient space in the output " + - "buffer to store the digest"); - - /* The number of bits before padding occurs */ - long bits = count << 3; - - engineUpdate(0x80); - - /* Pad with zeros until length is a multiple of 448 (the last two - 32 ints are used a holder for bits (see above). */ - while ((int)(count & countmask) != 56) { - engineUpdate(0); - } - - W[14] = (int)(bits >>> 32); - W[15] = (int)(bits & 0xffffffff); - - count += 8; - computeBlock(); - - // Copy out the result - hashvalue[offset + 0] = (byte)(AA >>> 24); - hashvalue[offset + 1] = (byte)(AA >>> 16); - hashvalue[offset + 2] = (byte)(AA >>> 8); - hashvalue[offset + 3] = (byte)(AA >>> 0); - - hashvalue[offset + 4] = (byte)(BB >>> 24); - hashvalue[offset + 5] = (byte)(BB >>> 16); - hashvalue[offset + 6] = (byte)(BB >>> 8); - hashvalue[offset + 7] = (byte)(BB >>> 0); - - hashvalue[offset + 8] = (byte)(CC >>> 24); - hashvalue[offset + 9] = (byte)(CC >>> 16); - hashvalue[offset + 10] = (byte)(CC >>> 8); - hashvalue[offset + 11] = (byte)(CC >>> 0); - - hashvalue[offset + 12] = (byte)(DD >>> 24); - hashvalue[offset + 13] = (byte)(DD >>> 16); - hashvalue[offset + 14] = (byte)(DD >>> 8); - hashvalue[offset + 15] = (byte)(DD >>> 0); - - hashvalue[offset + 16] = (byte)(EE >>> 24); - hashvalue[offset + 17] = (byte)(EE >>> 16); - hashvalue[offset + 18] = (byte)(EE >>> 8); - hashvalue[offset + 19] = (byte)(EE >>> 0); - - engineReset(); // remove the evidence - - return SHA_LENGTH; + throws DigestException { + + if (len < SHA_LENGTH) + throw new DigestException("partial digests not returned"); + if (hashvalue.length - offset < SHA_LENGTH) + throw new DigestException("insufficient space in the output " + + "buffer to store the digest"); + + /* The number of bits before padding occurs */ + long bits = count << 3; + + engineUpdate(0x80); + + /* Pad with zeros until length is a multiple of 448 (the last two + 32 ints are used a holder for bits (see above). */ + while ((int) (count & countmask) != 56) { + engineUpdate(0); + } + + W[14] = (int) (bits >>> 32); + W[15] = (int) (bits & 0xffffffff); + + count += 8; + computeBlock(); + + // Copy out the result + hashvalue[offset + 0] = (byte) (AA >>> 24); + hashvalue[offset + 1] = (byte) (AA >>> 16); + hashvalue[offset + 2] = (byte) (AA >>> 8); + hashvalue[offset + 3] = (byte) (AA >>> 0); + + hashvalue[offset + 4] = (byte) (BB >>> 24); + hashvalue[offset + 5] = (byte) (BB >>> 16); + hashvalue[offset + 6] = (byte) (BB >>> 8); + hashvalue[offset + 7] = (byte) (BB >>> 0); + + hashvalue[offset + 8] = (byte) (CC >>> 24); + hashvalue[offset + 9] = (byte) (CC >>> 16); + hashvalue[offset + 10] = (byte) (CC >>> 8); + hashvalue[offset + 11] = (byte) (CC >>> 0); + + hashvalue[offset + 12] = (byte) (DD >>> 24); + hashvalue[offset + 13] = (byte) (DD >>> 16); + hashvalue[offset + 14] = (byte) (DD >>> 8); + hashvalue[offset + 15] = (byte) (DD >>> 0); + + hashvalue[offset + 16] = (byte) (EE >>> 24); + hashvalue[offset + 17] = (byte) (EE >>> 16); + hashvalue[offset + 18] = (byte) (EE >>> 8); + hashvalue[offset + 19] = (byte) (EE >>> 0); + + engineReset(); // remove the evidence + + return SHA_LENGTH; } // Constants for each round @@ -255,95 +256,94 @@ public class SHA extends MessageDigestSpi implements Cloneable { /** * Compute a the hash for the current block. - * + * * This is in the same vein as Peter Gutmann's algorithm listed in * the back of Applied Cryptography, Compact implementation of * "old" NIST Secure Hash Algorithm. - * + * */ private void computeBlock() { - int temp, a, b, c, d, e; - - // The first 16 ints have the byte stream, compute the rest of - // the buffer - for (int t = 16; t <= 79; t++) { - if (version == 0) { - W[t] = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; - } else { - temp = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; - W[t] = ((temp << 1) | (temp >>>(32 - 1))); - } - } - - a = AA; - b = BB; - c = CC; - d = DD; - e = EE; - - // Round 1 - for (int i = 0; i < 20; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - ((b&c)|((~b)&d))+ e + W[i] + round1_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 2 - for (int i = 20; i < 40; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - (b ^ c ^ d) + e + W[i] + round2_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 3 - for (int i = 40; i < 60; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - ((b&c)|(b&d)|(c&d)) + e + W[i] + round3_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - - // Round 4 - for (int i = 60; i < 80; i++) { - temp = ((a<<5) | (a>>>(32-5))) + - (b ^ c ^ d) + e + W[i] + round4_kt; - e = d; - d = c; - c = ((b<<30) | (b>>>(32-30))); - b = a; - a = temp; - } - AA += a; - BB += b; - CC += c; - DD += d; - EE += e; + int temp, a, b, c, d, e; + + // The first 16 ints have the byte stream, compute the rest of + // the buffer + for (int t = 16; t <= 79; t++) { + if (version == 0) { + W[t] = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; + } else { + temp = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; + W[t] = ((temp << 1) | (temp >>> (32 - 1))); + } + } + + a = AA; + b = BB; + c = CC; + d = DD; + e = EE; + + // Round 1 + for (int i = 0; i < 20; i++) { + temp = ((a << 5) | (a >>> (32 - 5))) + + ((b & c) | ((~b) & d)) + e + W[i] + round1_kt; + e = d; + d = c; + c = ((b << 30) | (b >>> (32 - 30))); + b = a; + a = temp; + } + + // Round 2 + for (int i = 20; i < 40; i++) { + temp = ((a << 5) | (a >>> (32 - 5))) + + (b ^ c ^ d) + e + W[i] + round2_kt; + e = d; + d = c; + c = ((b << 30) | (b >>> (32 - 30))); + b = a; + a = temp; + } + + // Round 3 + for (int i = 40; i < 60; i++) { + temp = ((a << 5) | (a >>> (32 - 5))) + + ((b & c) | (b & d) | (c & d)) + e + W[i] + round3_kt; + e = d; + d = c; + c = ((b << 30) | (b >>> (32 - 30))); + b = a; + a = temp; + } + + // Round 4 + for (int i = 60; i < 80; i++) { + temp = ((a << 5) | (a >>> (32 - 5))) + + (b ^ c ^ d) + e + W[i] + round4_kt; + e = d; + d = c; + c = ((b << 30) | (b >>> (32 - 30))); + b = a; + a = temp; + } + AA += a; + BB += b; + CC += c; + DD += d; + EE += e; } /* * Clones this object. */ public Object clone() { - SHA that = null; - try { - that = (SHA)super.clone(); - that.W = new int[80]; - System.arraycopy(this.W, 0, that.W, 0, W.length); - return that; - } catch (CloneNotSupportedException e) { - } - return that; + SHA that = null; + try { + that = (SHA) super.clone(); + that.W = new int[80]; + System.arraycopy(this.W, 0, that.W, 0, W.length); + return that; + } catch (CloneNotSupportedException e) { + } + return that; } } - diff --git a/pki/base/util/src/netscape/security/provider/Sun.java b/pki/base/util/src/netscape/security/provider/Sun.java index 36ef60d5..df384aea 100644 --- a/pki/base/util/src/netscape/security/provider/Sun.java +++ b/pki/base/util/src/netscape/security/provider/Sun.java @@ -29,27 +29,27 @@ import java.security.Provider; /** * Defines the SUN provider. - * + * * Algorithm supported, and their names: - * - * - SHA-1 is the message digest scheme decribed FIPS 180-1. - * Aliases for SHA-1 are SHA. - * - * - DSA is the signature scheme described in FIPS 186. (SHA used in - * DSA is SHA-1: FIPS 186 with Change No 1.) Aliases for DSA are - * SHA/DSA, SHA-1/DSA, SHA1/DSA, DSS and the object identifier - * strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and - * "OID.1.2.840.10040.4.3". - * + * + * - SHA-1 is the message digest scheme decribed FIPS 180-1. + * Aliases for SHA-1 are SHA. + * + * - DSA is the signature scheme described in FIPS 186. (SHA used in + * DSA is SHA-1: FIPS 186 with Change No 1.) Aliases for DSA are + * SHA/DSA, SHA-1/DSA, SHA1/DSA, DSS and the object identifier + * strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and + * "OID.1.2.840.10040.4.3". + * * - DSA is the key generation scheme as described in FIPS 186. - * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" - * and "OID.1.2.840.10040.4.1". - * + * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" + * and "OID.1.2.840.10040.4.1". + * * - MD5 is the message digest scheme described in RFC 1321. - * There are no aliases for MD5. - * + * There are no aliases for MD5. + * * Notes: The name of algorithm described in FIPS-180 is SHA-0, and is - * not supported by the SUN provider.) + * not supported by the SUN provider.) */ public final class Sun extends Provider { @@ -57,20 +57,20 @@ public final class Sun extends Provider { * */ private static final long serialVersionUID = 9134942296334703727L; - private static String info = "SUN Security Provider v1.0, " + - "DSA signing and key generation, SHA-1 and MD5 message digests."; + private static String info = "SUN Security Provider v1.0, " + + "DSA signing and key generation, SHA-1 and MD5 message digests."; public Sun() { - /* We are the SUN provider */ - super("SUN", 1.0, info); + /* We are the SUN provider */ + super("SUN", 1.0, info); - try { + try { -// AccessController.beginPrivileged(); + // AccessController.beginPrivileged(); - /* - * Signature engines - */ + /* + * Signature engines + */ put("Signature.DSA", "netscape.security.provider.DSA"); put("Alg.Alias.Signature.SHA/DSA", "DSA"); @@ -88,11 +88,11 @@ public final class Sun extends Provider { put("Alg.Alias.Signature.SHAwithDSA", "DSA"); put("Alg.Alias.Signature.SHA1withDSA", "DSA"); - /* - * Key Pair Generator engines - */ - put("KeyPairGenerator.DSA", - "netscape.security.provider.DSAKeyPairGenerator"); + /* + * Key Pair Generator engines + */ + put("KeyPairGenerator.DSA", + "netscape.security.provider.DSAKeyPairGenerator"); put("Alg.Alias.KeyPairGenerator.OID.1.3.14.3.2.12", "DSA"); put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); @@ -101,35 +101,35 @@ public final class Sun extends Provider { put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); - /* - * Digest engines - */ - put("MessageDigest.MD5", "netscape.security.provider.MD5"); - put("MessageDigest.SHA-1", "netscape.security.provider.SHA"); - - put("Alg.Alias.MessageDigest.SHA", "SHA-1"); - put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); + /* + * Digest engines + */ + put("MessageDigest.MD5", "netscape.security.provider.MD5"); + put("MessageDigest.SHA-1", "netscape.security.provider.SHA"); + + put("Alg.Alias.MessageDigest.SHA", "SHA-1"); + put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); /* * Algorithm Parameter Generator engines */ - put("AlgorithmParameterGenerator.DSA", - "netscape.security.provider.DSAParameterGenerator"); + put("AlgorithmParameterGenerator.DSA", + "netscape.security.provider.DSAParameterGenerator"); /* * Algorithm Parameter engines */ - put("AlgorithmParameters.DSA", - "netscape.security.provider.DSAParameters"); + put("AlgorithmParameters.DSA", + "netscape.security.provider.DSAParameters"); put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); - /* - * Key factories - */ - put("KeyFactory.DSA", "netscape.security.provider.DSAKeyFactory"); - - } finally { -// AccessController.endPrivileged(); - } + /* + * Key factories + */ + put("KeyFactory.DSA", "netscape.security.provider.DSAKeyFactory"); + + } finally { + // AccessController.endPrivileged(); + } } } diff --git a/pki/base/util/src/netscape/security/provider/SystemIdentity.java b/pki/base/util/src/netscape/security/provider/SystemIdentity.java index e9fadf26..37f70788 100644 --- a/pki/base/util/src/netscape/security/provider/SystemIdentity.java +++ b/pki/base/util/src/netscape/security/provider/SystemIdentity.java @@ -27,9 +27,9 @@ import java.security.PublicKey; /** * An identity. - * - * @version 1.19, 09/12/97 - * @author Benjamin Renaud + * + * @version 1.19, 09/12/97 + * @author Benjamin Renaud */ public class SystemIdentity extends Identity implements Serializable { @@ -43,38 +43,38 @@ public class SystemIdentity extends Identity implements Serializable { /* This exists only for serialization bc and don't use it! */ private boolean trusted = false; - public SystemIdentity(String name, IdentityScope scope) - throws InvalidParameterException, KeyManagementException { - super(name, scope); + public SystemIdentity(String name, IdentityScope scope) + throws InvalidParameterException, KeyManagementException { + super(name, scope); } void setIdentityInfo(String info) { - super.setInfo(info); + super.setInfo(info); } String getIndentityInfo() { - return super.getInfo(); + return super.getInfo(); } /** * Call back method into a protected method for package friends. */ void setIdentityPublicKey(PublicKey key) throws KeyManagementException { - setPublicKey(key); + setPublicKey(key); } /** * Call back method into a protected method for package friends. */ - void addIdentityCertificate(Certificate cert) - throws KeyManagementException { - addCertificate(cert); + void addIdentityCertificate(Certificate cert) + throws KeyManagementException { + addCertificate(cert); } void clearCertificates() throws KeyManagementException { - Certificate[] certs = certificates(); - for (int i = 0; i < certs.length; i++) { - removeCertificate(certs[i]); - } + Certificate[] certs = certificates(); + for (int i = 0; i < certs.length; i++) { + removeCertificate(certs[i]); + } } } diff --git a/pki/base/util/src/netscape/security/provider/SystemSigner.java b/pki/base/util/src/netscape/security/provider/SystemSigner.java index 3b5be37e..cf9a78cc 100644 --- a/pki/base/util/src/netscape/security/provider/SystemSigner.java +++ b/pki/base/util/src/netscape/security/provider/SystemSigner.java @@ -28,9 +28,10 @@ import java.security.Signer; /** * SunSecurity signer. - * - * @version 1.24, 09/12/97 - * @author Benjamin Renaud */ + * + * @version 1.24, 09/12/97 + * @author Benjamin Renaud + */ public class SystemSigner extends Signer { /** use serialVersionUID from JDK 1.1. for interoperability */ @@ -39,52 +40,52 @@ public class SystemSigner extends Signer { /* This exists only for serialization bc and don't use it! */ private boolean trusted = false; - /** + /** * Construct a signer with a given name. */ public SystemSigner(String name) { - super(name); + super(name); } - /** + /** * Construct a signer with a name and a scope. - * + * * @param name the signer's name. - * + * * @param scope the scope for this signer. */ public SystemSigner(String name, IdentityScope scope) - throws KeyManagementException { + throws KeyManagementException { - super(name, scope); + super(name, scope); } /* friendly callback for set keys */ - void setSignerKeyPair(KeyPair pair) - throws InvalidParameterException, KeyException { - setKeyPair(pair); + void setSignerKeyPair(KeyPair pair) + throws InvalidParameterException, KeyException { + setKeyPair(pair); } /* friendly callback for getting private keys */ PrivateKey getSignerPrivateKey() { - return getPrivateKey(); + return getPrivateKey(); } void setSignerInfo(String s) { - setInfo(s); + setInfo(s); } - + /** * Call back method into a protected method for package friends. */ void addSignerCertificate(Certificate cert) throws KeyManagementException { - addCertificate(cert); + addCertificate(cert); } void clearCertificates() throws KeyManagementException { - Certificate[] certs = certificates(); - for (int i = 0; i < certs.length; i++) { - removeCertificate(certs[i]); - } + Certificate[] certs = certificates(); + for (int i = 0; i < certs.length; i++) { + removeCertificate(certs[i]); + } } } diff --git a/pki/base/util/src/netscape/security/provider/X509CertificateFactory.java b/pki/base/util/src/netscape/security/provider/X509CertificateFactory.java index 8e21350b..9780983a 100644 --- a/pki/base/util/src/netscape/security/provider/X509CertificateFactory.java +++ b/pki/base/util/src/netscape/security/provider/X509CertificateFactory.java @@ -29,33 +29,33 @@ import netscape.security.x509.X509CRLImpl; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509ExtensionException; -public class X509CertificateFactory extends CertificateFactorySpi { +public class X509CertificateFactory extends CertificateFactorySpi { + + public Certificate engineGenerateCertificate(InputStream inStream) + throws CertificateException { + return new X509CertImpl(inStream); + } - public Certificate engineGenerateCertificate(InputStream inStream) - throws CertificateException { - return new X509CertImpl(inStream); - } public Collection<Certificate> engineGenerateCertificates(InputStream inStream) - throws CertificateException { - return null; - } - - public CRL engineGenerateCRL(InputStream inStream) - throws CRLException { - X509CRLImpl crl = null; - try { - crl = new X509CRLImpl(inStream); - } - catch (X509ExtensionException e) { - ; - } - - return crl; - } - - public Collection<CRL> engineGenerateCRLs(InputStream inStream) - throws CRLException { - return null; - } - + throws CertificateException { + return null; + } + + public CRL engineGenerateCRL(InputStream inStream) + throws CRLException { + X509CRLImpl crl = null; + try { + crl = new X509CRLImpl(inStream); + } catch (X509ExtensionException e) { + ; + } + + return crl; + } + + public Collection<CRL> engineGenerateCRLs(InputStream inStream) + throws CRLException { + return null; + } + } diff --git a/pki/base/util/src/netscape/security/util/ASN1CharStrConvMap.java b/pki/base/util/src/netscape/security/util/ASN1CharStrConvMap.java index 9defa764..972c5784 100644 --- a/pki/base/util/src/netscape/security/util/ASN1CharStrConvMap.java +++ b/pki/base/util/src/netscape/security/util/ASN1CharStrConvMap.java @@ -29,60 +29,60 @@ import java.util.Map; * Maps a ASN.1 character string type to a charset encoder and decoder. * The converter is used to convert a DerValue of a ASN.1 character string type * from bytes to unicode characters and vice versa. - * - * <p>A global default ASN1CharStrConvMap is created when the class is - * initialized. The global default map is extensible. - * + * + * <p> + * A global default ASN1CharStrConvMap is created when the class is initialized. The global default map is extensible. + * * @author Lily Hsiao * @author Slava Galperin - * + * */ -public class ASN1CharStrConvMap -{ +public class ASN1CharStrConvMap { // public constructors /** * Constructs a ASN1CharStrConvMap. */ - public ASN1CharStrConvMap() - { + public ASN1CharStrConvMap() { } /** * Get an encoder for the specified DER tag. - * - * @param tag A DER tag of a ASN.1 character string type, - * for example DerValue.tag_PrintableString. - * - * @return An encoder for the DER tag. + * + * @param tag A DER tag of a ASN.1 character string type, + * for example DerValue.tag_PrintableString. + * + * @return An encoder for the DER tag. */ public CharsetEncoder getEncoder(byte tag) { Charset charset = charsets.get(tag); - if (charset == null) return null; + if (charset == null) + return null; return charset.newEncoder(); } /** * Get a decoder for the given DER tag. - * - * @param tag A DER tag of a ASN.1 character string type, - * for example DerValue.tag_PrintableString. - * - * @return A decoder for the DER tag. + * + * @param tag A DER tag of a ASN.1 character string type, + * for example DerValue.tag_PrintableString. + * + * @return A decoder for the DER tag. */ public CharsetDecoder getDecoder(byte tag) { Charset charset = charsets.get(tag); - if (charset == null) return null; + if (charset == null) + return null; return charset.newDecoder(); } /** * Add a tag-charset entry in the map. - * - * @param tag A DER tag of a ASN.1 character string type, - * ex. DerValue.tag_IA5String - * @param charset A charset for the tag. + * + * @param tag A DER tag of a ASN.1 character string type, + * ex. DerValue.tag_IA5String + * @param charset A charset for the tag. */ public void addEntry(byte tag, Charset charset) { @@ -91,7 +91,7 @@ public class ASN1CharStrConvMap if (currentCharset != null) { if (currentCharset != charset) { throw new IllegalArgumentException( - "a DER tag to converter entry already exists."); + "a DER tag to converter entry already exists."); } else { return; } @@ -99,9 +99,11 @@ public class ASN1CharStrConvMap charsets.put(tag, charset); } + /** * Get an iterator of all tags in the map. - * @return An Iterator of DER tags in the map as Bytes. + * + * @return An Iterator of DER tags in the map as Bytes. */ public Iterator<Byte> getTags() { return charsets.keySet().iterator(); @@ -111,23 +113,23 @@ public class ASN1CharStrConvMap /** * Get the global ASN1CharStrConvMap. - * @return The global default ASN1CharStrConvMap. + * + * @return The global default ASN1CharStrConvMap. */ - static public ASN1CharStrConvMap getDefault() - { - return defaultMap; + static public ASN1CharStrConvMap getDefault() { + return defaultMap; } /** * Set the global default ASN1CharStrConvMap. - * @param newDefault The new default ASN1CharStrConvMap. + * + * @param newDefault The new default ASN1CharStrConvMap. */ - static public void setDefault(ASN1CharStrConvMap newDefault) - { - if (newDefault == null) - throw new IllegalArgumentException( - "Cannot set a null default Der Tag Converter map"); - defaultMap = newDefault; + static public void setDefault(ASN1CharStrConvMap newDefault) { + if (newDefault == null) + throw new IllegalArgumentException( + "Cannot set a null default Der Tag Converter map"); + defaultMap = newDefault; } // private methods and variables. @@ -144,24 +146,24 @@ public class ASN1CharStrConvMap defaultMap = new ASN1CharStrConvMap(); defaultMap.addEntry(DerValue.tag_PrintableString, - provider.charsetForName("ASN.1-Printable")); + provider.charsetForName("ASN.1-Printable")); defaultMap.addEntry(DerValue.tag_VisibleString, - provider.charsetForName("ASN.1-Printable")); + provider.charsetForName("ASN.1-Printable")); defaultMap.addEntry(DerValue.tag_IA5String, - provider.charsetForName("ASN.1-IA5")); + provider.charsetForName("ASN.1-IA5")); defaultMap.addEntry(DerValue.tag_BMPString, - Charset.forName("UnicodeBig")); + Charset.forName("UnicodeBig")); defaultMap.addEntry(DerValue.tag_UniversalString, - provider.charsetForName("ASN.1-Universal")); + provider.charsetForName("ASN.1-Universal")); // XXX this is an oversimplified implementation of T.61 strings, it // doesn't handle all cases defaultMap.addEntry(DerValue.tag_T61String, - Charset.forName("ISO-8859-1")); + Charset.forName("ISO-8859-1")); // UTF8String added to ASN.1 in 1998 defaultMap.addEntry(DerValue.tag_UTF8String, - Charset.forName("UTF-8")); + Charset.forName("UTF-8")); defaultMap.addEntry(DerValue.tag_GeneralString, - Charset.forName("UTF-8")); + Charset.forName("UTF-8")); }; }; diff --git a/pki/base/util/src/netscape/security/util/BigInt.java b/pki/base/util/src/netscape/security/util/BigInt.java index 10e4569d..8f7b0b87 100644 --- a/pki/base/util/src/netscape/security/util/BigInt.java +++ b/pki/base/util/src/netscape/security/util/BigInt.java @@ -19,180 +19,187 @@ package netscape.security.util; import java.math.BigInteger; - /** * A low-overhead arbitrary-precision <em>unsigned</em> integer. * This is intended for use with ASN.1 parsing, and printing of - * such parsed values. Convert to "BigInteger" if you need to do + * such parsed values. Convert to "BigInteger" if you need to do * arbitrary precision arithmetic, rather than just represent * the number as a wrapped array of bytes. - * - * <P><em><b>NOTE:</b> This class may eventually disappear, to + * + * <P> + * <em><b>NOTE:</b> This class may eventually disappear, to * be supplanted by big-endian byte arrays which hold both signed * and unsigned arbitrary-precision integers. - * + * * @version 1.23 * @author David Brownell */ public final class BigInt { // Big endian -- MSB first. - private byte[] places; + private byte[] places; /** * Constructs a "Big" integer from a set of (big-endian) bytes. * Leading zeroes should be stripped off. - * + * * @param data a sequence of bytes, most significant bytes/digits - * first. CONSUMED. + * first. CONSUMED. */ - public BigInt(byte[] data) { places = (byte[])data.clone(); } + public BigInt(byte[] data) { + places = (byte[]) data.clone(); + } /** * Constructs a "Big" integer from a "BigInteger", which must be * positive (or zero) in value. */ public BigInt(BigInteger i) { - byte[] temp = i.toByteArray(); - - if ((temp [0] & 0x80) != 0) - throw new IllegalArgumentException ("negative BigInteger"); - - // XXX we assume exactly _one_ sign byte is used... - - if (temp [0] != 0) - places = temp; - else { - // Note that if i = new BigInteger("0"), - // i.toByteArray() contains only 1 zero. - if (temp.length == 1) { - places = new byte [1]; - places [0] = (byte) 0; - } else { - places = new byte [temp.length - 1]; - for (int j = 1; j < temp.length; j++) - places [j - 1] = temp [j]; - } - } + byte[] temp = i.toByteArray(); + + if ((temp[0] & 0x80) != 0) + throw new IllegalArgumentException("negative BigInteger"); + + // XXX we assume exactly _one_ sign byte is used... + + if (temp[0] != 0) + places = temp; + else { + // Note that if i = new BigInteger("0"), + // i.toByteArray() contains only 1 zero. + if (temp.length == 1) { + places = new byte[1]; + places[0] = (byte) 0; + } else { + places = new byte[temp.length - 1]; + for (int j = 1; j < temp.length; j++) + places[j - 1] = temp[j]; + } + } } /** * Constructs a "Big" integer from a normal Java integer. - * + * * @param i the java primitive integer */ public BigInt(int i) { - if (i < (1 << 8)) { - places = new byte [1]; - places [0] = (byte) i; - } else if (i < (1 << 16)) { - places = new byte [2]; - places[0] = (byte) (i >> 8); - places[1] = (byte) i; - } else if (i < (1 << 24)) { - places = new byte [3]; - places[0] = (byte) (i >> 16); - places [1] = (byte) (i >> 8); - places[2] = (byte) i; - } else { - places = new byte [4]; - places[0] = (byte) (i >> 24); - places[1] = (byte) (i >> 16); - places[2] = (byte) (i >> 8); - places[3] = (byte) i; - } + if (i < (1 << 8)) { + places = new byte[1]; + places[0] = (byte) i; + } else if (i < (1 << 16)) { + places = new byte[2]; + places[0] = (byte) (i >> 8); + places[1] = (byte) i; + } else if (i < (1 << 24)) { + places = new byte[3]; + places[0] = (byte) (i >> 16); + places[1] = (byte) (i >> 8); + places[2] = (byte) i; + } else { + places = new byte[4]; + places[0] = (byte) (i >> 24); + places[1] = (byte) (i >> 16); + places[2] = (byte) (i >> 8); + places[3] = (byte) i; + } } /** * Converts the "big" integer to a java primitive integer. - * + * * @exception NumberFormatException if 32 bits is insufficient. */ public int toInt() { - if (places.length > 4) - throw new NumberFormatException ("BigInt.toInt, too big"); - int retval = 0, i = 0; + if (places.length > 4) + throw new NumberFormatException("BigInt.toInt, too big"); + int retval = 0, i = 0; for (; i < places.length; i++) - retval = (retval << 8) + ((int)places[i] & 0xff); - return retval; + retval = (retval << 8) + ((int) places[i] & 0xff); + return retval; } /** - * Returns a hexadecimal printed representation. The value is + * Returns a hexadecimal printed representation. The value is * formatted to fit on lines of at least 75 characters, with - * embedded newlines. Words are separated for readability, + * embedded newlines. Words are separated for readability, * with eight words (32 bytes) per line. */ - public String toString() { return hexify(); } + public String toString() { + return hexify(); + } /** * Returns a BigInteger value which supports many arithmetic * operations. Assumes negative values will never occur. */ - public BigInteger toBigInteger () - { return new BigInteger(1, places); } + public BigInteger toBigInteger() { + return new BigInteger(1, places); + } /** * Returns the length of the data as a byte array. */ - public int byteLength() { return places.length; } - + public int byteLength() { + return places.length; + } /** - * Returns the data as a byte array. The most significant bit + * Returns the data as a byte array. The most significant bit * of the array is bit zero (as in <code>java.math.BigInteger</code>). */ - public byte [] toByteArray () { + public byte[] toByteArray() { if (places.length == 0) { - byte zero[] = new byte [1]; - zero [0] = (byte) 0; - return zero; - } else { - return (byte [])places.clone(); - } + byte zero[] = new byte[1]; + zero[0] = (byte) 0; + return zero; + } else { + return (byte[]) places.clone(); + } } private static final String digits = "0123456789abcdef"; + private String hexify() { if (places.length == 0) return " 0 "; - StringBuffer buf = new StringBuffer (places.length * 2); - buf.append (" "); // four spaces - for (int i = 0; i < places.length; i++) { - buf.append (digits.charAt ((places [i] >> 4) & 0x0f)); - buf.append (digits.charAt (places [i] & 0x0f)); - if (((i + 1) % 32) == 0) { - if ((i + 1) != places.length) - buf.append ("\n "); // line after four words - } else if (((i + 1) % 4) == 0) - buf.append (' '); // space between words - } - return buf.toString (); + StringBuffer buf = new StringBuffer(places.length * 2); + buf.append(" "); // four spaces + for (int i = 0; i < places.length; i++) { + buf.append(digits.charAt((places[i] >> 4) & 0x0f)); + buf.append(digits.charAt(places[i] & 0x0f)); + if (((i + 1) % 32) == 0) { + if ((i + 1) != places.length) + buf.append("\n "); // line after four words + } else if (((i + 1) % 4) == 0) + buf.append(' '); // space between words + } + return buf.toString(); } /** * Returns true iff the parameter is a numerically equivalent * BigInt. - * + * * @param other the object being compared with this one. */ public boolean equals(Object other) { - if (other instanceof BigInt) - return equals ((BigInt) other); - return false; + if (other instanceof BigInt) + return equals((BigInt) other); + return false; } /** * Returns true iff the parameter is numerically equivalent. - * + * * @param other the BigInt being compared with this one. */ public boolean equals(BigInt other) { if (this == other) return true; - byte[] otherPlaces = other.toByteArray(); + byte[] otherPlaces = other.toByteArray(); if (places.length != otherPlaces.length) return false; for (int i = 0; i < places.length; i++) diff --git a/pki/base/util/src/netscape/security/util/BitArray.java b/pki/base/util/src/netscape/security/util/BitArray.java index 43af482d..ab77c226 100644 --- a/pki/base/util/src/netscape/security/util/BitArray.java +++ b/pki/base/util/src/netscape/security/util/BitArray.java @@ -21,7 +21,7 @@ import java.io.ByteArrayOutputStream; /** * A packed array of booleans. - * + * * @author Joshua Bloch * @author Douglas Hoover * @version 1.2 97/12/10 @@ -35,224 +35,223 @@ public class BitArray { private static final int BITS_PER_UNIT = 8; private static int subscript(int idx) { - return idx / BITS_PER_UNIT; + return idx / BITS_PER_UNIT; } private static int position(int idx) { // bits big-endian in each unit - return 1 << (BITS_PER_UNIT - 1 - (idx % BITS_PER_UNIT)); + return 1 << (BITS_PER_UNIT - 1 - (idx % BITS_PER_UNIT)); } /** * Creates a BitArray of the specified size, initialized to zeros. */ public BitArray(int length) throws IllegalArgumentException { - if (length < 0) { - throw new IllegalArgumentException("Negative length for BitArray"); - } + if (length < 0) { + throw new IllegalArgumentException("Negative length for BitArray"); + } - this.length = length; + this.length = length; - repn = new byte[(length + BITS_PER_UNIT - 1)/BITS_PER_UNIT]; + repn = new byte[(length + BITS_PER_UNIT - 1) / BITS_PER_UNIT]; } - /** * Creates a BitArray of the specified size, initialized from the - * specified byte array. The most significant bit of a[0] gets - * index zero in the BitArray. The array a must be large enough - * to specify a value for every bit in the BitArray. In other words, + * specified byte array. The most significant bit of a[0] gets + * index zero in the BitArray. The array a must be large enough + * to specify a value for every bit in the BitArray. In other words, * 8*a.length >= length. */ public BitArray(int length, byte[] a) throws IllegalArgumentException { - - if (length < 0) { - throw new IllegalArgumentException("Negative length for BitArray"); - } - if (a.length * BITS_PER_UNIT < length) { - throw new IllegalArgumentException("Byte array too short to represent " + - "bit array of given length"); - } - - this.length = length; - - int repLength = ((length + BITS_PER_UNIT - 1)/BITS_PER_UNIT); - int unusedBits = repLength*BITS_PER_UNIT - length; - byte bitMask = (byte) (0xFF << unusedBits); - - /* - normalize the representation: - 1. discard extra bytes - 2. zero out extra bits in the last byte - */ - repn = new byte[repLength]; - System.arraycopy(a, 0, repn, 0, repLength); - if (repn.length > 0) - repn[repn.length -1] = (byte) (repn[repn.length -1] & bitMask); + + if (length < 0) { + throw new IllegalArgumentException("Negative length for BitArray"); + } + if (a.length * BITS_PER_UNIT < length) { + throw new IllegalArgumentException("Byte array too short to represent " + + "bit array of given length"); + } + + this.length = length; + + int repLength = ((length + BITS_PER_UNIT - 1) / BITS_PER_UNIT); + int unusedBits = repLength * BITS_PER_UNIT - length; + byte bitMask = (byte) (0xFF << unusedBits); + + /* + normalize the representation: + 1. discard extra bytes + 2. zero out extra bits in the last byte + */ + repn = new byte[repLength]; + System.arraycopy(a, 0, repn, 0, repLength); + if (repn.length > 0) + repn[repn.length - 1] = (byte) (repn[repn.length - 1] & bitMask); } /** - * Create a BitArray whose bits are those of the given array - * of Booleans. + * Create a BitArray whose bits are those of the given array + * of Booleans. */ public BitArray(boolean[] bits) { - length = bits.length; - repn = new byte[(length + 7)/8]; + length = bits.length; + repn = new byte[(length + 7) / 8]; - for (int i=0; i < length; i++) { - set(i, bits[i]); - } + for (int i = 0; i < length; i++) { + set(i, bits[i]); + } } - - + /** - * Copy constructor (for cloning). + * Copy constructor (for cloning). */ private BitArray(BitArray ba) { - length = ba.length; - repn = (byte[]) ba.repn.clone(); + length = ba.length; + repn = (byte[]) ba.repn.clone(); } /** - * Returns the indexed bit in this BitArray. + * Returns the indexed bit in this BitArray. */ public boolean get(int index) throws ArrayIndexOutOfBoundsException { - if (index < 0 || index >= length) { - throw new ArrayIndexOutOfBoundsException(Integer.toString(index)); - } - - return (repn[subscript(index)] & position(index)) != 0; + if (index < 0 || index >= length) { + throw new ArrayIndexOutOfBoundsException(Integer.toString(index)); + } + + return (repn[subscript(index)] & position(index)) != 0; } /** - * Sets the indexed bit in this BitArray. + * Sets the indexed bit in this BitArray. */ public void set(int index, boolean value) - throws ArrayIndexOutOfBoundsException { - if (index < 0 || index >= length) { - throw new ArrayIndexOutOfBoundsException(Integer.toString(index)); - } - int idx = subscript(index); - int bit = position(index); - - if (value) { - repn[idx] |= bit; - } else { - repn[idx] &= ~bit; - } + throws ArrayIndexOutOfBoundsException { + if (index < 0 || index >= length) { + throw new ArrayIndexOutOfBoundsException(Integer.toString(index)); + } + int idx = subscript(index); + int bit = position(index); + + if (value) { + repn[idx] |= bit; + } else { + repn[idx] &= ~bit; + } } /** * Returns the length of this BitArray. */ public int length() { - return length; + return length; } /** * Returns a Byte array containing the contents of this BitArray. * The bit stored at index zero in this BitArray will be copied - * into the most significant bit of the zeroth element of the - * returned byte array. The last byte of the returned byte array + * into the most significant bit of the zeroth element of the + * returned byte array. The last byte of the returned byte array * will be contain zeros in any bits that do not have corresponding - * bits in the BitArray. (This matters only if the BitArray's size + * bits in the BitArray. (This matters only if the BitArray's size * is not a multiple of 8.) - */ + */ public byte[] toByteArray() { - return (byte[]) repn.clone(); + return (byte[]) repn.clone(); } public boolean equals(Object obj) { - if (obj == this) return true; - if (obj == null || !(obj instanceof BitArray)) return false; - - BitArray ba = (BitArray) obj; - - if (ba.length != length) return false; - - for (int i = 0; i < repn.length; i += 1) { - if (repn[i] != ba.repn[i]) return false; - } - return true; + if (obj == this) + return true; + if (obj == null || !(obj instanceof BitArray)) + return false; + + BitArray ba = (BitArray) obj; + + if (ba.length != length) + return false; + + for (int i = 0; i < repn.length; i += 1) { + if (repn[i] != ba.repn[i]) + return false; + } + return true; } /** * Return a boolean array with the same bit values a this BitArray. */ public boolean[] toBooleanArray() { - boolean[] bits = new boolean[length]; + boolean[] bits = new boolean[length]; - for (int i=0; i < length; i++) { - bits[i] = get(i); - } - return bits; + for (int i = 0; i < length; i++) { + bits[i] = get(i); + } + return bits; } /** * Returns a hash code value for this bit array. - * - * @return a hash code value for this bit array. + * + * @return a hash code value for this bit array. */ public int hashCode() { - int hashCode = 0; + int hashCode = 0; - for (int i = 0; i < repn.length; i++) - hashCode = 31*hashCode + repn[i]; + for (int i = 0; i < repn.length; i++) + hashCode = 31 * hashCode + repn[i]; - return hashCode ^ length; + return hashCode ^ length; } - public Object clone() { - return new BitArray(this); + return new BitArray(this); } - private static final byte[][] NYBBLE = { - { (byte)'0',(byte)'0',(byte)'0',(byte)'0'}, - { (byte)'0',(byte)'0',(byte)'0',(byte)'1'}, - { (byte)'0',(byte)'0',(byte)'1',(byte)'0'}, - { (byte)'0',(byte)'0',(byte)'1',(byte)'1'}, - { (byte)'0',(byte)'1',(byte)'0',(byte)'0'}, - { (byte)'0',(byte)'1',(byte)'0',(byte)'1'}, - { (byte)'0',(byte)'1',(byte)'1',(byte)'0'}, - { (byte)'0',(byte)'1',(byte)'1',(byte)'1'}, - { (byte)'1',(byte)'0',(byte)'0',(byte)'0'}, - { (byte)'1',(byte)'0',(byte)'0',(byte)'1'}, - { (byte)'1',(byte)'0',(byte)'1',(byte)'0'}, - { (byte)'1',(byte)'0',(byte)'1',(byte)'1'}, - { (byte)'1',(byte)'1',(byte)'0',(byte)'0'}, - { (byte)'1',(byte)'1',(byte)'0',(byte)'1'}, - { (byte)'1',(byte)'1',(byte)'1',(byte)'0'}, - { (byte)'1',(byte)'1',(byte)'1',(byte)'1'} + { (byte) '0', (byte) '0', (byte) '0', (byte) '0' }, + { (byte) '0', (byte) '0', (byte) '0', (byte) '1' }, + { (byte) '0', (byte) '0', (byte) '1', (byte) '0' }, + { (byte) '0', (byte) '0', (byte) '1', (byte) '1' }, + { (byte) '0', (byte) '1', (byte) '0', (byte) '0' }, + { (byte) '0', (byte) '1', (byte) '0', (byte) '1' }, + { (byte) '0', (byte) '1', (byte) '1', (byte) '0' }, + { (byte) '0', (byte) '1', (byte) '1', (byte) '1' }, + { (byte) '1', (byte) '0', (byte) '0', (byte) '0' }, + { (byte) '1', (byte) '0', (byte) '0', (byte) '1' }, + { (byte) '1', (byte) '0', (byte) '1', (byte) '0' }, + { (byte) '1', (byte) '0', (byte) '1', (byte) '1' }, + { (byte) '1', (byte) '1', (byte) '0', (byte) '0' }, + { (byte) '1', (byte) '1', (byte) '0', (byte) '1' }, + { (byte) '1', (byte) '1', (byte) '1', (byte) '0' }, + { (byte) '1', (byte) '1', (byte) '1', (byte) '1' } }; private static final int BYTES_PER_LINE = 8; /** - * Returns a string representation of this BitArray. + * Returns a string representation of this BitArray. */ public String toString() { - ByteArrayOutputStream out = new ByteArrayOutputStream(); - - for (int i = 0; i < repn.length - 1; i++) { - out.write(NYBBLE[(repn[i] >> 4) & 0x0F], 0, 4); - out.write(NYBBLE[repn[i] & 0x0F], 0, 4); - - if (i % BYTES_PER_LINE == BYTES_PER_LINE - 1) { - out.write('\n'); - } else { - out.write(' '); - } - } - - // in last byte of repn, use only the valid bits - for (int i = BITS_PER_UNIT * (repn.length - 1); i < length; i++) { - out.write(get(i) ? '1' : '0'); - } - - return new String(out.toByteArray()); - + ByteArrayOutputStream out = new ByteArrayOutputStream(); + + for (int i = 0; i < repn.length - 1; i++) { + out.write(NYBBLE[(repn[i] >> 4) & 0x0F], 0, 4); + out.write(NYBBLE[repn[i] & 0x0F], 0, 4); + + if (i % BYTES_PER_LINE == BYTES_PER_LINE - 1) { + out.write('\n'); + } else { + out.write(' '); + } + } + + // in last byte of repn, use only the valid bits + for (int i = BITS_PER_UNIT * (repn.length - 1); i < length; i++) { + out.write(get(i) ? '1' : '0'); + } + + return new String(out.toByteArray()); + } - -} +} diff --git a/pki/base/util/src/netscape/security/util/ByteArrayLexOrder.java b/pki/base/util/src/netscape/security/util/ByteArrayLexOrder.java index 60aede10..ded4522d 100644 --- a/pki/base/util/src/netscape/security/util/ByteArrayLexOrder.java +++ b/pki/base/util/src/netscape/security/util/ByteArrayLexOrder.java @@ -21,7 +21,7 @@ import java.util.Comparator; /** * Compare two byte arrays in lexicographical order. - * + * * @version 1.4 97/12/10 * @author D. N. Hoover */ @@ -29,35 +29,33 @@ public class ByteArrayLexOrder implements Comparator { /** * Perform lexicographical comparison of two byte arrays, - * regarding each byte as unsigned. That is, compare array entries - * in order until they differ--the array with the smaller entry - * is "smaller". If array entries are + * regarding each byte as unsigned. That is, compare array entries + * in order until they differ--the array with the smaller entry + * is "smaller". If array entries are * equal till one array ends, then the longer array is "bigger". - * - * @param obj1 first byte array to compare. - * @param obj2 second byte array to compare. - * @return negative number if obj1 < obj2, 0 if obj1 == obj2, - * positive number if obj1 > obj2. - * - * @exception <code>ClassCastException</code> - * if either argument is not a byte array. + * + * @param obj1 first byte array to compare. + * @param obj2 second byte array to compare. + * @return negative number if obj1 < obj2, 0 if obj1 == obj2, + * positive number if obj1 > obj2. + * + * @exception <code>ClassCastException</code> if either argument is not a byte array. */ public final int compare(Object obj1, Object obj2) { - byte[] bytes1 = (byte[]) obj1; - byte[] bytes2 = (byte[]) obj2; + byte[] bytes1 = (byte[]) obj1; + byte[] bytes2 = (byte[]) obj2; - int diff; - for (int i = 0; i < bytes1.length && i < bytes2.length; i++) { - diff = (bytes1[i] & 0xFF) - (bytes2[i] & 0xFF); - if (diff != 0) { - return diff; - } - } - // if array entries are equal till the first ends, then the - // longer is "bigger" - return bytes1.length - bytes2.length; + int diff; + for (int i = 0; i < bytes1.length && i < bytes2.length; i++) { + diff = (bytes1[i] & 0xFF) - (bytes2[i] & 0xFF); + if (diff != 0) { + return diff; + } + } + // if array entries are equal till the first ends, then the + // longer is "bigger" + return bytes1.length - bytes2.length; } - } diff --git a/pki/base/util/src/netscape/security/util/ByteArrayTagOrder.java b/pki/base/util/src/netscape/security/util/ByteArrayTagOrder.java index 81f43747..1367ee04 100644 --- a/pki/base/util/src/netscape/security/util/ByteArrayTagOrder.java +++ b/pki/base/util/src/netscape/security/util/ByteArrayTagOrder.java @@ -23,27 +23,25 @@ public class ByteArrayTagOrder implements Comparator { /** * Compare two byte arrays, by the order of their tags, - * as defined in ITU-T X.680, sec. 6.4. (First compare - * tag classes, then tag numbers, ignoring the constructivity bit.) - * - * @param obj1 first byte array to compare. - * @param obj2 second byte array to compare. - * @return negative number if obj1 < obj2, 0 if obj1 == obj2, - * positive number if obj1 > obj2. - * - * @exception <code>ClassCastException</code> - * if either argument is not a byte array. + * as defined in ITU-T X.680, sec. 6.4. (First compare + * tag classes, then tag numbers, ignoring the constructivity bit.) + * + * @param obj1 first byte array to compare. + * @param obj2 second byte array to compare. + * @return negative number if obj1 < obj2, 0 if obj1 == obj2, + * positive number if obj1 > obj2. + * + * @exception <code>ClassCastException</code> if either argument is not a byte array. */ public final int compare(Object obj1, Object obj2) { - byte[] bytes1 = (byte[]) obj1; - byte[] bytes2 = (byte[]) obj2; + byte[] bytes1 = (byte[]) obj1; + byte[] bytes2 = (byte[]) obj2; - // tag order is same as byte order ignoring any difference in - // the constructivity bit (0x02) - return (bytes1[0] | 0x20) - (bytes2[0] | 0x20); + // tag order is same as byte order ignoring any difference in + // the constructivity bit (0x02) + return (bytes1[0] | 0x20) - (bytes2[0] | 0x20); } - } diff --git a/pki/base/util/src/netscape/security/util/CertPrettyPrint.java b/pki/base/util/src/netscape/security/util/CertPrettyPrint.java index caf7e648..7d0775b9 100644 --- a/pki/base/util/src/netscape/security/util/CertPrettyPrint.java +++ b/pki/base/util/src/netscape/security/util/CertPrettyPrint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.util; - import java.security.MessageDigest; import java.security.PublicKey; import java.security.cert.Certificate; @@ -38,16 +37,14 @@ import org.mozilla.jss.asn1.SET; import org.mozilla.jss.pkcs7.ContentInfo; import org.mozilla.jss.pkcs7.SignedData; - /** * This class will display the certificate content in predefined * format. - * + * * @author Jack Pan-Chen * @version $Revision$, $Date$ */ -public class CertPrettyPrint -{ +public class CertPrettyPrint { /*========================================================== * constants @@ -69,10 +66,10 @@ public class CertPrettyPrint public CertPrettyPrint(Certificate cert) { if (cert instanceof X509CertImpl) mX509Cert = (X509CertImpl) cert; - + pp = new PrettyPrintFormat(":"); } - + public CertPrettyPrint(byte[] certb) { mCert_b = certb; pp = new PrettyPrintFormat(":"); @@ -85,7 +82,7 @@ public class CertPrettyPrint /** * This method return string representation of the certificate * in predefined format using specified client local. I18N Support. - * + * * @param clientLocale Locale to be used for localization * @return string representation of the certificate */ @@ -93,25 +90,25 @@ public class CertPrettyPrint if (mX509Cert != null) return X509toString(clientLocale); - else if (mCert_b != null) + else if (mCert_b != null) return pkcs7toString(clientLocale); else return null; } - + public String pkcs7toString(Locale clientLocale) { String content = ""; try { mX509Cert = new X509CertImpl(mCert_b); return toString(clientLocale); - } catch (Exception e) { + } catch (Exception e) { } ContentInfo ci = null; try { ci = (ContentInfo) - ASN1Util.decode(ContentInfo.getTemplate(), mCert_b); + ASN1Util.decode(ContentInfo.getTemplate(), mCert_b); } catch (Exception e) { return ""; } @@ -132,7 +129,7 @@ public class CertPrettyPrint X509CertImpl certImpl = null; try { certImpl = new X509CertImpl( - ASN1Util.encode(cert)); + ASN1Util.encode(cert)); } catch (Exception e) { } @@ -150,17 +147,17 @@ public class CertPrettyPrint public String stripCertBrackets(String s) { if (s == null) { - return s; - } + return s; + } if ((s.startsWith("-----BEGIN CERTIFICATE-----")) && - (s.endsWith("-----END CERTIFICATE-----"))) { + (s.endsWith("-----END CERTIFICATE-----"))) { return (s.substring(27, (s.length() - 25))); } // To support Thawte's header and footer if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) && - (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { + (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) { return (s.substring(35, (s.length() - 33))); } @@ -195,7 +192,7 @@ public class CertPrettyPrint //get timezone and timezone ID String tz = " "; String tzid = " "; - + StringBuffer sb = new StringBuffer(); try { @@ -229,11 +226,11 @@ public class CertPrettyPrint //XXX I18N Algorithm Name ? sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_SIGALG) + mX509Cert.getSigAlgName() + - " - " + mX509Cert.getSigAlgOID() + "\n"); + " - " + mX509Cert.getSigAlgOID() + "\n"); //XXX I18N IssuerDN ? sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_ISSUER) + - mX509Cert.getIssuerDN().toString() + "\n"); + mX509Cert.getIssuerDN().toString() + "\n"); sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_VALIDITY) + "\n"); String notBefore = dateFormater.format(mX509Cert.getNotBefore()); @@ -243,7 +240,7 @@ public class CertPrettyPrint if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( TimeZone.getDefault().inDaylightTime( - mX509Cert.getNotBefore()), + mX509Cert.getNotBefore()), TimeZone.SHORT, clientLocale); tzid = TimeZone.getDefault().getID(); @@ -252,23 +249,23 @@ public class CertPrettyPrint if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_NOT_BEFORE) - + notBefore - + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NOT_BEFORE) + + notBefore + + "\n"); } else { // Append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_NOT_BEFORE) - + notBefore - + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NOT_BEFORE) + + notBefore + + " " + tzid + "\n"); } // re-get timezone (just in case it is different . . .) if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( TimeZone.getDefault().inDaylightTime( - mX509Cert.getNotAfter()), + mX509Cert.getNotAfter()), TimeZone.SHORT, clientLocale); } @@ -276,22 +273,22 @@ public class CertPrettyPrint if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_NOT_AFTER) - + notAfter - + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NOT_AFTER) + + notAfter + + "\n"); } else { // Append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_NOT_AFTER) - + notAfter - + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NOT_AFTER) + + notAfter + + " " + tzid + "\n"); } //XXX I18N SubjectDN ? sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_SUBJECT) + - mX509Cert.getSubjectDN().toString() + "\n"); + mX509Cert.getSubjectDN().toString() + "\n"); sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_SPKI) + "\n"); @@ -300,8 +297,8 @@ public class CertPrettyPrint sb.append(pkpp.toString(clientLocale, 16, 16)); //take care of extensions - CertificateExtensions extensions = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_EXTENSIONS) + "\n"); @@ -313,19 +310,19 @@ public class CertPrettyPrint sb.append(extpp.toString()); } - //take care of signature + //take care of signature sb.append(pp.indent(8) + resource.getString( PrettyPrintResources.TOKEN_SIGNATURE) + "\n"); //XXX I18N Algorithm Name ? sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_ALGORITHM) + - mX509Cert.getSigAlgName() + " - " + mX509Cert.getSigAlgOID() + "\n"); + mX509Cert.getSigAlgName() + " - " + mX509Cert.getSigAlgOID() + "\n"); sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_SIGNATURE) + "\n"); sb.append(pp.toHexString(mX509Cert.getSignature(), 16, 16)); // fingerprints - String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"}; + String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" }; String certFingerprints = ""; sb.append(pp.indent(8) + "FingerPrint\n"); @@ -334,7 +331,7 @@ public class CertPrettyPrint md.update(mX509Cert.getEncoded()); certFingerprints += pp.indent(12) + hashes[i] + ":\n" + - pp.toHexString(md.digest(), 16, 16); + pp.toHexString(md.digest(), 16, 16); } sb.append(certFingerprints); @@ -343,5 +340,5 @@ public class CertPrettyPrint return sb.toString(); } - + } diff --git a/pki/base/util/src/netscape/security/util/CrlPrettyPrint.java b/pki/base/util/src/netscape/security/util/CrlPrettyPrint.java index ade21420..edf1217e 100644 --- a/pki/base/util/src/netscape/security/util/CrlPrettyPrint.java +++ b/pki/base/util/src/netscape/security/util/CrlPrettyPrint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.util; - import java.text.DateFormat; import java.util.Iterator; import java.util.Locale; @@ -30,16 +29,14 @@ import netscape.security.x509.Extension; import netscape.security.x509.RevokedCertificate; import netscape.security.x509.X509CRLImpl; - /** * This class will display the certificate content in predefined * format. - * + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ -public class CrlPrettyPrint -{ +public class CrlPrettyPrint { /*========================================================== * constants @@ -69,7 +66,7 @@ public class CrlPrettyPrint * This method return string representation of the certificate * revocation list in predefined format using specified client * local. I18N Support. - * + * * @param clientLocale Locale to be used for localization * @return string representation of the certificate */ @@ -100,10 +97,10 @@ public class CrlPrettyPrint sb.append((mCRL.getVersion() + 1) + "\n"); sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_SIGALG) + mCRL.getSigAlgName() + - " - " + mCRL.getSigAlgOID() + "\n"); + " - " + mCRL.getSigAlgOID() + "\n"); sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_ISSUER) + - mCRL.getIssuerDN().toString() + "\n"); + mCRL.getIssuerDN().toString() + "\n"); // Format thisUpdate String thisUpdate = dateFormater.format(mCRL.getThisUpdate()); @@ -111,7 +108,7 @@ public class CrlPrettyPrint if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( TimeZone.getDefault().inDaylightTime( - mCRL.getThisUpdate()), + mCRL.getThisUpdate()), TimeZone.SHORT, clientLocale); tzid = TimeZone.getDefault().getID(); @@ -120,17 +117,17 @@ public class CrlPrettyPrint if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_THIS_UPDATE) - + thisUpdate - + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_THIS_UPDATE) + + thisUpdate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_THIS_UPDATE) - + thisUpdate - + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_THIS_UPDATE) + + thisUpdate + + " " + tzid + "\n"); } // Check for presence of NextUpdate if (mCRL.getNextUpdate() != null) { @@ -141,7 +138,7 @@ public class CrlPrettyPrint if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( TimeZone.getDefault().inDaylightTime( - mCRL.getNextUpdate()), + mCRL.getNextUpdate()), TimeZone.SHORT, clientLocale); } @@ -149,17 +146,17 @@ public class CrlPrettyPrint if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_NEXT_UPDATE) - + nextUpdate - + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NEXT_UPDATE) + + nextUpdate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(12) - + resource.getString( - PrettyPrintResources.TOKEN_NEXT_UPDATE) - + nextUpdate - + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_NEXT_UPDATE) + + nextUpdate + + " " + tzid + "\n"); } } @@ -167,7 +164,7 @@ public class CrlPrettyPrint sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n"); } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) || - (crlSize > 0 && pageStart > 0 && pageSize > 0)) { + (crlSize > 0 && pageStart > 0 && pageSize > 0)) { sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES)); if (crlSize > 0 && pageStart > 0 && pageSize > 0) { @@ -189,35 +186,35 @@ public class CrlPrettyPrint if ((crlSize == 0) || ((pageStart <= l) && (pageStart + pageSize > l))) { sb.append(pp.indent(16) + resource.getString( PrettyPrintResources.TOKEN_SERIAL) + "0x" + - revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n"); + revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n"); String revocationDate = - dateFormater.format(revokedCert.getRevocationDate()); + dateFormater.format(revokedCert.getRevocationDate()); // re-get timezone // (just in case it is different . . .) if (TimeZone.getDefault() != null) { tz = TimeZone.getDefault().getDisplayName( TimeZone.getDefault().inDaylightTime( - revokedCert.getRevocationDate()), + revokedCert.getRevocationDate()), TimeZone.SHORT, clientLocale); } // Specify revocationDate if (tz.equals(tzid) || - tzid.equals(CUSTOM_LOCALE)) { + tzid.equals(CUSTOM_LOCALE)) { // Do NOT append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_REVOCATION_DATE) - + revocationDate - + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_REVOCATION_DATE) + + revocationDate + + "\n"); } else { // Append timezone ID sb.append(pp.indent(16) - + resource.getString( - PrettyPrintResources.TOKEN_REVOCATION_DATE) - + revocationDate - + " " + tzid + "\n"); + + resource.getString( + PrettyPrintResources.TOKEN_REVOCATION_DATE) + + revocationDate + + " " + tzid + "\n"); } if (revokedCert.hasExtensions()) { sb.append(pp.indent(16) + resource.getString( @@ -258,7 +255,7 @@ public class CrlPrettyPrint //XXX I18N Algorithm Name ? sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_ALGORITHM) + - mCRL.getSigAlgName() + " - " + mCRL.getSigAlgOID() + "\n"); + mCRL.getSigAlgName() + " - " + mCRL.getSigAlgOID() + "\n"); sb.append(pp.indent(12) + resource.getString( PrettyPrintResources.TOKEN_SIGNATURE) + "\n"); sb.append(pp.toHexString(mCRL.getSignature(), 16, 16)); diff --git a/pki/base/util/src/netscape/security/util/DerEncoder.java b/pki/base/util/src/netscape/security/util/DerEncoder.java index 53bf27a6..c2eb64fc 100644 --- a/pki/base/util/src/netscape/security/util/DerEncoder.java +++ b/pki/base/util/src/netscape/security/util/DerEncoder.java @@ -21,20 +21,20 @@ import java.io.IOException; import java.io.OutputStream; /** - * Interface to an object that knows how to write its own DER + * Interface to an object that knows how to write its own DER * encoding to an output stream. - * + * * @version 1.2 97/12/10 * @author D. N. Hoover */ public interface DerEncoder { - + /** * DER encode this object and write the results to a stream. - * - * @param out the stream on which the DER encoding is written. + * + * @param out the stream on which the DER encoding is written. */ - public void derEncode(OutputStream out) - throws IOException; + public void derEncode(OutputStream out) + throws IOException; } diff --git a/pki/base/util/src/netscape/security/util/DerInputBuffer.java b/pki/base/util/src/netscape/security/util/DerInputBuffer.java index 74ab9f70..7534f3d0 100644 --- a/pki/base/util/src/netscape/security/util/DerInputBuffer.java +++ b/pki/base/util/src/netscape/security/util/DerInputBuffer.java @@ -15,57 +15,58 @@ // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- -package netscape.security.util ; +package netscape.security.util; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.OutputStream; - /** * DER input buffer ... this is the main abstraction in the DER library - * which actively works with the "untyped byte stream" abstraction. It + * which actively works with the "untyped byte stream" abstraction. It * does so with impunity, since it's not intended to be exposed to the * anyone who could violate the "typed value stream" DER model and hence * corrupt the input stream of DER values. - * + * * @version 1.11 * @author David Brownell */ class DerInputBuffer extends ByteArrayInputStream implements Cloneable { - DerInputBuffer(byte[] buf) { super(buf); } + DerInputBuffer(byte[] buf) { + super(buf); + } DerInputBuffer(byte[] buf, int offset, int len) { super(buf, offset, len); } DerInputBuffer dup() { - try { - DerInputBuffer retval = (DerInputBuffer) clone (); - - retval.mark (Integer.MAX_VALUE); - return retval; - } catch (CloneNotSupportedException e) { - throw new IllegalArgumentException (e.toString ()); - } + try { + DerInputBuffer retval = (DerInputBuffer) clone(); + + retval.mark(Integer.MAX_VALUE); + return retval; + } catch (CloneNotSupportedException e) { + throw new IllegalArgumentException(e.toString()); + } } byte[] toByteArray() { - int len = available(); + int len = available(); if (len <= 0) return null; - byte[] retval = new byte[len]; + byte[] retval = new byte[len]; - System.arraycopy(buf, pos, retval, 0, len); - return retval; + System.arraycopy(buf, pos, retval, 0, len); + return retval; } int peek() throws IOException { - if (pos >= count) - throw new IOException ("out of data"); - else - return buf [pos]; + if (pos >= count) + throw new IOException("out of data"); + else + return buf[pos]; } /** @@ -73,31 +74,31 @@ class DerInputBuffer extends ByteArrayInputStream implements Cloneable { * object. */ public boolean equals(Object other) { - if (other instanceof DerInputBuffer) - return equals ((DerInputBuffer) other); - else - return false; + if (other instanceof DerInputBuffer) + return equals((DerInputBuffer) other); + else + return false; } boolean equals(DerInputBuffer other) { - if (this == other) - return true; - - int max = this.available(); - if (other.available() != max) - return false; - for (int i = 0; i < max; i++) { - if (this.buf [this.pos + i] != other.buf [other.pos + i]) { - return false; - } - } - return true; + if (this == other) + return true; + + int max = this.available(); + if (other.available() != max) + return false; + for (int i = 0; i < max; i++) { + if (this.buf[this.pos + i] != other.buf[other.pos + i]) { + return false; + } + } + return true; } void truncate(int len) throws IOException { - if (len > available ()) - throw new IOException ("insufficient data"); - count = pos + len; + if (len > available()) + throw new IOException("insufficient data"); + count = pos + len; } /** @@ -105,81 +106,81 @@ class DerInputBuffer extends ByteArrayInputStream implements Cloneable { * of bytes in this buffer. */ BigInt getUnsigned(int len) throws IOException { - if (len > available ()) - throw new IOException ("short read, getInteger"); - - /* - * A prepended zero is used to ensure that the integer is - * interpreted as unsigned even when the high order bit is - * zero. We don't support signed BigInts. - * - * Fix this here ... BigInts aren't expected to have these, - * and stuff like signing (sigsize = f(modulus)) misbehaves. - */ - if (len > 1 && buf [pos] == 0) { - len--; - skip (1); - } - - /* - * Consume the rest of the buffer, returning its value as - * an unsigned integer. - */ - byte[] bytes = new byte[len]; - - System.arraycopy (buf, pos, bytes, 0, len); - skip (len); - return new BigInt (bytes); + if (len > available()) + throw new IOException("short read, getInteger"); + + /* + * A prepended zero is used to ensure that the integer is + * interpreted as unsigned even when the high order bit is + * zero. We don't support signed BigInts. + * + * Fix this here ... BigInts aren't expected to have these, + * and stuff like signing (sigsize = f(modulus)) misbehaves. + */ + if (len > 1 && buf[pos] == 0) { + len--; + skip(1); + } + + /* + * Consume the rest of the buffer, returning its value as + * an unsigned integer. + */ + byte[] bytes = new byte[len]; + + System.arraycopy(buf, pos, bytes, 0, len); + skip(len); + return new BigInt(bytes); } /** * Returns the bit string which takes up the rest of this buffer. * This bit string must be byte-aligned. - */ + */ byte[] getBitString() { - if (pos >= count || buf [pos] != 0) - return null; - /* - * Just copy the data into an aligned, padded octet buffer, - * and consume the rest of the buffer. - */ - int len = available (); - byte[] retval = new byte[len - 1]; - - System.arraycopy (buf, pos + 1, retval, 0, len - 1); - pos = count; - return retval; + if (pos >= count || buf[pos] != 0) + return null; + /* + * Just copy the data into an aligned, padded octet buffer, + * and consume the rest of the buffer. + */ + int len = available(); + byte[] retval = new byte[len - 1]; + + System.arraycopy(buf, pos + 1, retval, 0, len - 1); + pos = count; + return retval; + } + + /** + * Returns the bit string which takes up the rest of this buffer. + * The bit string need not be byte-aligned. + */ + BitArray getUnalignedBitString() { + if (pos >= count) + return null; + /* + * Just copy the data into an aligned, padded octet buffer, + * and consume the rest of the buffer. + */ + int len = available(); + byte[] bits = new byte[len - 1]; + int length = bits.length * 8 - buf[pos]; // number of valid bits + + System.arraycopy(buf, pos + 1, bits, 0, len - 1); + + BitArray bitArray = new BitArray(length, bits); + pos = count; + return bitArray; + } + + /** + * Package-access method to optimize output operations + */ + void dump(OutputStream out, int length) throws IOException { + if (count < mark + length) + throw new IOException("short DER value (encode)"); + out.write(buf, mark, length); } - /** - * Returns the bit string which takes up the rest of this buffer. - * The bit string need not be byte-aligned. - */ - BitArray getUnalignedBitString() { - if (pos >= count) - return null; - /* - * Just copy the data into an aligned, padded octet buffer, - * and consume the rest of the buffer. - */ - int len = available(); - byte[] bits = new byte[len - 1]; - int length = bits.length*8 - buf[pos]; // number of valid bits - - System.arraycopy(buf, pos + 1, bits, 0, len - 1); - - BitArray bitArray = new BitArray(length, bits); - pos = count; - return bitArray; - } - - /** - * Package-access method to optimize output operations - */ - void dump(OutputStream out, int length) throws IOException { - if (count < mark + length) - throw new IOException ("short DER value (encode)"); - out.write(buf,mark,length); - } - } diff --git a/pki/base/util/src/netscape/security/util/DerInputStream.java b/pki/base/util/src/netscape/security/util/DerInputStream.java index fb73b761..f4aaf081 100644 --- a/pki/base/util/src/netscape/security/util/DerInputStream.java +++ b/pki/base/util/src/netscape/security/util/DerInputStream.java @@ -27,23 +27,19 @@ import java.util.Vector; /** * A DER input stream, used for parsing ASN.1 DER-encoded data such as - * that found in X.509 certificates. DER is a subset of BER/1, which has + * that found in X.509 certificates. DER is a subset of BER/1, which has * the advantage that it allows only a single encoding of primitive data. - * (High level data such as dates still support many encodings.) That is, + * (High level data such as dates still support many encodings.) That is, * it uses the "Definite" Encoding Rules (DER) not the "Basic" ones (BER). - * - * <P>Note that, like BER/1, DER streams are streams of explicitly - * tagged data values. Accordingly, this programming interface does - * not expose any variant of the java.io.InputStream interface, since - * that kind of input stream holds untagged data values and using that - * I/O model could prevent correct parsing of the DER data. - * - * <P>At this time, this class supports only a subset of the types of DER - * data encodings which are defined. That subset is sufficient for parsing - * most X.509 certificates. - * + * + * <P> + * Note that, like BER/1, DER streams are streams of explicitly tagged data values. Accordingly, this programming interface does not expose any variant of the java.io.InputStream interface, since that kind of input stream holds untagged data values and using that I/O model could prevent correct parsing of the DER data. + * + * <P> + * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for parsing most X.509 certificates. + * * @version 1.35 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra @@ -55,59 +51,59 @@ public class DerInputStream { * awkward to deal with. That's where BER is useful, since BER * handles streaming data relatively well. */ - DerInputBuffer buffer; + DerInputBuffer buffer; /** - * Create a DER input stream from a data buffer. The buffer is not - * copied, it is shared. Accordingly, the buffer should be treated + * Create a DER input stream from a data buffer. The buffer is not + * copied, it is shared. Accordingly, the buffer should be treated * as read-only. - * + * * @param data the buffer from which to create the string (CONSUMED) */ public DerInputStream(byte[] data) { - buffer = new DerInputBuffer(data); - buffer.mark(Integer.MAX_VALUE); + buffer = new DerInputBuffer(data); + buffer.mark(Integer.MAX_VALUE); } /** * Create a DER input stream from part of a data buffer. - * The buffer is not copied, it is shared. Accordingly, the + * The buffer is not copied, it is shared. Accordingly, the * buffer should be treated as read-only. - * + * * @param data the buffer from which to create the string (CONSUMED) * @param offset the first index of <em>data</em> which will - * be read as DER input in the new stream + * be read as DER input in the new stream * @param len how long a chunk of the buffer to use, - * starting at "offset" + * starting at "offset" */ public DerInputStream(byte[] data, int offset, int len) { - buffer = new DerInputBuffer(data, offset, len); - buffer.mark(Integer.MAX_VALUE); + buffer = new DerInputBuffer(data, offset, len); + buffer.mark(Integer.MAX_VALUE); } DerInputStream(DerInputBuffer buf) { - buffer = buf; - buffer.mark(Integer.MAX_VALUE); + buffer = buf; + buffer.mark(Integer.MAX_VALUE); } /** * Creates a new DER input stream from part of this input stream. * * @param len how long a chunk of the current input stream to use, - * starting at the current position. + * starting at the current position. * @param do_skip true if the existing data in the input stream should - * be skipped. If this value is false, the next data read - * on this stream and the newly created stream will be the - * same. + * be skipped. If this value is false, the next data read + * on this stream and the newly created stream will be the + * same. */ - public DerInputStream subStream(int len, boolean do_skip) - throws IOException { - DerInputBuffer newbuf = buffer.dup(); - - newbuf.truncate(len); - if (do_skip) - buffer.skip(len); - return new DerInputStream(newbuf); + public DerInputStream subStream(int len, boolean do_skip) + throws IOException { + DerInputBuffer newbuf = buffer.dup(); + + newbuf.truncate(len); + if (do_skip) + buffer.skip(len); + return new DerInputStream(newbuf); } /** @@ -133,160 +129,160 @@ public class DerInputStream { if (buffer.read() != DerValue.tag_Integer) throw new IOException("DER input, Integer tag error"); - return buffer.getUnsigned(getLength(buffer)); + return buffer.getUnsigned(getLength(buffer)); } /** - * Get a bit string from the input stream. Only octet-aligned + * Get a bit string from the input stream. Only octet-aligned * bitstrings (multiples of eight bits in length) are handled * by this method. */ public byte[] getBitString() throws IOException { - if (buffer.read() != DerValue.tag_BitString) - throw new IOException("DER input not an bit string"); - int length = getLength(buffer); - - /* - * This byte affects alignment and padding (for the last byte). - * Use getUnalignedBitString() for none 8-bit aligned bit strings. - */ - if (buffer.read() != 0) - return null; - length--; - - /* - * Just read the data into an aligned, padded octet buffer. - */ - byte[] retval = new byte[length]; - if (buffer.read(retval) != length) - throw new IOException("short read of DER bit string"); - return retval; + if (buffer.read() != DerValue.tag_BitString) + throw new IOException("DER input not an bit string"); + int length = getLength(buffer); + + /* + * This byte affects alignment and padding (for the last byte). + * Use getUnalignedBitString() for none 8-bit aligned bit strings. + */ + if (buffer.read() != 0) + return null; + length--; + + /* + * Just read the data into an aligned, padded octet buffer. + */ + byte[] retval = new byte[length]; + if (buffer.read(retval) != length) + throw new IOException("short read of DER bit string"); + return retval; } /** - * Get a bit string from the input stream. The bit string need - * not be byte-aligned. + * Get a bit string from the input stream. The bit string need + * not be byte-aligned. */ public BitArray getUnalignedBitString() throws IOException { - if (buffer.read() != DerValue.tag_BitString) - throw new IOException("DER input not a bit string"); + if (buffer.read() != DerValue.tag_BitString) + throw new IOException("DER input not a bit string"); - int length = getLength(buffer) - 1; + int length = getLength(buffer) - 1; - /* - * First byte = number of excess bits in the last octet of the - * representation. - */ - int validBits = length*8 - buffer.read(); + /* + * First byte = number of excess bits in the last octet of the + * representation. + */ + int validBits = length * 8 - buffer.read(); - byte[] repn = new byte[length]; + byte[] repn = new byte[length]; - if (buffer.read(repn) != length) - throw new IOException("short read of DER bit string"); - return new BitArray(validBits, repn); + if (buffer.read(repn) != length) + throw new IOException("short read of DER bit string"); + return new BitArray(validBits, repn); } /** * Returns an ASN.1 OCTET STRING from the input stream. */ public byte[] getOctetString() throws IOException { - if (buffer.read() != DerValue.tag_OctetString) - throw new IOException("DER input not an octet string"); + if (buffer.read() != DerValue.tag_OctetString) + throw new IOException("DER input not an octet string"); - int length = getLength(buffer); - byte[] retval = new byte[length]; - if (buffer.read(retval) != length) - throw new IOException("short read of DER octet string"); + int length = getLength(buffer); + byte[] retval = new byte[length]; + if (buffer.read(retval) != length) + throw new IOException("short read of DER octet string"); - return retval; + return retval; } /** * Returns the asked number of bytes from the input stream. */ public void getBytes(byte[] val) throws IOException { - if (val.length != 0) { + if (val.length != 0) { if (buffer.read(val) != val.length) { - throw new IOException("short read of DER octet string"); - } - } + throw new IOException("short read of DER octet string"); + } + } } /** * Reads an encoded null value from the input stream. */ public void getNull() throws IOException { - if (buffer.read() != DerValue.tag_Null || buffer.read() != 0) - throw new IOException("getNull, bad data"); + if (buffer.read() != DerValue.tag_Null || buffer.read() != 0) + throw new IOException("getNull, bad data"); } /** * Reads an X.200 style Object Identifier from the stream. */ public ObjectIdentifier getOID() throws IOException { - return new ObjectIdentifier(this); + return new ObjectIdentifier(this); } /** - * Return a sequence of encoded entities. ASN.1 sequences are + * Return a sequence of encoded entities. ASN.1 sequences are * ordered, and they are often used, like a "struct" in C or C++, - * to group data values. They may have optional or context + * to group data values. They may have optional or context * specific values. - * + * * @param startLen guess about how long the sequence will be - * (used to initialize an auto-growing data structure) + * (used to initialize an auto-growing data structure) * @return array of the values in the sequence */ public DerValue[] getSequence(int startLen) throws IOException { - int b = buffer.read(); - if (b != DerValue.tag_Sequence) - throw new IOException("Sequence tag error " + b); - return readVector(startLen); + int b = buffer.read(); + if (b != DerValue.tag_Sequence) + throw new IOException("Sequence tag error " + b); + return readVector(startLen); } public void skipSequence(int startLen) throws IOException { - int b = buffer.read(); - if (b != DerValue.tag_Sequence) - throw new IOException("Sequence tag error " + b); - int len = getLength(buffer); - buffer.skip(len); + int b = buffer.read(); + if (b != DerValue.tag_Sequence) + throw new IOException("Sequence tag error " + b); + int len = getLength(buffer); + buffer.skip(len); } /** - * Return a set of encoded entities. ASN.1 sets are unordered, + * Return a set of encoded entities. ASN.1 sets are unordered, * though DER may specify an order for some kinds of sets (such * as the attributes in an X.500 relative distinguished name) * to facilitate binary comparisons of encoded values. - * + * * @param startLen guess about how large the set will be - * (used to initialize an auto-growing data structure) + * (used to initialize an auto-growing data structure) * @return array of the values in the sequence */ public DerValue[] getSet(int startLen) throws IOException { - if (buffer.read() != DerValue.tag_Set) - throw new IOException("Set tag error"); - return readVector(startLen); + if (buffer.read() != DerValue.tag_Set) + throw new IOException("Set tag error"); + return readVector(startLen); } /** - * Return a set of encoded entities. ASN.1 sets are unordered, + * Return a set of encoded entities. ASN.1 sets are unordered, * though DER may specify an order for some kinds of sets (such * as the attributes in an X.500 relative distinguished name) * to facilitate binary comparisons of encoded values. - * + * * @param startLen guess about how large the set will be - * (used to initialize an auto-growing data structure) + * (used to initialize an auto-growing data structure) * @param implicit if true tag is assumed implicit. * @return array of the values in the sequence */ public DerValue[] getSet(int startLen, boolean implicit) throws IOException { int tag = buffer.read(); - if (!implicit) { - if (tag != DerValue.tag_Set) { - throw new IOException("Set tag error"); - } - } - return (readVector(startLen)); + if (!implicit) { + if (tag != DerValue.tag_Set) { + throw new IOException("Set tag error"); + } + } + return (readVector(startLen)); } /* @@ -295,83 +291,78 @@ public class DerInputStream { * this same helper routine. */ protected DerValue[] readVector(int startLen) throws IOException { - int len = getLength(buffer); - DerInputStream newstr; + int len = getLength(buffer); + DerInputStream newstr; - if (len == 0) - // return empty array instead of null, which should be - // used only for missing optionals - return new DerValue[0]; + if (len == 0) + // return empty array instead of null, which should be + // used only for missing optionals + return new DerValue[0]; - /* - * Create a temporary stream from which to read the data, - * unless it's not really needed. - */ - if (buffer.available() == len) - newstr = this; - else - newstr = subStream(len, true); + /* + * Create a temporary stream from which to read the data, + * unless it's not really needed. + */ + if (buffer.available() == len) + newstr = this; + else + newstr = subStream(len, true); - /* - * Pull values out of the stream. - */ - Vector vec = new Vector(startLen); - DerValue value; + /* + * Pull values out of the stream. + */ + Vector vec = new Vector(startLen); + DerValue value; - do { - value = new DerValue(newstr.buffer); - vec.addElement(value); - } while (newstr.available() > 0); + do { + value = new DerValue(newstr.buffer); + vec.addElement(value); + } while (newstr.available() > 0); - if (newstr.available() != 0) - throw new IOException("extra data at end of vector"); + if (newstr.available() != 0) + throw new IOException("extra data at end of vector"); - /* - * Now stick them into the array we're returning. - */ - int i, max = vec.size(); - DerValue[] retval = new DerValue[max]; + /* + * Now stick them into the array we're returning. + */ + int i, max = vec.size(); + DerValue[] retval = new DerValue[max]; - for (i = 0; i < max; i++) - retval[i] = (DerValue) vec.elementAt(i); + for (i = 0; i < max; i++) + retval[i] = (DerValue) vec.elementAt(i); - return retval; + return retval; } /** * Get a single DER-encoded value from the input stream. * It can often be useful to pull a value from the stream - * and defer parsing it. For example, you can pull a nested + * and defer parsing it. For example, you can pull a nested * sequence out with one call, and only examine its elements * later when you really need to. */ public DerValue getDerValue() throws IOException { - return new DerValue(buffer); + return new DerValue(buffer); } - public String getPrintableString() throws IOException - { - return (new DerValue(buffer)).getPrintableString(); + public String getPrintableString() throws IOException { + return (new DerValue(buffer)).getPrintableString(); } - public String getT61String() throws IOException - { - return (new DerValue(buffer)).getT61String(); + public String getT61String() throws IOException { + return (new DerValue(buffer)).getT61String(); } - public String getIA5String() throws IOException - { - return (new DerValue(buffer)).getIA5String(); + public String getIA5String() throws IOException { + return (new DerValue(buffer)).getIA5String(); } - public String getBMPString () throws IOException - { - return (new DerValue(buffer)).getBMPString(); + public String getBMPString() throws IOException { + return (new DerValue(buffer)).getBMPString(); } - public String getUniversalString () throws IOException - { - return (new DerValue(buffer)).getUniversalString(); + public String getUniversalString() throws IOException { + return (new DerValue(buffer)).getUniversalString(); } /** @@ -380,7 +371,7 @@ public class DerInputStream { public Date getUTCTime() throws IOException { if (buffer.read() != DerValue.tag_UtcTime) throw new IOException("DER input, UTCtime tag invalid "); - if (buffer.available() < 11) + if (buffer.available() < 11) throw new IOException("DER input, UTCtime short input"); int len = getLength(buffer); @@ -395,27 +386,27 @@ public class DerInputStream { */ int year, month, day, hour, minute, second; - year = 10 * Character.digit((char)buffer.read(), 10); - year += Character.digit((char)buffer.read(), 10); - if (year <= 50) // origin 2000 + year = 10 * Character.digit((char) buffer.read(), 10); + year += Character.digit((char) buffer.read(), 10); + if (year <= 50) // origin 2000 year += 2000; else - year += 1900; // origin 1900 + year += 1900; // origin 1900 - month = 10 * Character.digit((char)buffer.read(), 10); - month += Character.digit((char)buffer.read(), 10); - month -= 1; // months are 0-11 + month = 10 * Character.digit((char) buffer.read(), 10); + month += Character.digit((char) buffer.read(), 10); + month -= 1; // months are 0-11 - day = 10 * Character.digit((char)buffer.read(), 10); - day += Character.digit((char)buffer.read(), 10); + day = 10 * Character.digit((char) buffer.read(), 10); + day += Character.digit((char) buffer.read(), 10); - hour = 10 * Character.digit((char)buffer.read(), 10); - hour += Character.digit((char)buffer.read(), 10); + hour = 10 * Character.digit((char) buffer.read(), 10); + hour += Character.digit((char) buffer.read(), 10); - minute = 10 * Character.digit((char)buffer.read(), 10); - minute += Character.digit((char)buffer.read(), 10); + minute = 10 * Character.digit((char) buffer.read(), 10); + minute += Character.digit((char) buffer.read(), 10); - len -= 10; + len -= 10; /** * We allow for non-encoded seconds, even though the @@ -424,9 +415,9 @@ public class DerInputStream { */ if (len == 3 || len == 7) { - second = 10 * Character.digit((char)buffer.read(), 10); - second += Character.digit((char)buffer.read(), 10); - len -= 2; + second = 10 * Character.digit((char) buffer.read(), 10); + second += Character.digit((char) buffer.read(), 10); + len -= 2; } else second = 0; @@ -434,10 +425,10 @@ public class DerInputStream { || month > 11 || day > 31 || hour >= 24 || minute >= 60 || second >= 60) throw new IOException("Parse UTC time, invalid format"); - - Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("GMT")); - cal.set(year, month, day, hour, minute, second); - cal.set(Calendar.MILLISECOND, 0); /* To clear millisecond field */ + + Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("GMT")); + cal.set(year, month, day, hour, minute, second); + cal.set(Calendar.MILLISECOND, 0); /* To clear millisecond field */ cal.set(Calendar.ERA, GregorianCalendar.AD); Date readDate = cal.getTime(); long utcTime = readDate.getTime(); @@ -445,43 +436,41 @@ public class DerInputStream { /* * Finally, "Z" or "+hhmm" or "-hhmm" ... offsets change hhmm */ - if (! (len == 1 || len == 5)) + if (!(len == 1 || len == 5)) throw new IOException("Parse UTC time, invalid offset"); switch (buffer.read()) { - case '+': - { - int Htmp = 10 * Character.digit((char)buffer.read(), 10); - Htmp += Character.digit((char)buffer.read(), 10); - int Mtmp = 10 * Character.digit((char)buffer.read(), 10); - Mtmp += Character.digit((char)buffer.read(), 10); - - if (Htmp >=24 || Mtmp >= 60) - throw new IOException("Parse UTCtime, +hhmm"); - - utcTime += ((Htmp * 60) + Mtmp) * 60 * 1000; - } - break; - - case '-': - { - int Htmp = 10 * Character.digit((char)buffer.read(), 10); - Htmp += Character.digit((char)buffer.read(), 10); - int Mtmp = 10 * Character.digit((char)buffer.read(), 10); - Mtmp += Character.digit((char)buffer.read(), 10); - - if (Htmp >=24 || Mtmp >= 60) - throw new IOException("Parse UTCtime, -hhmm"); - - utcTime -= ((Htmp * 60) + Mtmp) * 60 * 1000; - } - break; - - case 'Z': - break; - - default: - throw new IOException("Parse UTCtime, garbage offset"); + case '+': { + int Htmp = 10 * Character.digit((char) buffer.read(), 10); + Htmp += Character.digit((char) buffer.read(), 10); + int Mtmp = 10 * Character.digit((char) buffer.read(), 10); + Mtmp += Character.digit((char) buffer.read(), 10); + + if (Htmp >= 24 || Mtmp >= 60) + throw new IOException("Parse UTCtime, +hhmm"); + + utcTime += ((Htmp * 60) + Mtmp) * 60 * 1000; + } + break; + + case '-': { + int Htmp = 10 * Character.digit((char) buffer.read(), 10); + Htmp += Character.digit((char) buffer.read(), 10); + int Mtmp = 10 * Character.digit((char) buffer.read(), 10); + Mtmp += Character.digit((char) buffer.read(), 10); + + if (Htmp >= 24 || Mtmp >= 60) + throw new IOException("Parse UTCtime, -hhmm"); + + utcTime -= ((Htmp * 60) + Mtmp) * 60 * 1000; + } + break; + + case 'Z': + break; + + default: + throw new IOException("Parse UTCtime, garbage offset"); } readDate.setTime(utcTime); return readDate; @@ -491,36 +480,36 @@ public class DerInputStream { * Get a Generalized encoded time value from the input stream. */ public Date getGeneralizedTime() throws IOException { - if (buffer.read () != DerValue.tag_GeneralizedTime) - throw new IOException ("DER input, GeneralizedTime tag invalid "); - - if (buffer.available() < 13) - throw new IOException ("DER input, GeneralizedTime short input"); + if (buffer.read() != DerValue.tag_GeneralizedTime) + throw new IOException("DER input, GeneralizedTime tag invalid "); - int len = getLength (buffer); + if (buffer.available() < 13) + throw new IOException("DER input, GeneralizedTime short input"); + + int len = getLength(buffer); /* * Generalized time encoded as ASCII chars, YYYYMMDDhhmm[ss] */ int year, month, day, hour, minute, second; - year = 1000 * Character.digit ((char)buffer.read (), 10); - year += 100 * Character.digit ((char)buffer.read (), 10); - year += 10 * Character.digit ((char)buffer.read (), 10); - year += Character.digit ((char)buffer.read (), 10); + year = 1000 * Character.digit((char) buffer.read(), 10); + year += 100 * Character.digit((char) buffer.read(), 10); + year += 10 * Character.digit((char) buffer.read(), 10); + year += Character.digit((char) buffer.read(), 10); - month = 10 * Character.digit ((char)buffer.read (), 10); - month += Character.digit ((char)buffer.read (), 10); - month -= 1; // Calendar months are 0-11 + month = 10 * Character.digit((char) buffer.read(), 10); + month += Character.digit((char) buffer.read(), 10); + month -= 1; // Calendar months are 0-11 - day = 10 * Character.digit ((char)buffer.read (), 10); - day += Character.digit ((char)buffer.read (), 10); + day = 10 * Character.digit((char) buffer.read(), 10); + day += Character.digit((char) buffer.read(), 10); - hour = 10 * Character.digit ((char)buffer.read (), 10); - hour += Character.digit ((char)buffer.read (), 10); + hour = 10 * Character.digit((char) buffer.read(), 10); + hour += Character.digit((char) buffer.read(), 10); - minute = 10 * Character.digit ((char)buffer.read (), 10); - minute += Character.digit ((char)buffer.read (), 10); + minute = 10 * Character.digit((char) buffer.read(), 10); + minute += Character.digit((char) buffer.read(), 10); len -= 12; @@ -531,9 +520,9 @@ public class DerInputStream { */ if (len == 3 || len == 7) { - second = 10 * Character.digit ((char)buffer.read (), 10); - second += Character.digit ((char)buffer.read (), 10); - len -= 2; + second = 10 * Character.digit((char) buffer.read(), 10); + second += Character.digit((char) buffer.read(), 10); + len -= 2; } else second = 0; @@ -541,12 +530,12 @@ public class DerInputStream { || month > 11 || day > 31 || hour >= 24 || minute >= 60 || second >= 60) throw new IOException("Parse Generalized time, invalid format"); - -/* Shouldn't this construct a Gregorian calendar directly??? - * We don't really want locale dependant processing here */ - Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("GMT")); - cal.set(year, month, day, hour, minute, second); - cal.set(Calendar.MILLISECOND, 0); /* To clear millisecond field */ + + /* Shouldn't this construct a Gregorian calendar directly??? + * We don't really want locale dependant processing here */ + Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("GMT")); + cal.set(year, month, day, hour, minute, second); + cal.set(Calendar.MILLISECOND, 0); /* To clear millisecond field */ cal.set(Calendar.ERA, GregorianCalendar.AD); Date readDate = cal.getTime(); long utcTime = readDate.getTime(); @@ -554,43 +543,41 @@ public class DerInputStream { /* * Finally, "Z" or "+hhmm" or "-hhmm" ... offsets change hhmm */ - if (! (len == 1 || len == 5)) - throw new IOException ("Parse Generalized time, invalid offset"); - - switch (buffer.read ()) { - case '+': - { - int Htmp = 10 * Character.digit((char)buffer.read(), 10); - Htmp += Character.digit((char)buffer.read(), 10); - int Mtmp = 10 * Character.digit((char)buffer.read(), 10); - Mtmp += Character.digit((char)buffer.read(), 10); - - if (Htmp >=24 || Mtmp >= 60) - throw new IOException("Parse GeneralizedTime, +hhmm"); - - utcTime += ((Htmp * 60) + Mtmp) * 60 * 1000; - } - break; - - case '-': - { - int Htmp = 10 * Character.digit((char)buffer.read(), 10); - Htmp += Character.digit((char)buffer.read(), 10); - int Mtmp = 10 * Character.digit((char)buffer.read(), 10); - Mtmp += Character.digit((char)buffer.read(), 10); - - if (Htmp >=24 || Mtmp >= 60) - throw new IOException("Parse GeneralizedTime, -hhmm"); - - utcTime -= ((Htmp * 60) + Mtmp) * 60 * 1000; - } - break; - - case 'Z': - break; - - default: - throw new IOException ("Parse GeneralizedTime, garbage offset"); + if (!(len == 1 || len == 5)) + throw new IOException("Parse Generalized time, invalid offset"); + + switch (buffer.read()) { + case '+': { + int Htmp = 10 * Character.digit((char) buffer.read(), 10); + Htmp += Character.digit((char) buffer.read(), 10); + int Mtmp = 10 * Character.digit((char) buffer.read(), 10); + Mtmp += Character.digit((char) buffer.read(), 10); + + if (Htmp >= 24 || Mtmp >= 60) + throw new IOException("Parse GeneralizedTime, +hhmm"); + + utcTime += ((Htmp * 60) + Mtmp) * 60 * 1000; + } + break; + + case '-': { + int Htmp = 10 * Character.digit((char) buffer.read(), 10); + Htmp += Character.digit((char) buffer.read(), 10); + int Mtmp = 10 * Character.digit((char) buffer.read(), 10); + Mtmp += Character.digit((char) buffer.read(), 10); + + if (Htmp >= 24 || Mtmp >= 60) + throw new IOException("Parse GeneralizedTime, -hhmm"); + + utcTime -= ((Htmp * 60) + Mtmp) * 60 * 1000; + } + break; + + case 'Z': + break; + + default: + throw new IOException("Parse GeneralizedTime, garbage offset"); } readDate.setTime(utcTime); return readDate; @@ -601,16 +588,16 @@ public class DerInputStream { */ // package private int getByte() throws IOException { - return (0x00ff & buffer.read()); + return (0x00ff & buffer.read()); } public int peekByte() throws IOException { - return buffer.peek (); + return buffer.peek(); } // package private int getLength() throws IOException { - return getLength (buffer); + return getLength(buffer); } /* @@ -618,52 +605,55 @@ public class DerInputStream { * encoding to be used. (Not the same as getting a tagged integer!) */ static int getLength(InputStream in) throws IOException { - int value, tmp; - - tmp = in.read (); - if ((tmp & 0x080) == 0x00) { // 1 byte datum? - value = tmp; - } else { // no, more ... - tmp &= 0x07f; - - /* - * NOTE: tmp == 0 indicates BER encoded data. - * tmp > 4 indicates more than 4Gb of data. - */ - if (tmp <= 0 || tmp > 4) - throw new IOException("DerInput.getLength(): lengthTag=" - + tmp + ", " - + ((tmp == 0) ? "Indefinite length encoding not supported" + int value, tmp; + + tmp = in.read(); + if ((tmp & 0x080) == 0x00) { // 1 byte datum? + value = tmp; + } else { // no, more ... + tmp &= 0x07f; + + /* + * NOTE: tmp == 0 indicates BER encoded data. + * tmp > 4 indicates more than 4Gb of data. + */ + if (tmp <= 0 || tmp > 4) + throw new IOException("DerInput.getLength(): lengthTag=" + + tmp + ", " + + ((tmp == 0) ? "Indefinite length encoding not supported" + " or incorrect DER encoding." : "too big.")); - for (value = 0; tmp > 0; tmp --) { - value <<= 8; - value += 0x0ff & in.read (); - } - } - return value; + for (value = 0; tmp > 0; tmp--) { + value <<= 8; + value += 0x0ff & in.read(); + } + } + return value; } /** * Mark the current position in the buffer, so that * a later call to <code>reset</code> will return here. */ - public void mark (int value) { buffer.mark (value); } - + public void mark(int value) { + buffer.mark(value); + } /** - * Return to the position of the last <code>mark</code> - * call. A mark is implicitly set at the beginning of + * Return to the position of the last <code>mark</code> call. A mark is implicitly set at the beginning of * the stream when it is created. */ - public void reset () { buffer.reset (); } - + public void reset() { + buffer.reset(); + } /** * Returns the number of bytes available for reading. * This is most useful for testing whether the stream is * empty. */ - public int available () { return buffer.available (); } + public int available() { + return buffer.available(); + } } diff --git a/pki/base/util/src/netscape/security/util/DerOutputStream.java b/pki/base/util/src/netscape/security/util/DerOutputStream.java index 3348ce87..17c30328 100644 --- a/pki/base/util/src/netscape/security/util/DerOutputStream.java +++ b/pki/base/util/src/netscape/security/util/DerOutputStream.java @@ -33,92 +33,94 @@ import java.util.GregorianCalendar; import java.util.TimeZone; /** - * Output stream marshaling DER-encoded data. This is eventually provided + * Output stream marshaling DER-encoded data. This is eventually provided * in the form of a byte array; there is no advance limit on the size of * that byte array. - * - * <P>At this time, this class supports only a subset of the types of - * DER data encodings which are defined. That subset is sufficient for - * generating most X.509 certificates. - * + * + * <P> + * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for generating most X.509 certificates. + * * @version 1.32 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra */ -public class DerOutputStream -extends ByteArrayOutputStream implements DerEncoder { +public class DerOutputStream + extends ByteArrayOutputStream implements DerEncoder { /** * Construct an DER output stream. - * + * * @param size how large a buffer to preallocate. */ - public DerOutputStream(int size) { super(size); } + public DerOutputStream(int size) { + super(size); + } /** * Construct an DER output stream. */ - public DerOutputStream() { } + public DerOutputStream() { + } /** - * Writes tagged, pre-marshaled data. This calcuates and encodes + * Writes tagged, pre-marshaled data. This calcuates and encodes * the length, so that the output data is the standard triple of * { tag, length, data } used by all DER values. - * - * @param tag the DER value tag for the data, such as - * <em>DerValue.tag_Sequence</em> + * + * @param tag the DER value tag for the data, such as <em>DerValue.tag_Sequence</em> * @param buf buffered data, which must be DER-encoded */ public void write(byte tag, byte[] buf) throws IOException { - write(tag); - putLength(buf.length); - write(buf, 0, buf.length); + write(tag); + putLength(buf.length); + write(buf, 0, buf.length); } /** - * Writes tagged data using buffer-to-buffer copy. As above, - * this writes a standard DER record. This is often used when + * Writes tagged data using buffer-to-buffer copy. As above, + * this writes a standard DER record. This is often used when * efficiently encapsulating values in sequences. - * - * @param tag the DER value tag for the data, such as - * <em>DerValue.tag_Sequence</em> + * + * @param tag the DER value tag for the data, such as <em>DerValue.tag_Sequence</em> * @param out buffered data */ public void write(byte tag, DerOutputStream out) throws IOException { - write(tag); - putLength(out.count); - write(out.buf, 0, out.count); + write(tag); + putLength(out.count); + write(out.buf, 0, out.count); } /** - * Writes implicitly tagged data using buffer-to-buffer copy. As above, - * this writes a standard DER record. This is often used when + * Writes implicitly tagged data using buffer-to-buffer copy. As above, + * this writes a standard DER record. This is often used when * efficiently encapsulating implicitly tagged values. - * + * * @param tag the DER value of the context-specific tag that replaces - * original tag of the value in the output , such as in - * <pre> - * <em> <field> [N] IMPLICIT <type></em> + * original tag of the value in the output , such as in + * + * <pre> + * <em> <field> [N] IMPLICIT <type></em> * </pre> - * For example, <em>FooLength [1] IMPLICIT INTEGER</em>, with value=4; - * would be encoded as "81 01 04" whereas in explicit - * tagging it would be encoded as "A1 03 02 01 04". - * Notice that the tag is A1 and not 81, this is because with - * explicit tagging the form is always constructed. + * + * For example, <em>FooLength [1] IMPLICIT INTEGER</em>, with value=4; + * would be encoded as "81 01 04" whereas in explicit + * tagging it would be encoded as "A1 03 02 01 04". + * Notice that the tag is A1 and not 81, this is because with + * explicit tagging the form is always constructed. * @param value original value being implicitly tagged */ public void writeImplicit(byte tag, DerOutputStream value) - throws IOException { - write(tag); - write(value.buf, 1, value.count-1); + throws IOException { + write(tag); + write(value.buf, 1, value.count - 1); } /** * Marshals pre-encoded DER value onto the output stream. */ public void putDerValue(DerValue val) throws IOException { - val.encode(this); + val.encode(this); } /* @@ -145,34 +147,32 @@ extends ByteArrayOutputStream implements DerEncoder { /** * Marshals a DER unsigned integer on the output stream. */ - public void putInteger(BigInt i) throws IOException - { - putUnsignedInteger(i.toByteArray()); - } + public void putInteger(BigInt i) throws IOException { + putUnsignedInteger(i.toByteArray()); + } /** * Marshals a DER unsigned integer on the output stream. */ - public void putUnsignedInteger(byte [] integerBytes) throws IOException { + public void putUnsignedInteger(byte[] integerBytes) throws IOException { - write(DerValue.tag_Integer); - if ((integerBytes [0] & 0x080) != 0) { - /* - * prepend zero so it's not read as a negative number - */ - putLength(integerBytes.length + 1); - write(0); - } else - putLength(integerBytes.length); - write(integerBytes, 0, integerBytes.length); + write(DerValue.tag_Integer); + if ((integerBytes[0] & 0x080) != 0) { + /* + * prepend zero so it's not read as a negative number + */ + putLength(integerBytes.length + 1); + write(0); + } else + putLength(integerBytes.length); + write(integerBytes, 0, integerBytes.length); } /** * Marshals a DER enumerated value on the output stream. */ - public void putEnumerated(int i) throws IOException - { - write(DerValue.tag_Enumerated); + public void putEnumerated(int i) throws IOException { + write(DerValue.tag_Enumerated); int bytemask = 0xff000000; int signmask = 0x80000000; @@ -180,92 +180,92 @@ extends ByteArrayOutputStream implements DerEncoder { if ((i & 0x80000000) != 0) { // negative case for (length = 4; length > 1; --length) { - if((i & bytemask) != bytemask) + if ((i & bytemask) != bytemask) break; - bytemask = bytemask >>> 8; - signmask = signmask >>> 8; + bytemask = bytemask >>> 8; + signmask = signmask >>> 8; } if ((i & signmask) == 0) { // ensure negative case - putLength(length+1); + putLength(length + 1); write(0xff); } else { - putLength(length); + putLength(length); } // unrolled loop switch (length) { - case 4: - write((byte)(i >>> 24)); - case 3: - write((byte)(i >>> 16)); - case 2: - write((byte)(i >>> 8)); - case 1: - write((byte)i); + case 4: + write((byte) (i >>> 24)); + case 3: + write((byte) (i >>> 16)); + case 2: + write((byte) (i >>> 8)); + case 1: + write((byte) i); } } else { // positive case for (length = 4; length > 0; --length) { - if((i & bytemask) != 0) + if ((i & bytemask) != 0) break; - bytemask = bytemask >>> 8; - signmask = signmask >>> 8; + bytemask = bytemask >>> 8; + signmask = signmask >>> 8; } if ((i & signmask) != 0) { // ensure posititive case - putLength(length+1); + putLength(length + 1); write(0x00); } else { - putLength(length); + putLength(length); } // unrolled loop switch (length) { - case 4: - write((byte)(i >>> 24)); - case 3: - write((byte)(i >>> 16)); - case 2: - write((byte)(i >>> 8)); - case 1: - write((byte)i); + case 4: + write((byte) (i >>> 24)); + case 3: + write((byte) (i >>> 16)); + case 2: + write((byte) (i >>> 8)); + case 1: + write((byte) i); } } } /** - * Marshals a DER bit string on the output stream. The bit + * Marshals a DER bit string on the output stream. The bit * string must be byte-aligned. - * + * * @param bits the bit string, MSB first */ public void putBitString(byte[] bits) throws IOException { - write(DerValue.tag_BitString); - putLength(bits.length + 1); - write(0); // all of last octet is used - write(bits); + write(DerValue.tag_BitString); + putLength(bits.length + 1); + write(0); // all of last octet is used + write(bits); } /** - * Converts a boolean array to a BitArray. Trims trailing 0 bits + * Converts a boolean array to a BitArray. Trims trailing 0 bits * in accordance with DER encoding standard. We assume the input is not * null. */ private static BitArray toBitArray(boolean[] bitString) { - if( bitString.length == 0 ) { + if (bitString.length == 0) { return new BitArray(bitString); } // find index of last 1 bit. -1 if there aren't any int i; - for(i=bitString.length-1; i >= 0; i--) { - if(bitString[i]) { + for (i = bitString.length - 1; i >= 0; i--) { + if (bitString[i]) { break; } } - int length = i+1; + int length = i + 1; // if length changed, copy to new appropriately-sized array - if(length != bitString.length) { + if (length != bitString.length) { boolean[] newBitString = new boolean[length]; System.arraycopy(bitString, 0, newBitString, 0, length); bitString = newBitString; @@ -283,22 +283,22 @@ extends ByteArrayOutputStream implements DerEncoder { int length, i; int maxIndex = 0; - if( bitString.length == 0 ) { + if (bitString.length == 0) { return new BitArray(0, bitString); } // find the index of the last byte with a 1 bit - for( i = 0; i < bitString.length; i++) { - if( bitString[i] != 0 ) { + for (i = 0; i < bitString.length; i++) { + if (bitString[i] != 0) { maxIndex = i; } } byte lastByte = bitString[maxIndex]; - length = (maxIndex+1) * 8; // maximum, might reduce in next step + length = (maxIndex + 1) * 8; // maximum, might reduce in next step // now find the last 1 bit in this last byte - for(i=1; i <= 0x80; i <<= 1) { - if( (lastByte & i) == 0 ) { + for (i = 1; i <= 0x80; i <<= 1) { + if ((lastByte & i) == 0) { length--; } else { break; @@ -307,60 +307,59 @@ extends ByteArrayOutputStream implements DerEncoder { return new BitArray(length, bitString); } - /** * Marshals a DER bit string on the output stream. * The bit strings need not be byte-aligned. - * + * * @param bits the bit string, MSB first */ public void putUnalignedBitString(BitArray ba) throws IOException { - byte[] bits = ba.toByteArray(); + byte[] bits = ba.toByteArray(); - write(DerValue.tag_BitString); - putLength(bits.length + 1); - write(bits.length*8 - ba.length()); // excess bits in last octet - write(bits); + write(DerValue.tag_BitString); + putLength(bits.length + 1); + write(bits.length * 8 - ba.length()); // excess bits in last octet + write(bits); } /** * Marshals a DER bit string on the output stream. * All trailing 0 bits will be stripped off in accordance with DER * encoding. - * + * * @param bits the bit string, MSB first */ public void putUnalignedBitString(byte[] bitString) throws IOException { - putUnalignedBitString( toBitArray(bitString) ); + putUnalignedBitString(toBitArray(bitString)); } /** * Marshals a DER bit string on the output stream. * All trailing 0 bits will be stripped off in accordance with DER * encoding. - * + * * @param bits the bit string as an array of booleans. */ public void putUnalignedBitString(boolean[] bitString) throws IOException { - putUnalignedBitString( toBitArray(bitString) ); + putUnalignedBitString(toBitArray(bitString)); } /** * DER-encodes an ASN.1 OCTET STRING value on the output stream. - * + * * @param octets the octet string */ public void putOctetString(byte[] octets) throws IOException { - write(DerValue.tag_OctetString, octets); + write(DerValue.tag_OctetString, octets); } /** - * Marshals a DER "null" value on the output stream. These are + * Marshals a DER "null" value on the output stream. These are * often used to indicate optional values which have been omitted. */ public void putNull() throws IOException { - write(DerValue.tag_Null); - putLength(0); + write(DerValue.tag_Null); + putLength(0); } /** @@ -368,185 +367,181 @@ extends ByteArrayOutputStream implements DerEncoder { * Corresponds to the ASN.1 "OBJECT IDENTIFIER" construct. */ public void putOID(ObjectIdentifier oid) throws IOException { - oid.encode(this); + oid.encode(this); } /** - * Marshals a sequence on the output stream. This supports both + * Marshals a sequence on the output stream. This supports both * the ASN.1 "SEQUENCE" (zero to N values) and "SEQUENCE OF" * (one to N values) constructs. */ public void putSequence(DerValue[] seq) throws IOException { - DerOutputStream bytes = new DerOutputStream(); - int i; + DerOutputStream bytes = new DerOutputStream(); + int i; - for (i = 0; i < seq.length; i++) - seq [i].encode(bytes); + for (i = 0; i < seq.length; i++) + seq[i].encode(bytes); - write(DerValue.tag_Sequence, bytes); + write(DerValue.tag_Sequence, bytes); } /** * Marshals the contents of a set on the output stream without - * ordering the elements. Ok for BER encoding, but not for DER - * encoding. - * - * For DER encoding, use orderedPutSet() or orderedPutSetOf(). + * ordering the elements. Ok for BER encoding, but not for DER + * encoding. + * + * For DER encoding, use orderedPutSet() or orderedPutSetOf(). */ public void putSet(DerValue[] set) throws IOException { - DerOutputStream bytes = new DerOutputStream(); - int i; + DerOutputStream bytes = new DerOutputStream(); + int i; - for (i = 0; i < set.length; i++) - set [i].encode(bytes); + for (i = 0; i < set.length; i++) + set[i].encode(bytes); - write(DerValue.tag_Set, bytes); + write(DerValue.tag_Set, bytes); } /** * NSCP : - * Like putOrderSetOf, except not sorted. - * This may defy DER encoding but is needed for compatibility - * with communicator. + * Like putOrderSetOf, except not sorted. + * This may defy DER encoding but is needed for compatibility + * with communicator. */ public void putSet(byte tag, DerEncoder[] set) throws IOException { - putOrderedSet(tag, set, null); + putOrderedSet(tag, set, null); } - /** - * Marshals the contents of a set on the output stream. Sets + /** + * Marshals the contents of a set on the output stream. Sets * are semantically unordered, but DER requires that encodings of * set elements be sorted into ascending lexicographical order - * before being output. Hence sets with the same tags and + * before being output. Hence sets with the same tags and * elements have the same DER encoding. - * + * * This method supports the ASN.1 "SET OF" construct, but not - * "SET", which uses a different order. + * "SET", which uses a different order. */ public void putOrderedSetOf(byte tag, DerEncoder[] set) throws IOException { - putOrderedSet(tag, set, lexOrder); + putOrderedSet(tag, set, lexOrder); } - /** - * Marshals the contents of a set on the output stream. Sets + /** + * Marshals the contents of a set on the output stream. Sets * are semantically unordered, but DER requires that encodings of * set elements be sorted into ascending tag order - * before being output. Hence sets with the same tags and + * before being output. Hence sets with the same tags and * elements have the same DER encoding. - * + * * This method supports the ASN.1 "SET" construct, but not - * "SET OF", which uses a different order. + * "SET OF", which uses a different order. */ public void putOrderedSet(byte tag, DerEncoder[] set) throws IOException { - putOrderedSet(tag, set, tagOrder); + putOrderedSet(tag, set, tagOrder); } /** - * Lexicographical order comparison on byte arrays, for ordering - * elements of a SET OF objects in DER encoding. + * Lexicographical order comparison on byte arrays, for ordering + * elements of a SET OF objects in DER encoding. */ private static ByteArrayLexOrder lexOrder = new ByteArrayLexOrder(); /** - * Tag order comparison on byte arrays, for ordering elements of - * SET objects in DER encoding. + * Tag order comparison on byte arrays, for ordering elements of + * SET objects in DER encoding. */ private static ByteArrayTagOrder tagOrder = new ByteArrayTagOrder(); - /** - * Marshals a the contents of a set on the output stream with the + /** + * Marshals a the contents of a set on the output stream with the * encodings of its sorted in increasing order. - * + * * @param order the order to use when sorting encodings of components. */ - private void putOrderedSet(byte tag, DerEncoder[] set, - Comparator order) throws IOException { - DerOutputStream[] streams = new DerOutputStream[set.length]; + private void putOrderedSet(byte tag, DerEncoder[] set, + Comparator order) throws IOException { + DerOutputStream[] streams = new DerOutputStream[set.length]; - for (int i = 0; i < set.length; i++) { - streams[i] = new DerOutputStream(); - set[i].derEncode(streams[i]); - } + for (int i = 0; i < set.length; i++) { + streams[i] = new DerOutputStream(); + set[i].derEncode(streams[i]); + } - // order the element encodings - byte[][] bufs = new byte[streams.length][]; - for (int i = 0; i < streams.length; i++) { - bufs[i] = streams[i].toByteArray(); - } - if (order != null) { - Arrays.sort(bufs, order); - } + // order the element encodings + byte[][] bufs = new byte[streams.length][]; + for (int i = 0; i < streams.length; i++) { + bufs[i] = streams[i].toByteArray(); + } + if (order != null) { + Arrays.sort(bufs, order); + } - DerOutputStream bytes = new DerOutputStream(); - for (int i = 0; i < streams.length; i++) { - bytes.write(bufs[i]); - } - write(tag, bytes); + DerOutputStream bytes = new DerOutputStream(); + for (int i = 0; i < streams.length; i++) { + bytes.write(bufs[i]); + } + write(tag, bytes); } /** * Converts string to printable and writes to der output stream. */ - public void putPrintableString(String s) throws IOException - { - putStringType(DerValue.tag_PrintableString, s); + public void putPrintableString(String s) throws IOException { + putStringType(DerValue.tag_PrintableString, s); } - public void putVisibleString(String s) throws IOException - { - putStringType(DerValue.tag_VisibleString, s); + public void putVisibleString(String s) throws IOException { + putStringType(DerValue.tag_VisibleString, s); } + /** * Marshals a string which is consists of BMP (unicode) characters */ - public void putBMPString(String s) throws IOException - { - putStringType(DerValue.tag_BMPString, s); + public void putBMPString(String s) throws IOException { + putStringType(DerValue.tag_BMPString, s); } - public void putGeneralString(String s) throws IOException - { - putStringType(DerValue.tag_GeneralString, s); + public void putGeneralString(String s) throws IOException { + putStringType(DerValue.tag_GeneralString, s); } -// /* -// * T61 is an 8 bit extension to ASCII, escapes e.g. to Japanese -// */ -// void putT61String(String s) throws IOException -// { -// // XXX IMPLEMENT ME -// -// throw new IOException("DerOutputStream.putT61String() NYI"); -// } - -// /* -// * Universal String. -// */ -// void putUniversalString(String s) throws IOException -// { -// // XXX IMPLEMENT ME -// -// throw new IOException("DerOutputStream.putUniversalString() NYI"); -// } + // /* + // * T61 is an 8 bit extension to ASCII, escapes e.g. to Japanese + // */ + // void putT61String(String s) throws IOException + // { + // // XXX IMPLEMENT ME + // + // throw new IOException("DerOutputStream.putT61String() NYI"); + // } + + // /* + // * Universal String. + // */ + // void putUniversalString(String s) throws IOException + // { + // // XXX IMPLEMENT ME + // + // throw new IOException("DerOutputStream.putUniversalString() NYI"); + // } /** * Marshals a string which is consists of IA5(ASCII) characters */ - public void putIA5String(String s) throws IOException - { - putStringType(DerValue.tag_IA5String, s); + public void putIA5String(String s) throws IOException { + putStringType(DerValue.tag_IA5String, s); } - public void putUTF8String(String s) throws IOException - { - putStringType(DerValue.tag_UTF8String, s); + public void putUTF8String(String s) throws IOException { + putStringType(DerValue.tag_UTF8String, s); } public void putStringType(byte tag, String s) throws IOException { try { CharsetEncoder encoder = ASN1CharStrConvMap.getDefault().getEncoder(tag); - if (encoder == null) throw new IOException("No encoder for tag"); + if (encoder == null) + throw new IOException("No encoder for tag"); CharBuffer charBuffer = CharBuffer.wrap(s.toCharArray()); ByteBuffer byteBuffer = encoder.encode(charBuffer); @@ -556,79 +551,74 @@ extends ByteArrayOutputStream implements DerEncoder { write(byteBuffer.array(), byteBuffer.arrayOffset(), byteBuffer.limit()); } catch (CharacterCodingException e) { - throw new IOException("Not a valid string type "+tag, e); + throw new IOException("Not a valid string type " + tag, e); } } - private void put2DateBytes(byte[] buffer, int value, int offset) - { - int upper= value/10; - int lower = value%10; - buffer[offset] = (byte)((byte)upper + (byte)'0'); - buffer[offset+1] = (byte)((byte)lower + (byte)'0'); + private void put2DateBytes(byte[] buffer, int value, int offset) { + int upper = value / 10; + int lower = value % 10; + buffer[offset] = (byte) ((byte) upper + (byte) '0'); + buffer[offset + 1] = (byte) ((byte) lower + (byte) '0'); } private static Calendar GMTGregorianCalendar = null; - private Calendar getGMTGregorianCalendar() - { - if (GMTGregorianCalendar == null) { - TimeZone tz = TimeZone.getTimeZone("GMT"); - GMTGregorianCalendar = new GregorianCalendar(tz); - } - return (Calendar)GMTGregorianCalendar.clone(); - } - - public byte[] getDateBytes(Date d, boolean UTC) - { - + private Calendar getGMTGregorianCalendar() { + if (GMTGregorianCalendar == null) { + TimeZone tz = TimeZone.getTimeZone("GMT"); + GMTGregorianCalendar = new GregorianCalendar(tz); + } + return (Calendar) GMTGregorianCalendar.clone(); + } + + public byte[] getDateBytes(Date d, boolean UTC) { + byte[] datebytes; if (UTC) { datebytes = new byte[13]; - } - else { // generalized time has 4 digits for yr + } else { // generalized time has 4 digits for yr datebytes = new byte[15]; } Calendar cal = getGMTGregorianCalendar(); cal.setTime(d); - int i=0; + int i = 0; if (!UTC) { - put2DateBytes(datebytes,cal.get(Calendar.YEAR)/100,i); - i+= 2; + put2DateBytes(datebytes, cal.get(Calendar.YEAR) / 100, i); + i += 2; } - put2DateBytes(datebytes,cal.get(Calendar.YEAR)%100 ,i); + put2DateBytes(datebytes, cal.get(Calendar.YEAR) % 100, i); // Calendar's MONTH is zero-based - i+= 2; - put2DateBytes(datebytes,cal.get(Calendar.MONTH)+1 ,i); - i+= 2; - put2DateBytes(datebytes,cal.get(Calendar.DAY_OF_MONTH),i); - i+= 2; - put2DateBytes(datebytes,cal.get(Calendar.HOUR_OF_DAY) ,i); - i+= 2; - put2DateBytes(datebytes,cal.get(Calendar.MINUTE) ,i); - i+= 2; - put2DateBytes(datebytes,cal.get(Calendar.SECOND) ,i); - i+= 2; + i += 2; + put2DateBytes(datebytes, cal.get(Calendar.MONTH) + 1, i); + i += 2; + put2DateBytes(datebytes, cal.get(Calendar.DAY_OF_MONTH), i); + i += 2; + put2DateBytes(datebytes, cal.get(Calendar.HOUR_OF_DAY), i); + i += 2; + put2DateBytes(datebytes, cal.get(Calendar.MINUTE), i); + i += 2; + put2DateBytes(datebytes, cal.get(Calendar.SECOND), i); + i += 2; // datebytes[i] = 'Z'; - datebytes[i] = (byte)'Z'; - + datebytes[i] = (byte) 'Z'; + return datebytes; } /** * Marshals a DER UTC time/date value. - * - * <P>YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time - * and with seconds (even if seconds=0) as per IETF-PKIX partI. + * + * <P> + * YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per IETF-PKIX partI. */ public void putUTCTime(Date d) throws IOException { - /* - * Format the date. - */ - + /* + * Format the date. + */ // This was the old code. Way too slow to be usable (stevep) @@ -638,37 +628,37 @@ extends ByteArrayOutputStream implements DerEncoder { // sdf.setTimeZone(tz); // byte[] utc = (sdf.format(d)).getBytes(); - byte[] datebytes = getDateBytes(d,true); // UTC = true + byte[] datebytes = getDateBytes(d, true); // UTC = true - /* - * Write the formatted date. - */ - write (DerValue.tag_UtcTime); + /* + * Write the formatted date. + */ + write(DerValue.tag_UtcTime); putLength(datebytes.length); write(datebytes); } /** * Marshals a DER Generalized Time/date value. - * - * <P>YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time - * and with seconds (even if seconds=0) as per IETF-PKIX partI. + * + * <P> + * YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time and with seconds (even if seconds=0) as per IETF-PKIX partI. */ public void putGeneralizedTime(Date d) throws IOException { /* * Format the date. */ TimeZone tz = TimeZone.getTimeZone("GMT"); - - // This is way too slow to be usable (stevep) + + // This is way too slow to be usable (stevep) String pattern = "yyyyMMddHHmmss'Z'"; SimpleDateFormat sdf = new SimpleDateFormat(pattern); sdf.setTimeZone(tz); byte[] gt = (sdf.format(d)).getBytes(); - /* - * Write the formatted date. - */ + /* + * Write the formatted date. + */ write(DerValue.tag_GeneralizedTime); putLength(gt.length); write(gt); @@ -676,62 +666,61 @@ extends ByteArrayOutputStream implements DerEncoder { /** * Put the encoding of the length in the stream. - * + * * @param len the length of the attribute. * @exception IOException on writing errors. */ public void putLength(int len) throws IOException { - if (len < 128) { - write ((byte)len); + if (len < 128) { + write((byte) len); - } else if (len < (1 << 8)) { - write ((byte)0x081); - write ((byte)len); + } else if (len < (1 << 8)) { + write((byte) 0x081); + write((byte) len); - } else if (len < (1 << 16)) { - write ((byte)0x082); - write ((byte) (len >> 8)); - write ((byte) len); + } else if (len < (1 << 16)) { + write((byte) 0x082); + write((byte) (len >> 8)); + write((byte) len); - } else if (len < (1 << 24)) { - write ((byte)0x083); - write ((byte) (len >> 16)); - write ((byte) (len >> 8)); - write ((byte) len); + } else if (len < (1 << 24)) { + write((byte) 0x083); + write((byte) (len >> 16)); + write((byte) (len >> 8)); + write((byte) len); - } else { - write ((byte)0x084); - write ((byte) (len >> 24)); - write ((byte) (len >> 16)); - write ((byte) (len >> 8)); - write ((byte) len); - } + } else { + write((byte) 0x084); + write((byte) (len >> 24)); + write((byte) (len >> 16)); + write((byte) (len >> 8)); + write((byte) len); + } } /** * Put the tag of the attribute in the stream. - * + * * @param class the tag class type, one of UNIVERSAL, CONTEXT, - * APPLICATION or PRIVATE + * APPLICATION or PRIVATE * @param form if true, the value is constructed, otherwise it is - * primitive. + * primitive. * @param val the tag value */ public void putTag(byte tagClass, boolean form, byte val) { byte tag = (byte) (tagClass | val); if (form) { - tag |= (byte)0x20; + tag |= (byte) 0x20; } - write (tag); + write(tag); } /** - * Write the current contents of this <code>DerOutputStream</code> - * to an <code>OutputStream</code>. - * - * @exception IOException on output error. + * Write the current contents of this <code>DerOutputStream</code> to an <code>OutputStream</code>. + * + * @exception IOException on output error. */ public void derEncode(OutputStream out) throws IOException { - out.write(toByteArray()); + out.write(toByteArray()); } } diff --git a/pki/base/util/src/netscape/security/util/DerValue.java b/pki/base/util/src/netscape/security/util/DerValue.java index dac49a4f..298a08cd 100644 --- a/pki/base/util/src/netscape/security/util/DerValue.java +++ b/pki/base/util/src/netscape/security/util/DerValue.java @@ -31,43 +31,40 @@ import netscape.security.x509.AVAValueConverter; import netscape.security.x509.GenericValueConverter; /** - * Represents a single DER-encoded value. DER encoding rules are a subset + * Represents a single DER-encoded value. DER encoding rules are a subset * of the "Basic" Encoding Rules (BER), but they only support a single way * ("Definite" encoding) to encode any given value. - * - * <P>All DER-encoded data are triples <em>{type, length, data}</em>. This - * class represents such tagged values as they have been read (or constructed), - * and provides structured access to the encoded data. - * - * <P>At this time, this class supports only a subset of the types of DER - * data encodings which are defined. That subset is sufficient for parsing - * most X.509 certificates, and working with selected additional formats - * (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data). - * + * + * <P> + * All DER-encoded data are triples <em>{type, length, data}</em>. This class represents such tagged values as they have been read (or constructed), and provides structured access to the encoded data. + * + * <P> + * At this time, this class supports only a subset of the types of DER data encodings which are defined. That subset is sufficient for parsing most X.509 certificates, and working with selected additional formats (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data). + * * @version 1.43 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra */ public class DerValue { /** The tag class types */ - public static final byte TAG_UNIVERSAL = (byte)0x000; - public static final byte TAG_APPLICATION = (byte)0x040; - public static final byte TAG_CONTEXT = (byte)0x080; - public static final byte TAG_PRIVATE = (byte)0x0c0; + public static final byte TAG_UNIVERSAL = (byte) 0x000; + public static final byte TAG_APPLICATION = (byte) 0x040; + public static final byte TAG_CONTEXT = (byte) 0x080; + public static final byte TAG_PRIVATE = (byte) 0x0c0; /** The DER tag of the value; one of the tag_ constants. */ - public byte tag; + public byte tag; - protected DerInputBuffer buffer; + protected DerInputBuffer buffer; /** * The DER-encoded data of the value. */ - public DerInputStream data; + public DerInputStream data; - private int length; + private int length; /* * The type starts at the first byte of the encoding, and @@ -81,99 +78,118 @@ public class DerValue { */ /** Tag value indicating an ASN.1 "BOOLEAN" value. */ - public final static byte tag_Boolean = 0x01; + public final static byte tag_Boolean = 0x01; /** Tag value indicating an ASN.1 "INTEGER" value. */ - public final static byte tag_Integer = 0x02; + public final static byte tag_Integer = 0x02; /** Tag value indicating an ASN.1 "BIT STRING" value. */ - public final static byte tag_BitString = 0x03; + public final static byte tag_BitString = 0x03; /** Tag value indicating an ASN.1 "OCTET STRING" value. */ - public final static byte tag_OctetString = 0x04; + public final static byte tag_OctetString = 0x04; /** Tag value indicating an ASN.1 "NULL" value. */ - public final static byte tag_Null = 0x05; + public final static byte tag_Null = 0x05; /** Tag value indicating an ASN.1 "OBJECT IDENTIFIER" value. */ - public final static byte tag_ObjectId = 0x06; + public final static byte tag_ObjectId = 0x06; /** Tag value including an ASN.1 "ENUMERATED" value */ - public final static byte tag_Enumerated = 0x0A; + public final static byte tag_Enumerated = 0x0A; /** Tag value including a "printable" string */ - public final static byte tag_PrintableString = 0x13; + public final static byte tag_PrintableString = 0x13; - public final static byte tag_VisibleString = 0x1A; + public final static byte tag_VisibleString = 0x1A; /** Tag value including a "teletype" string */ - public final static byte tag_T61String = 0x14; + public final static byte tag_T61String = 0x14; /** Tag value including an ASCII string */ - public final static byte tag_IA5String = 0x16; + public final static byte tag_IA5String = 0x16; /** Tag value indicating an ASN.1 "UTCTime" value. */ - public final static byte tag_UtcTime = 0x17; + public final static byte tag_UtcTime = 0x17; /** Tag value indicating an ASN.1 "GeneralizedTime" value. */ - public final static byte tag_GeneralizedTime = 0x18; + public final static byte tag_GeneralizedTime = 0x18; /** Tag value indicating an ASN.1 "GeneralString" value. */ - public final static byte tag_GeneralString = 0x1B; + public final static byte tag_GeneralString = 0x1B; /** Tag value indicating an ASN.1 "BMPString" value. */ - public final static byte tag_BMPString = 0x1E; + public final static byte tag_BMPString = 0x1E; /** Tag value indicating an ASN.1 "UniversalString" value. */ - public final static byte tag_UniversalString = 0x1C; + public final static byte tag_UniversalString = 0x1C; /** Tag value indicating an ASN.1 "UTF8String" value. (since 1998) */ - public final static byte tag_UTF8String = 0x0C; + public final static byte tag_UTF8String = 0x0C; // CONSTRUCTED seq/set - /** Tag value indicating an ASN.1 - * "SEQUENCE" (zero to N elements, order is significant). */ - public final static byte tag_Sequence = 0x30; + /** + * Tag value indicating an ASN.1 + * "SEQUENCE" (zero to N elements, order is significant). + */ + public final static byte tag_Sequence = 0x30; - /** Tag value indicating an ASN.1 - * "SEQUENCE OF" (one to N elements, order is significant). */ - public final static byte tag_SequenceOf = 0x30; + /** + * Tag value indicating an ASN.1 + * "SEQUENCE OF" (one to N elements, order is significant). + */ + public final static byte tag_SequenceOf = 0x30; - /** Tag value indicating an ASN.1 - * "SET" (zero to N members, order does not matter). */ - public final static byte tag_Set = 0x31; + /** + * Tag value indicating an ASN.1 + * "SET" (zero to N members, order does not matter). + */ + public final static byte tag_Set = 0x31; - /** Tag value indicating an ASN.1 - * "SET OF" (one to N members, order does not matter). */ - public final static byte tag_SetOf = 0x31; + /** + * Tag value indicating an ASN.1 + * "SET OF" (one to N members, order does not matter). + */ + public final static byte tag_SetOf = 0x31; /* * These values are the high order bits for the other kinds of tags. */ - boolean isUniversal() { return ((tag & 0x0c0) == 0x000); } - boolean isApplication() { return ((tag & 0x0c0) == 0x040); } + boolean isUniversal() { + return ((tag & 0x0c0) == 0x000); + } + + boolean isApplication() { + return ((tag & 0x0c0) == 0x040); + } /** * Returns true iff the CONTEXT SPECIFIC bit is set in the type tag. * This is associated with the ASN.1 "DEFINED BY" syntax. */ - public boolean isContextSpecific() { return ((tag & 0x0c0) == 0x080); } + public boolean isContextSpecific() { + return ((tag & 0x0c0) == 0x080); + } /** * Returns true iff the CONTEXT SPECIFIC TAG matches the passed tag. */ public boolean isContextSpecific(byte cntxtTag) { - if (!isContextSpecific ()) { + if (!isContextSpecific()) { return false; } return ((tag & 0x01f) == cntxtTag); } - boolean isPrivate() { return ((tag & 0x0c0) == 0x0c0); } + boolean isPrivate() { + return ((tag & 0x0c0) == 0x0c0); + } /** Returns true iff the CONSTRUCTED bit is set in the type tag. */ - public boolean isConstructed() { return ((tag & 0x020) == 0x020); } + public boolean isConstructed() { + return ((tag & 0x020) == 0x020); + } /** * Creates a DER value from a string @@ -181,23 +197,22 @@ public class DerValue { * Assumes the string is a Generic attribute value and uses * the converter for generic string values to convert to the Der Value. */ - public DerValue (String value) - throws IOException - { - AVAValueConverter genericValue = new GenericValueConverter(); - DerValue val; + public DerValue(String value) + throws IOException { + AVAValueConverter genericValue = new GenericValueConverter(); + DerValue val; - val = genericValue.getValue(value); - tag = val.tag; - buffer = val.buffer; - length = val.length; - data = val.data; - data.mark (Integer.MAX_VALUE); + val = genericValue.getValue(value); + tag = val.tag; + buffer = val.buffer; + length = val.length; + data = val.data; + data.mark(Integer.MAX_VALUE); } /** * Creates a DerValue from a tag and some DER-encoded data. - * + * * @param tag the DER type tag * @param data the DER-encoded data */ @@ -211,122 +226,122 @@ public class DerValue { /** * Creates a DerValue from a tag and some DER-encoded data. - * + * * @param tag the DER type tag * @param data the DER-encoded data * @param offset offset of the data * @param length length of the data */ public DerValue(byte tag, byte[] data, int offset, int length) { - this(tag, Arrays.copyOfRange(data, offset, offset+length)); + this(tag, Arrays.copyOfRange(data, offset, offset + length)); } /* * package private */ DerValue(DerInputBuffer in) throws IOException { - // NOTE: This must handle the special value used - // to terminate BER indefinite encodings (tag and - // length are both zero) + // NOTE: This must handle the special value used + // to terminate BER indefinite encodings (tag and + // length are both zero) - // XXX must also parse BER-encoded constructed - // values such as sequences, sets... + // XXX must also parse BER-encoded constructed + // values such as sequences, sets... - tag = (byte) in.read (); - length = DerInputStream.getLength (in); + tag = (byte) in.read(); + length = DerInputStream.getLength(in); - buffer = in.dup (); - buffer.truncate (length); - data = new DerInputStream (buffer); + buffer = in.dup(); + buffer.truncate(length); + data = new DerInputStream(buffer); - in.skip (length); + in.skip(length); } /** - * Get an ASN.1/DER encoded datum from a buffer. The + * Get an ASN.1/DER encoded datum from a buffer. The * entire buffer must hold exactly one datum, including * its tag and length. - * + * * @param buf buffer holding a single DER-encoded datum. */ public DerValue(byte[] buf) throws IOException { - init (true, new ByteArrayInputStream (buf)); + init(true, new ByteArrayInputStream(buf)); } /** * Get an ASN.1/DER encoded datum from part of a buffer. * That part of the buffer must hold exactly one datum, including * its tag and length. - * + * * @param buf the buffer * @param offset start point of the single DER-encoded dataum * @param length how many bytes are in the encoded datum */ public DerValue(byte[] buf, int offset, int len) throws IOException { - init (true, new ByteArrayInputStream (buf, offset, len)); + init(true, new ByteArrayInputStream(buf, offset, len)); } /** - * Get an ASN1/DER encoded datum from an input stream. The + * Get an ASN1/DER encoded datum from an input stream. The * stream may have additional data following the encoded datum. - * + * * @param in the input stream holding a single DER datum, - * which may be followed by additional data + * which may be followed by additional data */ public DerValue(InputStream in) throws IOException { - init (false, in); + init(false, in); } /* * helper routine */ - private void init (boolean fullyBuffered, InputStream in) - throws IOException { - byte[] bytes; + private void init(boolean fullyBuffered, InputStream in) + throws IOException { + byte[] bytes; - tag = (byte) in.read (); - length = DerInputStream.getLength (in); + tag = (byte) in.read(); + length = DerInputStream.getLength(in); /* - if (length == 0) - return; + if (length == 0) + return; */ - if (fullyBuffered && in.available () != length) - throw new IOException ("extra DER value data (constructor)"); + if (fullyBuffered && in.available() != length) + throw new IOException("extra DER value data (constructor)"); - bytes = new byte [length]; + bytes = new byte[length]; - // n.b. readFully not needed in normal fullyBuffered case - DataInputStream dis = new DataInputStream (in); + // n.b. readFully not needed in normal fullyBuffered case + DataInputStream dis = new DataInputStream(in); - dis.readFully (bytes); - buffer = new DerInputBuffer (bytes); - data = new DerInputStream (buffer); + dis.readFully(bytes); + buffer = new DerInputBuffer(bytes); + data = new DerInputStream(buffer); } /** * Encode an ASN1/DER encoded datum onto a DER output stream. */ public void encode(DerOutputStream out) - throws IOException { - out.write (tag); - out.putLength (length); - buffer.dump(out,length); + throws IOException { + out.write(tag); + out.putLength(length); + buffer.dump(out, length); } /** * Returns an ASN.1 BOOLEAN - * + * * @return the boolean held in this DER value */ public boolean getBoolean() throws IOException { if (tag != tag_Boolean) { - throw new IOException ("DerValue.getBoolean, not a BOOLEAN " + tag); + throw new IOException("DerValue.getBoolean, not a BOOLEAN " + tag); } if (length != 1) { - throw new IOException ("DerValue.getBoolean, invalid length " + length); + throw new IOException("DerValue.getBoolean, invalid length " + length); } if (buffer.read() != 0) { return true; @@ -336,173 +351,171 @@ public class DerValue { /** * Returns an ASN.1 OBJECT IDENTIFIER. - * + * * @return the OID held in this DER value */ public ObjectIdentifier getOID() throws IOException { - if (tag != tag_ObjectId) - throw new IOException ("DerValue.getOID, not an OID " + tag); - return new ObjectIdentifier (buffer); + if (tag != tag_ObjectId) + throw new IOException("DerValue.getOID, not an OID " + tag); + return new ObjectIdentifier(buffer); } /** * Returns an ASN.1 OCTET STRING - * + * * @return the octet string held in this DER value */ public byte[] getOctetString() throws IOException { - if (tag != tag_OctetString) - throw new IOException ( - "DerValue.getOctetString, not an Octet String: " + tag); + if (tag != tag_OctetString) + throw new IOException( + "DerValue.getOctetString, not an Octet String: " + tag); - byte [] bytes = new byte [length]; + byte[] bytes = new byte[length]; - if (buffer.read(bytes) != length) - throw new IOException("short read on DerValue buffer"); - return bytes; + if (buffer.read(bytes) != length) + throw new IOException("short read on DerValue buffer"); + return bytes; } /** * Returns an ASN.1 unsigned integer value of enumerated value. - * + * * @return the (unsigned) integer held in this DER value */ - public int getEnumerated () - throws IOException - { + public int getEnumerated() + throws IOException { if (tag != tag_Enumerated) - throw new IOException ("DerValue.getEnumerated, not an ENUMERATED " + tag); + throw new IOException("DerValue.getEnumerated, not an ENUMERATED " + tag); if (length == 0) return 0; - if (length > 4 || length < 1) - throw new IOException("DerValue.getEnumerated, invalid length " + length + "(must be between 1 and 4)"); - - int value = 0; - int nextbyte = buffer.read(); - if (nextbyte == -1) - throw new IOException("short read on DerValue buffer"); - // perform sign extension - value = (byte) nextbyte; - - for (int i = length - 1; i > 0; --i) { - nextbyte = buffer.read(); - if (nextbyte == -1) - throw new IOException("short read on DerValue buffer"); - value = 256 * value + nextbyte; - } - return value; + if (length > 4 || length < 1) + throw new IOException("DerValue.getEnumerated, invalid length " + length + "(must be between 1 and 4)"); + + int value = 0; + int nextbyte = buffer.read(); + if (nextbyte == -1) + throw new IOException("short read on DerValue buffer"); + // perform sign extension + value = (byte) nextbyte; + + for (int i = length - 1; i > 0; --i) { + nextbyte = buffer.read(); + if (nextbyte == -1) + throw new IOException("short read on DerValue buffer"); + value = 256 * value + nextbyte; + } + return value; } /** * Returns an ASN.1 unsigned INTEGER value. - * + * * @return the (unsigned) integer held in this DER value */ public BigInt getInteger() throws IOException { if (tag != tag_Integer) - throw new IOException ("DerValue.getInteger, not an int " + tag); - return buffer.getUnsigned (data.available ()); + throw new IOException("DerValue.getInteger, not an int " + tag); + return buffer.getUnsigned(data.available()); } /** * Returns an ASN.1 unsigned INTEGER value, the parameter determining * if the tag is implicit. - * + * * @param tagImplicit if true, ignores the tag value as it is - * assumed implicit. + * assumed implicit. * @return the (unsigned) integer held in this DER value */ - public BigInt getInteger(boolean tagImplicit) throws IOException { - if (!tagImplicit) { - if (tag != tag_Integer) { - throw new IOException("DerValue.getInteger, not an int " + public BigInt getInteger(boolean tagImplicit) throws IOException { + if (!tagImplicit) { + if (tag != tag_Integer) { + throw new IOException("DerValue.getInteger, not an int " + tag); - } - } - return buffer.getUnsigned (data.available ()); - } + } + } + return buffer.getUnsigned(data.available()); + } /** - * Returns an ASN.1 BIT STRING value. The bit string must be byte-aligned. - * + * Returns an ASN.1 BIT STRING value. The bit string must be byte-aligned. + * * @return the bit string held in this value */ public byte[] getBitString() throws IOException { - if (tag != tag_BitString) - throw new IOException ( - "DerValue.getBitString, not a bit string " + tag); + if (tag != tag_BitString) + throw new IOException( + "DerValue.getBitString, not a bit string " + tag); - return buffer.getBitString (); + return buffer.getBitString(); } /** * Returns an ASN.1 BIT STRING value that need not be byte-aligned. - * + * * @return a BitArray representing the bit string held in this value */ public BitArray getUnalignedBitString() throws IOException { - if (tag != tag_BitString) + if (tag != tag_BitString) throw new IOException( - "DerValue.getBitString, not a bit string " + tag); - - return buffer.getUnalignedBitString(); + "DerValue.getBitString, not a bit string " + tag); + + return buffer.getUnalignedBitString(); } /** * Returns the name component as a Java string, regardless of its * encoding restrictions (ASCII, T61, Printable, etc). */ - public String getAsString () throws IOException - { - AVAValueConverter genericValue = new GenericValueConverter(); - return genericValue.getAsString(this); + public String getAsString() throws IOException { + AVAValueConverter genericValue = new GenericValueConverter(); + return genericValue.getAsString(this); } /** * Returns an ASN.1 BIT STRING value, with the tag assumed implicit - * based on the parameter. The bit string must be byte-aligned. - * + * based on the parameter. The bit string must be byte-aligned. + * * @param tagImplicit if true, the tag is assumed implicit. * @return the bit string held in this value */ public byte[] getBitString(boolean tagImplicit) throws IOException { if (!tagImplicit) { if (tag != tag_BitString) - throw new IOException ("DerValue.getBitString, not a bit string " + throw new IOException("DerValue.getBitString, not a bit string " + tag); - } - return buffer.getBitString (); + } + return buffer.getBitString(); } /** * Returns an ASN.1 BIT STRING value, with the tag assumed implicit - * based on the parameter. The bit string need not be byte-aligned. - * + * based on the parameter. The bit string need not be byte-aligned. + * * @param tagImplicit if true, the tag is assumed implicit. * @return the bit string held in this value */ public BitArray getUnalignedBitString(boolean tagImplicit) - throws IOException { + throws IOException { if (!tagImplicit) { if (tag != tag_BitString) throw new IOException("DerValue.getBitString, not a bit string " + tag); - } + } return buffer.getUnalignedBitString(); } /** * Returns an ASN.1 STRING value - * + * * @return the printable string held in this value */ - public String getPrintableString () - throws IOException { - if (tag != tag_PrintableString) - throw new IOException ( - "DerValue.getPrintableString, not a string " + tag); + public String getPrintableString() + throws IOException { + if (tag != tag_PrintableString) + throw new IOException( + "DerValue.getPrintableString, not a string " + tag); - return getASN1CharString(); + return getASN1CharString(); } /* @@ -512,7 +525,8 @@ public class DerValue { public String getASN1CharString() throws IOException { try { CharsetDecoder decoder = ASN1CharStrConvMap.getDefault().getDecoder(tag); - if (decoder == null) return null; + if (decoder == null) + return null; ByteBuffer byteBuffer = ByteBuffer.allocate(length); @@ -529,128 +543,125 @@ public class DerValue { /** * Returns an ASN.1 T61 (Teletype) STRING value - * + * * @return the teletype string held in this value */ public String getT61String() throws IOException { - if (tag != tag_T61String) - throw new IOException ( - "DerValue.getT61String, not T61 " + tag); + if (tag != tag_T61String) + throw new IOException( + "DerValue.getT61String, not T61 " + tag); - return getASN1CharString (); + return getASN1CharString(); } /** * Returns an ASN.1 IA5 (ASCII) STRING value - * + * * @return the ASCII string held in this value */ public String getIA5String() throws IOException { - if (tag != tag_IA5String) - throw new IOException ( - "DerValue.getIA5String, not IA5 " + tag); + if (tag != tag_IA5String) + throw new IOException( + "DerValue.getIA5String, not IA5 " + tag); - return getASN1CharString (); + return getASN1CharString(); } - public String getBMPString () - throws IOException - { - if (tag != tag_BMPString) - throw new IOException ( - "DerValue.getBMPString, not BMP " + tag); + public String getBMPString() + throws IOException { + if (tag != tag_BMPString) + throw new IOException( + "DerValue.getBMPString, not BMP " + tag); - return getASN1CharString (); + return getASN1CharString(); } - public String getUniversalString () - throws IOException - { - if (tag != tag_UniversalString) - throw new IOException ( - "DerValue.getUniversalString, not UniversalString " + tag); + public String getUniversalString() + throws IOException { + if (tag != tag_UniversalString) + throw new IOException( + "DerValue.getUniversalString, not UniversalString " + tag); - return getASN1CharString (); + return getASN1CharString(); } - public String getUTF8String () - throws IOException - { - if (tag != tag_UTF8String) - throw new IOException ( - "DerValue.getUTF8String, not UTF8String " + tag); + public String getUTF8String() + throws IOException { + if (tag != tag_UTF8String) + throw new IOException( + "DerValue.getUTF8String, not UTF8String " + tag); - return getASN1CharString (); + return getASN1CharString(); } /** * Returns true iff the other object is a DER value which * is bitwise equal to this one. - * + * * @param other the object being compared with this one */ public boolean equals(Object other) { - if (other instanceof DerValue) - return equals ((DerValue)other); - else - return false; + if (other instanceof DerValue) + return equals((DerValue) other); + else + return false; } /** - * Bitwise equality comparison. DER encoded values have a single + * Bitwise equality comparison. DER encoded values have a single * encoding, so that bitwise equality of the encoded values is an * efficient way to establish equivalence of the unencoded values. - * + * * @param other the object being compared with this one */ public boolean equals(DerValue other) { - data.reset (); - other.data.reset(); - if (this == other) - return true; - else if (tag != other.tag) { - return false; - } else { - return buffer.equals (other.buffer); - } + data.reset(); + other.data.reset(); + if (this == other) + return true; + else if (tag != other.tag) { + return false; + } else { + return buffer.equals(other.buffer); + } } /** * Returns a printable representation of the value. - * + * * @return printable representation of the value */ public String toString() { - try { - String s = getAsString(); - if (s != null) - return s; - if (tag == tag_Null) - return "[DerValue, null]"; - if (tag == tag_ObjectId) - return "OID." + getOID (); - - // integers - else - return "[DerValue, tag = " + tag - + ", length = " + length + "]"; - } catch (IOException e) { - throw new IllegalArgumentException ("misformatted DER value"); - } + try { + String s = getAsString(); + if (s != null) + return s; + if (tag == tag_Null) + return "[DerValue, null]"; + if (tag == tag_ObjectId) + return "OID." + getOID(); + + // integers + else + return "[DerValue, tag = " + tag + + ", length = " + length + "]"; + } catch (IOException e) { + throw new IllegalArgumentException("misformatted DER value"); + } } /** * Returns a DER-encoded value, such that if it's passed to the * DerValue constructor, a value equivalent to "this" is returned. - * + * * @return DER-encoded value, including tag and length. */ public byte[] toByteArray() throws IOException { - DerOutputStream out = new DerOutputStream (); + DerOutputStream out = new DerOutputStream(); - encode (out); - data.reset (); - return out.toByteArray (); + encode(out); + data.reset(); + return out.toByteArray(); } /** @@ -660,31 +671,31 @@ public class DerValue { * integers or bit strings. */ public DerInputStream toDerInputStream() throws IOException { - if (tag == tag_Sequence || tag == tag_Set) - return new DerInputStream (buffer); - throw new IOException ("toDerInputStream rejects tag type " + tag); + if (tag == tag_Sequence || tag == tag_Set) + return new DerInputStream(buffer); + throw new IOException("toDerInputStream rejects tag type " + tag); } /** * Get the length of the encoded value. */ public int length() { - return length; + return length; } /** * Create the tag of the attribute. - * + * * @param class the tag class type, one of UNIVERSAL, CONTEXT, - * APPLICATION or PRIVATE + * APPLICATION or PRIVATE * @param form if true, the value is constructed, otherwise it - * is primitive. + * is primitive. * @param val the tag value */ public static byte createTag(byte tagClass, boolean form, byte val) { byte tag = (byte) (tagClass | val); if (form) { - tag |= (byte)0x20; + tag |= (byte) 0x20; } return (tag); } @@ -692,7 +703,7 @@ public class DerValue { /** * Set the tag of the attribute. Commonly used to reset the * tag value used for IMPLICIT encodings. - * + * * @param tag the tag value */ public void resetTag(byte tag) { diff --git a/pki/base/util/src/netscape/security/util/ExtPrettyPrint.java b/pki/base/util/src/netscape/security/util/ExtPrettyPrint.java index 0c62012d..62d2cb1f 100644 --- a/pki/base/util/src/netscape/security/util/ExtPrettyPrint.java +++ b/pki/base/util/src/netscape/security/util/ExtPrettyPrint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.util; - import java.math.BigInteger; import java.text.DateFormat; import java.util.Enumeration; @@ -78,11 +77,10 @@ import netscape.security.x509.SubjectDirAttributesExtension; import netscape.security.x509.SubjectKeyIdentifierExtension; import netscape.security.x509.UserNotice; - /** * This class will display the certificate content in predefined * format. - * + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ @@ -117,7 +115,7 @@ public class ExtPrettyPrint { /** * This method return string representation of the certificate * in predefined format using specified client local. I18N Support. - * + * * @param clientLocale Locale to be used for localization * @return string representation of the certificate */ @@ -227,12 +225,12 @@ public class ExtPrettyPrint { if (extName == null) sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER) + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); else sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER) + " " + extName + " - " + - mExt.getExtensionId().toString() + "\n"); - + mExt.getExtensionId().toString() + "\n"); + sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -263,7 +261,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_NSC_COMMENT) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -287,7 +285,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_NAME_CONSTRAINTS) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -313,7 +311,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_OCSP_NOCHECK) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -327,7 +325,7 @@ public class ExtPrettyPrint { } catch (Exception e) { return sb.toString(); } - } + } private String getSubjectInfoAccessExtension() { StringBuffer sb = new StringBuffer(); @@ -336,7 +334,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_SIA) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -352,18 +350,18 @@ public class ExtPrettyPrint { for (int i = 0; i < aia.numberOfAccessDescription(); i++) { AccessDescription ad = (AccessDescription) - aia.getAccessDescription(i); + aia.getAccessDescription(i); ObjectIdentifier method = ad.getMethod(); if (method.equals(SubjectInfoAccessExtension.METHOD_OCSP)) { sb.append(pp.indent(mIndentSize + 8) + "Method #" + i + ": " + - "ocsp" + "\n"); + "ocsp" + "\n"); } else { sb.append(pp.indent(mIndentSize + 8) + "Method #" + i + ": " + - method.toString() + "\n"); + method.toString() + "\n"); } sb.append(pp.indent(mIndentSize + 8) + "Location #" + i + ": " + - ad.getLocation().toString() + "\n"); + ad.getLocation().toString() + "\n"); } return sb.toString(); } catch (Exception e) { @@ -378,7 +376,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_AIA) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -394,18 +392,18 @@ public class ExtPrettyPrint { for (int i = 0; i < aia.numberOfAccessDescription(); i++) { AccessDescription ad = (AccessDescription) - aia.getAccessDescription(i); + aia.getAccessDescription(i); ObjectIdentifier method = ad.getMethod(); if (method.equals(AuthInfoAccessExtension.METHOD_OCSP)) { sb.append(pp.indent(mIndentSize + 8) + "Method #" + i + ": " + - "ocsp" + "\n"); + "ocsp" + "\n"); } else { sb.append(pp.indent(mIndentSize + 8) + "Method #" + i + ": " + - method.toString() + "\n"); + method.toString() + "\n"); } sb.append(pp.indent(mIndentSize + 8) + "Location #" + i + ": " + - ad.getLocation().toString() + "\n"); + ad.getLocation().toString() + "\n"); } return sb.toString(); } catch (Exception e) { @@ -420,7 +418,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_PRESENCE_SERVER) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -447,7 +445,7 @@ public class ExtPrettyPrint { } catch (Exception e) { return sb.toString(); } - } + } private String getPrivateKeyUsageExtension() { StringBuffer sb = new StringBuffer(); @@ -456,7 +454,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_PRIVATE_KEY_USAGE) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -484,7 +482,7 @@ public class ExtPrettyPrint { } catch (Exception e) { return sb.toString(); } - } + } private String getExtendedKeyUsageExtension() { StringBuffer sb = new StringBuffer(); @@ -493,7 +491,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_EXTENDED_KEY_USAGE) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -535,7 +533,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_KEY_USAGE) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -696,7 +694,7 @@ public class ExtPrettyPrint { if (serial != null) { sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_SERIAL) + - "0x" + serial.getNumber().toBigInteger().toString(16).toUpperCase() + "\n"); + "0x" + serial.getNumber().toBigInteger().toString(16).toUpperCase() + "\n"); } return sb.toString(); } catch (Exception e) { @@ -713,7 +711,7 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_REVOCATION_REASON) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); CRLReasonExtension ext = (CRLReasonExtension) mExt; @@ -723,7 +721,7 @@ public class ExtPrettyPrint { sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n"); } sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_REASON) + - ext.getReason().toString() + "\n"); + ext.getReason().toString() + "\n"); return sb.toString(); } catch (Exception e) { @@ -738,23 +736,23 @@ public class ExtPrettyPrint { StringBuffer sb = new StringBuffer(); try { sb.append(pp.indent(mIndentSize) + - mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString( - PrettyPrintResources.TOKEN_INHIBIT_ANY_POLICY_EXT) + "- "+ - mExt.getExtensionId().toString() +"\n"); - sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); - InhibitAnyPolicyExtension ext = (InhibitAnyPolicyExtension)mExt; + PrettyPrintResources.TOKEN_INHIBIT_ANY_POLICY_EXT) + "- " + + mExt.getExtensionId().toString() + "\n"); + sb.append(pp.indent(mIndentSize + 4) + + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); + InhibitAnyPolicyExtension ext = (InhibitAnyPolicyExtension) mExt; if (((Extension) mExt).isCritical()) sb.append(mResource.getString( - PrettyPrintResources.TOKEN_YES) + "\n"); + PrettyPrintResources.TOKEN_YES) + "\n"); else sb.append(mResource.getString( - PrettyPrintResources.TOKEN_NO) + "\n"); + PrettyPrintResources.TOKEN_NO) + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( - PrettyPrintResources.TOKEN_SKIP_CERTS)); + PrettyPrintResources.TOKEN_SKIP_CERTS)); BigInt num = ext.getSkipCerts(); - sb.append(""+num.toInt() + "\n"); + sb.append("" + num.toInt() + "\n"); return sb.toString(); } catch (Exception e) { return ""; @@ -770,7 +768,7 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_BASIC_CONSTRAINTS) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); BasicConstraintsExtension ext = (BasicConstraintsExtension) mExt; @@ -792,14 +790,14 @@ public class ExtPrettyPrint { if (pathLength != null) { if (pathLength.longValue() >= 0) { sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_PATH_LEN) + - pathLength.toString() + "\n"); + pathLength.toString() + "\n"); } else if (pathLength.longValue() == -1 || pathLength.longValue() == -2) { sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_PATH_LEN) + - mResource.getString(PrettyPrintResources.TOKEN_PATH_LEN_UNLIMITED) + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_PATH_LEN_UNLIMITED) + "\n"); } else { sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_PATH_LEN) + - mResource.getString(PrettyPrintResources.TOKEN_PATH_LEN_INVALID) + - " (" + pathLength.toString() + ")\n"); + mResource.getString(PrettyPrintResources.TOKEN_PATH_LEN_INVALID) + + " (" + pathLength.toString() + ")\n"); } } @@ -818,7 +816,7 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_CRL_NUMBER) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); CRLNumberExtension ext = (CRLNumberExtension) mExt; @@ -831,8 +829,8 @@ public class ExtPrettyPrint { if (crlNumber != null) { sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_NUMBER) + - crlNumber.toString() + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_NUMBER) + + crlNumber.toString() + "\n"); } return sb.toString(); @@ -850,7 +848,7 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_DELTA_CRL_INDICATOR) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); DeltaCRLIndicatorExtension ext = (DeltaCRLIndicatorExtension) mExt; @@ -863,8 +861,8 @@ public class ExtPrettyPrint { if (crlNumber != null) { sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_BASE_CRL_NUMBER) + - crlNumber.toString() + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_BASE_CRL_NUMBER) + + crlNumber.toString() + "\n"); } return sb.toString(); @@ -882,7 +880,7 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_ISSUER_ALT_NAME) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); IssuerAlternativeNameExtension ext = (IssuerAlternativeNameExtension) mExt; @@ -896,7 +894,7 @@ public class ExtPrettyPrint { if (issuerNames != null) { sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_ISSUER_NAMES) + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_ISSUER_NAMES) + "\n"); for (int i = 0; i < issuerNames.size(); i++) { GeneralName issuerName = (GeneralName) issuerNames.elementAt(i); @@ -925,7 +923,7 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_SUBJECT_ALT_NAME) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); SubjectAlternativeNameExtension ext = (SubjectAlternativeNameExtension) mExt; @@ -965,7 +963,7 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERT_SCOPE_OF_USE) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); CertificateScopeOfUseExtension ext = (CertificateScopeOfUseExtension) mExt; @@ -978,7 +976,7 @@ public class ExtPrettyPrint { if (entries != null) { sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_SCOPE_OF_USE) + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_SCOPE_OF_USE) + "\n"); for (int i = 0; i < entries.size(); i++) { CertificateScopeEntry se = (CertificateScopeEntry) entries.elementAt(i); GeneralName gn = se.getGeneralName(); @@ -994,7 +992,7 @@ public class ExtPrettyPrint { if (port != null) { sb.append(pp.indent(mIndentSize + 8) + PrettyPrintResources.TOKEN_PORT + - port.toBigInteger().toString() + "\n"); + port.toBigInteger().toString() + "\n"); } } } @@ -1016,12 +1014,12 @@ public class ExtPrettyPrint { // Generic stuff: name, OID, criticality // sb.append(pp.indent(mIndentSize) + - mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString( PrettyPrintResources.TOKEN_FRESHEST_CRL_EXT) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); if (((Extension) mExt).isCritical()) { sb.append(mResource.getString( PrettyPrintResources.TOKEN_YES) + "\n"); @@ -1039,7 +1037,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRLDP_NUMPOINTS) - + numPoints + "\n"); + + numPoints + "\n"); for (int i = 0; i < numPoints; i++) { @@ -1053,8 +1051,8 @@ public class ExtPrettyPrint { boolean isEmpty = true; sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_POINTN) + - i + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_POINTN) + + i + "\n"); CRLDistributionPoint pt = ext.getPointAt(i); @@ -1063,15 +1061,15 @@ public class ExtPrettyPrint { if (pt.getFullName() != null) { isEmpty = false; sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) - + pt.getFullName() + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) + + pt.getFullName() + "\n"); } if (pt.getRelativeName() != null) { isEmpty = false; sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) - + pt.getRelativeName() + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) + + pt.getRelativeName() + "\n"); } if (pt.getReasons() != null) { @@ -1080,15 +1078,15 @@ public class ExtPrettyPrint { String reasonList = reasonBitsToReasonList(reasonBits); sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_REASONS) - + reasonList + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_REASONS) + + reasonList + "\n"); } - + if (pt.getCRLIssuer() != null) { isEmpty = false; sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_CRLISSUER) - + pt.getCRLIssuer() + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_CRLISSUER) + + pt.getCRLIssuer() + "\n"); } if (isEmpty) { @@ -1115,12 +1113,12 @@ public class ExtPrettyPrint { // Generic stuff: name, OID, criticality // sb.append(pp.indent(mIndentSize) + - mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString( PrettyPrintResources.TOKEN_CRL_DP_EXT) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); if (((Extension) mExt).isCritical()) { sb.append(mResource.getString( PrettyPrintResources.TOKEN_YES) + "\n"); @@ -1133,13 +1131,13 @@ public class ExtPrettyPrint { // Now the CRLDP-specific stuff // CRLDistributionPointsExtension ext = - (CRLDistributionPointsExtension) mExt; + (CRLDistributionPointsExtension) mExt; int numPoints = ext.getNumPoints(); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRLDP_NUMPOINTS) - + numPoints + "\n"); + + numPoints + "\n"); for (int i = 0; i < numPoints; i++) { @@ -1153,8 +1151,8 @@ public class ExtPrettyPrint { boolean isEmpty = true; sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_POINTN) + - i + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_POINTN) + + i + "\n"); CRLDistributionPoint pt = ext.getPointAt(i); @@ -1163,15 +1161,15 @@ public class ExtPrettyPrint { if (pt.getFullName() != null) { isEmpty = false; sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) - + pt.getFullName() + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) + + pt.getFullName() + "\n"); } if (pt.getRelativeName() != null) { isEmpty = false; sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) - + pt.getRelativeName() + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_DISTPOINT) + + pt.getRelativeName() + "\n"); } if (pt.getReasons() != null) { @@ -1180,15 +1178,15 @@ public class ExtPrettyPrint { String reasonList = reasonBitsToReasonList(reasonBits); sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_REASONS) - + reasonList + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_REASONS) + + reasonList + "\n"); } - + if (pt.getCRLIssuer() != null) { isEmpty = false; sb.append(pp.indent(idt) + - mResource.getString(PrettyPrintResources.TOKEN_CRLDP_CRLISSUER) - + pt.getCRLIssuer() + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_CRLDP_CRLISSUER) + + pt.getCRLIssuer() + "\n"); } if (isEmpty) { @@ -1230,7 +1228,7 @@ public class ExtPrettyPrint { try { sb.append(pp.indent(mIndentSize) + mResource.getString(PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_ISSUING_DIST_POINT) + "- " + - mExt.getExtensionId().toString() + "\n"); + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); if (((Extension) mExt).isCritical()) { sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n"); @@ -1259,7 +1257,7 @@ public class ExtPrettyPrint { } if (relativeName != null) { sb.append(pp.indent(mIndentSize + 8) + mResource.getString(PrettyPrintResources.TOKEN_RELATIVE_NAME) + - relativeName.toString() + "\n"); + relativeName.toString() + "\n"); } } @@ -1307,7 +1305,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_INVALIDITY_DATE) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); InvalidityDateExtension ext = (InvalidityDateExtension) mExt; @@ -1319,9 +1317,9 @@ public class ExtPrettyPrint { } sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_DATE_OF_INVALIDITY) + - ext.getInvalidityDate().toString() + "\n"); + ext.getInvalidityDate().toString() + "\n"); return sb.toString(); - } catch (Exception e) { + } catch (Exception e) { return ""; } } @@ -1336,7 +1334,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERTIFICATE_ISSUER) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); CertificateIssuerExtension ext = (CertificateIssuerExtension) mExt; @@ -1352,7 +1350,7 @@ public class ExtPrettyPrint { if (issuerNames != null) { sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_ISSUER_NAMES) + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_ISSUER_NAMES) + "\n"); for (int i = 0; i < issuerNames.size(); i++) { GeneralName issuerName = (GeneralName) issuerNames.elementAt(i); @@ -1382,7 +1380,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_HOLD_INSTRUCTION) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); HoldInstructionExtension ext = (HoldInstructionExtension) mExt; @@ -1394,9 +1392,9 @@ public class ExtPrettyPrint { } sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_HOLD_INSTRUCTION_CODE) + - ext.getHoldInstructionCodeDescription() + "\n"); + ext.getHoldInstructionCodeDescription() + "\n"); return sb.toString(); - } catch (Exception e) { + } catch (Exception e) { return ""; } } @@ -1411,9 +1409,9 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append( - mResource.getString( - PrettyPrintResources.TOKEN_POLICY_CONSTRAINTS) + - "- " + mExt.getExtensionId().toString() + "\n"); + mResource.getString( + PrettyPrintResources.TOKEN_POLICY_CONSTRAINTS) + + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (((Extension) mExt).isCritical()) { @@ -1427,19 +1425,19 @@ public class ExtPrettyPrint { int inhibit = ext.getInhibitPolicyMapping(); sb.append( - pp.indent(mIndentSize + 4) + - mResource.getString( - PrettyPrintResources.TOKEN_REQUIRE_EXPLICIT_POLICY) + - ((require == -1) ? - mResource.getString(PrettyPrintResources.TOKEN_NOT_SET) : - String.valueOf(require)) + "\n"); + pp.indent(mIndentSize + 4) + + mResource.getString( + PrettyPrintResources.TOKEN_REQUIRE_EXPLICIT_POLICY) + + ((require == -1) ? + mResource.getString(PrettyPrintResources.TOKEN_NOT_SET) : + String.valueOf(require)) + "\n"); sb.append( - pp.indent(mIndentSize + 4) + - mResource.getString( - PrettyPrintResources.TOKEN_INHIBIT_POLICY_MAPPING) + - ((inhibit == -1) ? - mResource.getString(PrettyPrintResources.TOKEN_NOT_SET) : - String.valueOf(inhibit)) + "\n"); + pp.indent(mIndentSize + 4) + + mResource.getString( + PrettyPrintResources.TOKEN_INHIBIT_POLICY_MAPPING) + + ((inhibit == -1) ? + mResource.getString(PrettyPrintResources.TOKEN_NOT_SET) : + String.valueOf(inhibit)) + "\n"); return sb.toString(); } catch (Exception e) { return ""; @@ -1456,7 +1454,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_POLICY_MAPPINGS) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (((Extension) mExt).isCritical()) { @@ -1469,27 +1467,27 @@ public class ExtPrettyPrint { Enumeration<CertificatePolicyMap> maps = ext.getMappings(); sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_MAPPINGS)); + mResource.getString(PrettyPrintResources.TOKEN_MAPPINGS)); if (maps == null || !maps.hasMoreElements()) { sb.append( - mResource.getString(PrettyPrintResources.TOKEN_NONE) + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_NONE) + "\n"); } else { sb.append("\n"); for (int i = 0; maps.hasMoreElements(); i++) { sb.append(pp.indent(mIndentSize + 8) + - mResource.getString( - PrettyPrintResources.TOKEN_MAP) + i + ":" + "\n"); - CertificatePolicyMap m = - (CertificatePolicyMap) maps.nextElement(); + mResource.getString( + PrettyPrintResources.TOKEN_MAP) + i + ":" + "\n"); + CertificatePolicyMap m = + (CertificatePolicyMap) maps.nextElement(); sb.append(pp.indent(mIndentSize + 12) + - mResource.getString( - PrettyPrintResources.TOKEN_ISSUER_DOMAIN_POLICY) + - m.getIssuerIdentifier().getIdentifier().toString() + "\n"); + mResource.getString( + PrettyPrintResources.TOKEN_ISSUER_DOMAIN_POLICY) + + m.getIssuerIdentifier().getIdentifier().toString() + "\n"); sb.append(pp.indent(mIndentSize + 12) + - mResource.getString( - PrettyPrintResources.TOKEN_SUBJECT_DOMAIN_POLICY) + - m.getSubjectIdentifier().getIdentifier().toString() + "\n"); + mResource.getString( + PrettyPrintResources.TOKEN_SUBJECT_DOMAIN_POLICY) + + m.getSubjectIdentifier().getIdentifier().toString() + "\n"); } } return sb.toString(); @@ -1508,40 +1506,40 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_SUBJECT_DIR_ATTR) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); + mResource.getString(PrettyPrintResources.TOKEN_CRITICAL)); if (((Extension) mExt).isCritical()) { sb.append(mResource.getString(PrettyPrintResources.TOKEN_YES) + "\n"); } else { sb.append(mResource.getString(PrettyPrintResources.TOKEN_NO) + "\n"); } - SubjectDirAttributesExtension ext = - (SubjectDirAttributesExtension) mExt; + SubjectDirAttributesExtension ext = + (SubjectDirAttributesExtension) mExt; sb.append(pp.indent(mIndentSize + 4) + - mResource.getString(PrettyPrintResources.TOKEN_ATTRIBUTES)); + mResource.getString(PrettyPrintResources.TOKEN_ATTRIBUTES)); Enumeration<Attribute> attrs = ext.getAttributesList(); if (attrs == null || !attrs.hasMoreElements()) { sb.append( - mResource.getString(PrettyPrintResources.TOKEN_NONE) + "\n"); + mResource.getString(PrettyPrintResources.TOKEN_NONE) + "\n"); } else { sb.append("\n"); for (int j = 0; attrs.hasMoreElements(); j++) { Attribute attr = (Attribute) attrs.nextElement(); sb.append(pp.indent(mIndentSize + 8) + - mResource.getString( - PrettyPrintResources.TOKEN_ATTRIBUTE) + j + ":" + "\n"); + mResource.getString( + PrettyPrintResources.TOKEN_ATTRIBUTE) + j + ":" + "\n"); sb.append(pp.indent(mIndentSize + 12) + - mResource.getString( - PrettyPrintResources.TOKEN_IDENTIFIER) + - attr.getOid().toString() + "\n"); + mResource.getString( + PrettyPrintResources.TOKEN_IDENTIFIER) + + attr.getOid().toString() + "\n"); sb.append(pp.indent(mIndentSize + 12) + - mResource.getString( - PrettyPrintResources.TOKEN_VALUES)); + mResource.getString( + PrettyPrintResources.TOKEN_VALUES)); Enumeration<String> values = attr.getValues(); if (values == null || !values.hasMoreElements()) { @@ -1551,7 +1549,7 @@ public class ExtPrettyPrint { for (int k = 0; values.hasMoreElements(); k++) { String v = (String) values.nextElement(); - if (k != 0) + if (k != 0) sb.append(","); sb.append(v); } @@ -1572,7 +1570,7 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize) + mResource.getString( PrettyPrintResources.TOKEN_IDENTIFIER)); sb.append(mResource.getString(PrettyPrintResources.TOKEN_CERT_POLICIES) + - "- " + mExt.getExtensionId().toString() + "\n"); + "- " + mExt.getExtensionId().toString() + "\n"); sb.append(pp.indent(mIndentSize + 4) + mResource.getString( PrettyPrintResources.TOKEN_CRITICAL)); if (mExt.isCritical()) { @@ -1586,7 +1584,7 @@ public class ExtPrettyPrint { PrettyPrintResources.TOKEN_CERT_POLICIES) + "\n"); CertificatePoliciesExtension cp = (CertificatePoliciesExtension) mExt; @SuppressWarnings("unchecked") - Vector<CertificatePolicyInfo> cpv = (Vector<CertificatePolicyInfo>) cp.get("infos"); + Vector<CertificatePolicyInfo> cpv = (Vector<CertificatePolicyInfo>) cp.get("infos"); Enumeration<CertificatePolicyInfo> e = cpv.elements(); if (e != null) { @@ -1596,25 +1594,24 @@ public class ExtPrettyPrint { sb.append(pp.indent(mIndentSize + 8) + "Policy Identifier: " + cpi.getPolicyIdentifier().getIdentifier().toString() + "\n"); PolicyQualifiers cpq = cpi.getPolicyQualifiers(); if (cpq != null) { - for (int i=0; i < cpq.size(); i++) { + for (int i = 0; i < cpq.size(); i++) { PolicyQualifierInfo pq = cpq.getInfoAt(i); Qualifier q = pq.getQualifier(); if (q instanceof CPSuri) { - sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Identifier: CPS Pointer Qualifier - " - + pq.getId() + "\n"); + sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Identifier: CPS Pointer Qualifier - " + + pq.getId() + "\n"); sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Data: " + ((CPSuri) q).getURI() + "\n"); - } - else if (q instanceof UserNotice) { - sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Identifier: CPS User Notice Qualifier - " - + pq.getId() + "\n"); + } else if (q instanceof UserNotice) { + sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Identifier: CPS User Notice Qualifier - " + + pq.getId() + "\n"); NoticeReference nref = ((UserNotice) q).getNoticeReference(); DisplayText dt = ((UserNotice) q).getDisplayText(); - sb.append(pp.indent(mIndentSize +12) + "Policy Qualifier Data: \n"); - if (nref != null) { - sb.append(pp.indent(mIndentSize+16) + "Organization: " + nref.getOrganization().toString() + "\n" ); - sb.append(pp.indent(mIndentSize+16) + "Notice Numbers: " ); + sb.append(pp.indent(mIndentSize + 12) + "Policy Qualifier Data: \n"); + if (nref != null) { + sb.append(pp.indent(mIndentSize + 16) + "Organization: " + nref.getOrganization().toString() + "\n"); + sb.append(pp.indent(mIndentSize + 16) + "Notice Numbers: "); int[] nums = nref.getNumbers(); - for (int k=0; k<nums.length; k++) { + for (int k = 0; k < nums.length; k++) { if (k != 0) { sb.append(","); sb.append(nums[k]); @@ -1625,9 +1622,9 @@ public class ExtPrettyPrint { sb.append("\n"); } if (dt != null) { - sb.append(pp.indent(mIndentSize+16) + "Explicit Text: " + dt.toString() + "\n"); + sb.append(pp.indent(mIndentSize + 16) + "Explicit Text: " + dt.toString() + "\n"); } - } + } } } } @@ -1638,6 +1635,4 @@ public class ExtPrettyPrint { } } - } - diff --git a/pki/base/util/src/netscape/security/util/IA5CharsetDecoder.java b/pki/base/util/src/netscape/security/util/IA5CharsetDecoder.java index 70f16a87..620d65ac 100644 --- a/pki/base/util/src/netscape/security/util/IA5CharsetDecoder.java +++ b/pki/base/util/src/netscape/security/util/IA5CharsetDecoder.java @@ -26,7 +26,7 @@ import java.nio.charset.CodingErrorAction; /** * Converts bytes in ASN.1 IA5String character set to IA5String characters. - * + * * @author Lily Hsiao * @author Slava Galperin */ @@ -41,7 +41,8 @@ public class IA5CharsetDecoder extends CharsetDecoder { while (true) { - if (in.remaining() < 1) return CoderResult.UNDERFLOW; + if (in.remaining() < 1) + return CoderResult.UNDERFLOW; in.mark(); byte b = in.get(); @@ -55,7 +56,7 @@ public class IA5CharsetDecoder extends CharsetDecoder { return CoderResult.OVERFLOW; } - out.put((char)(b & 0x7f)); + out.put((char) (b & 0x7f)); } } } diff --git a/pki/base/util/src/netscape/security/util/IA5CharsetEncoder.java b/pki/base/util/src/netscape/security/util/IA5CharsetEncoder.java index 335adf71..dad0c9a2 100644 --- a/pki/base/util/src/netscape/security/util/IA5CharsetEncoder.java +++ b/pki/base/util/src/netscape/security/util/IA5CharsetEncoder.java @@ -26,7 +26,7 @@ import java.nio.charset.CodingErrorAction; /** * Converts characters in ASN.1 IA5String character set to IA5String bytes. - * + * * @author Lily Hsiao * @author Slava Galperin */ @@ -48,7 +48,8 @@ public class IA5CharsetEncoder extends CharsetEncoder { while (true) { - if (in.remaining() < 1) return CoderResult.UNDERFLOW; + if (in.remaining() < 1) + return CoderResult.UNDERFLOW; in.mark(); char c = in.get(); @@ -62,7 +63,7 @@ public class IA5CharsetEncoder extends CharsetEncoder { return CoderResult.OVERFLOW; } - out.put((byte)(c & 0x7f)); + out.put((byte) (c & 0x7f)); } } } diff --git a/pki/base/util/src/netscape/security/util/ObjectIdentifier.java b/pki/base/util/src/netscape/security/util/ObjectIdentifier.java index 505db7a9..f2badf8b 100644 --- a/pki/base/util/src/netscape/security/util/ObjectIdentifier.java +++ b/pki/base/util/src/netscape/security/util/ObjectIdentifier.java @@ -21,62 +21,51 @@ import java.io.IOException; import java.io.Serializable; import java.util.StringTokenizer; - /** * Represent an ISO Object Identifier. - * - * <P>Object Identifiers are arbitrary length hierarchical identifiers. - * The individual components are numbers, and they define paths from the - * root of an ISO-managed identifier space. You will sometimes see a - * string name used instead of (or in addition to) the numerical id. - * These are synonyms for the numerical IDs, but are not widely used - * since most sites do not know all the requisite strings, while all - * sites can parse the numeric forms. - * - * <P>So for example, JavaSoft has the sole authority to assign the - * meaning to identifiers below the 1.3.6.1.4.42.2.17 node in the - * hierarchy, and other organizations can easily acquire the ability - * to assign such unique identifiers. - * + * + * <P> + * Object Identifiers are arbitrary length hierarchical identifiers. The individual components are numbers, and they define paths from the root of an ISO-managed identifier space. You will sometimes see a string name used instead of (or in addition to) the numerical id. These are synonyms for the numerical IDs, but are not widely used since most sites do not know all the requisite strings, while all sites can parse the numeric forms. + * + * <P> + * So for example, JavaSoft has the sole authority to assign the meaning to identifiers below the 1.3.6.1.4.42.2.17 node in the hierarchy, and other organizations can easily acquire the ability to assign such unique identifiers. + * * @version 1.23 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra */ -final public -class ObjectIdentifier implements Serializable -{ +final public class ObjectIdentifier implements Serializable { /** use serialVersionUID from JDK 1.1. for interoperability */ private static final long serialVersionUID = 8697030238860181294L; /** - * Constructs an object identifier from a string. This string + * Constructs an object identifier from a string. This string * should be of the form 1.23.34.45.56 etc. */ - public ObjectIdentifier (String oid) - { - if (oid == null) - return; - + public ObjectIdentifier(String oid) { + if (oid == null) + return; + int ch = '.'; - int start = 0; + int start = 0; int end = 0; - + // Calculate length of oid componentLen = 0; - while ((end = oid.indexOf(ch,start)) != -1) { + while ((end = oid.indexOf(ch, start)) != -1) { start = end + 1; componentLen += 1; } componentLen += 1; components = new int[componentLen]; - + start = 0; int i = 0; String comp = null; - while ((end = oid.indexOf(ch,start)) != -1) { - comp = oid.substring(start,end); + while ((end = oid.indexOf(ch, start)) != -1) { + comp = oid.substring(start, end); components[i++] = Integer.valueOf(comp).intValue(); start = end + 1; } @@ -85,163 +74,153 @@ class ObjectIdentifier implements Serializable } /** - * Constructs an object ID from an array of integers. This + * Constructs an object ID from an array of integers. This * is used to construct constant object IDs. */ - public ObjectIdentifier (int values []) - { - try { - components = (int []) values.clone (); - componentLen = values.length; - } catch (Throwable t) { - System.out.println ("X509.ObjectIdentifier(), no cloning!"); - } + public ObjectIdentifier(int values[]) { + try { + components = (int[]) values.clone(); + componentLen = values.length; + } catch (Throwable t) { + System.out.println("X509.ObjectIdentifier(), no cloning!"); + } } - /** * Constructs an object ID from an ASN.1 encoded input stream. * The encoding of the ID in the stream uses "DER", a BER/1 subset. * In this case, that means a triple { typeId, length, data }. - * - * <P><STRONG>NOTE:</STRONG> When an exception is thrown, the - * input stream has not been returned to its "initial" state. - * + * + * <P> + * <STRONG>NOTE:</STRONG> When an exception is thrown, the input stream has not been returned to its "initial" state. + * * @param in DER-encoded data holding an object ID * @exception IOException indicates a decoding error */ - public ObjectIdentifier (DerInputStream in) - throws IOException - { - byte type_id; - int bufferEnd; - - /* - * Object IDs are a "universal" type, and their tag needs only - * one byte of encoding. Verify that the tag of this datum - * is that of an object ID. - * - * Then get and check the length of the ID's encoding. We set - * up so that we can use in.available() to check for the end of - * this value in the data stream. - */ - type_id = (byte) in.getByte (); - if (type_id != DerValue.tag_ObjectId) - throw new IOException ( - "X509.ObjectIdentifier() -- data isn't an object ID" - + " (tag = " + type_id + ")" - ); - - bufferEnd = in.available () - in.getLength () - 1; - if (bufferEnd < 0) - throw new IOException ( - "X509.ObjectIdentifier() -- not enough data"); - - initFromEncoding (in, bufferEnd); + public ObjectIdentifier(DerInputStream in) + throws IOException { + byte type_id; + int bufferEnd; + + /* + * Object IDs are a "universal" type, and their tag needs only + * one byte of encoding. Verify that the tag of this datum + * is that of an object ID. + * + * Then get and check the length of the ID's encoding. We set + * up so that we can use in.available() to check for the end of + * this value in the data stream. + */ + type_id = (byte) in.getByte(); + if (type_id != DerValue.tag_ObjectId) + throw new IOException( + "X509.ObjectIdentifier() -- data isn't an object ID" + + " (tag = " + type_id + ")"); + + bufferEnd = in.available() - in.getLength() - 1; + if (bufferEnd < 0) + throw new IOException( + "X509.ObjectIdentifier() -- not enough data"); + + initFromEncoding(in, bufferEnd); } /* * Build the OID from the rest of a DER input buffer; the tag * and length have been removed/verified */ - ObjectIdentifier (DerInputBuffer buf) throws IOException - { - initFromEncoding (new DerInputStream (buf), 0); + ObjectIdentifier(DerInputBuffer buf) throws IOException { + initFromEncoding(new DerInputStream(buf), 0); } /* * Helper function -- get the OID from a stream, after tag and * length are verified. */ - private void initFromEncoding (DerInputStream in, int bufferEnd) - throws IOException - { - - /* - * Now get the components ("sub IDs") one at a time. We fill a - * temporary buffer, resizing it as needed. - */ - int component; - boolean first_subid = true; - - for (components = new int [allocationQuantum], componentLen = 0; - in.available () > bufferEnd; - ) { - component = getComponent (in); - - if (first_subid) { - int X, Y; - - /* - * The ISO root has three children (0, 1, 2) and those nodes - * aren't allowed to assign IDs larger than 39. These rules - * are memorialized by some special casing in the BER encoding - * of object IDs ... or maybe it's vice versa. - * - * NOTE: the allocation quantum is large enough that we know - * we don't have to reallocate here! - */ - if (component < 40) - X = 0; - else if (component < 80) - X = 1; - else - X = 2; - Y = component - ( X * 40); - - components [0] = X; - components [1] = Y; - componentLen = 2; - - first_subid = false; - - } else { - - /* - * Other components are encoded less exotically. The only - * potential trouble is the need to grow the array. - */ - if (componentLen >= components.length) { - int tmp_components []; - - tmp_components = new int [components.length - + allocationQuantum]; - System.arraycopy (components, 0, tmp_components, 0, - components.length); - components = tmp_components; - } - components [componentLen++] = component; - } - } - - /* - * Final sanity check -- if we didn't use exactly the number of bytes - * specified, something's quite wrong. - */ - if (in.available () != bufferEnd) { - throw new IOException ( - "X509.ObjectIdentifier() -- malformed input data"); - } - } + private void initFromEncoding(DerInputStream in, int bufferEnd) + throws IOException { + + /* + * Now get the components ("sub IDs") one at a time. We fill a + * temporary buffer, resizing it as needed. + */ + int component; + boolean first_subid = true; + + for (components = new int[allocationQuantum], componentLen = 0; in.available() > bufferEnd;) { + component = getComponent(in); + + if (first_subid) { + int X, Y; + + /* + * The ISO root has three children (0, 1, 2) and those nodes + * aren't allowed to assign IDs larger than 39. These rules + * are memorialized by some special casing in the BER encoding + * of object IDs ... or maybe it's vice versa. + * + * NOTE: the allocation quantum is large enough that we know + * we don't have to reallocate here! + */ + if (component < 40) + X = 0; + else if (component < 80) + X = 1; + else + X = 2; + Y = component - (X * 40); + + components[0] = X; + components[1] = Y; + componentLen = 2; + + first_subid = false; + + } else { + + /* + * Other components are encoded less exotically. The only + * potential trouble is the need to grow the array. + */ + if (componentLen >= components.length) { + int tmp_components[]; + + tmp_components = new int[components.length + + allocationQuantum]; + System.arraycopy(components, 0, tmp_components, 0, + components.length); + components = tmp_components; + } + components[componentLen++] = component; + } + } + /* + * Final sanity check -- if we didn't use exactly the number of bytes + * specified, something's quite wrong. + */ + if (in.available() != bufferEnd) { + throw new IOException( + "X509.ObjectIdentifier() -- malformed input data"); + } + } /* * n.b. the only public interface is DerOutputStream.putOID() */ - void encode (DerOutputStream out) throws IOException - { - DerOutputStream bytes = new DerOutputStream (); - int i; - - bytes.write ((components [0] * 40) + components [1]); - for (i = 2; i < componentLen; i++) - putComponent (bytes, components [i]); - - /* - * Now that we've constructed the component, encode - * it in the stream we were given. - */ - out.write (DerValue.tag_ObjectId, bytes); + void encode(DerOutputStream out) throws IOException { + DerOutputStream bytes = new DerOutputStream(); + int i; + + bytes.write((components[0] * 40) + components[1]); + for (i = 2; i < componentLen; i++) + putComponent(bytes, components[i]); + + /* + * Now that we've constructed the component, encode + * it in the stream we were given. + */ + out.write(DerValue.tag_ObjectId, bytes); } /* @@ -249,20 +228,19 @@ class ObjectIdentifier implements Serializable * per octet is lost, this returns at most 28 bits of component. * Also, notice this parses in big-endian format. */ - private static int getComponent (DerInputStream in) - throws IOException - { + private static int getComponent(DerInputStream in) + throws IOException { int retval, i, tmp; - for (i = 0, retval = 0; i < 4; i++) { - retval <<= 7; - tmp = in.getByte (); - retval |= (tmp & 0x07f); - if ((tmp & 0x080) == 0) - return retval; - } + for (i = 0, retval = 0; i < 4; i++) { + retval <<= 7; + tmp = in.getByte(); + retval |= (tmp & 0x07f); + if ((tmp & 0x080) == 0) + return retval; + } - throw new IOException ("X509.OID, component value too big"); + throw new IOException("X509.OID, component value too big"); } /* @@ -270,21 +248,20 @@ class ObjectIdentifier implements Serializable * big-endian form, so it buffers the output until it's ready. * (Minimum length encoding is a DER requirement.) */ - private static void putComponent (DerOutputStream out, int val) - throws IOException - { - int i; - byte buf [] = new byte [4] ; - - for (i = 0; i < 4; i++) { - buf [i] = (byte) (val & 0x07f); - val >>>= 7; - if (val == 0) - break; - } - for ( ; i > 0; --i) - out.write (buf [i] | 0x080); - out.write (buf [0]); + private static void putComponent(DerOutputStream out, int val) + throws IOException { + int i; + byte buf[] = new byte[4]; + + for (i = 0; i < 4; i++) { + buf[i] = (byte) (val & 0x07f); + val >>>= 7; + if (val == 0) + break; + } + for (; i > 0; --i) + out.write(buf[i] | 0x080); + out.write(buf[0]); } // XXX this API should probably facilitate the JDK sort utility @@ -292,64 +269,61 @@ class ObjectIdentifier implements Serializable /** * Compares this identifier with another, for sorting purposes. * An identifier does not precede itself. - * + * * @param other identifer that may precede this one. * @return true iff <em>other</em> precedes this one - * in a particular sorting order. + * in a particular sorting order. */ - public boolean precedes (ObjectIdentifier other) - { - int i; - - // shorter IDs go first - if (other == this || componentLen < other.componentLen) - return false; - if (other.componentLen < componentLen) - return true; - - // for each component, the lesser component goes first - for (i = 0; i < componentLen; i++) { - if (other.components [i] < components [i]) - return true; - } - - // identical IDs don't precede each other - return false; + public boolean precedes(ObjectIdentifier other) { + int i; + + // shorter IDs go first + if (other == this || componentLen < other.componentLen) + return false; + if (other.componentLen < componentLen) + return true; + + // for each component, the lesser component goes first + for (i = 0; i < componentLen; i++) { + if (other.components[i] < components[i]) + return true; + } + + // identical IDs don't precede each other + return false; } - public boolean equals (Object other) - { - if (other instanceof ObjectIdentifier) - return equals ((ObjectIdentifier) other); - else - return false; + public boolean equals(Object other) { + if (other instanceof ObjectIdentifier) + return equals((ObjectIdentifier) other); + else + return false; } /** * Compares this identifier with another, for equality. - * + * * @return true iff the names are identical. */ - public boolean equals (ObjectIdentifier other) - { - int i; - - if (other == this) - return true; - if (componentLen != other.componentLen) - return false; - for (i = 0; i < componentLen; i++) { - if (components [i] != other.components [i]) - return false; - } - return true; + public boolean equals(ObjectIdentifier other) { + int i; + + if (other == this) + return true; + if (componentLen != other.componentLen) + return false; + for (i = 0; i < componentLen; i++) { + if (components[i] != other.components[i]) + return false; + } + return true; } public int hashCode() { - int h=0; - int oflow=0; + int h = 0; + int oflow = 0; - for (int i=0;i<componentLen;i++) { + for (int i = 0; i < componentLen; i++) { oflow = (h & 0xff800000) >> 23; h <<= 9; h += components[i]; @@ -359,22 +333,21 @@ class ObjectIdentifier implements Serializable } /** - * Returns a string form of the object ID. The format is the + * Returns a string form of the object ID. The format is the * conventional "dot" notation for such IDs, without any * user-friendly descriptive strings, since those strings * will not be understood everywhere. */ - public String toString () - { - String retval; - int i; - - for (i = 0, retval = ""; i < componentLen; i++) { - if (i != 0) - retval += "."; - retval += components [i]; - } - return retval; + public String toString() { + String retval; + int i; + + for (i = 0, retval = ""; i < componentLen; i++) { + if (i != 0) + retval += "."; + retval += components[i]; + } + return retval; } /* @@ -382,67 +355,66 @@ class ObjectIdentifier implements Serializable * larger than 32 bits. Then we represent the path from the root as * an array that's (usually) only filled at the beginning. */ - private int components []; // path from root - private int componentLen; // how much is used. + private int components[]; // path from root + private int componentLen; // how much is used. - private static final int allocationQuantum = 5; // >= 2 + private static final int allocationQuantum = 5; // >= 2 /** - * Netscape Enhancement: + * Netscape Enhancement: * This function implements a object identifier factory. It * should help reduces in-memory Object Identifier object. * This function also provide additional checking on the OID. * A valid OID should start with 0, 1, or 2. - * - * Notes: - * This function never returns null. IOException is raised - * in error conditions. + * + * Notes: + * This function never returns null. IOException is raised + * in error conditions. */ public static java.util.Hashtable mOIDs = new java.util.Hashtable(); + public static ObjectIdentifier getObjectIdentifier(String oid) - throws IOException - { - int value; - - if (oid == null) - throw new IOException("empty object identifier"); - - oid = oid.trim(); - - ObjectIdentifier thisOID = (ObjectIdentifier)mOIDs.get(oid); - if (thisOID != null) - return thisOID; - - StringTokenizer token = new StringTokenizer(oid, "."); - value = new Integer(token.nextToken()).intValue(); - /* First token should be 0, 1, 2 */ - if (value >= 0 && value <= 2) { - value = new Integer(token.nextToken()).intValue(); - /* Second token should be 0 <= && >= 39 */ - if (value >= 0 && value <= 39) { - thisOID = new ObjectIdentifier(oid); - if (thisOID.toString().equals(oid)) { - mOIDs.put(oid, thisOID); - return thisOID; - } - throw new IOException("invalid oid " + oid); - } else - throw new IOException("invalid oid " + oid); - } else - throw new IOException("invalid oid " + oid); + throws IOException { + int value; + + if (oid == null) + throw new IOException("empty object identifier"); + + oid = oid.trim(); + + ObjectIdentifier thisOID = (ObjectIdentifier) mOIDs.get(oid); + if (thisOID != null) + return thisOID; + + StringTokenizer token = new StringTokenizer(oid, "."); + value = new Integer(token.nextToken()).intValue(); + /* First token should be 0, 1, 2 */ + if (value >= 0 && value <= 2) { + value = new Integer(token.nextToken()).intValue(); + /* Second token should be 0 <= && >= 39 */ + if (value >= 0 && value <= 39) { + thisOID = new ObjectIdentifier(oid); + if (thisOID.toString().equals(oid)) { + mOIDs.put(oid, thisOID); + return thisOID; + } + throw new IOException("invalid oid " + oid); + } else + throw new IOException("invalid oid " + oid); + } else + throw new IOException("invalid oid " + oid); } public static ObjectIdentifier getObjectIdentifier(int values[]) - throws IOException - { - String retval; - int i; - - for (i = 0, retval = ""; i < values.length; i++) { - if (i != 0) - retval += "."; - retval += values [i]; - } - return getObjectIdentifier(retval); + throws IOException { + String retval; + int i; + + for (i = 0, retval = ""; i < values.length; i++) { + if (i != 0) + retval += "."; + retval += values[i]; + } + return getObjectIdentifier(retval); } } diff --git a/pki/base/util/src/netscape/security/util/PrettyPrintFormat.java b/pki/base/util/src/netscape/security/util/PrettyPrintFormat.java index 94a5d18c..25bc23d2 100644 --- a/pki/base/util/src/netscape/security/util/PrettyPrintFormat.java +++ b/pki/base/util/src/netscape/security/util/PrettyPrintFormat.java @@ -17,11 +17,10 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.util; - /** * This class will display the certificate content in predefined * format. - * + * * @author Andrew Wnuk * @version $Revision$, $Date$ */ @@ -31,92 +30,87 @@ public class PrettyPrintFormat { * variables *==========================================================*/ private String mSeparator = ""; - private int mIndentSize = 0; - private int mLineLen = 0; + private int mIndentSize = 0; + private int mLineLen = 0; /*========================================================== * constants * - *==========================================================*/ - private final static String spaces= - " "+ - " "+ - " "+ - " "+ - " "; - - /*========================================================== + *==========================================================*/ + private final static String spaces = + " " + + " " + + " " + + " " + + " "; + + /*========================================================== * constructors *==========================================================*/ - public PrettyPrintFormat(String separator) - { - mSeparator = separator; + public PrettyPrintFormat(String separator) { + mSeparator = separator; } - public PrettyPrintFormat(String separator, int lineLen) - { - mSeparator = separator; - mLineLen = lineLen; + public PrettyPrintFormat(String separator, int lineLen) { + mSeparator = separator; + mLineLen = lineLen; } - public PrettyPrintFormat(String separator, int lineLen, int indentSize) - { - mSeparator = separator; - mLineLen = lineLen; - mIndentSize = indentSize; + public PrettyPrintFormat(String separator, int lineLen, int indentSize) { + mSeparator = separator; + mLineLen = lineLen; + mIndentSize = indentSize; } /*========================================================== * Private methods *==========================================================*/ - - + /*========================================================== * public methods *==========================================================*/ /** * Provide white space indention - * stevep - speed improvements. Factor of 10 improvement + * stevep - speed improvements. Factor of 10 improvement + * * @param numSpace number of white space to be returned * @return white spaces */ - public String indent(int size) { - return spaces.substring(0,size); - } + public String indent(int size) { + return spaces.substring(0, size); + } private static final char[] hexdigits = { - '0','1','2','3','4','5','6','7','8','9', - 'A','B','C','D','E','F' + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', + 'A', 'B', 'C', 'D', 'E', 'F' }; - /** * Convert Byte Array to Hex String Format - * stevep - speedup by factor of 8 + * stevep - speedup by factor of 8 + * * @param byte array of data to hexify - * @param indentSize number of spaces to prepend before each line - * @param lineLen number of bytes to output on each line (0 - means: put everything on one line - * @param separator the first character of this string will be used as - the separator between bytes. + * @param indentSize number of spaces to prepend before each line + * @param lineLen number of bytes to output on each line (0 + * means: put everything on one line + * @param separator the first character of this string will be used as + * the separator between bytes. * @return string representation */ - public String toHexString(byte[] in, int indentSize, - int lineLen, String separator) - { + public String toHexString(byte[] in, int indentSize, + int lineLen, String separator) { StringBuffer sb = new StringBuffer(); int hexCount = 0; char c[]; - int j=0; + int j = 0; - if (lineLen ==0) { - c = new char[in.length*3+1]; - } - else { - c = new char[lineLen*3+1]; + if (lineLen == 0) { + c = new char[in.length * 3 + 1]; + } else { + c = new char[lineLen * 3 + 1]; } char sep = separator.charAt(0); @@ -125,16 +119,16 @@ public class PrettyPrintFormat { for (int i = 0; i < in.length; i++) { if (lineLen > 0 && hexCount == lineLen) { c[j++] = '\n'; - sb.append(c,0,j); + sb.append(c, 0, j); sb.append(indent(indentSize)); - hexCount =0; - j=0; + hexCount = 0; + j = 0; } byte x = in[i]; // output hex digits to buffer c[j++] = hexdigits[(char) ((x >> 4) & 0xf)]; - c[j++] = hexdigits[(char) (x&0xf)]; + c[j++] = hexdigits[(char) (x & 0xf)]; // if not last char, output separator if (i != in.length - 1) { @@ -143,25 +137,24 @@ public class PrettyPrintFormat { hexCount++; } - if (j>0) { + if (j > 0) { c[j++] = '\n'; - sb.append(c,0,j); + sb.append(c, 0, j); } -// sb.append("\n"); + // sb.append("\n"); return sb.toString(); } - public String toHexString(byte[] in, int indentSize, int lineLen) { - return toHexString(in,indentSize,lineLen,mSeparator); + return toHexString(in, indentSize, lineLen, mSeparator); } public String toHexString(byte[] in, int indentSize) { - return toHexString(in,indentSize,mLineLen); + return toHexString(in, indentSize, mLineLen); } public String toHexString(byte[] in) { - return toHexString(in,mIndentSize); - } + return toHexString(in, mIndentSize); + } } diff --git a/pki/base/util/src/netscape/security/util/PrettyPrintResources.java b/pki/base/util/src/netscape/security/util/PrettyPrintResources.java index 45b08206..a3f068f6 100644 --- a/pki/base/util/src/netscape/security/util/PrettyPrintResources.java +++ b/pki/base/util/src/netscape/security/util/PrettyPrintResources.java @@ -17,21 +17,19 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.util; - import java.util.ListResourceBundle; import netscape.security.extensions.NSCertTypeExtension; import netscape.security.x509.KeyUsageExtension; - /** * Resource Boundle for the Pretty Print - * + * * @author Jack Pan-Chen * @version $Revision$, $Date$ */ -public class PrettyPrintResources extends ListResourceBundle { +public class PrettyPrintResources extends ListResourceBundle { /** * Returns content @@ -180,124 +178,124 @@ public class PrettyPrintResources extends ListResourceBundle { //Tokens should have blank_space as trailer static final Object[][] contents = { - {TOKEN_CERTIFICATE, "Certificate: "}, - {TOKEN_DATA, "Data: "}, - {TOKEN_VERSION, "Version: "}, - {TOKEN_SERIAL, "Serial Number: "}, - {TOKEN_SIGALG, "Signature Algorithm: "}, - {TOKEN_ISSUER, "Issuer: "}, - {TOKEN_VALIDITY, "Validity: "}, - {TOKEN_NOT_BEFORE, "Not Before: "}, - {TOKEN_NOT_AFTER, "Not After: "}, - {TOKEN_SUBJECT, "Subject: "}, - {TOKEN_SPKI, "Subject Public Key Info: "}, - {TOKEN_ALGORITHM, "Algorithm: "}, - {TOKEN_PUBLIC_KEY, "Public Key: "}, - {TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: "}, - {TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: "}, - {TOKEN_EXTENSIONS, "Extensions: "}, - {TOKEN_SIGNATURE, "Signature: "}, - {TOKEN_YES, "yes "}, - {TOKEN_NO, "no "}, - {TOKEN_IDENTIFIER, "Identifier: "}, - {TOKEN_CRITICAL, "Critical: "}, - {TOKEN_VALUE, "Value: "}, - {TOKEN_KEY_TYPE, "Key Type "}, - {TOKEN_CERT_TYPE, "Netscape Certificate Type "}, - {TOKEN_SKI, "Subject Key Identifier "}, - {TOKEN_AKI, "Authority Key Identifier "}, - {TOKEN_ACCESS_DESC, "Access Description: "}, - {TOKEN_OCSP_NOCHECK, "OCSP NoCheck: "}, - {TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: "}, - {TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: "}, - {TOKEN_PRESENCE_SERVER, "Presence Server: "}, - {TOKEN_AIA, "Authority Info Access: "}, - {TOKEN_CERT_POLICIES, "Certificate Policies: "}, - {TOKEN_SIA, "Subject Info Access: "}, - {TOKEN_KEY_USAGE, "Key Usage: "}, - {KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature "}, - {KeyUsageExtension.NON_REPUDIATION, "Non Repudiation "}, - {KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment "}, - {KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment "}, - {KeyUsageExtension.KEY_AGREEMENT, "Key Agreement "}, - {KeyUsageExtension.KEY_CERTSIGN, "Key CertSign "}, - {KeyUsageExtension.CRL_SIGN, "Crl Sign "}, - {KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only "}, - {KeyUsageExtension.DECIPHER_ONLY, "Decipher Only "}, - {TOKEN_CERT_USAGE, "Certificate Usage: "}, - {NSCertTypeExtension.SSL_CLIENT, "SSL Client "}, - {NSCertTypeExtension.SSL_SERVER, "SSL Server "}, - {NSCertTypeExtension.EMAIL, "Secure Email "}, - {NSCertTypeExtension.OBJECT_SIGNING, "Object Signing "}, - {NSCertTypeExtension.SSL_CA, "SSL CA "}, - {NSCertTypeExtension.EMAIL_CA, "Secure Email CA "}, - {NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA "}, - {TOKEN_KEY_ID, "Key Identifier: "}, - {TOKEN_AUTH_NAME, "Authority Name: "}, - {TOKEN_CRL, "Certificate Revocation List: "}, - {TOKEN_THIS_UPDATE, "This Update: "}, - {TOKEN_NEXT_UPDATE, "Next Update: "}, - {TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: "}, - {TOKEN_REVOCATION_DATE, "Revocation Date: "}, - {TOKEN_REVOCATION_REASON, "Revocation Reason "}, - {TOKEN_REASON, "Reason: "}, - {TOKEN_BASIC_CONSTRAINTS, "Basic Constraints "}, - {TOKEN_NAME_CONSTRAINTS, "Name Constraints "}, - {TOKEN_NSC_COMMENT, "Netscape Comment "}, - {TOKEN_IS_CA, "Is CA: "}, - {TOKEN_PATH_LEN, "Path Length Constraint: "}, - {TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED"}, - {TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED"}, - {TOKEN_PATH_LEN_INVALID, "INVALID"}, - {TOKEN_CRL_NUMBER, "CRL Number "}, - {TOKEN_NUMBER, "Number: "}, - {TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator "}, - {TOKEN_BASE_CRL_NUMBER, "Base CRL Number: "}, - {TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use "}, - {TOKEN_SCOPE_OF_USE, "Scope of Use: "}, - {TOKEN_PORT, "Port: "}, - {TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name "}, - {TOKEN_ISSUER_NAMES, "Issuer Names: "}, - {TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name "}, - {TOKEN_DECODING_ERROR, "Decoding Error"}, - {TOKEN_FRESHEST_CRL_EXT, "Freshest CRL "}, - {TOKEN_INHIBIT_ANY_POLICY_EXT, "Inhibit Any-Policy "}, - {TOKEN_SKIP_CERTS, "Skip Certs: "}, - {TOKEN_CRL_DP_EXT, "CRL Distribution Points "}, - {TOKEN_CRLDP_NUMPOINTS, "Number of Points: "}, - {TOKEN_CRLDP_POINTN, "Point "}, - {TOKEN_CRLDP_DISTPOINT, "Distribution Point: "}, - {TOKEN_CRLDP_REASONS, "Reason Flags: "}, - {TOKEN_CRLDP_CRLISSUER, "CRL Issuer: "}, - {TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point "}, - {TOKEN_DIST_POINT_NAME, "Distribution Point: "}, - {TOKEN_FULL_NAME, "Full Name: "}, - {TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: "}, - {TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: "}, - {TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: "}, - {TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: "}, - {TOKEN_INDIRECT_CRL, "Indirect CRL: "}, - {TOKEN_INVALIDITY_DATE, "Invalidity Date "}, - {TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: "}, - {TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer "}, - {TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code "}, - {TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: "}, - {TOKEN_POLICY_CONSTRAINTS, "Policy Constraints "}, - {TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: "}, - {TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: "}, - {TOKEN_POLICY_MAPPINGS, "Policy Mappings "}, - {TOKEN_MAPPINGS, "Mappings: "}, - {TOKEN_MAP, "Map "}, - {TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: "}, - {TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: "}, - {TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes "}, - {TOKEN_ATTRIBUTES, "Attributes:" }, - {TOKEN_ATTRIBUTE, "Attribute "}, - {TOKEN_VALUES, "Values: "}, - {TOKEN_NOT_SET, "not set"}, - {TOKEN_NONE, "none"}, - {TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. "}, - {TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. "}, + { TOKEN_CERTIFICATE, "Certificate: " }, + { TOKEN_DATA, "Data: " }, + { TOKEN_VERSION, "Version: " }, + { TOKEN_SERIAL, "Serial Number: " }, + { TOKEN_SIGALG, "Signature Algorithm: " }, + { TOKEN_ISSUER, "Issuer: " }, + { TOKEN_VALIDITY, "Validity: " }, + { TOKEN_NOT_BEFORE, "Not Before: " }, + { TOKEN_NOT_AFTER, "Not After: " }, + { TOKEN_SUBJECT, "Subject: " }, + { TOKEN_SPKI, "Subject Public Key Info: " }, + { TOKEN_ALGORITHM, "Algorithm: " }, + { TOKEN_PUBLIC_KEY, "Public Key: " }, + { TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: " }, + { TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: " }, + { TOKEN_EXTENSIONS, "Extensions: " }, + { TOKEN_SIGNATURE, "Signature: " }, + { TOKEN_YES, "yes " }, + { TOKEN_NO, "no " }, + { TOKEN_IDENTIFIER, "Identifier: " }, + { TOKEN_CRITICAL, "Critical: " }, + { TOKEN_VALUE, "Value: " }, + { TOKEN_KEY_TYPE, "Key Type " }, + { TOKEN_CERT_TYPE, "Netscape Certificate Type " }, + { TOKEN_SKI, "Subject Key Identifier " }, + { TOKEN_AKI, "Authority Key Identifier " }, + { TOKEN_ACCESS_DESC, "Access Description: " }, + { TOKEN_OCSP_NOCHECK, "OCSP NoCheck: " }, + { TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: " }, + { TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: " }, + { TOKEN_PRESENCE_SERVER, "Presence Server: " }, + { TOKEN_AIA, "Authority Info Access: " }, + { TOKEN_CERT_POLICIES, "Certificate Policies: " }, + { TOKEN_SIA, "Subject Info Access: " }, + { TOKEN_KEY_USAGE, "Key Usage: " }, + { KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature " }, + { KeyUsageExtension.NON_REPUDIATION, "Non Repudiation " }, + { KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment " }, + { KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment " }, + { KeyUsageExtension.KEY_AGREEMENT, "Key Agreement " }, + { KeyUsageExtension.KEY_CERTSIGN, "Key CertSign " }, + { KeyUsageExtension.CRL_SIGN, "Crl Sign " }, + { KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only " }, + { KeyUsageExtension.DECIPHER_ONLY, "Decipher Only " }, + { TOKEN_CERT_USAGE, "Certificate Usage: " }, + { NSCertTypeExtension.SSL_CLIENT, "SSL Client " }, + { NSCertTypeExtension.SSL_SERVER, "SSL Server " }, + { NSCertTypeExtension.EMAIL, "Secure Email " }, + { NSCertTypeExtension.OBJECT_SIGNING, "Object Signing " }, + { NSCertTypeExtension.SSL_CA, "SSL CA " }, + { NSCertTypeExtension.EMAIL_CA, "Secure Email CA " }, + { NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA " }, + { TOKEN_KEY_ID, "Key Identifier: " }, + { TOKEN_AUTH_NAME, "Authority Name: " }, + { TOKEN_CRL, "Certificate Revocation List: " }, + { TOKEN_THIS_UPDATE, "This Update: " }, + { TOKEN_NEXT_UPDATE, "Next Update: " }, + { TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: " }, + { TOKEN_REVOCATION_DATE, "Revocation Date: " }, + { TOKEN_REVOCATION_REASON, "Revocation Reason " }, + { TOKEN_REASON, "Reason: " }, + { TOKEN_BASIC_CONSTRAINTS, "Basic Constraints " }, + { TOKEN_NAME_CONSTRAINTS, "Name Constraints " }, + { TOKEN_NSC_COMMENT, "Netscape Comment " }, + { TOKEN_IS_CA, "Is CA: " }, + { TOKEN_PATH_LEN, "Path Length Constraint: " }, + { TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED" }, + { TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED" }, + { TOKEN_PATH_LEN_INVALID, "INVALID" }, + { TOKEN_CRL_NUMBER, "CRL Number " }, + { TOKEN_NUMBER, "Number: " }, + { TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator " }, + { TOKEN_BASE_CRL_NUMBER, "Base CRL Number: " }, + { TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use " }, + { TOKEN_SCOPE_OF_USE, "Scope of Use: " }, + { TOKEN_PORT, "Port: " }, + { TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name " }, + { TOKEN_ISSUER_NAMES, "Issuer Names: " }, + { TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name " }, + { TOKEN_DECODING_ERROR, "Decoding Error" }, + { TOKEN_FRESHEST_CRL_EXT, "Freshest CRL " }, + { TOKEN_INHIBIT_ANY_POLICY_EXT, "Inhibit Any-Policy " }, + { TOKEN_SKIP_CERTS, "Skip Certs: " }, + { TOKEN_CRL_DP_EXT, "CRL Distribution Points " }, + { TOKEN_CRLDP_NUMPOINTS, "Number of Points: " }, + { TOKEN_CRLDP_POINTN, "Point " }, + { TOKEN_CRLDP_DISTPOINT, "Distribution Point: " }, + { TOKEN_CRLDP_REASONS, "Reason Flags: " }, + { TOKEN_CRLDP_CRLISSUER, "CRL Issuer: " }, + { TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point " }, + { TOKEN_DIST_POINT_NAME, "Distribution Point: " }, + { TOKEN_FULL_NAME, "Full Name: " }, + { TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: " }, + { TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: " }, + { TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: " }, + { TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: " }, + { TOKEN_INDIRECT_CRL, "Indirect CRL: " }, + { TOKEN_INVALIDITY_DATE, "Invalidity Date " }, + { TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: " }, + { TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer " }, + { TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code " }, + { TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: " }, + { TOKEN_POLICY_CONSTRAINTS, "Policy Constraints " }, + { TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: " }, + { TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: " }, + { TOKEN_POLICY_MAPPINGS, "Policy Mappings " }, + { TOKEN_MAPPINGS, "Mappings: " }, + { TOKEN_MAP, "Map " }, + { TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: " }, + { TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: " }, + { TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes " }, + { TOKEN_ATTRIBUTES, "Attributes:" }, + { TOKEN_ATTRIBUTE, "Attribute " }, + { TOKEN_VALUES, "Values: " }, + { TOKEN_NOT_SET, "not set" }, + { TOKEN_NONE, "none" }, + { TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. " }, + { TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. " }, }; } diff --git a/pki/base/util/src/netscape/security/util/PrintableCharset.java b/pki/base/util/src/netscape/security/util/PrintableCharset.java index 90621ccb..a9cf15c0 100644 --- a/pki/base/util/src/netscape/security/util/PrintableCharset.java +++ b/pki/base/util/src/netscape/security/util/PrintableCharset.java @@ -12,20 +12,20 @@ public class PrintableCharset extends Charset { public static boolean isPrintableChar(char c) { if ((c < 'A' || c > 'Z') && - (c < 'a' || c > 'z') && - (c < '0' || c > '9') && - (c != ' ') && - (c != '\'') && - (c != '(') && - (c != ')') && - (c != '+') && - (c != ',') && - (c != '-') && - (c != '.') && - (c != '/') && - (c != ':') && - (c != '=') && - (c != '?')) { + (c < 'a' || c > 'z') && + (c < '0' || c > '9') && + (c != ' ') && + (c != '\'') && + (c != '(') && + (c != ')') && + (c != '+') && + (c != ',') && + (c != '-') && + (c != '.') && + (c != '/') && + (c != ':') && + (c != '=') && + (c != '?')) { return false; } else { return true; diff --git a/pki/base/util/src/netscape/security/util/PrintableCharsetDecoder.java b/pki/base/util/src/netscape/security/util/PrintableCharsetDecoder.java index 687366c0..01409549 100644 --- a/pki/base/util/src/netscape/security/util/PrintableCharsetDecoder.java +++ b/pki/base/util/src/netscape/security/util/PrintableCharsetDecoder.java @@ -27,7 +27,7 @@ import java.nio.charset.CodingErrorAction; /** * Converts bytes in ASN.1 PrintableString character set to PrintableString * characters. - * + * * @author Lily Hsiao * @author Slava Galperin */ @@ -42,14 +42,15 @@ public class PrintableCharsetDecoder extends CharsetDecoder { while (true) { - if (in.remaining() < 1) return CoderResult.UNDERFLOW; + if (in.remaining() < 1) + return CoderResult.UNDERFLOW; in.mark(); byte b = in.get(); - char c = (char)(b & 0x7f); + char c = (char) (b & 0x7f); if (CodingErrorAction.REPORT == unmappableCharacterAction() && - !PrintableCharset.isPrintableChar(c)) { + !PrintableCharset.isPrintableChar(c)) { /* "bug" fix for 359010 return CoderResult.unmappableForLength(1); diff --git a/pki/base/util/src/netscape/security/util/PrintableCharsetEncoder.java b/pki/base/util/src/netscape/security/util/PrintableCharsetEncoder.java index d72f17d2..bc658096 100644 --- a/pki/base/util/src/netscape/security/util/PrintableCharsetEncoder.java +++ b/pki/base/util/src/netscape/security/util/PrintableCharsetEncoder.java @@ -27,7 +27,7 @@ import java.nio.charset.CodingErrorAction; /** * Converts characters in ASN.1 PrintableString character set to PrintableString * bytes. - * + * * @author Lily Hsiao * @author Slava Galperin */ @@ -49,13 +49,14 @@ public class PrintableCharsetEncoder extends CharsetEncoder { while (true) { - if (in.remaining() < 1) return CoderResult.UNDERFLOW; + if (in.remaining() < 1) + return CoderResult.UNDERFLOW; in.mark(); char c = in.get(); if (CodingErrorAction.REPORT == unmappableCharacterAction() && - !PrintableCharset.isPrintableChar(c)) { + !PrintableCharset.isPrintableChar(c)) { return CoderResult.unmappableForLength(1); } @@ -64,7 +65,7 @@ public class PrintableCharsetEncoder extends CharsetEncoder { return CoderResult.OVERFLOW; } - out.put((byte)(c & 0x7f)); + out.put((byte) (c & 0x7f)); } } } diff --git a/pki/base/util/src/netscape/security/util/PubKeyPrettyPrint.java b/pki/base/util/src/netscape/security/util/PubKeyPrettyPrint.java index 669e4c22..46c007cd 100644 --- a/pki/base/util/src/netscape/security/util/PubKeyPrettyPrint.java +++ b/pki/base/util/src/netscape/security/util/PubKeyPrettyPrint.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.util; - import java.security.PublicKey; import java.util.Locale; import java.util.ResourceBundle; @@ -25,11 +24,10 @@ import java.util.ResourceBundle; import netscape.security.provider.RSAPublicKey; import netscape.security.x509.X509Key; - /** * This class will display the certificate content in predefined * format. - * + * * @author Jack Pan-Chen * @author Andrew Wnuk * @version $Revision$, $Date$ @@ -49,7 +47,7 @@ public class PubKeyPrettyPrint { public PubKeyPrettyPrint(PublicKey key) { if (key instanceof X509Key) mX509Key = (X509Key) key; - + pp = new PrettyPrintFormat(":"); } @@ -60,7 +58,7 @@ public class PubKeyPrettyPrint { /** * This method return string representation of the certificate * in predefined format using specified client local. I18N Support. - * + * * @param clientLocale Locale to be used for localization * @return string representation of the certificate */ @@ -71,9 +69,8 @@ public class PubKeyPrettyPrint { else return null; } - - public String X509toString(Locale clientLocale, int indentSize, int lineLen) { + public String X509toString(Locale clientLocale, int indentSize, int lineLen) { //get I18N resources ResourceBundle resource = ResourceBundle.getBundle( @@ -87,8 +84,8 @@ public class PubKeyPrettyPrint { //XXX I18N Algorithm Name ? sb.append(pp.indent(indentSize) + resource.getString( PrettyPrintResources.TOKEN_ALGORITHM) + - alg + " - " + - mX509Key.getAlgorithmId().getOID().toString() + "\n"); + alg + " - " + + mX509Key.getAlgorithmId().getOID().toString() + "\n"); if (alg.equals("RSA")) { @@ -98,12 +95,12 @@ public class PubKeyPrettyPrint { PrettyPrintResources.TOKEN_PUBLIC_KEY) + "\n"); sb.append(pp.indent(indentSize + 4) + resource.getString( PrettyPrintResources.TOKEN_PUBLIC_KEY_EXPONENT) + - rsakey.getPublicExponent().toInt() + "\n"); + rsakey.getPublicExponent().toInt() + "\n"); sb.append(pp.indent(indentSize + 4) + resource.getString( PrettyPrintResources.TOKEN_PUBLIC_KEY_MODULUS) + - "(" + rsakey.getKeySize() + " bits) :\n"); + "(" + rsakey.getKeySize() + " bits) :\n"); sb.append(pp.toHexString( - rsakey.getModulus().toByteArray(), + rsakey.getModulus().toByteArray(), indentSize + 8, lineLen)); } else { diff --git a/pki/base/util/src/netscape/security/util/UniversalCharsetDecoder.java b/pki/base/util/src/netscape/security/util/UniversalCharsetDecoder.java index 6df21e6c..a41c5ad5 100644 --- a/pki/base/util/src/netscape/security/util/UniversalCharsetDecoder.java +++ b/pki/base/util/src/netscape/security/util/UniversalCharsetDecoder.java @@ -27,7 +27,7 @@ import java.nio.charset.CodingErrorAction; /** * Converts bytes in ASN.1 UniversalString character set to UniversalString * characters. - * + * * @author Lily Hsiao * @author Slava Galperin */ @@ -44,7 +44,8 @@ public class UniversalCharsetDecoder extends CharsetDecoder { // XXX we do not know what to do with truly UCS-4 characters here // we also assumed network byte order - if (in.remaining() < 4) return CoderResult.UNDERFLOW; + if (in.remaining() < 4) + return CoderResult.UNDERFLOW; in.mark(); byte b0 = in.get(); @@ -53,7 +54,7 @@ public class UniversalCharsetDecoder extends CharsetDecoder { byte b3 = in.get(); if (CodingErrorAction.REPORT == unmappableCharacterAction() && - !((b0 == 0 && b1 == 0) || (b2 == 0 && b3 == 0))) { + !((b0 == 0 && b1 == 0) || (b2 == 0 && b3 == 0))) { return CoderResult.unmappableForLength(4); } @@ -74,7 +75,7 @@ public class UniversalCharsetDecoder extends CharsetDecoder { // 0000100 e \0 \0 \0 ) \0 \0 \0 . \0 \0 \0 c \0 \0 \0 // 0000120 o \0 \0 \0 m \0 \0 \0 // 0000130 - c = (char)(((b1 << 8) & 0xff00) + (b0 & 0x00ff)); + c = (char) (((b1 << 8) & 0xff00) + (b0 & 0x00ff)); } else { // (b0 == 0 && b1 == 0) // This should be the right order. @@ -83,7 +84,7 @@ public class UniversalCharsetDecoder extends CharsetDecoder { // 0000020 0000 006e 0000 0020 0000 0051 0000 0041 // 0000040 - c = (char)(((b2 << 8) & 0xff00) + (b3 & 0x00ff)); + c = (char) (((b2 << 8) & 0xff00) + (b3 & 0x00ff)); } if (out.remaining() < 1) { diff --git a/pki/base/util/src/netscape/security/util/UniversalCharsetEncoder.java b/pki/base/util/src/netscape/security/util/UniversalCharsetEncoder.java index da9e6d83..cd2a5129 100644 --- a/pki/base/util/src/netscape/security/util/UniversalCharsetEncoder.java +++ b/pki/base/util/src/netscape/security/util/UniversalCharsetEncoder.java @@ -26,7 +26,7 @@ import java.nio.charset.CoderResult; /** * Converts characters in ASN.1 UniversalString character set to UniversalString * bytes. - * + * * @author Lily Hsiao * @author Slava Galperin */ @@ -48,7 +48,8 @@ public class UniversalCharsetEncoder extends CharsetEncoder { while (true) { - if (in.remaining() < 1) return CoderResult.UNDERFLOW; + if (in.remaining() < 1) + return CoderResult.UNDERFLOW; in.mark(); char c = in.get(); @@ -58,10 +59,10 @@ public class UniversalCharsetEncoder extends CharsetEncoder { return CoderResult.OVERFLOW; } - out.put((byte)0); - out.put((byte)0); - out.put((byte)((c >> 8) & 0xff)); - out.put((byte)(c & 0xff)); + out.put((byte) 0); + out.put((byte) 0); + out.put((byte) ((c >> 8) & 0xff)); + out.put((byte) (c & 0xff)); } } } diff --git a/pki/base/util/src/netscape/security/x509/ACertAttrSet.java b/pki/base/util/src/netscape/security/x509/ACertAttrSet.java index 098a5f2d..8a757d7f 100755 --- a/pki/base/util/src/netscape/security/x509/ACertAttrSet.java +++ b/pki/base/util/src/netscape/security/x509/ACertAttrSet.java @@ -28,60 +28,61 @@ import netscape.security.util.DerValue; /** * A plain certattr set used by pkcs10 to parse an unknown attribute. + * * @author Lily Hsiao */ public class ACertAttrSet implements CertAttrSet { - protected DerValue mDerValue = null; + protected DerValue mDerValue = null; - public ACertAttrSet(DerValue derValue) throws IOException { - mDerValue = derValue; - } + public ACertAttrSet(DerValue derValue) throws IOException { + mDerValue = derValue; + } - public DerValue getDerValue() { - return mDerValue; - } + public DerValue getDerValue() { + return mDerValue; + } /** * Returns a short string describing this certificate attribute. - * + * * @return value of this certificate attribute in * printable form. */ public String toString() { - return "ACertAttrSet value "+ (mDerValue == null ? "null" : "not null"); - } + return "ACertAttrSet value " + (mDerValue == null ? "null" : "not null"); + } /** * Encodes the attribute to the output stream in a format * that can be parsed by the <code>decode</code> method. - * + * * @param out the OutputStream to encode the attribute to. * * @exception CertificateException on encoding or validity errors. * @exception IOException on other errors. */ public void encode(OutputStream out) - throws CertificateException, IOException { - mDerValue.encode((DerOutputStream)out); - } + throws CertificateException, IOException { + mDerValue.encode((DerOutputStream) out); + } /** * Decodes the attribute in the input stream. - * + * * @param in the InputStream to read the encoded attribute from. * * @exception CertificateException on decoding or validity errors. * @exception IOException on other errors. */ public void decode(InputStream in) - throws CertificateException, IOException { - throw new IOException("not supported"); - } + throws CertificateException, IOException { + throw new IOException("not supported"); + } /** * Sets an attribute value within this CertAttrSet. - * + * * @param name the name of the attribute (e.g. "x509.info.key") * @param obj the attribute object. * @@ -89,35 +90,35 @@ public class ACertAttrSet implements CertAttrSet { * @exception IOException on other errors. */ public void set(String name, Object obj) - throws CertificateException, IOException { - throw new IOException("not supported"); - } + throws CertificateException, IOException { + throw new IOException("not supported"); + } /** * Gets an attribute value for this CertAttrSet. - * + * * @param name the name of the attribute to return. * * @exception CertificateException on attribute handling errors. * @exception IOException on other errors. */ public Object get(String name) - throws CertificateException, IOException { - throw new IOException("not supported"); - } + throws CertificateException, IOException { + throw new IOException("not supported"); + } /** * Deletes an attribute value from this CertAttrSet. - * + * * @param name the name of the attribute to delete. * * @exception CertificateException on attribute handling errors. * @exception IOException on other errors. */ public void delete(String name) - throws CertificateException, IOException { - throw new IOException("not supported"); - } + throws CertificateException, IOException { + throw new IOException("not supported"); + } /** * Returns an enumeration of the names of the attributes existing within @@ -126,15 +127,15 @@ public class ACertAttrSet implements CertAttrSet { * @return an enumeration of the attribute names. */ public Enumeration<String> getAttributeNames() { - return null; - } - + return null; + } + /** * Returns the name (identifier) of this CertAttrSet. * * @return the name of this CertAttrSet. */ public String getName() { - return "Generic Extension"; - } + return "Generic Extension"; + } } diff --git a/pki/base/util/src/netscape/security/x509/AVA.java b/pki/base/util/src/netscape/security/x509/AVA.java index d35426d3..0b7d0f84 100644 --- a/pki/base/util/src/netscape/security/x509/AVA.java +++ b/pki/base/util/src/netscape/security/x509/AVA.java @@ -32,98 +32,93 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - /** - * X.500 Attribute-Value-Assertion (AVA): an attribute, as identified by - * some attribute ID, has some particular value. Values are as a rule ASN.1 - * printable strings. A conventional set of type IDs is recognized when + * X.500 Attribute-Value-Assertion (AVA): an attribute, as identified by + * some attribute ID, has some particular value. Values are as a rule ASN.1 + * printable strings. A conventional set of type IDs is recognized when * parsing (and generating) RFC 1779 syntax strings. - * - * <P>AVAs are components of X.500 relative names. Think of them as being - * individual fields of a database record. The attribute ID is how you - * identify the field, and the value is part of a particular record. - * + * + * <P> + * AVAs are components of X.500 relative names. Think of them as being individual fields of a database record. The attribute ID is how you identify the field, and the value is part of a particular record. + * * @see X500Name * @see RDN * @see LdapDNStrConverter - * + * * @version 1.14 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra */ // public ... when RDN is public and X.500Names can be // constructed using RDNs, and all three classes are cleaner -public final class AVA implements DerEncoder -{ - ObjectIdentifier oid; - DerValue value; +public final class AVA implements DerEncoder { + ObjectIdentifier oid; + DerValue value; - /** - * Constructs an AVA from a Ldap DN string with one AVA component - * using the global default LdapDNStrConverter. + /** + * Constructs an AVA from a Ldap DN string with one AVA component + * using the global default LdapDNStrConverter. + * * @see LdapDNStrConverter * @param avaString a Ldap DN string with one AVA component. */ public AVA(String avaString) - throws IOException - { - AVA ava; - ava = LdapDNStrConverter.getDefault().parseAVA(avaString); - oid = ava.getOid(); - value = ava.getValue(); + throws IOException { + AVA ava; + ava = LdapDNStrConverter.getDefault().parseAVA(avaString); + oid = ava.getOid(); + value = ava.getValue(); } /** * Like AVA(String) with a DER encoding order given for Directory Strings. */ public AVA(String avaString, byte[] tags) - throws IOException - { - AVA ava; - ava = LdapDNStrConverter.getDefault().parseAVA(avaString, tags); - oid = ava.getOid(); - value = ava.getValue(); + throws IOException { + AVA ava; + ava = LdapDNStrConverter.getDefault().parseAVA(avaString, tags); + oid = ava.getOid(); + value = ava.getValue(); } - /** - * Constructs an AVA from a Ldap DN string containing one AVA + /** + * Constructs an AVA from a Ldap DN string containing one AVA * component using the specified LdapDNStrConverter. + * * @see LdapDNStrConverter * @param avaString a Ldap DN string containing one AVA. - * @param ldapDNStrConverter a LdapDNStrConverter + * @param ldapDNStrConverter a LdapDNStrConverter */ public AVA(String avaString, LdapDNStrConverter ldapDNStrConverter) - throws IOException - { - AVA ava; - ava = ldapDNStrConverter.parseAVA(avaString); - oid = ava.getOid(); - value = ava.getValue(); + throws IOException { + AVA ava; + ava = ldapDNStrConverter.parseAVA(avaString); + oid = ava.getOid(); + value = ava.getValue(); } - /** + /** * Constructs an AVA from an OID and DerValue. + * * @param type an ObjectIdentifier * @param val a DerValue */ public AVA(ObjectIdentifier type, DerValue val) - throws IOException - { - oid = type; - value = val; + throws IOException { + oid = type; + value = val; } /** * Constructs an AVA from an input stream of UTF8 bytes that form * a Ldap DN string. Then parse the Ldap DN string using the global - * default LdapDNStrConverter. - * <br> - * Parses an RFC 1779 style AVA string: CN=fee fie foe fum - * or perhaps with quotes. Not all defined AVA tags are supported; + * default LdapDNStrConverter. <br> + * Parses an RFC 1779 style AVA string: CN=fee fie foe fum + * or perhaps with quotes. Not all defined AVA tags are supported; * of current note are X.400 related ones (PRMD, ADMD, etc). - * + * * This terminates at unescaped AVA separators ("+") or RDN * separators (",", ";"), or DN terminators (">"), and removes * cosmetic whitespace at the end of values. @@ -153,157 +148,153 @@ public final class AVA implements DerEncoder /** * Constructs an AVA from a Der Input Stream. + * * @param in the Der Input Stream. */ - public AVA(DerInputStream in) throws IOException - { - DerValue assertion = in.getDerValue (); + public AVA(DerInputStream in) throws IOException { + DerValue assertion = in.getDerValue(); - /* - * Individual attribute value assertions are SEQUENCE of two values. - * That'd be a "struct" outside of ASN.1. - */ - if (assertion.tag != DerValue.tag_Sequence) - throw new CertParseError ("X500 AVA, not a sequence"); + /* + * Individual attribute value assertions are SEQUENCE of two values. + * That'd be a "struct" outside of ASN.1. + */ + if (assertion.tag != DerValue.tag_Sequence) + throw new CertParseError("X500 AVA, not a sequence"); ObjectIdentifier o = assertion.data.getOID(); oid = X500NameAttrMap.getDefault().getOid(o); if (oid == null) { - // NSCP #329837 - // if this OID is not recongized in our map (table), - // it is fine. we just store it as regular OID. - oid = o; + // NSCP #329837 + // if this OID is not recongized in our map (table), + // it is fine. we just store it as regular OID. + oid = o; } - value = assertion.data.getDerValue (); + value = assertion.data.getDerValue(); - if (assertion.data.available () != 0) - throw new CertParseError ("AVA, extra bytes = " - + assertion.data.available ()); + if (assertion.data.available() != 0) + throw new CertParseError("AVA, extra bytes = " + + assertion.data.available()); } // other public methods. - /** + /** * Returns true if another AVA has the same OID and DerValue. + * * @param other the other AVA. * @return ture iff other AVA has same oid and value. */ - public boolean equals (AVA other) - { - return oid.equals (other.oid) && value.equals (other.value); + public boolean equals(AVA other) { + return oid.equals(other.oid) && value.equals(other.value); } - /** - * Compares the AVA with an Object, returns true if the object is + /** + * Compares the AVA with an Object, returns true if the object is * an AVA and has the same OID and value. + * * @param other the other object. * @return true iff other object is an AVA and has same oid and value. */ - public boolean equals (Object other) - { - if (other instanceof AVA) - return equals ((AVA)other); - else - return false; + public boolean equals(Object other) { + if (other instanceof AVA) + return equals((AVA) other); + else + return false; } /** * Encodes the AVA to a Der output stream. * AVAs are encoded as a SEQUENCE of two elements. + * * @param out The Der output stream. */ - public void encode (DerOutputStream out) throws IOException - { - derEncode(out); + public void encode(DerOutputStream out) throws IOException { + derEncode(out); } - - /** + + /** * DER encode this object onto an output stream. * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the output stream on which to write the DER encoding. - * + * + * @param out + * the output stream on which to write the DER encoding. + * * @exception IOException on encoding error. */ - public void derEncode (OutputStream out) throws IOException - { - DerOutputStream tmp = new DerOutputStream (); - DerOutputStream tmp2 = new DerOutputStream (); + public void derEncode(OutputStream out) throws IOException { + DerOutputStream tmp = new DerOutputStream(); + DerOutputStream tmp2 = new DerOutputStream(); - tmp.putOID (oid); - value.encode (tmp); - tmp2.write (DerValue.tag_Sequence, tmp); - out.write(tmp2.toByteArray()); + tmp.putOID(oid); + value.encode(tmp); + tmp2.write(DerValue.tag_Sequence, tmp); + out.write(tmp2.toByteArray()); } /** - * Returns a Ldap DN string with one AVA component using + * Returns a Ldap DN string with one AVA component using * the global default LdapDNStrConverter. - * @return a Ldap DN string + * + * @return a Ldap DN string * @exception IOException if an error occurs during conversion. * @see LdapDNStrConverter */ public String toLdapDNString() - throws IOException - { - LdapDNStrConverter v = LdapDNStrConverter.getDefault(); - return v.encodeAVA(this); + throws IOException { + LdapDNStrConverter v = LdapDNStrConverter.getDefault(); + return v.encodeAVA(this); } /** - * Returns a Ldap DN string with one AVA component using the specified + * Returns a Ldap DN string with one AVA component using the specified * LdapDNStrConverter. - * @return a Ldap DN string - * @param ldapDNStrConverter a Ldap DN String Converter + * + * @return a Ldap DN string + * @param ldapDNStrConverter a Ldap DN String Converter * @exception IOException if an error occurs during the conversion. * @see LdapDNStrConverter */ public String toLdapDNString(LdapDNStrConverter ldapDNStrConverter) - throws IOException - { - return ldapDNStrConverter.encodeAVA(this); + throws IOException { + return ldapDNStrConverter.encodeAVA(this); } /** * Returns a Ldap DN string with the AVA component using the global * default LdapDNStrConverter, or null if an error occurs in conversion. - * @return a Ldap DN string containing the AVA, or null if an - * error occurs in the conversion. - */ - public String toString() - { - String s; - try { - // NOTE that a LdapDNString is returned here to match the - // original source from sun. Could also return the raw value - // (before Ldap escaping) here. - s = toLdapDNString(); - } - catch (IOException e) { - return null; - } - return s; + * + * @return a Ldap DN string containing the AVA, or null if an + * error occurs in the conversion. + */ + public String toString() { + String s; + try { + // NOTE that a LdapDNString is returned here to match the + // original source from sun. Could also return the raw value + // (before Ldap escaping) here. + s = toLdapDNString(); + } catch (IOException e) { + return null; + } + return s; } - /** + /** * Returns the OID in the AVA. + * * @return the ObjectIdentifier in this AVA. */ - public ObjectIdentifier getOid() - { - return oid; + public ObjectIdentifier getOid() { + return oid; } - /** + /** * Returns the value in this AVA as a DerValue + * * @return attribute value in this AVA. */ - public DerValue getValue() - { - return value; + public DerValue getValue() { + return value; } } - - diff --git a/pki/base/util/src/netscape/security/x509/AVAValueConverter.java b/pki/base/util/src/netscape/security/x509/AVAValueConverter.java index 87c386f1..8153099c 100644 --- a/pki/base/util/src/netscape/security/x509/AVAValueConverter.java +++ b/pki/base/util/src/netscape/security/x509/AVAValueConverter.java @@ -22,68 +22,63 @@ import java.io.IOException; import netscape.security.util.DerValue; /** - * Interface for classes that convert a attribute value string to a + * Interface for classes that convert a attribute value string to a * DER encoded ASN.1 value and vice versa. - * The converters are associated with attribute types, such as - * directory string, ia5string, etc. + * The converters are associated with attribute types, such as + * directory string, ia5string, etc. + * + * <P> + * For example, to convert a string, such as an organization name for the "O" attribute to a DerValue, the "O" attribute is mapped to the DirStrConverter which is used to convert the organization name to a DER encoded Directory String which is a DerValue of a ASN.1 PrintableString, T.61String or UniversalString for the organization name. * - * <P>For example, to convert a string, such as an organization name for the - * "O" attribute to a DerValue, the "O" attribute is mapped to the - * DirStrConverter which is used to convert the organization name to a - * DER encoded Directory String which is a DerValue of a ASN.1 PrintableString, - * T.61String or UniversalString for the organization name. - * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. */ -public interface AVAValueConverter -{ +public interface AVAValueConverter { /** * Converts a string to a DER encoded attribute value. * - * @param valueString An AVA value string not encoded in any form. + * @param valueString An AVA value string not encoded in any form. + * + * @return A DerValue object. * - * @return A DerValue object. - * - * @exception IOException if an error occurs during the conversion. + * @exception IOException if an error occurs during the conversion. */ - public DerValue getValue(String valueString) - throws IOException; - + public DerValue getValue(String valueString) + throws IOException; /** - * Converts a string to a DER encoded attribute value. - * Specify the order of DER tags to use if more than one encoding is - * possible. Currently Directory Strings can have different order + * Converts a string to a DER encoded attribute value. + * Specify the order of DER tags to use if more than one encoding is + * possible. Currently Directory Strings can have different order * for backwards compatibility. By 2003 all should be UTF8String. * - * @param valueString An AVA value string not encoded in any form. + * @param valueString An AVA value string not encoded in any form. * - * @return A DerValue object. - * - * @exception IOException if an error occurs during the conversion. + * @return A DerValue object. + * + * @exception IOException if an error occurs during the conversion. */ - public DerValue getValue(String valueString, byte[] tags) - throws IOException; + public DerValue getValue(String valueString, byte[] tags) + throws IOException; /** * Converts a BER encoded value to a DER encoded attribute value. * - * @param berStream A byte array of the BER encoded AVA value. - * @return A DerValue object. + * @param berStream A byte array of the BER encoded AVA value. + * @return A DerValue object. */ - public DerValue getValue(byte[] berStream) - throws IOException; + public DerValue getValue(byte[] berStream) + throws IOException; /** * Converts a DER encoded value to a string, not encoded in any form. * - * @param avaValue A DerValue object. - * - * @return A string for the value or null if it can't be converted. - * + * @param avaValue A DerValue object. + * + * @return A string for the value or null if it can't be converted. + * * @exception IOException if an error occurs during the conversion. */ - public String getAsString(DerValue avaValue) - throws IOException; + public String getAsString(DerValue avaValue) + throws IOException; } diff --git a/pki/base/util/src/netscape/security/x509/AlgIdDSA.java b/pki/base/util/src/netscape/security/x509/AlgIdDSA.java index 4e7030ce..0a64ad37 100644 --- a/pki/base/util/src/netscape/security/x509/AlgIdDSA.java +++ b/pki/base/util/src/netscape/security/x509/AlgIdDSA.java @@ -26,25 +26,23 @@ import netscape.security.util.BigInt; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * This class identifies DSS/DSA Algorithm variants, which are distinguished - * by using different algorithm parameters <em>P, Q, G</em>. It uses the - * NIST/IETF standard DER encoding. These are used to implement the Digital + * by using different algorithm parameters <em>P, Q, G</em>. It uses the + * NIST/IETF standard DER encoding. These are used to implement the Digital * Signature Standard (DSS), FIPS 186. - * - * <P><em><b>NOTE:</b> At this time, DSS/DSA Algorithm IDs must always + * + * <P> + * <em><b>NOTE:</b> At this time, DSS/DSA Algorithm IDs must always * include these parameters. Use of DSS/DSA in modes where parameters are * either implicit (e.g. a default applicable to a site or a larger scope), * or are derived from some Certificate Authority's DSS certificate, is * not currently supported. </em> - * + * * @version 1.31 * @author David Brownell */ -public final -class AlgIdDSA extends AlgorithmId implements DSAParams -{ +public final class AlgIdDSA extends AlgorithmId implements DSAParams { /** * */ @@ -52,133 +50,136 @@ class AlgIdDSA extends AlgorithmId implements DSAParams /* * The three unsigned integer parameters. */ - private BigInteger p , q, g; + private BigInteger p, q, g; /** Returns the DSS/DSA parameter "P" */ - public BigInteger getP () { return p; } + public BigInteger getP() { + return p; + } /** Returns the DSS/DSA parameter "Q" */ - public BigInteger getQ () { return q; } + public BigInteger getQ() { + return q; + } /** Returns the DSS/DSA parameter "G" */ - public BigInteger getG () { return g; } + public BigInteger getG() { + return g; + } /** - * Default constructor. The OID and parameters must be + * Default constructor. The OID and parameters must be * deserialized before this algorithm ID is used. */ // XXX deprecated for general use - public AlgIdDSA () {} + public AlgIdDSA() { + } - AlgIdDSA (DerValue val) throws IOException - { super(val.getOID()); } + AlgIdDSA(DerValue val) throws IOException { + super(val.getOID()); + } /** - * Construct an AlgIdDSA from an X.509 encoded byte array. + * Construct an AlgIdDSA from an X.509 encoded byte array. */ - public AlgIdDSA (byte[] encodedAlg) throws IOException - { super (new DerValue(encodedAlg).getOID()); } + public AlgIdDSA(byte[] encodedAlg) throws IOException { + super(new DerValue(encodedAlg).getOID()); + } /** * Constructs a DSS/DSA Algorithm ID from unsigned integers that - * define the algorithm parameters. Those integers are encoded + * define the algorithm parameters. Those integers are encoded * as big-endian byte arrays. - * + * * @param p the DSS/DSA paramter "P" * @param q the DSS/DSA paramter "Q" * @param g the DSS/DSA paramter "G" */ - public AlgIdDSA (byte p [], byte q [], byte g []) - throws IOException - { - this (new BigInteger (1, p), - new BigInteger (1, q), - new BigInteger (1, g)); + public AlgIdDSA(byte p[], byte q[], byte g[]) + throws IOException { + this(new BigInteger(1, p), + new BigInteger(1, q), + new BigInteger(1, g)); } /** * Constructs a DSS/DSA Algorithm ID from numeric parameters. - * + * * @param p the DSS/DSA paramter "P" * @param q the DSS/DSA paramter "Q" * @param g the DSS/DSA paramter "G" */ - public AlgIdDSA (BigInteger p, BigInteger q, BigInteger g) - { - super (DSA_oid); - - try { - this.p = p; - this.q = q; - this.g = g; - initializeParams (); - - } catch (IOException e) { - /* this should not happen */ - throw new ProviderException ("Construct DSS/DSA Algorithm ID"); - } + public AlgIdDSA(BigInteger p, BigInteger q, BigInteger g) { + super(DSA_oid); + + try { + this.p = p; + this.q = q; + this.g = g; + initializeParams(); + + } catch (IOException e) { + /* this should not happen */ + throw new ProviderException("Construct DSS/DSA Algorithm ID"); + } } /** * Returns "DSA", indicating the Digital Signature Algorithm (DSA) as * defined by the Digital Signature Standard (DSS), FIPS 186. */ - public String getName () - { return "DSA"; } - + public String getName() { + return "DSA"; + } /* * For algorithm IDs which haven't been created from a DER encoded * value, "params" must be created. */ - private void initializeParams () - throws IOException - { - DerOutputStream out = new DerOutputStream (); - - out.putInteger (new BigInt(p.toByteArray())); - out.putInteger (new BigInt(q.toByteArray())); - out.putInteger (new BigInt(g.toByteArray())); - params = new DerValue (DerValue.tag_Sequence,out.toByteArray ()); + private void initializeParams() + throws IOException { + DerOutputStream out = new DerOutputStream(); + + out.putInteger(new BigInt(p.toByteArray())); + out.putInteger(new BigInt(q.toByteArray())); + out.putInteger(new BigInt(g.toByteArray())); + params = new DerValue(DerValue.tag_Sequence, out.toByteArray()); } /** - * Parses algorithm parameters P, Q, and G. They're found + * Parses algorithm parameters P, Q, and G. They're found * in the "params" member, which never needs to be changed. */ - protected void decodeParams () - throws IOException - { - if (params == null || params.tag != DerValue.tag_Sequence) - throw new IOException("DSA alg parsing error"); + protected void decodeParams() + throws IOException { + if (params == null || params.tag != DerValue.tag_Sequence) + throw new IOException("DSA alg parsing error"); - params.data.reset (); + params.data.reset(); - this.p = params.data.getInteger ().toBigInteger(); - this.q = params.data.getInteger ().toBigInteger(); - this.g = params.data.getInteger ().toBigInteger(); + this.p = params.data.getInteger().toBigInteger(); + this.q = params.data.getInteger().toBigInteger(); + this.g = params.data.getInteger().toBigInteger(); - if (params.data.available () != 0) - throw new IOException ("AlgIdDSA params, extra="+ - params.data.available ()); + if (params.data.available() != 0) + throw new IOException("AlgIdDSA params, extra=" + + params.data.available()); } - /* * Returns a formatted string describing the parameters. */ - public String toString () - { return paramsToString (); } + public String toString() { + return paramsToString(); + } /* * Returns a string describing the parameters. */ - protected String paramsToString () - { - return - "\n p:\n" + (new BigInt(p)).toString() + - "\n q:\n" + (new BigInt(q)).toString() + - "\n g:\n" + (new BigInt(g)).toString() + - "\n"; + protected String paramsToString() { + return "\n p:\n" + (new BigInt(p)).toString() + + "\n q:\n" + (new BigInt(q)).toString() + + "\n g:\n" + (new BigInt(g)).toString() + + "\n"; } } diff --git a/pki/base/util/src/netscape/security/x509/AlgorithmId.java b/pki/base/util/src/netscape/security/x509/AlgorithmId.java index 28926261..ca58d9e6 100644 --- a/pki/base/util/src/netscape/security/x509/AlgorithmId.java +++ b/pki/base/util/src/netscape/security/x509/AlgorithmId.java @@ -31,24 +31,19 @@ import netscape.security.util.ObjectIdentifier; /** * This class identifies algorithms, such as cryptographic transforms, each - * of which may be associated with parameters. Instances of this base class + * of which may be associated with parameters. Instances of this base class * are used when this runtime environment has no special knowledge of the - * algorithm type, and may also be used in other cases. Equivalence is + * algorithm type, and may also be used in other cases. Equivalence is * defined according to OID and (where relevant) parameters. - * - * <P>Subclasses may be used, for example when when the algorithm ID has - * associated parameters which some code (e.g. code using public keys) needs - * to have parsed. Two examples of such algorithms are Diffie-Hellman key - * exchange, and the Digital Signature Standard Algorithm (DSS/DSA). - * - * <P>The OID constants defined in this class correspond to some widely - * used algorithms, for which conventional string names have been defined. - * This class is not a general repository for OIDs, or for such string names. - * Note that the mappings between algorithm IDs and algorithm names is - * not one-to-one. - * + * + * <P> + * Subclasses may be used, for example when when the algorithm ID has associated parameters which some code (e.g. code using public keys) needs to have parsed. Two examples of such algorithms are Diffie-Hellman key exchange, and the Digital Signature Standard Algorithm (DSS/DSA). + * + * <P> + * The OID constants defined in this class correspond to some widely used algorithms, for which conventional string names have been defined. This class is not a general repository for OIDs, or for such string names. Note that the mappings between algorithm IDs and algorithm names is not one-to-one. + * * @version 1.70 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra @@ -64,110 +59,104 @@ public class AlgorithmId implements Serializable, DerEncoder { /** * The object identitifer being used for this algorithm. */ - private ObjectIdentifier algid = null; + private ObjectIdentifier algid = null; // The (parsed) parameters private AlgorithmParameters algParams; /** - * Parameters for this algorithm. These are stored in unparsed + * Parameters for this algorithm. These are stored in unparsed * DER-encoded form; subclasses can be made to automaticaly parse * them so there is fast access to these parameters. */ - protected DerValue params = null; + protected DerValue params = null; - - protected String paramsString = null; + protected String paramsString = null; /** * Returns one of the algorithm IDs most commonly associated * with this algorithm name. - * + * * @param algname the name being used * @deprecated use the short get form of this method. * @exception NoSuchAlgorithmException on error. */ - public static AlgorithmId getAlgorithmId(String algname) - throws NoSuchAlgorithmException - { - return get(algname); + public static AlgorithmId getAlgorithmId(String algname) + throws NoSuchAlgorithmException { + return get(algname); } public AlgorithmParameters getParameters() { - return this.algParams; + return this.algParams; } public String getParametersString() { return this.paramsString; } - public void setParametersString(String paramStr) { + public void setParametersString(String paramStr) { this.paramsString = paramStr; } - + /** * Returns one of the algorithm IDs most commonly associated * with this algorithm name. - * + * * @param algname the name being used * @exception NoSuchAlgorithmException on error. */ - public static AlgorithmId get(String algname) - throws NoSuchAlgorithmException - { - ObjectIdentifier oid = algOID(algname); + public static AlgorithmId get(String algname) + throws NoSuchAlgorithmException { + ObjectIdentifier oid = algOID(algname); - if (oid == null) - throw new NoSuchAlgorithmException - ("unrecognized algorithm name: " + algname); + if (oid == null) + throw new NoSuchAlgorithmException("unrecognized algorithm name: " + algname); - return new AlgorithmId(oid); + return new AlgorithmId(oid); } /** - * Parse (unmarshal) an ID from a DER sequence input value. This form + * Parse (unmarshal) an ID from a DER sequence input value. This form * parsing might be used when expanding a value which has already been * partially unmarshaled as a set or sequence member. - * + * * @exception IOException on error. * @param val the input value, which contains the algid and, if - * there are any parameters, those parameters. - * @return an ID for the algorithm. If the system is configured - * appropriately, this may be an instance of a class - * with some kind of special support for this algorithm. - * In that case, you may "narrow" the type of the ID. + * there are any parameters, those parameters. + * @return an ID for the algorithm. If the system is configured + * appropriately, this may be an instance of a class + * with some kind of special support for this algorithm. + * In that case, you may "narrow" the type of the ID. */ public static AlgorithmId parse(DerValue val) - throws IOException - { - if (val.tag != DerValue.tag_Sequence) - throw new IOException("algid parse error, not a sequence"); - - /* - * Get the algorithm ID and any parameters. - */ - ObjectIdentifier algid; - DerValue params; - DerInputStream in = val.toDerInputStream(); - - algid = in.getOID(); - if (in.available() == 0) - params = null; - else { - params = in.getDerValue(); - if (params.tag == DerValue.tag_Null) - params = null; - } - - /* - * Figure out what class (if any) knows about this oid's - * parameters. Make one, and give it the data to decode. - */ - AlgorithmId alg = new AlgorithmId(algid, params); - if (params != null) - alg.decodeParams(); + throws IOException { + if (val.tag != DerValue.tag_Sequence) + throw new IOException("algid parse error, not a sequence"); + /* + * Get the algorithm ID and any parameters. + */ + ObjectIdentifier algid; + DerValue params; + DerInputStream in = val.toDerInputStream(); + + algid = in.getOID(); + if (in.available() == 0) + params = null; + else { + params = in.getDerValue(); + if (params.tag == DerValue.tag_Null) + params = null; + } + + /* + * Figure out what class (if any) knows about this oid's + * parameters. Make one, and give it the data to decode. + */ + AlgorithmId alg = new AlgorithmId(algid, params); + if (params != null) + alg.decodeParams(); /* * Set the raw params string in case @@ -176,130 +165,125 @@ public class AlgorithmId implements Serializable, DerEncoder { String paramStr = null; - if ( params != null ) { + if (params != null) { paramStr = params.toString(); } alg.setParametersString(paramStr); - return alg; + return alg; + } + + public static AlgorithmId parse(byte[] val) + throws IOException { + return null; } - public static AlgorithmId parse(byte[] val) - throws IOException - { - return null; - } - /** * Constructs a parameterless algorithm ID. - * + * * @param oid the identifier for the algorithm */ public AlgorithmId(ObjectIdentifier oid) { - algid = oid; + algid = oid; } - private AlgorithmId(ObjectIdentifier oid, DerValue params) - throws IOException { - this.algid = oid; - this.params = params; + throws IOException { + this.algid = oid; + this.params = params; if (this.params != null) - decodeParams(); + decodeParams(); } - /** * Constructs an algorithm ID which will be initialized * separately, for example by deserialization. + * * @deprecated use one of the other constructors. */ - public AlgorithmId() { } - + public AlgorithmId() { + } protected void decodeParams() throws IOException { - try { - this.algParams = AlgorithmParameters.getInstance - (this.algid.toString()); - } catch (NoSuchAlgorithmException e) { - /* - * This algorithm parameter type is not supported, so we cannot - * parse the parameters. - */ - this.algParams = null; - return; - } - // Decode (parse) the parameters - this.algParams.init(this.params.toByteArray()); + try { + this.algParams = AlgorithmParameters.getInstance + (this.algid.toString()); + } catch (NoSuchAlgorithmException e) { + /* + * This algorithm parameter type is not supported, so we cannot + * parse the parameters. + */ + this.algParams = null; + return; + } + // Decode (parse) the parameters + this.algParams.init(this.params.toByteArray()); } /** * Marshal a DER-encoded "AlgorithmID" sequence on the DER stream. */ public final void encode(DerOutputStream out) - throws IOException - { - derEncode(out); + throws IOException { + derEncode(out); } /** * DER encode this object onto an output stream. * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the output stream on which to write the DER encoding. - * + * + * @param out + * the output stream on which to write the DER encoding. + * * @exception IOException on encoding error. */ - public void derEncode (OutputStream out) throws IOException - { - DerOutputStream bytes = new DerOutputStream(); - DerOutputStream tmp = new DerOutputStream(); - - bytes.putOID(algid); - if (params == null) - bytes.putNull(); - else - bytes.putDerValue(params); - tmp.write(DerValue.tag_Sequence, bytes); - out.write(tmp.toByteArray()); + public void derEncode(OutputStream out) throws IOException { + DerOutputStream bytes = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); + + bytes.putOID(algid); + if (params == null) + bytes.putNull(); + else + bytes.putDerValue(params); + tmp.write(DerValue.tag_Sequence, bytes); + out.write(tmp.toByteArray()); } -// XXXX cleaning required + // XXXX cleaning required /** * Returns the DER-encoded X.509 AlgorithmId as a byte array. */ - public final byte[] encode() throws IOException - { - DerOutputStream out = new DerOutputStream (); - DerOutputStream bytes = new DerOutputStream (); - - bytes.putOID(algid); - if (params == null) - bytes.putNull(); - else - bytes.putDerValue(params); - out.write(DerValue.tag_Sequence, bytes); - return out.toByteArray(); + public final byte[] encode() throws IOException { + DerOutputStream out = new DerOutputStream(); + DerOutputStream bytes = new DerOutputStream(); + + bytes.putOID(algid); + if (params == null) + bytes.putNull(); + else + bytes.putDerValue(params); + out.write(DerValue.tag_Sequence, bytes); + return out.toByteArray(); } /** - * Returns list of signing algorithms for a key algorithm such as - * RSA or DSA. + * Returns list of signing algorithms for a key algorithm such as + * RSA or DSA. */ public static String[] getSigningAlgorithms(AlgorithmId alg) { - ObjectIdentifier algOid = alg.getOID(); - //System.out.println("Key Alg oid "+algOid.toString()); - if (algOid.equals(DSA_oid) || algOid.equals(DSA_OIW_oid)) { - return DSA_SIGNING_ALGORITHMS; - } else if (algOid.equals(RSA_oid) || algOid.equals(RSAEncryption_oid)) { - return RSA_SIGNING_ALGORITHMS; - } else if (algOid.equals(ANSIX962_EC_Public_Key_oid) || algOid.equals(ANSIX962_SHA1_With_EC_oid)) { - return EC_SIGNING_ALGORITHMS; - } else { - return null; - } + ObjectIdentifier algOid = alg.getOID(); + //System.out.println("Key Alg oid "+algOid.toString()); + if (algOid.equals(DSA_oid) || algOid.equals(DSA_OIW_oid)) { + return DSA_SIGNING_ALGORITHMS; + } else if (algOid.equals(RSA_oid) || algOid.equals(RSAEncryption_oid)) { + return RSA_SIGNING_ALGORITHMS; + } else if (algOid.equals(ANSIX962_EC_Public_Key_oid) || algOid.equals(ANSIX962_SHA1_With_EC_oid)) { + return EC_SIGNING_ALGORITHMS; + } else { + return null; + } } /* @@ -309,66 +293,65 @@ public class AlgorithmId implements Serializable, DerEncoder { * where synonyms are supported or where a given algorithm * is commonly associated with multiple OIDs. */ - private static ObjectIdentifier algOID (String name) - { - // Digesting algorithms - - if (name.equals ("MD5")) - return AlgorithmId.MD5_oid; - if (name.equals ("MD2")) - return AlgorithmId.MD2_oid; - if (name.equals ("SHA") || name.equals ("SHA1") - || name.equals("SHA-1")) - return AlgorithmId.SHA_oid; - if (name.equals ("SHA256") || name.equals("SHA-256")) - return AlgorithmId.SHA256_oid; - if (name.equals("SHA512") || name.equals("SHA-512")) - return AlgorithmId.SHA512_oid; - - // Various public key algorithms - - if (name.equals ("RSA")) - return AlgorithmId.RSA_oid; - - if (name.equals ("RSAEncryption")) - return AlgorithmId.RSAEncryption_oid; - if (name.equals ("Diffie-Hellman") || name.equals("DH")) - return AlgorithmId.DH_oid; - if (name.equals ("DSA")) - return AlgorithmId.DSA_oid; - - // Common signature types - - if (name.equals ("SHA1withEC") || name.equals("SHA1/EC") - || name.equals("1.2.840.10045.4.1")) - return AlgorithmId.sha1WithEC_oid; - if (name.equals ("SHA256withEC") || name.equals("SHA256/EC") - || name.equals("1.2.840.10045.4.3.2")) - return AlgorithmId.sha256WithEC_oid; - if (name.equals ("SHA384withEC") || name.equals("SHA384/EC") - || name.equals("1.2.840.10045.4.3.3")) - return AlgorithmId.sha384WithEC_oid; - if (name.equals ("SHA512withEC") || name.equals("SHA512/EC") - || name.equals("1.2.840.10045.4.3.4")) - return AlgorithmId.sha512WithEC_oid; - if (name.equals ("SHA1withRSA") || name.equals("SHA1/RSA") - || name.equals("1.2.840.113549.1.1.5")) - return AlgorithmId.sha1WithRSAEncryption_oid; - if (name.equals ("SHA256withRSA") || name.equals("SHA256/RSA") - || name.equals("1.2.840.113549.1.1.11")) - return AlgorithmId.sha256WithRSAEncryption_oid; - if (name.equals ("SHA512withRSA") || name.equals("SHA512/RSA") - || name.equals("1.2.840.113549.1.1.13")) - return AlgorithmId.sha512WithRSAEncryption_oid; - if (name.equals ("MD5withRSA") || name.equals("MD5/RSA")) - return AlgorithmId.md5WithRSAEncryption_oid; - if (name.equals ("MD2withRSA") || name.equals("MD2/RSA")) - return AlgorithmId.md2WithRSAEncryption_oid; - if (name.equals("SHAwithDSA") || name.equals("SHA1withDSA") - || name.equals("SHA/DSA") || name.equals("SHA1/DSA")) - return AlgorithmId.sha1WithDSA_oid; - - return null; + private static ObjectIdentifier algOID(String name) { + // Digesting algorithms + + if (name.equals("MD5")) + return AlgorithmId.MD5_oid; + if (name.equals("MD2")) + return AlgorithmId.MD2_oid; + if (name.equals("SHA") || name.equals("SHA1") + || name.equals("SHA-1")) + return AlgorithmId.SHA_oid; + if (name.equals("SHA256") || name.equals("SHA-256")) + return AlgorithmId.SHA256_oid; + if (name.equals("SHA512") || name.equals("SHA-512")) + return AlgorithmId.SHA512_oid; + + // Various public key algorithms + + if (name.equals("RSA")) + return AlgorithmId.RSA_oid; + + if (name.equals("RSAEncryption")) + return AlgorithmId.RSAEncryption_oid; + if (name.equals("Diffie-Hellman") || name.equals("DH")) + return AlgorithmId.DH_oid; + if (name.equals("DSA")) + return AlgorithmId.DSA_oid; + + // Common signature types + + if (name.equals("SHA1withEC") || name.equals("SHA1/EC") + || name.equals("1.2.840.10045.4.1")) + return AlgorithmId.sha1WithEC_oid; + if (name.equals("SHA256withEC") || name.equals("SHA256/EC") + || name.equals("1.2.840.10045.4.3.2")) + return AlgorithmId.sha256WithEC_oid; + if (name.equals("SHA384withEC") || name.equals("SHA384/EC") + || name.equals("1.2.840.10045.4.3.3")) + return AlgorithmId.sha384WithEC_oid; + if (name.equals("SHA512withEC") || name.equals("SHA512/EC") + || name.equals("1.2.840.10045.4.3.4")) + return AlgorithmId.sha512WithEC_oid; + if (name.equals("SHA1withRSA") || name.equals("SHA1/RSA") + || name.equals("1.2.840.113549.1.1.5")) + return AlgorithmId.sha1WithRSAEncryption_oid; + if (name.equals("SHA256withRSA") || name.equals("SHA256/RSA") + || name.equals("1.2.840.113549.1.1.11")) + return AlgorithmId.sha256WithRSAEncryption_oid; + if (name.equals("SHA512withRSA") || name.equals("SHA512/RSA") + || name.equals("1.2.840.113549.1.1.13")) + return AlgorithmId.sha512WithRSAEncryption_oid; + if (name.equals("MD5withRSA") || name.equals("MD5/RSA")) + return AlgorithmId.md5WithRSAEncryption_oid; + if (name.equals("MD2withRSA") || name.equals("MD2/RSA")) + return AlgorithmId.md2WithRSAEncryption_oid; + if (name.equals("SHAwithDSA") || name.equals("SHA1withDSA") + || name.equals("SHA/DSA") || name.equals("SHA1/DSA")) + return AlgorithmId.sha1WithDSA_oid; + + return null; } /* @@ -381,99 +364,97 @@ public class AlgorithmId implements Serializable, DerEncoder { * Wherever possible, the names are those defined by the IETF. * Such names are noted below. */ - private String algName() - { - // Common message digest algorithms - - if (algid.equals(AlgorithmId.MD5_oid)) - return "MD5"; // RFC 1423 - if (algid.equals(AlgorithmId.MD2_oid)) - return "MD2"; // RFC 1423 - if (algid.equals(AlgorithmId.SHA_oid)) - return "SHA"; - if (algid.equals(AlgorithmId.SHA256_oid)) - return "SHA256"; - if (algid.equals(AlgorithmId.SHA512_oid)) - return "SHA512"; - - // Common key types - - if (algid.equals(AlgorithmId.ANSIX962_EC_Public_Key_oid)) - return "EC"; - if (algid.equals(AlgorithmId.RSAEncryption_oid) - || algid.equals(AlgorithmId.RSA_oid)) - return "RSA"; - if (algid.equals(AlgorithmId.DH_oid) + private String algName() { + // Common message digest algorithms + + if (algid.equals(AlgorithmId.MD5_oid)) + return "MD5"; // RFC 1423 + if (algid.equals(AlgorithmId.MD2_oid)) + return "MD2"; // RFC 1423 + if (algid.equals(AlgorithmId.SHA_oid)) + return "SHA"; + if (algid.equals(AlgorithmId.SHA256_oid)) + return "SHA256"; + if (algid.equals(AlgorithmId.SHA512_oid)) + return "SHA512"; + + // Common key types + + if (algid.equals(AlgorithmId.ANSIX962_EC_Public_Key_oid)) + return "EC"; + if (algid.equals(AlgorithmId.RSAEncryption_oid) + || algid.equals(AlgorithmId.RSA_oid)) + return "RSA"; + if (algid.equals(AlgorithmId.DH_oid) || algid.equals(AlgorithmId.DH_PKIX_oid)) - return "Diffie-Hellman"; - if (algid.equals(AlgorithmId.DSA_oid) + return "Diffie-Hellman"; + if (algid.equals(AlgorithmId.DSA_oid) || algid.equals(AlgorithmId.DSA_OIW_oid)) - return "DSA"; - - // Common signature types - - if (algid.equals (AlgorithmId.sha1WithEC_oid)) - return "SHA1withEC"; - if (algid.equals (AlgorithmId.sha256WithEC_oid)) - return "SHA256withEC"; - if (algid.equals (AlgorithmId.sha384WithEC_oid)) - return "SHA384withEC"; - if (algid.equals (AlgorithmId.sha512WithEC_oid)) - return "SHA512withEC"; - if (algid.equals (AlgorithmId.md5WithRSAEncryption_oid)) - return "MD5withRSA"; - if (algid.equals (AlgorithmId.md2WithRSAEncryption_oid)) - return "MD2withRSA"; - if (algid.equals (AlgorithmId.sha1WithRSAEncryption_oid)) - return "SHA1withRSA"; - if (algid.equals (AlgorithmId.sha256WithRSAEncryption_oid)) - return "SHA256withRSA"; - if (algid.equals (AlgorithmId.sha512WithRSAEncryption_oid)) - return "SHA512withRSA"; - if (algid.equals(AlgorithmId.sha1WithDSA_oid) + return "DSA"; + + // Common signature types + + if (algid.equals(AlgorithmId.sha1WithEC_oid)) + return "SHA1withEC"; + if (algid.equals(AlgorithmId.sha256WithEC_oid)) + return "SHA256withEC"; + if (algid.equals(AlgorithmId.sha384WithEC_oid)) + return "SHA384withEC"; + if (algid.equals(AlgorithmId.sha512WithEC_oid)) + return "SHA512withEC"; + if (algid.equals(AlgorithmId.md5WithRSAEncryption_oid)) + return "MD5withRSA"; + if (algid.equals(AlgorithmId.md2WithRSAEncryption_oid)) + return "MD2withRSA"; + if (algid.equals(AlgorithmId.sha1WithRSAEncryption_oid)) + return "SHA1withRSA"; + if (algid.equals(AlgorithmId.sha256WithRSAEncryption_oid)) + return "SHA256withRSA"; + if (algid.equals(AlgorithmId.sha512WithRSAEncryption_oid)) + return "SHA512withRSA"; + if (algid.equals(AlgorithmId.sha1WithDSA_oid) || algid.equals(AlgorithmId.sha1WithDSA_OIW_oid) || algid.equals(AlgorithmId.shaWithDSA_OIW_oid)) - return "SHA1withDSA"; + return "SHA1withDSA"; - // default returns a dot-notation ID + // default returns a dot-notation ID - return "OID." + algid.toString (); + return "OID." + algid.toString(); } /** - * Returns the ISO OID for this algorithm. This is usually converted + * Returns the ISO OID for this algorithm. This is usually converted * to a string and used as part of an algorithm name, for example - * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> - * call when you do not need to ensure cross-system portability + * "OID.1.3.14.3.2.13" style notation. Use the <code>getName</code> call when you do not need to ensure cross-system portability * of algorithm names, or need a user friendly name. */ - final public ObjectIdentifier getOID () - { return algid; } - + final public ObjectIdentifier getOID() { + return algid; + } /** * Returns a name for the algorithm which may be more intelligible * to humans than the algorithm's OID, but which won't necessarily - * be comprehensible on other systems. For example, this might + * be comprehensible on other systems. For example, this might * return a name such as "MD5withRSA" for a signature algorithm on - * some systems. It also returns names like "OID.1.2.3.4", when + * some systems. It also returns names like "OID.1.2.3.4", when * no particular name for the algorithm is known. */ - public String getName() - { return algName (); } + public String getName() { + return algName(); + } /** * Returns a string describing the algorithm and its parameters. */ - public String toString() - { - return (algName() + paramsToString()); + public String toString() { + return (algName() + paramsToString()); } /** * Returns the DER encoded parameter, which can then be * used to initialize java.security.AlgorithmParamters. - * + * * @return DER encoded parameters, or null not present. */ public byte[] getEncodedParams() throws IOException { @@ -487,63 +468,55 @@ public class AlgorithmId implements Serializable, DerEncoder { * Provides a human-readable description of the algorithm parameters. * This may be redefined by subclasses which parse those parameters. */ - protected String paramsToString() - { - if (params == null) { - return ""; - } else if (algParams != null) { - return algParams.toString(); - } else { - return ", params unparsed"; - } + protected String paramsToString() { + if (params == null) { + return ""; + } else if (algParams != null) { + return algParams.toString(); + } else { + return ", params unparsed"; + } } - /** * Returns true iff the argument indicates the same algorithm * with the same parameters. */ - public boolean equals(AlgorithmId other) - { - if (!algid.equals (other.algid)) + public boolean equals(AlgorithmId other) { + if (!algid.equals(other.algid)) + return false; + else if (params == null && other.params == null) + return true; + else if (params == null) return false; - else if (params == null && other.params == null) - return true; - else if (params == null) - return false; - else - return params.equals(other.params); + else + return params.equals(other.params); } - /** - * Compares this AlgorithmID to another. If algorithm parameters are - * available, they are compared. Otherwise, just the object IDs + * Compares this AlgorithmID to another. If algorithm parameters are + * available, they are compared. Otherwise, just the object IDs * for the algorithm are compared. - * + * * @param other preferably an AlgorithmId, else an ObjectIdentifier */ - public boolean equals(Object other) - { - if (other instanceof AlgorithmId) - return equals((AlgorithmId) other); - else if (other instanceof ObjectIdentifier) - return equals((ObjectIdentifier) other); - else - return false; + public boolean equals(Object other) { + if (other instanceof AlgorithmId) + return equals((AlgorithmId) other); + else if (other instanceof ObjectIdentifier) + return equals((ObjectIdentifier) other); + else + return false; } - /** - * Compares two algorithm IDs for equality. Returns true iff + * Compares two algorithm IDs for equality. Returns true iff * they are the same algorithm, ignoring algorithm parameters. */ - public final boolean equals(ObjectIdentifier id) - { - return algid.equals(id); + public final boolean equals(ObjectIdentifier id) { + return algid.equals(id); } - /*****************************************************************/ /* @@ -553,22 +526,20 @@ public class AlgorithmId implements Serializable, DerEncoder { private static final int MD5_data[] = { 1, 2, 840, 113549, 2, 5 }; // sha = { 1, 3, 14, 3, 2, 18 }; private static final int SHA1_OIW_data[] = { 1, 3, 14, 3, 2, 26 }; - private static final int SHA256_data[] = {2, 16, 840, 1, 101, 3, 4, 2, 1}; - private static final int SHA512_data[] = {2, 16, 840, 1, 101, 3, 4, 2, 3}; + private static final int SHA256_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 }; + private static final int SHA512_data[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 }; /** * Algorithm ID for the MD2 Message Digest Algorthm, from RFC 1319. * OID = 1.2.840.113549.2.2 */ - public static final ObjectIdentifier - MD2_oid = new ObjectIdentifier(MD2_data); + public static final ObjectIdentifier MD2_oid = new ObjectIdentifier(MD2_data); /** * Algorithm ID for the MD5 Message Digest Algorthm, from RFC 1321. * OID = 1.2.840.113549.2.5 */ - public static final ObjectIdentifier - MD5_oid = new ObjectIdentifier(MD5_data); + public static final ObjectIdentifier MD5_oid = new ObjectIdentifier(MD5_data); /** * Algorithm ID for the SHA1 Message Digest Algorithm, from FIPS 180-1. @@ -576,14 +547,11 @@ public class AlgorithmId implements Serializable, DerEncoder { * many people refer to FIPS 180 (which has an error) as defining SHA. * OID = 1.3.14.3.2.26 */ - public static final ObjectIdentifier - SHA_oid = new ObjectIdentifier(SHA1_OIW_data); + public static final ObjectIdentifier SHA_oid = new ObjectIdentifier(SHA1_OIW_data); - public static final ObjectIdentifier - SHA256_oid = new ObjectIdentifier(SHA256_data); + public static final ObjectIdentifier SHA256_oid = new ObjectIdentifier(SHA256_data); - public static final ObjectIdentifier - SHA512_oid = new ObjectIdentifier(SHA512_data); + public static final ObjectIdentifier SHA512_oid = new ObjectIdentifier(SHA512_data); /* * COMMON PUBLIC KEY TYPES @@ -600,10 +568,8 @@ public class AlgorithmId implements Serializable, DerEncoder { private static final int ANSI_X962_sha1_with_ec_data[] = { 1, 2, 840, 10045, 4, 1 }; - public static final ObjectIdentifier - ANSIX962_EC_Public_Key_oid = new ObjectIdentifier(ANSI_X962_public_key_data); - public static final ObjectIdentifier - ANSIX962_SHA1_With_EC_oid = new ObjectIdentifier(ANSI_X962_sha1_with_ec_data); + public static final ObjectIdentifier ANSIX962_EC_Public_Key_oid = new ObjectIdentifier(ANSI_X962_public_key_data); + public static final ObjectIdentifier ANSIX962_SHA1_With_EC_oid = new ObjectIdentifier(ANSI_X962_sha1_with_ec_data); /* * Note the preferred OIDs are named simply with no "OIW" or @@ -613,13 +579,12 @@ public class AlgorithmId implements Serializable, DerEncoder { /** * Algorithm ID for Diffie Hellman Key agreement, from PKCS #3. * Parameters include public values P and G, and may optionally specify - * the length of the private key X. Alternatively, algorithm parameters + * the length of the private key X. Alternatively, algorithm parameters * may be derived from another source such as a Certificate Authority's * certificate. * OID = 1.2.840.113549.1.3.1 */ - public static final ObjectIdentifier - DH_oid = new ObjectIdentifier(DH_data); + public static final ObjectIdentifier DH_oid = new ObjectIdentifier(DH_data); /** * Algorithm ID for the Diffie Hellman Key Agreement (DH), from the @@ -627,8 +592,7 @@ public class AlgorithmId implements Serializable, DerEncoder { * Parameters may include public values P and G. * OID = 1.2.840.10046.2.1 */ - public static final ObjectIdentifier - DH_PKIX_oid = new ObjectIdentifier(DH_PKIX_data); + public static final ObjectIdentifier DH_PKIX_oid = new ObjectIdentifier(DH_PKIX_data); /** * Algorithm ID for the Digital Signing Algorithm (DSA), from the @@ -638,8 +602,7 @@ public class AlgorithmId implements Serializable, DerEncoder { * another source such as a Certificate Authority's certificate. * OID = 1.3.14.3.2.12 */ - public static final ObjectIdentifier - DSA_OIW_oid = new ObjectIdentifier(DSA_OIW_data); + public static final ObjectIdentifier DSA_OIW_oid = new ObjectIdentifier(DSA_OIW_data); /** * Algorithm ID for the Digital Signing Algorithm (DSA), from the @@ -649,8 +612,7 @@ public class AlgorithmId implements Serializable, DerEncoder { * another source such as a Certificate Authority's certificate. * OID = 1.2.840.10040.4.1 */ - public static final ObjectIdentifier - DSA_oid = new ObjectIdentifier(DSA_PKIX_data); + public static final ObjectIdentifier DSA_oid = new ObjectIdentifier(DSA_PKIX_data); /** * Algorithm ID for RSA keys used for any purpose, as defined in X.509. @@ -658,113 +620,99 @@ public class AlgorithmId implements Serializable, DerEncoder { * public modulus. * OID = 1.2.5.8.1.1 */ - public static final ObjectIdentifier - RSA_oid = new ObjectIdentifier(RSA_data); - + public static final ObjectIdentifier RSA_oid = new ObjectIdentifier(RSA_data); /** * Algorithm ID for RSA keys used with RSA encryption, as defined - * in PKCS #1. There are no parameters associated with this algorithm. + * in PKCS #1. There are no parameters associated with this algorithm. * OID = 1.2.840.113549.1.1.1 */ - public static final ObjectIdentifier - RSAEncryption_oid = new ObjectIdentifier(RSAEncryption_data); - + public static final ObjectIdentifier RSAEncryption_oid = new ObjectIdentifier(RSAEncryption_data); /* * COMMON SIGNATURE ALGORITHMS */ - private static final int sha1WithEC_data[] = - { 1, 2, 840, 10045, 4, 1 }; - private static final int sha256WithEC_data[] = - { 1, 2, 840, 10045, 4, 3, 2 }; - private static final int sha384WithEC_data[] = - { 1, 2, 840, 10045, 4, 3, 3 }; - private static final int sha512WithEC_data[] = - { 1, 2, 840, 10045, 4, 3, 4 }; - private static final int md2WithRSAEncryption_data[] = - { 1, 2, 840, 113549, 1, 1, 2 }; - private static final int md5WithRSAEncryption_data[] = - { 1, 2, 840, 113549, 1, 1, 4 }; - private static final int sha1WithRSAEncryption_data[] = - { 1, 2, 840, 113549 ,1, 1, 5 }; - private static final int sha256WithRSAEncryption_data[] = - { 1, 2, 840, 113549 ,1, 1, 11 }; - private static final int sha512WithRSAEncryption_data[] = - { 1, 2, 840, 113549 ,1, 1, 13 }; - private static final int sha1WithRSAEncryption_OIW_data[] = - { 1, 3, 14, 3, 2, 29 }; - private static final int shaWithDSA_OIW_data[] = - { 1, 3, 14, 3, 2, 13 }; - private static final int sha1WithDSA_OIW_data[] = - { 1, 3, 14, 3, 2, 27 }; - private static final int dsaWithSHA1_PKIX_data[] = - { 1, 2, 840, 10040, 4, 3 }; - - public static final ObjectIdentifier - sha1WithEC_oid = new - ObjectIdentifier(sha1WithEC_data); - - public static final ObjectIdentifier - sha256WithEC_oid = new - ObjectIdentifier(sha256WithEC_data); - - public static final ObjectIdentifier - sha384WithEC_oid = new - ObjectIdentifier(sha384WithEC_data); - - public static final ObjectIdentifier - sha512WithEC_oid = new - ObjectIdentifier(sha512WithEC_data); + private static final int sha1WithEC_data[] = + { 1, 2, 840, 10045, 4, 1 }; + private static final int sha256WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 2 }; + private static final int sha384WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 3 }; + private static final int sha512WithEC_data[] = + { 1, 2, 840, 10045, 4, 3, 4 }; + private static final int md2WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 2 }; + private static final int md5WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 4 }; + private static final int sha1WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 5 }; + private static final int sha256WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 11 }; + private static final int sha512WithRSAEncryption_data[] = + { 1, 2, 840, 113549, 1, 1, 13 }; + private static final int sha1WithRSAEncryption_OIW_data[] = + { 1, 3, 14, 3, 2, 29 }; + private static final int shaWithDSA_OIW_data[] = + { 1, 3, 14, 3, 2, 13 }; + private static final int sha1WithDSA_OIW_data[] = + { 1, 3, 14, 3, 2, 27 }; + private static final int dsaWithSHA1_PKIX_data[] = + { 1, 2, 840, 10040, 4, 3 }; + + public static final ObjectIdentifier sha1WithEC_oid = new + ObjectIdentifier(sha1WithEC_data); + + public static final ObjectIdentifier sha256WithEC_oid = new + ObjectIdentifier(sha256WithEC_data); + + public static final ObjectIdentifier sha384WithEC_oid = new + ObjectIdentifier(sha384WithEC_data); + + public static final ObjectIdentifier sha512WithEC_oid = new + ObjectIdentifier(sha512WithEC_data); /** * Identifies a signing algorithm where an MD2 digest is encrypted - * using an RSA private key; defined in PKCS #1. Use of this + * using an RSA private key; defined in PKCS #1. Use of this * signing algorithm is discouraged due to MD2 vulnerabilities. * OID = 1.2.840.113549.1.1.2 */ - public static final ObjectIdentifier - md2WithRSAEncryption_oid = new - ObjectIdentifier(md2WithRSAEncryption_data); + public static final ObjectIdentifier md2WithRSAEncryption_oid = new + ObjectIdentifier(md2WithRSAEncryption_data); /** * Identifies a signing algorithm where an MD5 digest is * encrypted using an RSA private key; defined in PKCS #1. * OID = 1.2.840.113549.1.1.4 */ - public static final ObjectIdentifier - md5WithRSAEncryption_oid = new - ObjectIdentifier(md5WithRSAEncryption_data); + public static final ObjectIdentifier md5WithRSAEncryption_oid = new + ObjectIdentifier(md5WithRSAEncryption_data); /** * The proper one for sha1/rsa */ - public static final ObjectIdentifier - sha1WithRSAEncryption_oid = new - ObjectIdentifier(sha1WithRSAEncryption_data); + public static final ObjectIdentifier sha1WithRSAEncryption_oid = new + ObjectIdentifier(sha1WithRSAEncryption_data); /** * The proper one for sha256/rsa */ - public static final ObjectIdentifier - sha256WithRSAEncryption_oid = new - ObjectIdentifier(sha256WithRSAEncryption_data); + public static final ObjectIdentifier sha256WithRSAEncryption_oid = new + ObjectIdentifier(sha256WithRSAEncryption_data); /** * The proper one for sha512/rsa */ - public static final ObjectIdentifier - sha512WithRSAEncryption_oid = new - ObjectIdentifier(sha512WithRSAEncryption_data); + public static final ObjectIdentifier sha512WithRSAEncryption_oid = new + ObjectIdentifier(sha512WithRSAEncryption_data); /** * Identifies a signing algorithm where an SHA1 digest is * encrypted using an RSA private key; defined in NIST OIW. * OID = 1.3.14.3.2.29 */ - public static final ObjectIdentifier - sha1WithRSAEncryption_OIW_oid = new - ObjectIdentifier(sha1WithRSAEncryption_OIW_data); + public static final ObjectIdentifier sha1WithRSAEncryption_OIW_oid = new + ObjectIdentifier(sha1WithRSAEncryption_OIW_data); /** * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a @@ -772,44 +720,41 @@ public class AlgorithmId implements Serializable, DerEncoder { * This should not be used. * OID = 1.3.14.3.2.13 */ - public static final ObjectIdentifier - shaWithDSA_OIW_oid = new ObjectIdentifier(shaWithDSA_OIW_data); + public static final ObjectIdentifier shaWithDSA_OIW_oid = new ObjectIdentifier(shaWithDSA_OIW_data); /** * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a * SHA1 digest is signed using the Digital Signing Algorithm (DSA). * OID = 1.3.14.3.2.27 */ - public static final ObjectIdentifier - sha1WithDSA_OIW_oid = new ObjectIdentifier(sha1WithDSA_OIW_data); + public static final ObjectIdentifier sha1WithDSA_OIW_oid = new ObjectIdentifier(sha1WithDSA_OIW_data); /** * Identifies the FIPS 186 "Digital Signature Standard" (DSS), where a * SHA1 digest is signed using the Digital Signing Algorithm (DSA). * OID = 1.2.840.10040.4.3 */ - public static final ObjectIdentifier - sha1WithDSA_oid = new ObjectIdentifier(dsaWithSHA1_PKIX_data); + public static final ObjectIdentifier sha1WithDSA_oid = new ObjectIdentifier(dsaWithSHA1_PKIX_data); - /** + /** * Supported signing algorithms for a DSA key. */ - public static final String[] DSA_SIGNING_ALGORITHMS = new String[] - { "SHA1withDSA" }; + public static final String[] DSA_SIGNING_ALGORITHMS = new String[] + { "SHA1withDSA" }; - /** + /** * Supported signing algorithms for a RSA key. */ - public static final String[] RSA_SIGNING_ALGORITHMS = new String[] - { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "MD5withRSA", "MD2withRSA" }; + public static final String[] RSA_SIGNING_ALGORITHMS = new String[] + { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "MD5withRSA", "MD2withRSA" }; - public static final String[] EC_SIGNING_ALGORITHMS = new String[] - { "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; + public static final String[] EC_SIGNING_ALGORITHMS = new String[] + { "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; - /** + /** * All supported signing algorithms. */ - public static final String[] ALL_SIGNING_ALGORITHMS = new String[] - { "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; + public static final String[] ALL_SIGNING_ALGORITHMS = new String[] + { "SHA1withRSA", "MD5withRSA", "MD2withRSA", "SHA1withDSA", "SHA256withRSA", "SHA512withRSA", "SHA1withEC", "SHA256withEC", "SHA384withEC", "SHA512withEC" }; } diff --git a/pki/base/util/src/netscape/security/x509/Attribute.java b/pki/base/util/src/netscape/security/x509/Attribute.java index b362f629..b026e30c 100644 --- a/pki/base/util/src/netscape/security/x509/Attribute.java +++ b/pki/base/util/src/netscape/security/x509/Attribute.java @@ -29,28 +29,30 @@ import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; /** - * An attribute, as identified by some attribute ID, has some particular values. - * Values are as a rule ASN.1 printable strings. A conventional set of type IDs + * An attribute, as identified by some attribute ID, has some particular values. + * Values are as a rule ASN.1 printable strings. A conventional set of type IDs * is recognized when parsing. The following shows the syntax: + * * <pre> - * + * * Attribute ::= SEQUENCE { - * type AttributeType, + * type AttributeType, * value SET OF AttributeValue * -- at least one value is required --} - * + * * AttributeType ::= OBJECT IDENTIFIER - * + * * AttributeValue ::= ANY - * + * * </pre> + * * Refer to draft-ietf-pkix-ipki-part1-11 for the support attributes listed on * page 96 of the internet draft. The are listed here for easy reference: name, - * common name, surname, given name, initials, generation qualifier, dn qualifier, + * common name, surname, given name, initials, generation qualifier, dn qualifier, * country name, locality name, state or province name, organization name, organization * unit name, title, pkcs9 email. Not all the attributes are supported. Please check * the X500NameAttrMap for defined attributes. - * + * * @author Christine Ho */ @@ -61,71 +63,71 @@ public final class Attribute implements Serializable, DerEncoder { */ private static final long serialVersionUID = -931486084625476764L; //private variables - ObjectIdentifier oid; - Vector valueSet = new Vector(); + ObjectIdentifier oid; + Vector valueSet = new Vector(); transient protected X500NameAttrMap attrMap; //========== CONSTRUCTOR ================================== /** * Construct an attribute from attribute type and attribute value + * * @param oid the object identifier of the attribute type * @param value the value string */ - public Attribute (ObjectIdentifier oid, String value) - throws IOException - { + public Attribute(ObjectIdentifier oid, String value) + throws IOException { //pre-condition verification if ((oid == null) || (value == null)) - throw new IOException("Invalid Input - null passed"); - - attrMap = X500NameAttrMap.getDefault(); - this.oid = oid; - valueSet.addElement(value); + throw new IOException("Invalid Input - null passed"); + + attrMap = X500NameAttrMap.getDefault(); + this.oid = oid; + valueSet.addElement(value); } /** * Construct an attribute from attribute type and attribute values + * * @param oid the object identifier of the attribute type * @param values String value vector */ - public Attribute (ObjectIdentifier oid, Vector values) - throws IOException - { + public Attribute(ObjectIdentifier oid, Vector values) + throws IOException { //pre-condition verification if ((oid == null) || (values == null)) - throw new IOException("Invalid Input - null passed"); - - attrMap = X500NameAttrMap.getDefault(); - this.oid = oid; - - //copy the value into the valueSet list - Enumeration vals = values.elements(); - while (vals.hasMoreElements()) { - Object obj = vals.nextElement(); - if (obj instanceof String) - valueSet.addElement(obj); - else - throw new IOException("values vectore must consist of String object"); - } + throw new IOException("Invalid Input - null passed"); + + attrMap = X500NameAttrMap.getDefault(); + this.oid = oid; + + //copy the value into the valueSet list + Enumeration vals = values.elements(); + while (vals.hasMoreElements()) { + Object obj = vals.nextElement(); + if (obj instanceof String) + valueSet.addElement(obj); + else + throw new IOException("values vectore must consist of String object"); + } } /** * Construct an attribute from attribute type and attribute values + * * @param oid attribute type string CN,OU,O,C,L,TITLE,ST,STREET,UID,MAIL,E,DC * @param values String value vector */ - public Attribute (String attr, Vector values) - throws IOException - { + public Attribute(String attr, Vector values) + throws IOException { //pre-condition verification if ((attr == null) || (values == null)) - throw new IOException("Invalid Input - null passed"); - - ObjectIdentifier identifier = null; + throw new IOException("Invalid Input - null passed"); + + ObjectIdentifier identifier = null; try { identifier = new ObjectIdentifier(attr); } catch (Exception e) { @@ -133,155 +135,150 @@ public final class Attribute implements Serializable, DerEncoder { ObjectIdentifier id = identifier; if (identifier == null) { - attrMap = X500NameAttrMap.getDefault(); - id = attrMap.getOid(attr); + attrMap = X500NameAttrMap.getDefault(); + id = attrMap.getOid(attr); if (id == null) - throw new IOException("Attr is not supported - does not contain in attr map"); + throw new IOException("Attr is not supported - does not contain in attr map"); + } + this.oid = id; + + //copy the value into the valueSet list + Enumeration vals = values.elements(); + while (vals.hasMoreElements()) { + Object obj = vals.nextElement(); + if (obj instanceof String) + valueSet.addElement(obj); + else + throw new IOException("Values vectore must consist of String object"); } - this.oid = id; - - //copy the value into the valueSet list - Enumeration vals = values.elements(); - while (vals.hasMoreElements()) { - Object obj = vals.nextElement(); - if (obj instanceof String) - valueSet.addElement(obj); - else - throw new IOException("Values vectore must consist of String object"); - } } /** * Construct an attribute from a der encoded object. This der - * der encoded value should represent the attribute object. + * der encoded value should represent the attribute object. + * * @param value the attribute object in der encode form. */ - public Attribute (DerValue val) - throws IOException - { + public Attribute(DerValue val) + throws IOException { - //pre-condition verification - if (val == null) - throw new IOException("Invalid Input - null passed"); + //pre-condition verification + if (val == null) + throw new IOException("Invalid Input - null passed"); - attrMap = X500NameAttrMap.getDefault(); + attrMap = X500NameAttrMap.getDefault(); - decodeThis(val); + decodeThis(val); } //========== PUBLIC METHODS ================================== - /** + /** * Returns the OID in the Attribute. + * * @return the ObjectIdentifier in this Attribute. */ - public ObjectIdentifier getOid() - { - return oid; + public ObjectIdentifier getOid() { + return oid; } /** * Returns enumeration of values in this attribute. + * * @return Enumeration of values of this Attribute. */ - public Enumeration getValues() - { - if (valueSet == null) return null; - return valueSet.elements(); + public Enumeration getValues() { + if (valueSet == null) + return null; + return valueSet.elements(); } /** * Encodes the Attribute to a Der output stream. * Attribute are encoded as a SEQUENCE of two elements. + * * @param out The Der output stream. */ - public void encode(DerOutputStream out) throws IOException - { - encodeThis(out); + public void encode(DerOutputStream out) throws IOException { + encodeThis(out); } - /** + /** * DER encode this object onto an output stream. * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the output stream on which to write the DER encoding. - * + * + * @param out + * the output stream on which to write the DER encoding. + * * @exception IOException on encoding error. */ - public void derEncode (OutputStream out) throws IOException - { - encodeThis(out); + public void derEncode(OutputStream out) throws IOException { + encodeThis(out); } /** * Prints a string version of this extension. */ - public String toString() - { - String theoid = "Attribute: "+oid+"\n"; - String values = "Values: "; - Enumeration n = valueSet.elements(); - if (n.hasMoreElements()) { - values += (String)n.nextElement(); - while (n.hasMoreElements()) - values+= ","+(String)n.nextElement(); - } - return theoid+values+"\n"; + public String toString() { + String theoid = "Attribute: " + oid + "\n"; + String values = "Values: "; + Enumeration n = valueSet.elements(); + if (n.hasMoreElements()) { + values += (String) n.nextElement(); + while (n.hasMoreElements()) + values += "," + (String) n.nextElement(); + } + return theoid + values + "\n"; } - //========== PRIVATE METHODS ================================== //encode the attribute object private void encodeThis(OutputStream out) - throws IOException - { - DerOutputStream tmp = new DerOutputStream (); - DerOutputStream tmp2 = new DerOutputStream (); - - tmp.putOID (oid); - encodeValueSet(tmp); - tmp2.write (DerValue.tag_Sequence, tmp); - out.write(tmp2.toByteArray()); + throws IOException { + DerOutputStream tmp = new DerOutputStream(); + DerOutputStream tmp2 = new DerOutputStream(); + + tmp.putOID(oid); + encodeValueSet(tmp); + tmp2.write(DerValue.tag_Sequence, tmp); + out.write(tmp2.toByteArray()); } //encode the attribute object private void encodeValueSet(OutputStream out) - throws IOException - { - DerOutputStream tmp = new DerOutputStream (); - DerOutputStream tmp2 = new DerOutputStream (); + throws IOException { + DerOutputStream tmp = new DerOutputStream(); + DerOutputStream tmp2 = new DerOutputStream(); - //get the attribute converter + //get the attribute converter AVAValueConverter converter = attrMap.getValueConverter(oid); if (converter == null) { converter = new GenericValueConverter(); - //throw new IOException("Converter not found: unsupported attribute type"); + //throw new IOException("Converter not found: unsupported attribute type"); } - //loop through all the values and encode - Enumeration vals = valueSet.elements(); - while (vals.hasMoreElements()) { + //loop through all the values and encode + Enumeration vals = valueSet.elements(); + while (vals.hasMoreElements()) { String val = (String) vals.nextElement(); - DerValue derobj = converter.getValue(val); - derobj.encode(tmp); - } + DerValue derobj = converter.getValue(val); + derobj.encode(tmp); + } - tmp2.write (DerValue.tag_SetOf, tmp); - out.write(tmp2.toByteArray()); + tmp2.write(DerValue.tag_SetOf, tmp); + out.write(tmp2.toByteArray()); } //decode the attribute object private void decodeThis(DerValue val) - throws IOException - { + throws IOException { - //pre-condition verification - if (val == null) { - throw new IOException("Invalid Input - null passed."); - } + //pre-condition verification + if (val == null) { + throw new IOException("Invalid Input - null passed."); + } if (val.tag != DerValue.tag_Sequence) { throw new IOException("Invalid encoding for Attribute."); @@ -291,31 +288,30 @@ public final class Attribute implements Serializable, DerEncoder { throw new IOException("No data available in " + "passed DER encoded value."); } - this.oid = val.data.getDerValue().getOID(); + this.oid = val.data.getDerValue().getOID(); if (val.data.available() == 0) { throw new IOException("Invalid encoding for Attribute - value missing"); } - decodeValueSet(val.data.getDerValue()); + decodeValueSet(val.data.getDerValue()); - if (this.oid == null) - throw new IOException("Invalid encoding for Attribute - OID missing"); + if (this.oid == null) + throw new IOException("Invalid encoding for Attribute - OID missing"); } //decode the attribute value set private void decodeValueSet(DerValue val) - throws IOException - { - //pre-condition verification - if (val == null) { - throw new IOException("Invalid Input - null passed."); - } - - AVAValueConverter converter = attrMap.getValueConverter(this.oid); - if (converter == null) { + throws IOException { + //pre-condition verification + if (val == null) { + throw new IOException("Invalid Input - null passed."); + } + + AVAValueConverter converter = attrMap.getValueConverter(this.oid); + if (converter == null) { converter = new GenericValueConverter(); - //throw new IOException("Attribute is not supported - not in attr map"); + //throw new IOException("Attribute is not supported - not in attr map"); } if (val.tag != DerValue.tag_SetOf) { @@ -326,13 +322,12 @@ public final class Attribute implements Serializable, DerEncoder { throw new IOException("No data available in " + "passed DER encoded attribute value set."); } - - //get the value set - while (val.data.available() != 0) { - DerValue value = val.data.getDerValue(); - valueSet.addElement(converter.getAsString(value)); - } + + //get the value set + while (val.data.available() != 0) { + DerValue value = val.data.getDerValue(); + valueSet.addElement(converter.getAsString(value)); + } } } - diff --git a/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java b/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java index 6e330f8a..285cfb8b 100644 --- a/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java +++ b/pki/base/util/src/netscape/security/x509/AuthorityKeyIdentifierExtension.java @@ -29,14 +29,12 @@ import netscape.security.util.DerValue; /** * This class represents the Authority Key Identifier Extension. - * - * <p>The authority key identifier extension provides a means of - * identifying the particular public key used to sign a certificate. - * This extension would be used where an issuer has multiple signing - * keys (either due to multiple concurrent key pairs or due to - * changeover). + * + * <p> + * The authority key identifier extension provides a means of identifying the particular public key used to sign a certificate. This extension would be used where an issuer has multiple signing keys (either due to multiple concurrent key pairs or due to changeover). * <p> * The ASN.1 syntax for this is: + * * <pre> * AuthorityKeyIdentifier ::= SEQUENCE { * keyIdentifier [0] KeyIdentifier OPTIONAL, @@ -45,6 +43,7 @@ import netscape.security.util.DerValue; * } * KeyIdentifier ::= OCTET STRING * </pre> + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.9 @@ -52,7 +51,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class AuthorityKeyIdentifierExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -60,7 +59,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.AuthorityKeyIdentifier"; /** @@ -75,9 +74,9 @@ implements CertAttrSet { private static final byte TAG_NAMES = 1; private static final byte TAG_SERIAL_NUM = 2; - private KeyIdentifier id = null; - private GeneralNames names = null; - private SerialNumber serialNum = null; + private KeyIdentifier id = null; + private GeneralNames names = null; + private SerialNumber serialNum = null; // Encode only the extension value private void encodeThis() throws IOException { @@ -91,9 +90,9 @@ implements CertAttrSet { } try { if (names != null) { - DerOutputStream tmp1 = new DerOutputStream(); - names.encode(tmp1); - tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + DerOutputStream tmp1 = new DerOutputStream(); + names.encode(tmp1); + tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_NAMES), tmp1); } } catch (Exception e) { @@ -102,7 +101,7 @@ implements CertAttrSet { if (serialNum != null) { DerOutputStream tmp1 = new DerOutputStream(); serialNum.encode(tmp1); - tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + tmp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_SERIAL_NUM), tmp1); } seq.write(DerValue.tag_Sequence, tmp); @@ -112,10 +111,10 @@ implements CertAttrSet { /** * Exposed critical parameter. 99/11/03 */ - public AuthorityKeyIdentifierExtension(boolean critical, - KeyIdentifier kid, GeneralNames name, + public AuthorityKeyIdentifierExtension(boolean critical, + KeyIdentifier kid, GeneralNames name, SerialNumber sn) - throws IOException { + throws IOException { this.id = kid; this.names = name; this.serialNum = sn; @@ -126,18 +125,18 @@ implements CertAttrSet { } /** - * The default constructor for this extension. Null parameters make + * The default constructor for this extension. Null parameters make * the element optional (not present). - * + * * @param id the KeyIdentifier associated with this extension. * @param names the GeneralNames associated with this extension * @param serialNum the CertificateSerialNumber associated with - * this extension. + * this extension. * @exception IOException on error. */ public AuthorityKeyIdentifierExtension(KeyIdentifier kid, GeneralNames name, SerialNumber sn) - throws IOException { + throws IOException { this.id = kid; this.names = name; this.serialNum = sn; @@ -149,13 +148,13 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public AuthorityKeyIdentifierExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.AuthorityKey_Id; this.critical = critical.booleanValue(); @@ -163,7 +162,7 @@ implements CertAttrSet { throw new IOException("Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; @@ -181,7 +180,7 @@ implements CertAttrSet { if (opt.isContextSpecific(TAG_ID) && !opt.isConstructed()) { if (id != null) - throw new IOException("Duplicate KeyIdentifier in " + + throw new IOException("Duplicate KeyIdentifier in " + "AuthorityKeyIdentifier."); opt.resetTag(DerValue.tag_OctetString); id = new KeyIdentifier(opt); @@ -189,27 +188,27 @@ implements CertAttrSet { } else if (opt.isContextSpecific(TAG_NAMES) && opt.isConstructed()) { if (names != null) - throw new IOException("Duplicate GeneralNames in " + + throw new IOException("Duplicate GeneralNames in " + "AuthorityKeyIdentifier."); - try { + try { opt.resetTag(DerValue.tag_Sequence); names = new GeneralNames(opt); - } catch (GeneralNamesException e) { - throw new IOException(e.toString()); + } catch (GeneralNamesException e) { + throw new IOException(e.toString()); } } else if (opt.isContextSpecific(TAG_SERIAL_NUM) && !opt.isConstructed()) { if (serialNum != null) - throw new IOException("Duplicate SerialNumber in " + + throw new IOException("Duplicate SerialNumber in " + "AuthorityKeyIdentifier."); opt.resetTag(DerValue.tag_Integer); serialNum = new SerialNumber(opt); } else throw new IOException("Invalid encoding of " + "AuthorityKeyIdentifierExtension."); - } } + } /** * Return the object as a string. @@ -230,7 +229,7 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -240,7 +239,7 @@ implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on error. */ @@ -252,7 +251,7 @@ implements CertAttrSet { encodeThis(); } super.encode(tmp); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); } /** @@ -260,73 +259,73 @@ implements CertAttrSet { */ public void set(String name, Object obj) throws IOException { clearValue(); - if (name.equalsIgnoreCase(KEY_ID)) { - if (!(obj instanceof KeyIdentifier)) { - throw new IOException("Attribute value should be of " + + if (name.equalsIgnoreCase(KEY_ID)) { + if (!(obj instanceof KeyIdentifier)) { + throw new IOException("Attribute value should be of " + "type KeyIdentifier."); - } - id = (KeyIdentifier)obj; - } else if (name.equalsIgnoreCase(AUTH_NAME)) { - if (!(obj instanceof GeneralNames)) { - throw new IOException("Attribute value should be of " + + } + id = (KeyIdentifier) obj; + } else if (name.equalsIgnoreCase(AUTH_NAME)) { + if (!(obj instanceof GeneralNames)) { + throw new IOException("Attribute value should be of " + "type GeneralNames."); - } - names = (GeneralNames)obj; - } else if (name.equalsIgnoreCase(SERIAL_NUMBER)) { - if (!(obj instanceof SerialNumber)) { - throw new IOException("Attribute value should be of " + + } + names = (GeneralNames) obj; + } else if (name.equalsIgnoreCase(SERIAL_NUMBER)) { + if (!(obj instanceof SerialNumber)) { + throw new IOException("Attribute value should be of " + "type SerialNumber."); - } - serialNum = (SerialNumber)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:AuthorityKeyIdentifier."); - } + } + serialNum = (SerialNumber) obj; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:AuthorityKeyIdentifier."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(KEY_ID)) { - return (id); - } else if (name.equalsIgnoreCase(AUTH_NAME)) { - return (names); - } else if (name.equalsIgnoreCase(SERIAL_NUMBER)) { - return (serialNum); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:AuthorityKeyIdentifier."); - } + if (name.equalsIgnoreCase(KEY_ID)) { + return (id); + } else if (name.equalsIgnoreCase(AUTH_NAME)) { + return (names); + } else if (name.equalsIgnoreCase(SERIAL_NUMBER)) { + return (serialNum); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:AuthorityKeyIdentifier."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(KEY_ID)) { - id = null; - } else if (name.equalsIgnoreCase(AUTH_NAME)) { - names = null; - } else if (name.equalsIgnoreCase(SERIAL_NUMBER)) { - serialNum = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:AuthorityKeyIdentifier."); - } + if (name.equalsIgnoreCase(KEY_ID)) { + id = null; + } else if (name.equalsIgnoreCase(AUTH_NAME)) { + names = null; + } else if (name.equalsIgnoreCase(SERIAL_NUMBER)) { + serialNum = null; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:AuthorityKeyIdentifier."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(KEY_ID); elements.addElement(AUTH_NAME); elements.addElement(SERIAL_NUMBER); - return (elements.elements()); + return (elements.elements()); } } diff --git a/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java index a92625a8..9548032d 100644 --- a/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/BasicConstraintsExtension.java @@ -30,11 +30,10 @@ import netscape.security.util.DerValue; /** * This class represents the Basic Constraints Extension. - * - * <p>The basic constraints extension identifies whether the subject of the - * certificate is a CA and how deep a certification path may exist - * through that CA. - * + * + * <p> + * The basic constraints extension identifies whether the subject of the certificate is a CA and how deep a certification path may exist through that CA. + * * <pre> * The ASN.1 syntax for this extension is: * BasicConstraints ::= SEQUENCE { @@ -42,6 +41,7 @@ import netscape.security.util.DerValue; * pathLenConstraint INTEGER (0..MAX) OPTIONAL * } * </pre> + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.7 @@ -49,7 +49,7 @@ import netscape.security.util.DerValue; * @see Extension */ public class BasicConstraintsExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -57,7 +57,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.BasicConstraints"; /** * Attribute names. @@ -66,8 +66,8 @@ implements CertAttrSet { public static final String PATH_LEN = "path_len"; // Private data members - private boolean ca = false; - private int pathLen = -1; + private boolean ca = false; + private int pathLen = -1; // Encode this extension value private void encodeThis() throws IOException { @@ -86,7 +86,7 @@ implements CertAttrSet { /** * Default constructor for this object. - * + * * @param ca true, if the subject of the Certificate is a CA. * @param len specifies the depth of the certification path. */ @@ -104,7 +104,7 @@ implements CertAttrSet { /** * Default constructor for this object. - * + * * @param ca true, if the subject of the Certificate is a CA. * @param len specifies the depth of the certification path. */ @@ -118,80 +118,80 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param extension the DER encoded value of the extension. * @exception IOException on error. */ - public BasicConstraintsExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = PKIXExtensions.BasicConstraints_Id; - this.critical = critical.booleanValue(); + public BasicConstraintsExtension(Boolean critical, Object value) + throws IOException { + this.extensionId = PKIXExtensions.BasicConstraints_Id; + this.critical = critical.booleanValue(); - if (value instanceof byte[]) { - int len = Array.getLength(value); - byte[] extValue = new byte[len]; - System.arraycopy(value, 0, extValue, 0, len); + if (value instanceof byte[]) { + int len = Array.getLength(value); + byte[] extValue = new byte[len]; + System.arraycopy(value, 0, extValue, 0, len); - this.extensionValue = extValue; - DerValue val = new DerValue(extValue); - if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding of BasicConstraints"); - } + this.extensionValue = extValue; + DerValue val = new DerValue(extValue); + if (val.tag != DerValue.tag_Sequence) { + throw new IOException("Invalid encoding of BasicConstraints"); + } - // non-CA cert with no limit to certification path length - if (val.data == null || val.data.available() < 1) { - this.ca = false; - this.pathLen = -1; - return; - } - DerValue opt = val.data.getDerValue(); - if (opt.tag != DerValue.tag_Boolean) { - this.ca = false; - } else { - this.ca = true; - if (val.data.available() != 0) { - opt = val.data.getDerValue(); - } else { - this.pathLen = -1; - return; - } - } - if (opt.tag != DerValue.tag_Integer) { - throw new IOException("Invalid encoding of BasicConstraints"); - } - this.pathLen = (opt.getInteger()).toInt(); - /* - * Activate this check once again after PKIX profiling - * is a standard and this check no longer imposes an - * interoperability barrier. - * if (ca) { - * if (!this.critical) { - * throw new IOException("Criticality cannot be false for CA."); - * } - * } - */ - } else - throw new IOException("Invalid argument type"); - } + // non-CA cert with no limit to certification path length + if (val.data == null || val.data.available() < 1) { + this.ca = false; + this.pathLen = -1; + return; + } + DerValue opt = val.data.getDerValue(); + if (opt.tag != DerValue.tag_Boolean) { + this.ca = false; + } else { + this.ca = true; + if (val.data.available() != 0) { + opt = val.data.getDerValue(); + } else { + this.pathLen = -1; + return; + } + } + if (opt.tag != DerValue.tag_Integer) { + throw new IOException("Invalid encoding of BasicConstraints"); + } + this.pathLen = (opt.getInteger()).toInt(); + /* + * Activate this check once again after PKIX profiling + * is a standard and this check no longer imposes an + * interoperability barrier. + * if (ca) { + * if (!this.critical) { + * throw new IOException("Criticality cannot be false for CA."); + * } + * } + */ + } else + throw new IOException("Invalid argument type"); + } - /** - * Return user readable form of extension. - */ - public String toString() { - String s = super.toString() + "BasicConstraints:[\n"; + /** + * Return user readable form of extension. + */ + public String toString() { + String s = super.toString() + "BasicConstraints:[\n"; - s += ((ca) ? ("CA:true") : ("CA:false")) + "\n"; - if (pathLen >= 0) { - s += "PathLen:" + pathLen + "\n"; - } else { - s += "PathLen: undefined\n"; - } - return (s + "]\n"); - } + s += ((ca) ? ("CA:true") : ("CA:false")) + "\n"; + if (pathLen >= 0) { + s += "PathLen:" + pathLen + "\n"; + } else { + s += "PathLen: undefined\n"; + } + return (s + "]\n"); + } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -199,77 +199,77 @@ implements CertAttrSet { throw new IOException("Method not to be called directly."); } - /** - * Encode this extension value to the output stream. - * - * @param out the DerOutputStream to encode the extension to. - */ - public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - if (extensionValue == null) { - this.extensionId = PKIXExtensions.BasicConstraints_Id; -/* #57286 - so that profile can set critiality */ -/* - if (ca) { - critical = true; - } else { - critical = false; - } -*/ - encodeThis(); - } - super.encode(tmp); + /** + * Encode this extension value to the output stream. + * + * @param out the DerOutputStream to encode the extension to. + */ + public void encode(OutputStream out) throws IOException { + DerOutputStream tmp = new DerOutputStream(); + if (extensionValue == null) { + this.extensionId = PKIXExtensions.BasicConstraints_Id; + /* #57286 - so that profile can set critiality */ + /* + if (ca) { + critical = true; + } else { + critical = false; + } + */ + encodeThis(); + } + super.encode(tmp); - out.write(tmp.toByteArray()); - } + out.write(tmp.toByteArray()); + } /** * Set the attribute value. */ public void set(String name, Object obj) throws IOException { clearValue(); - if (name.equalsIgnoreCase(IS_CA)) { - if (!(obj instanceof Boolean)) { - throw new IOException("Attribute value should be of type Boolean."); - } - ca = ((Boolean)obj).booleanValue(); - } else if (name.equalsIgnoreCase(PATH_LEN)) { - if (!(obj instanceof Integer)) { - throw new IOException("Attribute value should be of type Integer."); - } - pathLen = ((Integer)obj).intValue(); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:BasicConstraints."); - } + if (name.equalsIgnoreCase(IS_CA)) { + if (!(obj instanceof Boolean)) { + throw new IOException("Attribute value should be of type Boolean."); + } + ca = ((Boolean) obj).booleanValue(); + } else if (name.equalsIgnoreCase(PATH_LEN)) { + if (!(obj instanceof Integer)) { + throw new IOException("Attribute value should be of type Integer."); + } + pathLen = ((Integer) obj).intValue(); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:BasicConstraints."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(IS_CA)) { - return (new Boolean(ca)); - } else if (name.equalsIgnoreCase(PATH_LEN)) { - return (Integer.valueOf(pathLen)); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:BasicConstraints."); - } + if (name.equalsIgnoreCase(IS_CA)) { + return (new Boolean(ca)); + } else if (name.equalsIgnoreCase(PATH_LEN)) { + return (Integer.valueOf(pathLen)); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:BasicConstraints."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(IS_CA)) { - ca = false; - } else if (name.equalsIgnoreCase(PATH_LEN)) { - pathLen = -1; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:BasicConstraints."); - } + if (name.equalsIgnoreCase(IS_CA)) { + ca = false; + } else if (name.equalsIgnoreCase(PATH_LEN)) { + pathLen = -1; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:BasicConstraints."); + } } /** @@ -281,7 +281,7 @@ implements CertAttrSet { elements.addElement(IS_CA); elements.addElement(PATH_LEN); - return (elements.elements()); + return (elements.elements()); } } diff --git a/pki/base/util/src/netscape/security/x509/CPSuri.java b/pki/base/util/src/netscape/security/x509/CPSuri.java index 52ac0322..d0a2e076 100644 --- a/pki/base/util/src/netscape/security/x509/CPSuri.java +++ b/pki/base/util/src/netscape/security/x509/CPSuri.java @@ -22,12 +22,11 @@ import java.io.IOException; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * Represent the CPSuri Qualifier. - * + * * CPSuri ::= IA5String; - * + * * @author Thomas Kwan */ public class CPSuri extends Qualifier { @@ -40,25 +39,25 @@ public class CPSuri extends Qualifier { /** * Create a PolicyQualifierInfo - * + * * @param id the ObjectIdentifier for the policy id. */ public CPSuri(String uri) { - mURI = uri; + mURI = uri; } public CPSuri(DerValue val) throws IOException { - mURI = val.getIA5String(); + mURI = val.getIA5String(); } /** * Write the PolicyQualifier to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ public void encode(DerOutputStream out) throws IOException { - out.putIA5String(mURI); + out.putIA5String(mURI); } public String getURI() { diff --git a/pki/base/util/src/netscape/security/x509/CRLDistributionPoint.java b/pki/base/util/src/netscape/security/x509/CRLDistributionPoint.java index 8c88ec7e..c7ad8438 100644 --- a/pki/base/util/src/netscape/security/x509/CRLDistributionPoint.java +++ b/pki/base/util/src/netscape/security/x509/CRLDistributionPoint.java @@ -43,11 +43,11 @@ import org.mozilla.jss.asn1.Tag; * distributionPoint [0] DistributionPointName OPTIONAL, * reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL } - * + * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * + * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), @@ -74,47 +74,44 @@ public class CRLDistributionPoint implements ASN1Value { // default constructor does nothing. /** - * Returns the <code>fullName</code> of the - * <code>DistributionPointName</code>, which may be <code>null</code>. + * Returns the <code>fullName</code> of the <code>DistributionPointName</code>, which may be <code>null</code>. */ public GeneralNames getFullName() { return fullName; } /** - * Returns the <code>relativeName</code> of the - * <code>DistributionPointName</code>, which may be <code>null</code>. + * Returns the <code>relativeName</code> of the <code>DistributionPointName</code>, which may be <code>null</code>. */ public RDN getRelativeName() { return relativeName; } /** - * Sets the <code>fullName</code> of the - * <code>DistributionPointName</code>. It may be set to <code>null</code>. + * Sets the <code>fullName</code> of the <code>DistributionPointName</code>. It may be set to <code>null</code>. * If it is set to a non-null value, <code>relativeName</code> will be * set to <code>null</code>, because at most one of these two attributes * can be specified at a time. + * * @exception GeneralNamesException If an error occurs encoding the - * name. + * name. */ public void setFullName(GeneralNames fullName) - throws GeneralNamesException, IOException - { + throws GeneralNamesException, IOException { this.fullName = fullName; - if( fullName != null ) { + if (fullName != null) { // encode the name to catch any problems with it DerOutputStream derOut = new DerOutputStream(); fullName.encode(derOut); try { ANY raw = new ANY(derOut.toByteArray()); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - raw.encodeWithAlternateTag( Tag.get(0), bos ); - fullNameEncoding = new ANY( bos.toByteArray() ); - } catch(InvalidBERException e) { + raw.encodeWithAlternateTag(Tag.get(0), bos); + fullNameEncoding = new ANY(bos.toByteArray()); + } catch (InvalidBERException e) { // assume this won't happen, since it would imply a bug // in DerOutputStream - throw new GeneralNamesException( e.toString() ); + throw new GeneralNamesException(e.toString()); } this.relativeName = null; @@ -122,36 +119,32 @@ public class CRLDistributionPoint implements ASN1Value { } /** - * Sets the <code>relativeName</code> of the - * <code>DistributionPointName</code>. It may be set to <code>null</code>. + * Sets the <code>relativeName</code> of the <code>DistributionPointName</code>. It may be set to <code>null</code>. * If it is set to a non-null value, <code>fullName</code> will be * set to <code>null</code>, because at most one of these two attributes * can be specified at a time. */ public void setRelativeName(RDN relativeName) { this.relativeName = relativeName; - if( relativeName != null ) { + if (relativeName != null) { this.fullName = null; } } /** - * Returns the reason flags for this distribution point. May be - * <code>null</code>. + * Returns the reason flags for this distribution point. May be <code>null</code>. */ public BitArray getReasons() { return reasons; } /** - * Sets the reason flags for this distribution point. May be set to - * <code>null</code>. + * Sets the reason flags for this distribution point. May be set to <code>null</code>. */ public void setReasons(BitArray reasons) { this.reasons = reasons; } - /** * Returns the CRLIssuer for the CRL at this distribution point. * May be <code>null</code>. @@ -163,23 +156,23 @@ public class CRLDistributionPoint implements ASN1Value { /** * Sets the CRLIssuer for the CRL at this distribution point. * May be set to <code>null</code>. + * * @exception GeneralNamesException If an error occurs encoding the name. */ public void setCRLIssuer(GeneralNames CRLIssuer) - throws GeneralNamesException, IOException - { + throws GeneralNamesException, IOException { this.CRLIssuer = CRLIssuer; - - if( CRLIssuer != null ) { + + if (CRLIssuer != null) { // encode the name to catch any problems with it DerOutputStream derOut = new DerOutputStream(); CRLIssuer.encode(derOut); try { - ANY raw = new ANY( derOut.toByteArray() ); + ANY raw = new ANY(derOut.toByteArray()); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - raw.encodeWithAlternateTag( Tag.get(2), bos); + raw.encodeWithAlternateTag(Tag.get(2), bos); CRLIssuerEncoding = new ANY(bos.toByteArray()); - } catch(InvalidBERException e) { + } catch (InvalidBERException e) { throw new GeneralNamesException(e.toString()); } } @@ -200,53 +193,52 @@ public class CRLDistributionPoint implements ASN1Value { } public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { + throws IOException { SEQUENCE seq = new SEQUENCE(); DerOutputStream derOut; - try { - - // Encodes the DistributionPointName. Because DistributionPointName - // is a CHOICE, the [0] tag is forced to be EXPLICIT. - if( fullName != null ) { - EXPLICIT distPoint = new EXPLICIT( Tag.get(0), fullNameEncoding); - seq.addElement( distPoint ); - } else if( relativeName != null ) { - derOut = new DerOutputStream(); - relativeName.encode(derOut); - ANY rn = new ANY(derOut.toByteArray()); - EXPLICIT raw = new EXPLICIT( Tag.get(1), rn ); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - raw.encode( bos ); - ANY distPointName = new ANY(bos.toByteArray()); - EXPLICIT distPoint = new EXPLICIT( Tag.get(0), distPointName); - seq.addElement( distPoint ); - } + try { + + // Encodes the DistributionPointName. Because DistributionPointName + // is a CHOICE, the [0] tag is forced to be EXPLICIT. + if (fullName != null) { + EXPLICIT distPoint = new EXPLICIT(Tag.get(0), fullNameEncoding); + seq.addElement(distPoint); + } else if (relativeName != null) { + derOut = new DerOutputStream(); + relativeName.encode(derOut); + ANY rn = new ANY(derOut.toByteArray()); + EXPLICIT raw = new EXPLICIT(Tag.get(1), rn); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + raw.encode(bos); + ANY distPointName = new ANY(bos.toByteArray()); + EXPLICIT distPoint = new EXPLICIT(Tag.get(0), distPointName); + seq.addElement(distPoint); + } - // Encodes the ReasonFlags. - if( reasons != null ) { - derOut = new DerOutputStream(); - derOut.putUnalignedBitString(reasons); - ANY raw = new ANY(derOut.toByteArray()); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - raw.encodeWithAlternateTag(Tag.get(1), bos); - ANY reasonEncoding = new ANY(bos.toByteArray()); - seq.addElement( Tag.get(1), reasonEncoding); - } + // Encodes the ReasonFlags. + if (reasons != null) { + derOut = new DerOutputStream(); + derOut.putUnalignedBitString(reasons); + ANY raw = new ANY(derOut.toByteArray()); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + raw.encodeWithAlternateTag(Tag.get(1), bos); + ANY reasonEncoding = new ANY(bos.toByteArray()); + seq.addElement(Tag.get(1), reasonEncoding); + } - // Encodes the CRLIssuer - if( CRLIssuer != null ) { - seq.addElement( Tag.get(2), CRLIssuerEncoding ); - } + // Encodes the CRLIssuer + if (CRLIssuer != null) { + seq.addElement(Tag.get(2), CRLIssuerEncoding); + } - seq.encode(implicitTag, ostream); + seq.encode(implicitTag, ostream); - } catch(InvalidBERException e) { + } catch (InvalidBERException e) { // this shouldn't happen unless there is a bug in one of // the Sun encoding classes throw new IOException(e.toString()); - } + } } // Template singleton @@ -260,223 +252,216 @@ public class CRLDistributionPoint implements ASN1Value { } public static void main(String args[]) { - try { - if( args.length != 1 ) { - System.out.println("Usage: CRLDistributionPoint <outfile>"); - System.exit(-1); - } - - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - - SEQUENCE cdps = new SEQUENCE(); - - // URI only - CRLDistributionPoint cdp = new CRLDistributionPoint(); - URIName uri = new URIName("http://www.mycrl.com/go/here"); - GeneralNames generalNames = new GeneralNames(); - generalNames.addElement(uri); - cdp.setFullName(generalNames); - cdps.addElement(cdp); - - // DN only - cdp = new CRLDistributionPoint(); - X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org"+ - ",OU=Certificate Server,O=Fedora,C=US"); - generalNames = new GeneralNames(); - generalNames.addElement(dn); - cdp.setFullName(generalNames); - cdps.addElement(cdp); - - // DN + reason - BitArray ba = new BitArray(5, new byte[] {(byte)0x28} ); - cdp = new CRLDistributionPoint(); - cdp.setFullName(generalNames); - cdp.setReasons(ba); - cdps.addElement(cdp); - - - // relative DN + reason + crlIssuer - cdp = new CRLDistributionPoint(); - RDN rdn = new RDN("OU=foobar dept"); - cdp.setRelativeName(rdn); - cdp.setReasons(ba); - cdp.setCRLIssuer(generalNames); - cdps.addElement(cdp); - - cdps.encode(bos); - - byte[] encoded = bos.toByteArray(); - (new FileOutputStream(args[0])).write(encoded); - - SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(getTemplate()); - - cdps = (SEQUENCE) ASN1Util.decode(seqt, encoded); - - int size = cdps.size(); - System.out.println("Total number of CDPs: " + size); - for( int i = 0; i < size; i++) { - System.out.println("\nCDP " + i); - cdp = (CRLDistributionPoint) cdps.elementAt(i); - GeneralNames gn = cdp.getFullName(); - if( gn == null ) { - System.out.println("No full name"); - } else { - System.out.println(gn); - } - rdn = cdp.getRelativeName(); - if( rdn == null ) { - System.out.println("No relative name"); - } else { - System.out.println(rdn); + try { + if (args.length != 1) { + System.out.println("Usage: CRLDistributionPoint <outfile>"); + System.exit(-1); } - if( cdp.getReasons() == null ) { - System.out.println("No reasons"); - } else { - System.out.println(cdp.getReasons()); - } - gn = cdp.getCRLIssuer(); - if( gn == null ) { - System.out.println("No cRLIssuer"); - } else { - System.out.println(gn); - } - } - System.out.println("Done"); - - } catch(Exception e) { - e.printStackTrace(); - } - } - - -/** - * Template for decoding CRLDistributionPoint. - */ -public static class Template implements ASN1Template { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); - public boolean tagMatch(Tag tag) { - return TAG.equals(tag); - } + SEQUENCE cdps = new SEQUENCE(); + + // URI only + CRLDistributionPoint cdp = new CRLDistributionPoint(); + URIName uri = new URIName("http://www.mycrl.com/go/here"); + GeneralNames generalNames = new GeneralNames(); + generalNames.addElement(uri); + cdp.setFullName(generalNames); + cdps.addElement(cdp); + + // DN only + cdp = new CRLDistributionPoint(); + X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + + ",OU=Certificate Server,O=Fedora,C=US"); + generalNames = new GeneralNames(); + generalNames.addElement(dn); + cdp.setFullName(generalNames); + cdps.addElement(cdp); + + // DN + reason + BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 }); + cdp = new CRLDistributionPoint(); + cdp.setFullName(generalNames); + cdp.setReasons(ba); + cdps.addElement(cdp); + + // relative DN + reason + crlIssuer + cdp = new CRLDistributionPoint(); + RDN rdn = new RDN("OU=foobar dept"); + cdp.setRelativeName(rdn); + cdp.setReasons(ba); + cdp.setCRLIssuer(generalNames); + cdps.addElement(cdp); + + cdps.encode(bos); + + byte[] encoded = bos.toByteArray(); + (new FileOutputStream(args[0])).write(encoded); + + SEQUENCE.OF_Template seqt = new SEQUENCE.OF_Template(getTemplate()); + + cdps = (SEQUENCE) ASN1Util.decode(seqt, encoded); + + int size = cdps.size(); + System.out.println("Total number of CDPs: " + size); + for (int i = 0; i < size; i++) { + System.out.println("\nCDP " + i); + cdp = (CRLDistributionPoint) cdps.elementAt(i); + GeneralNames gn = cdp.getFullName(); + if (gn == null) { + System.out.println("No full name"); + } else { + System.out.println(gn); + } + rdn = cdp.getRelativeName(); + if (rdn == null) { + System.out.println("No relative name"); + } else { + System.out.println(rdn); + } + if (cdp.getReasons() == null) { + System.out.println("No reasons"); + } else { + System.out.println(cdp.getReasons()); + } + gn = cdp.getCRLIssuer(); + if (gn == null) { + System.out.println("No cRLIssuer"); + } else { + System.out.println(gn); + } + } + System.out.println("Done"); - public ASN1Value decode(InputStream istream) - throws IOException, InvalidBERException - { - return decode(TAG, istream); + } catch (Exception e) { + e.printStackTrace(); + } } - public ASN1Value decode(Tag implicitTag, InputStream istream) - throws IOException, InvalidBERException - { - CRLDistributionPoint cdp = new CRLDistributionPoint(); - - // - // construct the top-level sequence - // - - SEQUENCE.Template seqt = SEQUENCE.getTemplate(); - - // distributionPoint - seqt.addOptionalElement( - new EXPLICIT.Template(Tag.get(0), ANY.getTemplate()) ); + /** + * Template for decoding CRLDistributionPoint. + */ + public static class Template implements ASN1Template { - // reasons - seqt.addOptionalElement( Tag.get(1), BIT_STRING.getTemplate()); + public boolean tagMatch(Tag tag) { + return TAG.equals(tag); + } - // cRLIssuer - // This will have a tag of 2, but we can't say that here - // because ANYs can't have implicit tags. We don't need to say - // it, because we do check the tags on the other two elements - // in the sequence, so we'll know if we get this one. - seqt.addOptionalElement( ANY.getTemplate() ); + public ASN1Value decode(InputStream istream) + throws IOException, InvalidBERException { + return decode(TAG, istream); + } - // - // decode the top-level sequence - // - SEQUENCE top = (SEQUENCE) seqt.decode(implicitTag, istream); + public ASN1Value decode(Tag implicitTag, InputStream istream) + throws IOException, InvalidBERException { + CRLDistributionPoint cdp = new CRLDistributionPoint(); + + // + // construct the top-level sequence + // + + SEQUENCE.Template seqt = SEQUENCE.getTemplate(); + + // distributionPoint + seqt.addOptionalElement( + new EXPLICIT.Template(Tag.get(0), ANY.getTemplate())); + + // reasons + seqt.addOptionalElement(Tag.get(1), BIT_STRING.getTemplate()); + + // cRLIssuer + // This will have a tag of 2, but we can't say that here + // because ANYs can't have implicit tags. We don't need to say + // it, because we do check the tags on the other two elements + // in the sequence, so we'll know if we get this one. + seqt.addOptionalElement(ANY.getTemplate()); + + // + // decode the top-level sequence + // + SEQUENCE top = (SEQUENCE) seqt.decode(implicitTag, istream); + + // decode the distribution point name + if (top.elementAt(0) != null) { + EXPLICIT exp = (EXPLICIT) top.elementAt(0); + ANY distPoint = (ANY) exp.getContent(); + if (distPoint.getTag().equals(Tag.get(0))) { + // fullName + try { + DerValue dv = new DerValue(distPoint.getEncoded()); + //toFile("encodedFullName", distPoint.getEncoded()); + dv.resetTag(DerValue.tag_Sequence); + cdp.setFullName(new GeneralNames(dv)); + } catch (GeneralNamesException e) { + throw new InvalidBERException("fullName: " + e.toString()); + } catch (IOException e) { + throw new InvalidBERException("fullName: " + e.toString()); + } + } else if (distPoint.getTag().equals(Tag.get(1))) { + // relative name + try { + DerValue dv = new DerValue(distPoint.getEncoded()); + /* dv is as follows: + 0 12: [1] { + 2 10: SET { + 4 8: SEQUENCE { + 6 3: OBJECT IDENTIFIER commonName (2 5 4 3) + 11 1: PrintableString 'x' + : } + : } + : } + */ + dv = dv.data.getDerValue(); // skipping the tag + /* after the skipping, we have: + 0 10: SET { + 2 8: SEQUENCE { + 4 3: OBJECT IDENTIFIER commonName (2 5 4 3) + 9 1: PrintableString 'x' + : } + : } + */ + dv.resetTag(DerValue.tag_Set); + cdp.setRelativeName(new RDN(dv)); + } catch (IOException e) { + throw new InvalidBERException("relativeName " + + e.toString()); + } + } else { + throw new InvalidBERException( + "Unknown tag " + distPoint.getTag() + + " in distributionPoint"); + } + } + // decode the reasons + if (top.elementAt(1) != null) { + BIT_STRING bs = (BIT_STRING) top.elementAt(1); + byte[] bits = bs.getBits(); + cdp.setReasons( + new BitArray((bits.length * 8) - bs.getPadCount(), bits)); + } - // decode the distribution point name - if( top.elementAt(0) != null ) { - EXPLICIT exp = (EXPLICIT) top.elementAt(0); - ANY distPoint = (ANY) exp.getContent(); - if( distPoint.getTag().equals(Tag.get(0)) ) { - // fullName - try { - DerValue dv = new DerValue(distPoint.getEncoded()); - //toFile("encodedFullName", distPoint.getEncoded()); - dv.resetTag(DerValue.tag_Sequence); - cdp.setFullName( new GeneralNames(dv) ); - } catch(GeneralNamesException e) { - throw new InvalidBERException( "fullName: " + e.toString()); - } catch(IOException e) { - throw new InvalidBERException( "fullName: " + e.toString()); + // decode the cRLIssuer + if (top.elementAt(2) != null) { + ANY issuer = (ANY) top.elementAt(2); + if (!issuer.getTag().equals(Tag.get(2))) { + throw new InvalidBERException("Invalid tag " + issuer.getTag()); } - } else if( distPoint.getTag().equals(Tag.get(1)) ) { - // relative name try { - DerValue dv = new DerValue(distPoint.getEncoded()); - /* dv is as follows: - 0 12: [1] { - 2 10: SET { - 4 8: SEQUENCE { - 6 3: OBJECT IDENTIFIER commonName (2 5 4 3) - 11 1: PrintableString 'x' - : } - : } - : } - */ - dv = dv.data.getDerValue(); // skipping the tag - /* after the skipping, we have: - 0 10: SET { - 2 8: SEQUENCE { - 4 3: OBJECT IDENTIFIER commonName (2 5 4 3) - 9 1: PrintableString 'x' - : } - : } - */ - dv.resetTag(DerValue.tag_Set); - cdp.setRelativeName( new RDN(dv) ); - } catch(IOException e) { - throw new InvalidBERException( "relativeName " + - e.toString() ); + DerValue dv = new DerValue(issuer.getEncoded()); + dv.resetTag(DerValue.tag_Sequence); + cdp.setCRLIssuer(new GeneralNames(dv)); + } catch (GeneralNamesException e) { + throw new InvalidBERException("cRLIssuer " + e.toString()); + } catch (IOException e) { + throw new InvalidBERException("cRLIssuer " + e.toString()); } - } else { - throw new InvalidBERException( - "Unknown tag " + distPoint.getTag() + - " in distributionPoint" ); } - } - // decode the reasons - if( top.elementAt(1) != null ) { - BIT_STRING bs = (BIT_STRING) top.elementAt(1); - byte[] bits = bs.getBits(); - cdp.setReasons( - new BitArray( (bits.length * 8) - bs.getPadCount(), bits) ); - } + return cdp; - // decode the cRLIssuer - if( top.elementAt(2) != null ) { - ANY issuer = (ANY) top.elementAt(2); - if( ! issuer.getTag().equals(Tag.get(2)) ) { - throw new InvalidBERException("Invalid tag " + issuer.getTag()); - } - try { - DerValue dv = new DerValue( issuer.getEncoded() ); - dv.resetTag(DerValue.tag_Sequence); - cdp.setCRLIssuer( new GeneralNames(dv) ); - } catch(GeneralNamesException e) { - throw new InvalidBERException( "cRLIssuer " + e.toString() ); - } catch(IOException e) { - throw new InvalidBERException( "cRLIssuer " + e.toString() ); - } } - - return cdp; - } -} - } diff --git a/pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java b/pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java index 812d2e76..2b36f5a5 100644 --- a/pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java +++ b/pki/base/util/src/netscape/security/x509/CRLDistributionPointsExtension.java @@ -37,19 +37,19 @@ import org.mozilla.jss.asn1.SEQUENCE; /** * An extension that tells applications where to find the CRL for * this certificate. - * + * * <pre> * cRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - * + * * DistributionPoint ::= SEQUENCE { * distributionPoint [0] DistributionPointName OPTIONAL, * reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL } - * + * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * + * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), @@ -61,8 +61,7 @@ import org.mozilla.jss.asn1.SEQUENCE; * </pre> */ public class CRLDistributionPointsExtension extends Extension - implements CertAttrSet -{ + implements CertAttrSet { /** * @@ -72,7 +71,7 @@ public class CRLDistributionPointsExtension extends Extension private SEQUENCE distributionPoints = new SEQUENCE(); // Cached DER-encoding to improve performance. - private byte[] cachedEncoding=null; + private byte[] cachedEncoding = null; /** * This constructor is called by the CertificateExtensions class to decode @@ -80,30 +79,30 @@ public class CRLDistributionPointsExtension extends Extension * extension. */ public CRLDistributionPointsExtension(Boolean critical, Object value) - //throws IOException + //throws IOException { - try { - - this.extensionId = PKIXExtensions.CRLDistributionPoints_Id; - this.critical = critical.booleanValue(); - this.extensionValue = (byte[])((byte[])value).clone(); - - // decode the value try { - SEQUENCE.OF_Template seqOfCRLDP = - new SEQUENCE.OF_Template( CRLDistributionPoint.getTemplate() ); - distributionPoints = - (SEQUENCE) ASN1Util.decode( seqOfCRLDP, extensionValue ); - } catch(InvalidBERException e) { - throw new IOException("Invalid BER-encoding: " + e.toString()); + this.extensionId = PKIXExtensions.CRLDistributionPoints_Id; + this.critical = critical.booleanValue(); + this.extensionValue = (byte[]) ((byte[]) value).clone(); + + // decode the value + try { + SEQUENCE.OF_Template seqOfCRLDP = + new SEQUENCE.OF_Template(CRLDistributionPoint.getTemplate()); + + distributionPoints = + (SEQUENCE) ASN1Util.decode(seqOfCRLDP, extensionValue); + } catch (InvalidBERException e) { + throw new IOException("Invalid BER-encoding: " + e.toString()); + } + } catch (IOException e) { + System.out.println("Big error"); + System.out.println(e); + e.printStackTrace(); + //throw e; } - } catch(IOException e) { - System.out.println("Big error"); - System.out.println(e); - e.printStackTrace(); - //throw e; - } } /** @@ -143,10 +142,10 @@ public class CRLDistributionPointsExtension extends Extension return (CRLDistributionPoint) distributionPoints.elementAt(index); } - /** - * Sets the criticality of this extension. PKIX dictates that this + /** + * Sets the criticality of this extension. PKIX dictates that this * extension SHOULD NOT be critical, so applications can make it critical - * if they have a very good reason. By default, the extension is not + * if they have a very good reason. By default, the extension is not * critical. */ public void setCritical(boolean critical) { @@ -178,11 +177,12 @@ public class CRLDistributionPointsExtension extends Extension // minimal implementation. ///////////////////////////////////////////////////////////// - static { - try { + static { + try { OIDMap.addAttribute(CRLDistributionPointsExtension.class.getName(), OID, CRLDistributionPointsExtension.class.getSimpleName()); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } } public String toString() { @@ -193,9 +193,8 @@ public class CRLDistributionPointsExtension extends Extension * DER-encodes this extension to the given OutputStream. */ public void encode(OutputStream ostream) - throws CertificateException, IOException - { - if( cachedEncoding == null ) { + throws CertificateException, IOException { + if (cachedEncoding == null) { // only re-encode if necessary DerOutputStream tmp = new DerOutputStream(); encode(tmp); @@ -205,31 +204,28 @@ public class CRLDistributionPointsExtension extends Extension } public void decode(InputStream in) - throws CertificateException, IOException - { + throws CertificateException, IOException { throw new IOException("Not supported"); } public void set(String name, Object obj) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CRLDistributionPointsExtension"); + throws CertificateException, IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:CRLDistributionPointsExtension"); } public Object get(String name) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CRLDistributionPointsExtension"); + throws CertificateException, IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:CRLDistributionPointsExtension"); } public void delete(String name) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:CRLDistributionPointsExtension"); + throws CertificateException, IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:CRLDistributionPointsExtension"); } + /* * TODO use an empty collection to generate these */ @@ -237,71 +233,67 @@ public class CRLDistributionPointsExtension extends Extension return (new Vector<String>()).elements(); } - - /** * Test driver. */ public static void main(String args[]) { - try { - - if( args.length != 1 ) { - System.out.println("Usage: CRLDistributionPointsExtentions "+ - "<outfile>"); - System.exit(-1); - } + try { - BufferedOutputStream bos = new BufferedOutputStream( - new FileOutputStream(args[0]) ); - - - // URI only - CRLDistributionPoint cdp = new CRLDistributionPoint(); - URIName uri = new URIName("http://www.mycrl.com/go/here"); - GeneralNames generalNames = new GeneralNames(); - generalNames.addElement(uri); - cdp.setFullName(generalNames); - CRLDistributionPointsExtension crldpExt = - new CRLDistributionPointsExtension(cdp); - - // DN only - cdp = new CRLDistributionPoint(); - X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org"+ - ",OU=Certificate Server,O=Fedora,C=US"); - generalNames = new GeneralNames(); - generalNames.addElement(dn); - cdp.setFullName(generalNames); - crldpExt.addPoint(cdp); - - // DN + reason - BitArray ba = new BitArray(5, new byte[] {(byte)0x28} ); - cdp = new CRLDistributionPoint(); - cdp.setFullName(generalNames); - cdp.setReasons(ba); - crldpExt.addPoint(cdp); - - - // relative DN + reason + crlIssuer - cdp = new CRLDistributionPoint(); - RDN rdn = new RDN("OU=foobar dept"); - cdp.setRelativeName(rdn); - cdp.setReasons(ba); - cdp.setCRLIssuer(generalNames); - crldpExt.addPoint(cdp); - - crldpExt.setCritical(true); - crldpExt.encode(bos); - - bos.close(); - - } catch(Exception e) { + if (args.length != 1) { + System.out.println("Usage: CRLDistributionPointsExtentions " + + "<outfile>"); + System.exit(-1); + } + + BufferedOutputStream bos = new BufferedOutputStream( + new FileOutputStream(args[0])); + + // URI only + CRLDistributionPoint cdp = new CRLDistributionPoint(); + URIName uri = new URIName("http://www.mycrl.com/go/here"); + GeneralNames generalNames = new GeneralNames(); + generalNames.addElement(uri); + cdp.setFullName(generalNames); + CRLDistributionPointsExtension crldpExt = + new CRLDistributionPointsExtension(cdp); + + // DN only + cdp = new CRLDistributionPoint(); + X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + + ",OU=Certificate Server,O=Fedora,C=US"); + generalNames = new GeneralNames(); + generalNames.addElement(dn); + cdp.setFullName(generalNames); + crldpExt.addPoint(cdp); + + // DN + reason + BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 }); + cdp = new CRLDistributionPoint(); + cdp.setFullName(generalNames); + cdp.setReasons(ba); + crldpExt.addPoint(cdp); + + // relative DN + reason + crlIssuer + cdp = new CRLDistributionPoint(); + RDN rdn = new RDN("OU=foobar dept"); + cdp.setRelativeName(rdn); + cdp.setReasons(ba); + cdp.setCRLIssuer(generalNames); + crldpExt.addPoint(cdp); + + crldpExt.setCritical(true); + crldpExt.encode(bos); + + bos.close(); + + } catch (Exception e) { e.printStackTrace(); - } + } } - /** - * Represents a reason that a cert may be revoked. These reasons are + /** + * Represents a reason that a cert may be revoked. These reasons are * expressed in a ReasonFlags bit string. */ public static class Reason { @@ -309,19 +301,21 @@ public class CRLDistributionPointsExtension extends Extension private String name; private byte bitMask; - private Reason() { } + private Reason() { + } + private Reason(String name, byte bitMask) { this.name = name; this.bitMask = bitMask; map.put(name, this); - list.addElement(this); + list.addElement(this); } private static Hashtable<String, Reason> map = new Hashtable<String, Reason>(); - private static Vector<Reason> list = new Vector<Reason>(); + private static Vector<Reason> list = new Vector<Reason>(); public static Reason fromString(String name) { - return map.get(name); + return map.get(name); } public String getName() { @@ -332,61 +326,61 @@ public class CRLDistributionPointsExtension extends Extension return bitMask; } - /** - * Given a bit array representing reason flags, extracts the reasons - * and returns them as an array. - * - * @param bitFlags A bit vector containing reason flags. - * @return An array of reasons contained in the bit vector. - * May be zero-length but will not be null. - */ - public static Reason[] bitArrayToReasonArray(byte bitFlags) { - return bitArrayToReasonArray( new byte[] { bitFlags } ); - } - - /** - * Given a bit array representing reason flags, extracts the reasons - * and returns them as an array. Currently, only the first byte - * of the bitflags are examined. - * - * @param bitFlags A bit vector containing reason flags. The format - * is big-endian (MSB first). Only the first byte is examined. - * @return An array of reasons contained in the bit vector. - * May be zero-length but will not be null. - */ - public static Reason[] bitArrayToReasonArray(byte[] bitFlags) { - byte first = bitFlags[0]; - int size = list.size(); - Vector<Reason> result = new Vector<Reason>(); - for(int i = 0; i < size; i++) { - Reason r = list.elementAt(i); - byte b = r.getBitMask(); - if( (first & b) != 0 ) { - result.addElement(r); - } - } - size = result.size(); - Reason[] retval = new Reason[size]; - for(int i=0; i < size; i++) { - retval[i] = result.elementAt(i); - } - return retval; - } - + /** + * Given a bit array representing reason flags, extracts the reasons + * and returns them as an array. + * + * @param bitFlags A bit vector containing reason flags. + * @return An array of reasons contained in the bit vector. + * May be zero-length but will not be null. + */ + public static Reason[] bitArrayToReasonArray(byte bitFlags) { + return bitArrayToReasonArray(new byte[] { bitFlags }); + } + + /** + * Given a bit array representing reason flags, extracts the reasons + * and returns them as an array. Currently, only the first byte + * of the bitflags are examined. + * + * @param bitFlags A bit vector containing reason flags. The format + * is big-endian (MSB first). Only the first byte is examined. + * @return An array of reasons contained in the bit vector. + * May be zero-length but will not be null. + */ + public static Reason[] bitArrayToReasonArray(byte[] bitFlags) { + byte first = bitFlags[0]; + int size = list.size(); + Vector<Reason> result = new Vector<Reason>(); + for (int i = 0; i < size; i++) { + Reason r = list.elementAt(i); + byte b = r.getBitMask(); + if ((first & b) != 0) { + result.addElement(r); + } + } + size = result.size(); + Reason[] retval = new Reason[size]; + for (int i = 0; i < size; i++) { + retval[i] = result.elementAt(i); + } + return retval; + } + public static final Reason UNUSED = - new Reason("unused", (byte) 0x80); + new Reason("unused", (byte) 0x80); public static final Reason KEY_COMPROMISE = - new Reason("keyCompromise", (byte) 0x40); + new Reason("keyCompromise", (byte) 0x40); public static final Reason CA_COMPROMISE = - new Reason("cACompromise", (byte) 0x20); + new Reason("cACompromise", (byte) 0x20); public static final Reason AFFILIATION_CHANGED = - new Reason("affiliationChanged", (byte) 0x10); + new Reason("affiliationChanged", (byte) 0x10); public static final Reason SUPERSEDED = - new Reason("superseded", (byte) 0x08); + new Reason("superseded", (byte) 0x08); public static final Reason CESSATION_OF_OPERATION = - new Reason("cessationOfOperation", (byte) 0x04); + new Reason("cessationOfOperation", (byte) 0x04); public static final Reason CERTIFICATE_HOLD = - new Reason("certificateHold", (byte) 0x02); + new Reason("certificateHold", (byte) 0x02); } } diff --git a/pki/base/util/src/netscape/security/x509/CRLExtensions.java b/pki/base/util/src/netscape/security/x509/CRLExtensions.java index bba44eab..bdadcc12 100755 --- a/pki/base/util/src/netscape/security/x509/CRLExtensions.java +++ b/pki/base/util/src/netscape/security/x509/CRLExtensions.java @@ -35,7 +35,7 @@ import netscape.security.util.DerValue; /** * This class defines the CRL Extensions. - * + * * @author Hemma Prafullchandra * @version 1.4 */ @@ -45,13 +45,13 @@ public class CRLExtensions extends Vector<Extension> { * */ private static final long serialVersionUID = 365767738692986418L; - private Hashtable<String,Extension> map; + private Hashtable<String, Extension> map; // Parse the encoded extension private void parseExtension(Extension ext) throws X509ExtensionException { try { Class<?> extClass = OIDMap.getClass(ext.getExtensionId()); - if (extClass == null) { // Unsupported extension + if (extClass == null) { // Unsupported extension if (ext.isCritical()) { throw new IOException("Unsupported CRITICAL extension: " + ext.getExtensionId()); @@ -65,23 +65,23 @@ public class CRLExtensions extends Vector<Extension> { Constructor<?> cons = extClass.getConstructor(params); byte[] extData = ext.getExtensionValue(); int extLen = extData.length; - Object value = Array.newInstance(byte.class, extLen); - - for (int i = 0; i < extLen; i++) { - Array.setByte(value, i, extData[i]); - } - Object[] passed = new Object[] {new Boolean(ext.isCritical()), - value}; - CertAttrSet crlExt = (CertAttrSet)cons.newInstance(passed); - map.put(crlExt.getName(), (Extension) crlExt); + Object value = Array.newInstance(byte.class, extLen); + + for (int i = 0; i < extLen; i++) { + Array.setByte(value, i, extData[i]); + } + Object[] passed = new Object[] { new Boolean(ext.isCritical()), + value }; + CertAttrSet crlExt = (CertAttrSet) cons.newInstance(passed); + map.put(crlExt.getName(), (Extension) crlExt); addElement((Extension) crlExt); } catch (InvocationTargetException invk) { - throw new X509ExtensionException( + throw new X509ExtensionException( invk.getTargetException().getMessage()); - } catch (Exception e) { - throw new X509ExtensionException(e.toString()); + } catch (Exception e) { + throw new X509ExtensionException(e.toString()); } } @@ -94,13 +94,13 @@ public class CRLExtensions extends Vector<Extension> { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the Extension from. * @exception CRLException on decoding errors. * @exception X509ExtensionException on extension handling errors. */ public CRLExtensions(DerInputStream in) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { map = new Hashtable<String, Extension>(); try { @@ -117,13 +117,13 @@ public class CRLExtensions extends Vector<Extension> { /** * Decode the extensions from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception CRLException on decoding or validity errors. * @exception X509ExtensionException on extension handling errors. */ public void decode(InputStream in) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { DerValue val = new DerValue(in); DerInputStream str = val.toDerInputStream(); @@ -142,25 +142,25 @@ public class CRLExtensions extends Vector<Extension> { /** * Encode the extensions in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @param isExplicit the tag indicating whether this is an entry - * extension or a CRL extension. + * extension or a CRL extension. * @exception CRLException on encoding errors. */ public void encode(OutputStream out, boolean isExplicit) - throws CRLException { + throws CRLException { try { - // #381559 + // #381559 if (size() == 0) - return; + return; DerOutputStream extOut = new DerOutputStream(); for (int i = 0; i < size(); i++) { Object thisOne = elementAt(i); if (thisOne instanceof CertAttrSet) - ((CertAttrSet)thisOne).encode(extOut); + ((CertAttrSet) thisOne).encode(extOut); else if (thisOne instanceof Extension) - ((Extension)thisOne).encode(extOut); + ((Extension) thisOne).encode(extOut); else throw new CRLException("Illegal extension object"); } @@ -171,7 +171,7 @@ public class CRLExtensions extends Vector<Extension> { DerOutputStream tmp = new DerOutputStream(); if (isExplicit) tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)0), seq); + true, (byte) 0), seq); else tmp = seq; @@ -185,7 +185,7 @@ public class CRLExtensions extends Vector<Extension> { /** * Get the extension with this alias. - * + * * @param alias the identifier string for the extension to retrieve. * @exception X509ExtensionException on extension handling errors. */ @@ -195,10 +195,10 @@ public class CRLExtensions extends Vector<Extension> { String id = attr.getPrefix(); if (id.equalsIgnoreCase(X509CertImpl.NAME)) { // fully qualified int index = alias.lastIndexOf("."); - name = alias.substring(index + 1); + name = alias.substring(index + 1); } else name = alias; - Extension ext = (Extension)map.get(name); + Extension ext = (Extension) map.get(name); if (ext == null) throw new X509ExtensionException("No extension found with name: " + alias); @@ -207,12 +207,12 @@ public class CRLExtensions extends Vector<Extension> { /** * Set the extension value with this alias. - * + * * @param alias the identifier string for the extension to set. * @param obj the Object to set the extension identified by the - * alias. + * alias. * @exception IOException on errors. - */ + */ public void set(String alias, Extension obj) throws IOException { map.put(alias, obj); addElement(obj); @@ -220,9 +220,10 @@ public class CRLExtensions extends Vector<Extension> { /** * Return an enumeration of names of the extensions. - * @return an enumeration of the names of the extensions in this CRL. - */ - public Enumeration<Extension> getElements () { + * + * @return an enumeration of the names of the extensions in this CRL. + */ + public Enumeration<Extension> getElements() { return (map.elements()); } } diff --git a/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java b/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java index 8376662f..1efe244a 100755 --- a/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java +++ b/pki/base/util/src/netscape/security/x509/CRLNumberExtension.java @@ -31,20 +31,17 @@ import netscape.security.util.DerValue; /** * Represent the CRL Number Extension. - * - * <p>This extension, if present, conveys a monotonically increasing - * sequence number for each CRL issued by a given CA through a specific - * CA X.500 Directory entry or CRL distribution point. This extension - * allows users to easily determine when a particular CRL supersedes - * another CRL. - * + * + * <p> + * This extension, if present, conveys a monotonically increasing sequence number for each CRL issued by a given CA through a specific CA X.500 Directory entry or CRL distribution point. This extension allows users to easily determine when a particular CRL supersedes another CRL. + * * @author Hemma Prafullchandra * @version 1.2 * @see Extension * @see CertAttrSet */ public class CRLNumberExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * @@ -69,7 +66,7 @@ implements CertAttrSet { /** * Create a CRLNumberExtension with the integer value . * The criticality is set to false. - * + * * @param crlNum the value to be set for the extension. */ public CRLNumberExtension(int crlNum) throws IOException { @@ -82,7 +79,7 @@ implements CertAttrSet { /** * Create a CRLNumberExtension with the BigInteger value . * The criticality is set to false. - * + * * @param crlNum the value to be set for the extension. */ public CRLNumberExtension(BigInteger crlNum) throws IOException { @@ -94,7 +91,7 @@ implements CertAttrSet { /** * Create a CRLNumberExtension with the BigInteger value . - * + * * @param critical true if the extension is to be treated as critical. * @param crlNum the value to be set for the extension. */ @@ -107,21 +104,21 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public CRLNumberExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.CRLNumber_Id; this.critical = critical.booleanValue(); int len = Array.getLength(value); - byte[] extValue = new byte[len]; - for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); - } + byte[] extValue = new byte[len]; + for (int i = 0; i < len; i++) { + extValue[i] = Array.getByte(value, i); + } this.extensionValue = extValue; DerValue val = new DerValue(extValue); this.crlNumber = val.getInteger(); @@ -131,40 +128,42 @@ implements CertAttrSet { * Set the attribute value. */ public void set(String name, Object obj) throws IOException { - if (name.equalsIgnoreCase(NUMBER)) { + if (name.equalsIgnoreCase(NUMBER)) { if (!(obj instanceof BigInteger)) { - throw new IOException("Attribute must be of type BigInteger."); - } - crlNumber = new BigInt((BigInteger)obj); - } else { - throw new IOException("Attribute name not recognized by" + throw new IOException("Attribute must be of type BigInteger."); + } + crlNumber = new BigInt((BigInteger) obj); + } else { + throw new IOException("Attribute name not recognized by" + " CertAttrSet:CRLNumber."); - } + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(NUMBER)) { - if (crlNumber == null) return null; - else return crlNumber.toBigInteger(); - } else { - throw new IOException("Attribute name not recognized by" + if (name.equalsIgnoreCase(NUMBER)) { + if (crlNumber == null) + return null; + else + return crlNumber.toBigInteger(); + } else { + throw new IOException("Attribute name not recognized by" + " CertAttrSet:CRLNumber."); - } + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(NUMBER)) { + if (name.equalsIgnoreCase(NUMBER)) { crlNumber = null; - } else { - throw new IOException("Attribute name not recognized by" + } else { + throw new IOException("Attribute name not recognized by" + " CertAttrSet:CRLNumber."); - } + } } /** @@ -179,7 +178,7 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -189,30 +188,30 @@ implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - - if (this.extensionValue == null) { - this.extensionId = PKIXExtensions.CRLNumber_Id; - this.critical = false; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + DerOutputStream tmp = new DerOutputStream(); + + if (this.extensionValue == null) { + this.extensionId = PKIXExtensions.CRLNumber_Id; + this.critical = false; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(NUMBER); - return (elements.elements()); + return (elements.elements()); } - } +} diff --git a/pki/base/util/src/netscape/security/x509/CRLReasonExtension.java b/pki/base/util/src/netscape/security/x509/CRLReasonExtension.java index 363e54bf..ef168102 100644 --- a/pki/base/util/src/netscape/security/x509/CRLReasonExtension.java +++ b/pki/base/util/src/netscape/security/x509/CRLReasonExtension.java @@ -28,17 +28,17 @@ import netscape.security.util.DerValue; /** * Represent the CRLReason Extension of CRL entry. - * - * <p>This extension, if present, defines the identifies - * the reason for the certificate revocation. - * + * + * <p> + * This extension, if present, defines the identifies the reason for the certificate revocation. + * * @author galperin * @version $Revision$, $Date$ * @see Extension * @see CertAttrSet */ -public final class CRLReasonExtension extends Extension implements CertAttrSet { +public final class CRLReasonExtension extends Extension implements CertAttrSet { /** * @@ -61,7 +61,7 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet /** * Attribute names. */ - public static final String REASON = "value"; + public static final String REASON = "value"; private RevocationReason mReason = null; @@ -71,19 +71,18 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet /** * Default constructor - * + * */ public CRLReasonExtension() { this.extensionId = PKIXExtensions.ReasonCode_Id; this.critical = false; - mReason = null; + mReason = null; } - /** * Create extension value for specific revocation reason - * + * */ public CRLReasonExtension(RevocationReason reason) { @@ -93,7 +92,7 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet } public CRLReasonExtension(Boolean critical, RevocationReason reason) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.ReasonCode_Id; this.critical = critical.booleanValue(); mReason = reason; @@ -101,18 +100,18 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet /** * Create the object from the passed DER encoded value. - * + * * @param derVal the DerValue decoded from the stream. * @exception IOException on decoding errors. */ public CRLReasonExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = PKIXExtensions.ReasonCode_Id; + throws IOException { + this.extensionId = PKIXExtensions.ReasonCode_Id; this.critical = critical.booleanValue(); - byte[] extValue = (byte[])((byte[])value).clone(); - this.extensionValue = extValue; - DerValue val = new DerValue(extValue); + byte[] extValue = (byte[]) ((byte[]) value).clone(); + this.extensionValue = extValue; + DerValue val = new DerValue(extValue); int reasonCode = val.getEnumerated(); mReason = RevocationReason.fromInt(reasonCode); if (mReason == null) @@ -124,36 +123,36 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet */ public void set(String name, Object obj) throws IOException { if (!(obj instanceof RevocationReason)) { - throw new IOException("Attribute must be of type RevocationReason."); - } - - if (name.equalsIgnoreCase(REASON)) { - mReason = (RevocationReason)obj; - } else { - throw new IOException("Name not recognized by CRLReason"); - } + throw new IOException("Attribute must be of type RevocationReason."); + } + + if (name.equalsIgnoreCase(REASON)) { + mReason = (RevocationReason) obj; + } else { + throw new IOException("Name not recognized by CRLReason"); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(REASON)) { - return mReason; - } else { - throw new IOException("Name not recognized by CRLReason"); - } + if (name.equalsIgnoreCase(REASON)) { + return mReason; + } else { + throw new IOException("Name not recognized by CRLReason"); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(REASON)) { - mReason = null; - } else { - throw new IOException("Name not recognized by CRLReason"); - } + if (name.equalsIgnoreCase(REASON)) { + mReason = null; + } else { + throw new IOException("Name not recognized by CRLReason"); + } } /** @@ -166,7 +165,7 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -183,21 +182,20 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet this.extensionValue = os.toByteArray(); } - /** * Write the extension to the DerOutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); - if (this.extensionValue == null) { - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + if (this.extensionValue == null) { + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } @@ -205,22 +203,21 @@ public final class CRLReasonExtension extends Extension implements CertAttrSet * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(REASON); - return (elements.elements()); + return (elements.elements()); } - - public boolean equals(Object other) { - if (this == other) - return true; - else if (other instanceof CRLReasonExtension) - return ((CRLReasonExtension)other).mReason == mReason && - ((CRLReasonExtension)other).critical == critical; - else - return false; - } + public boolean equals(Object other) { + if (this == other) + return true; + else if (other instanceof CRLReasonExtension) + return ((CRLReasonExtension) other).mReason == mReason && + ((CRLReasonExtension) other).critical == critical; + else + return false; + } } diff --git a/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java b/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java index 644bfe7e..f13a4852 100644 --- a/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java +++ b/pki/base/util/src/netscape/security/x509/CertAndKeyGen.java @@ -35,26 +35,21 @@ import java.util.Date; import netscape.security.pkcs.PKCS10; - /** - * Generate a pair of keys, and provide access to them. This class is + * Generate a pair of keys, and provide access to them. This class is * provided primarily for ease of use. - * - * <P>This provides some simple certificate management functionality. - * Specifically, it allows you to create self-signed X.509 certificates - * as well as PKCS 10 based certificate signing requests. - * - * <P>Keys for some public key signature algorithms have algorithm - * parameters, such as DSS/DSA. Some sites' Certificate Authorities - * adopt fixed algorithm parameters, which speeds up some operations - * including key generation and signing. <em>At this time, this interface + * + * <P> + * This provides some simple certificate management functionality. Specifically, it allows you to create self-signed X.509 certificates as well as PKCS 10 based certificate signing requests. + * + * <P> + * Keys for some public key signature algorithms have algorithm parameters, such as DSS/DSA. Some sites' Certificate Authorities adopt fixed algorithm parameters, which speeds up some operations including key generation and signing. <em>At this time, this interface * does not provide a way to provide such algorithm parameters, e.g. * by providing the CA certificate which includes those parameters.</em> - * - * <P>Also, note that at this time only signature-capable keys may be - * acquired through this interface. Diffie-Hellman keys, used for secure - * key exchange, may be supported later. - * + * + * <P> + * Also, note that at this time only signature-capable keys may be acquired through this interface. Diffie-Hellman keys, used for secure key exchange, may be supported later. + * * @author David Brownell * @author Hemma Prafullchandra * @version 1.44 @@ -65,17 +60,16 @@ public final class CertAndKeyGen { /** * Creates a CertAndKeyGen object for a particular key type * and signature algorithm. - * + * * @param keyType type of key, e.g. "RSA", "DSA" * @param sigAlg name of the signature algorithm, e.g. "MD5WithRSA", - * "MD2WithRSA", "SHAwithDSA". + * "MD2WithRSA", "SHAwithDSA". * @exception NoSuchAlgorithmException on unrecognized algorithms. */ - public CertAndKeyGen (String keyType, String sigAlg) - throws NoSuchAlgorithmException - { - keyGen = KeyPairGenerator.getInstance(keyType); - this.sigAlg = sigAlg; + public CertAndKeyGen(String keyType, String sigAlg) + throws NoSuchAlgorithmException { + keyGen = KeyPairGenerator.getInstance(keyType); + this.sigAlg = sigAlg; } /** @@ -85,125 +79,108 @@ public final class CertAndKeyGen { * to get a reproducible sequence of keys and signatures, or * because you may be able to take advantage of strong sources * of randomness/entropy in your environment. - * + * * @deprecated All random numbers come from PKCS #11 now. */ - public void setRandom (SecureRandom generator) - { + public void setRandom(SecureRandom generator) { } // want "public void generate (X509Certificate)" ... inherit DSA/D-H param /** * Generates a random public/private key pair, with a given key - * size. Different algorithms provide different degrees of security + * size. Different algorithms provide different degrees of security * for the same key size, because of the "work factor" involved in - * brute force attacks. As computers become faster, it becomes - * easier to perform such attacks. Small keys are to be avoided. - * - * <P>Note that not all values of "keyBits" are valid for all - * algorithms, and not all public key algorithms are currently - * supported for use in X.509 certificates. If the algorithm - * you specified does not produce X.509 compatible keys, an - * invalid key exception is thrown. - * + * brute force attacks. As computers become faster, it becomes + * easier to perform such attacks. Small keys are to be avoided. + * + * <P> + * Note that not all values of "keyBits" are valid for all algorithms, and not all public key algorithms are currently supported for use in X.509 certificates. If the algorithm you specified does not produce X.509 compatible keys, an invalid key exception is thrown. + * * @param keyBits the number of bits in the keys. * @exception InvalidKeyException if the environment does not - * provide X.509 public keys for this signature algorithm. + * provide X.509 public keys for this signature algorithm. */ - public void generate (int keyBits) - throws InvalidKeyException - { - KeyPair pair; + public void generate(int keyBits) + throws InvalidKeyException { + KeyPair pair; - try { - keyGen.initialize (keyBits); - pair = keyGen.generateKeyPair (); + try { + keyGen.initialize(keyBits); + pair = keyGen.generateKeyPair(); - } catch (Exception e) { - throw new IllegalArgumentException (e.getMessage ()); - } - - PublicKey publicKey = pair.getPublic(); + } catch (Exception e) { + throw new IllegalArgumentException(e.getMessage()); + } - if (publicKey instanceof X509Key) { - this.publicKey = (X509Key) publicKey; - - } else { - throw new InvalidKeyException ("public key " + publicKey + - " not an X509Key."); - } - privateKey = pair.getPrivate (); - } + PublicKey publicKey = pair.getPublic(); + + if (publicKey instanceof X509Key) { + this.publicKey = (X509Key) publicKey; + } else { + throw new InvalidKeyException("public key " + publicKey + + " not an X509Key."); + } + privateKey = pair.getPrivate(); + } /** * Returns the public key of the generated key pair. */ - public X509Key getPublicKey () - { - return publicKey; + public X509Key getPublicKey() { + return publicKey; } - /** * Returns the private key of the generated key pair. - * - * <P><STRONG><em>Be extremely careful when handling private keys. + * + * <P> + * <STRONG><em>Be extremely careful when handling private keys. * When private keys are not kept secret, they lose their ability * to securely authenticate specific entities ... that is a huge * security risk!</em></STRONG> */ - public PrivateKey getPrivateKey () - { - return privateKey; + public PrivateKey getPrivateKey() { + return privateKey; } - /** * Returns a self-signed X.509v1 certificate for the public key. * The certificate is immediately valid. - * - * <P>Such certificates normally are used to identify a "Certificate - * Authority" (CA). Accordingly, they will not always be accepted by - * other parties. However, such certificates are also useful when - * you are bootstrapping your security infrastructure, or deploying - * system prototypes. - * + * + * <P> + * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security infrastructure, or deploying system prototypes. + * * @deprecated Use the new <a href = - * "#getSelfCertificate(netscape.security.x509.X500Name, long)"> - * + * "#getSelfCertificate(netscape.security.x509.X500Name, long)"> + * * @param myname X.500 name of the subject (who is also the issuer) * @param validity how long the certificate should be valid, in seconds - */ - public X509Cert getSelfCert (X500Name myname, long validity) - throws InvalidKeyException, SignatureException, NoSuchAlgorithmException - { - X509Certificate cert; - - try { - cert = getSelfCertificate(myname, validity); - return new X509Cert(cert.getEncoded()); - } catch (CertificateException e) { - throw new SignatureException(e.getMessage()); - } catch (NoSuchProviderException e) { - throw new NoSuchAlgorithmException(e.getMessage()); - } catch (IOException e) { - throw new SignatureException(e.getMessage()); - } + */ + public X509Cert getSelfCert(X500Name myname, long validity) + throws InvalidKeyException, SignatureException, NoSuchAlgorithmException { + X509Certificate cert; + + try { + cert = getSelfCertificate(myname, validity); + return new X509Cert(cert.getEncoded()); + } catch (CertificateException e) { + throw new SignatureException(e.getMessage()); + } catch (NoSuchProviderException e) { + throw new NoSuchAlgorithmException(e.getMessage()); + } catch (IOException e) { + throw new SignatureException(e.getMessage()); + } } - /** * Returns a self-signed X.509v3 certificate for the public key. * The certificate is immediately valid. No extensions. - * - * <P>Such certificates normally are used to identify a "Certificate - * Authority" (CA). Accordingly, they will not always be accepted by - * other parties. However, such certificates are also useful when - * you are bootstrapping your security infrastructure, or deploying - * system prototypes. - * + * + * <P> + * Such certificates normally are used to identify a "Certificate Authority" (CA). Accordingly, they will not always be accepted by other parties. However, such certificates are also useful when you are bootstrapping your security infrastructure, or deploying system prototypes. + * * @param myname X.500 name of the subject (who is also the issuer) * @param validity how long the certificate should be valid, in seconds * @exception CertificateException on certificate handling errors. @@ -212,30 +189,29 @@ public final class CertAndKeyGen { * @exception NoSuchAlgorithmException on unrecognized algorithms. * @exception NoSuchProviderException on unrecognized providers. */ - public X509Certificate getSelfCertificate (X500Name myname, long validity) - throws CertificateException, InvalidKeyException, SignatureException, - NoSuchAlgorithmException, NoSuchProviderException - { - X500Signer issuer; - X509CertImpl cert; - Date firstDate, lastDate; - - try { - issuer = getSigner (myname); + public X509Certificate getSelfCertificate(X500Name myname, long validity) + throws CertificateException, InvalidKeyException, SignatureException, + NoSuchAlgorithmException, NoSuchProviderException { + X500Signer issuer; + X509CertImpl cert; + Date firstDate, lastDate; - firstDate = new Date (); - lastDate = new Date (); - lastDate.setTime (lastDate.getTime () + validity * 1000); + try { + issuer = getSigner(myname); + + firstDate = new Date(); + lastDate = new Date(); + lastDate.setTime(lastDate.getTime() + validity * 1000); CertificateValidity interval = - new CertificateValidity(firstDate,lastDate); - + new CertificateValidity(firstDate, lastDate); + X509CertInfo info = new X509CertInfo(); // Add all mandatory attributes info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V1)); info.set(X509CertInfo.SERIAL_NUMBER, - new CertificateSerialNumber((int)(firstDate.getTime()/1000))); + new CertificateSerialNumber((int) (firstDate.getTime() / 1000))); AlgorithmId algID = issuer.getAlgorithmId(); info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algID)); @@ -245,63 +221,58 @@ public final class CertAndKeyGen { info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer.getSigner())); - cert = new X509CertImpl(info); - cert.sign(privateKey, algID.getName()); + cert = new X509CertImpl(info); + cert.sign(privateKey, algID.getName()); - return (X509Certificate)cert; + return (X509Certificate) cert; - } catch (IOException e) { - throw new CertificateEncodingException("getSelfCert: " + + } catch (IOException e) { + throw new CertificateEncodingException("getSelfCert: " + e.getMessage()); - } + } } /** - * Returns a PKCS #10 certificate request. The caller uses either - * <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code> - * operations on the result, to get the request in an appropriate + * Returns a PKCS #10 certificate request. The caller uses either <code>PKCS10.print</code> or <code>PKCS10.toByteArray</code> operations on the result, to get the request in an appropriate * transmission format. - * - * <P>PKCS #10 certificate requests are sent, along with some proof - * of identity, to Certificate Authorities (CAs) which then issue - * X.509 public key certificates. - * + * + * <P> + * PKCS #10 certificate requests are sent, along with some proof of identity, to Certificate Authorities (CAs) which then issue X.509 public key certificates. + * * @param myname X.500 name of the subject * @exception InvalidKeyException on key handling errors. * @exception SignatureException on signature handling errors. */ - public PKCS10 getCertRequest (X500Name myname) - throws InvalidKeyException, SignatureException - { - PKCS10 req = new PKCS10 (publicKey); + public PKCS10 getCertRequest(X500Name myname) + throws InvalidKeyException, SignatureException { + PKCS10 req = new PKCS10(publicKey); - try { - req.encodeAndSign (getSigner (myname)); + try { + req.encodeAndSign(getSigner(myname)); - } catch (CertificateException e) { - throw new SignatureException (sigAlg + " CertificateException"); + } catch (CertificateException e) { + throw new SignatureException(sigAlg + " CertificateException"); - } catch (IOException e) { - throw new SignatureException (sigAlg + " IOException"); + } catch (IOException e) { + throw new SignatureException(sigAlg + " IOException"); - } catch (NoSuchAlgorithmException e) { - // "can't happen" - throw new SignatureException (sigAlg + " unavailable?"); - } - return req; + } catch (NoSuchAlgorithmException e) { + // "can't happen" + throw new SignatureException(sigAlg + " unavailable?"); + } + return req; } - private X500Signer getSigner (X500Name me) - throws InvalidKeyException, NoSuchAlgorithmException - { - Signature signature = Signature.getInstance(sigAlg); + private X500Signer getSigner(X500Name me) + throws InvalidKeyException, NoSuchAlgorithmException { + Signature signature = Signature.getInstance(sigAlg); - signature.initSign (privateKey); - return new X500Signer (signature, me); + signature.initSign(privateKey); + return new X500Signer(signature, me); } - private String sigAlg; - private KeyPairGenerator keyGen; - private X509Key publicKey; - private PrivateKey privateKey; + private String sigAlg; + private KeyPairGenerator keyGen; + private X509Key publicKey; + private PrivateKey privateKey; } diff --git a/pki/base/util/src/netscape/security/x509/CertAttrSet.java b/pki/base/util/src/netscape/security/x509/CertAttrSet.java index 4b9352c6..d1109a30 100755 --- a/pki/base/util/src/netscape/security/x509/CertAttrSet.java +++ b/pki/base/util/src/netscape/security/x509/CertAttrSet.java @@ -29,11 +29,8 @@ import java.util.Enumeration; * Subject Name. A CertAttrSet may compromise one attribute or many * attributes. * <p> - * A CertAttrSet itself can also be comprised of other sub-sets. - * In the case of X.509 V3 certificates, for example, the "extensions" - * attribute has subattributes, such as those for KeyUsage and - * AuthorityKeyIdentifier. - * + * A CertAttrSet itself can also be comprised of other sub-sets. In the case of X.509 V3 certificates, for example, the "extensions" attribute has subattributes, such as those for KeyUsage and AuthorityKeyIdentifier. + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.9 @@ -42,7 +39,7 @@ import java.util.Enumeration; public interface CertAttrSet { /** * Returns a short string describing this certificate attribute. - * + * * @return value of this certificate attribute in * printable form. */ @@ -51,29 +48,29 @@ public interface CertAttrSet { /** * Encodes the attribute to the output stream in a format * that can be parsed by the <code>decode</code> method. - * + * * @param out the OutputStream to encode the attribute to. * * @exception CertificateException on encoding or validity errors. * @exception IOException on other errors. */ void encode(OutputStream out) - throws CertificateException, IOException; + throws CertificateException, IOException; /** * Decodes the attribute in the input stream. - * + * * @param in the InputStream to read the encoded attribute from. * * @exception CertificateException on decoding or validity errors. * @exception IOException on other errors. */ void decode(InputStream in) - throws CertificateException, IOException; + throws CertificateException, IOException; /** * Sets an attribute value within this CertAttrSet. - * + * * @param name the name of the attribute (e.g. "x509.info.key") * @param obj the attribute object. * @@ -81,29 +78,29 @@ public interface CertAttrSet { * @exception IOException on other errors. */ void set(String name, Object obj) - throws CertificateException, IOException; + throws CertificateException, IOException; /** * Gets an attribute value for this CertAttrSet. - * + * * @param name the name of the attribute to return. * * @exception CertificateException on attribute handling errors. * @exception IOException on other errors. */ Object get(String name) - throws CertificateException, IOException; + throws CertificateException, IOException; /** * Deletes an attribute value from this CertAttrSet. - * + * * @param name the name of the attribute to delete. * * @exception CertificateException on attribute handling errors. * @exception IOException on other errors. */ void delete(String name) - throws CertificateException, IOException; + throws CertificateException, IOException; /** * Returns an enumeration of the names of the attributes existing within @@ -112,8 +109,7 @@ public interface CertAttrSet { * @return an enumeration of the attribute names. */ Enumeration<String> getAttributeNames(); - - + /** * Returns the name (identifier) of this CertAttrSet. * diff --git a/pki/base/util/src/netscape/security/x509/CertException.java b/pki/base/util/src/netscape/security/x509/CertException.java index 0b83ff11..31d9e686 100644 --- a/pki/base/util/src/netscape/security/x509/CertException.java +++ b/pki/base/util/src/netscape/security/x509/CertException.java @@ -19,9 +19,9 @@ package netscape.security.x509; /** * CertException indicates one of a variety of certificate problems. - * + * * @version 1.18 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra @@ -47,8 +47,10 @@ public class CertException extends SecurityException { /** Indicates that the certificate has expired and so is not valid. */ public static final int verf_INVALID_EXPIRED = 4; - /** Indicates that a certificate authority in the certification - * chain is not trusted. */ + /** + * Indicates that a certificate authority in the certification + * chain is not trusted. + */ public static final int verf_CA_UNTRUSTED = 5; /** Indicates that the certification chain is too long. */ @@ -65,56 +67,56 @@ public class CertException extends SecurityException { /** Indicates a problem with the certificate version */ public static final int err_INVALID_VERSION = 10; - + /** Indicates a problem with the certificate format */ public static final int err_INVALID_FORMAT = 11; - + /** Indicates a problem with the certificate encoding */ public static final int err_ENCODING = 12; - - // Private data members - private int verfCode; - private String moreData; + // Private data members + private int verfCode; + private String moreData; /** * Constructs a certificate exception using an error code * (<code>verf_*</code>) and a string describing the context * of the error. */ - public CertException(int code, String moredata) - { - verfCode = code; - moreData = moredata; + public CertException(int code, String moredata) { + verfCode = code; + moreData = moredata; } /** * Constructs a certificate exception using just an error code, * without a string describing the context. */ - public CertException(int code) - { - verfCode = code; + public CertException(int code) { + verfCode = code; } /** * Returns the error code with which the exception was created. */ - public int getVerfCode() { return verfCode; } + public int getVerfCode() { + return verfCode; + } /** * Returns a string describing the context in which the exception * was reported. */ - public String getMoreData() { return moreData; } + public String getMoreData() { + return moreData; + } /** * Return a string corresponding to the error code used to create * this exception. */ - public String getVerfDescription() - { - switch (verfCode) { + public String getVerfDescription() { + switch (verfCode) { case verf_INVALID_SIG: return "The signature in the certificate is not valid."; case verf_INVALID_REVOKED: @@ -134,32 +136,30 @@ public class CertException extends SecurityException { case err_INVALID_PUBLIC_KEY: return "The public key was not in the correct format."; case err_INVALID_VERSION: - return "The certificate has an invalid version number."; + return "The certificate has an invalid version number."; case err_INVALID_FORMAT: - return "The certificate has an invalid format."; + return "The certificate has an invalid format."; case err_ENCODING: return "Problem encountered while encoding the data."; default: return "Unknown code: " + verfCode; - } + } } /** * Returns a string describing the certificate exception. */ - public String toString() - { - return "[Certificate Exception: " + getMessage() + "]"; + public String toString() { + return "[Certificate Exception: " + getMessage() + "]"; } /** * Returns a string describing the certificate exception. */ - public String getMessage() - { - return getVerfDescription() - + ( (moreData != null) - ? ( "\n (" + moreData + ")" ) : "" ); + public String getMessage() { + return getVerfDescription() + + ((moreData != null) + ? ("\n (" + moreData + ")") : ""); } } diff --git a/pki/base/util/src/netscape/security/x509/CertParseError.java b/pki/base/util/src/netscape/security/x509/CertParseError.java index 2b9e444b..7328c720 100644 --- a/pki/base/util/src/netscape/security/x509/CertParseError.java +++ b/pki/base/util/src/netscape/security/x509/CertParseError.java @@ -23,21 +23,18 @@ package netscape.security.x509; /** * CertException indicates one of a variety of certificate problems. - * + * * @version 1.7 * @author David Brownell */ -class CertParseError extends CertException -{ +class CertParseError extends CertException { /** * */ private static final long serialVersionUID = -7623327377774730807L; - CertParseError (String where) - { - super (CertException.verf_PARSE_ERROR, where); + CertParseError(String where) { + super(CertException.verf_PARSE_ERROR, where); } } - diff --git a/pki/base/util/src/netscape/security/x509/CertificateAlgorithmId.java b/pki/base/util/src/netscape/security/x509/CertificateAlgorithmId.java index 676df900..41610844 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateAlgorithmId.java +++ b/pki/base/util/src/netscape/security/x509/CertificateAlgorithmId.java @@ -32,7 +32,7 @@ import netscape.security.util.DerValue; /** * This class defines the AlgorithmId for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.7 @@ -43,7 +43,7 @@ public class CertificateAlgorithmId implements CertAttrSet, Serializable { */ private static final long serialVersionUID = 6084780721443376563L; - private AlgorithmId algId; + private AlgorithmId algId; /** * Identifier for this attribute, to be used with the @@ -58,7 +58,7 @@ public class CertificateAlgorithmId implements CertAttrSet, Serializable { /** * Default constructor for the certificate attribute. - * + * * @param algId the Algorithm identifier */ public CertificateAlgorithmId(AlgorithmId algId) { @@ -67,7 +67,7 @@ public class CertificateAlgorithmId implements CertAttrSet, Serializable { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the serial number from. * @exception IOException on decoding errors. */ @@ -78,7 +78,7 @@ public class CertificateAlgorithmId implements CertAttrSet, Serializable { /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the serial number from. * @exception IOException on decoding errors. */ @@ -91,24 +91,25 @@ public class CertificateAlgorithmId implements CertAttrSet, Serializable { * Return the algorithm identifier as user readable string. */ public String toString() { - if (algId == null) return ""; + if (algId == null) + return ""; return (algId.toString() + ", OID = " + (algId.getOID()).toString() + "\n"); } private synchronized void writeObject(ObjectOutputStream stream) - throws IOException { + throws IOException { encode(stream); } private synchronized void readObject(ObjectInputStream stream) - throws IOException { - decode(stream); + throws IOException { + decode(stream); } /** * Encode the algorithm identifier in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception IOException on errors. */ @@ -121,7 +122,7 @@ public class CertificateAlgorithmId implements CertAttrSet, Serializable { /** * Decode the algorithm identifier from the passed stream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on errors. */ @@ -138,7 +139,7 @@ public class CertificateAlgorithmId implements CertAttrSet, Serializable { throw new IOException("Attribute must be of type AlgorithmId."); } if (name.equalsIgnoreCase(ALGORITHM)) { - algId = (AlgorithmId)obj; + algId = (AlgorithmId) obj; } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateAlgorithmId."); @@ -178,11 +179,11 @@ public class CertificateAlgorithmId implements CertAttrSet, Serializable { elements.addElement(ALGORITHM); return (elements.elements()); } - - /** - * Return the name of this attribute. - */ - public String getName() { - return (NAME); - } + + /** + * Return the name of this attribute. + */ + public String getName() { + return (NAME); + } } diff --git a/pki/base/util/src/netscape/security/x509/CertificateChain.java b/pki/base/util/src/netscape/security/x509/CertificateChain.java index df9f0140..b6032537 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateChain.java +++ b/pki/base/util/src/netscape/security/x509/CertificateChain.java @@ -16,6 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package netscape.security.x509; + import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -26,116 +27,111 @@ import netscape.security.pkcs.ContentInfo; import netscape.security.pkcs.PKCS7; import netscape.security.pkcs.SignerInfo; -public class CertificateChain implements Serializable -{ - public CertificateChain() { } +public class CertificateChain implements Serializable { + public CertificateChain() { + } - /** - * constructs a certificate chain from a certificate. - * @param cert a certificate - */ - public CertificateChain(X509Certificate cert) - { - mChain = new X509Certificate[1]; - mChain[0] = cert; - } + /** + * constructs a certificate chain from a certificate. + * + * @param cert a certificate + */ + public CertificateChain(X509Certificate cert) { + mChain = new X509Certificate[1]; + mChain[0] = cert; + } - /** - * constructs a certificate chain from a X509 certificate array. - * @param chain a certificate array. - */ - public CertificateChain(X509Certificate[] chain) - { - mChain = (X509Certificate[])chain.clone(); - } + /** + * constructs a certificate chain from a X509 certificate array. + * + * @param chain a certificate array. + */ + public CertificateChain(X509Certificate[] chain) { + mChain = (X509Certificate[]) chain.clone(); + } - /** - * returns the certificate at specified index in chain. - * @param index the index. - * @return the X509 certificate at the given index. - */ - public X509Certificate getCertificate(int index) - { - return mChain[index]; - } + /** + * returns the certificate at specified index in chain. + * + * @param index the index. + * @return the X509 certificate at the given index. + */ + public X509Certificate getCertificate(int index) { + return mChain[index]; + } - /** - * returns the first certificate in chain. - * @return the X509 certificate at the given index. - */ - public X509Certificate getFirstCertificate() - { - return mChain[0]; - } + /** + * returns the first certificate in chain. + * + * @return the X509 certificate at the given index. + */ + public X509Certificate getFirstCertificate() { + return mChain[0]; + } - /** - * returns the certificate chain as an array of X509 certificates. - * @return an array of X509 Certificates. - */ - public X509Certificate[] getChain() - { - return (X509Certificate[])mChain.clone(); - } + /** + * returns the certificate chain as an array of X509 certificates. + * + * @return an array of X509 Certificates. + */ + public X509Certificate[] getChain() { + return (X509Certificate[]) mChain.clone(); + } - public void encode(OutputStream out) - throws IOException - { - encode(out, true); - } + public void encode(OutputStream out) + throws IOException { + encode(out, true); + } - /** - * encode in PKCS7 blob. - */ - public void encode(OutputStream out, boolean sort) - throws IOException - { - PKCS7 p7 = new PKCS7(new AlgorithmId[0], + /** + * encode in PKCS7 blob. + */ + public void encode(OutputStream out, boolean sort) + throws IOException { + PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(new byte[0]), mChain, new SignerInfo[0]); - p7.encodeSignedData(out, sort); - } + p7.encodeSignedData(out, sort); + } - /** - * decode from PKCS7 blob. - */ - public void decode(InputStream in) - throws IOException - { - PKCS7 p7 = new PKCS7(in); - mChain = p7.getCertificates(); - } + /** + * decode from PKCS7 blob. + */ + public void decode(InputStream in) + throws IOException { + PKCS7 p7 = new PKCS7(in); + mChain = p7.getCertificates(); + } - /** - * for serialization - */ - private void writeObject(java.io.ObjectOutputStream out) - throws IOException - { - encode(out); - } + /** + * for serialization + */ + private void writeObject(java.io.ObjectOutputStream out) + throws IOException { + encode(out); + } - /** - * for serialization - */ - private void readObject(java.io.ObjectInputStream in) - throws IOException - { - decode(in); - } + /** + * for serialization + */ + private void readObject(java.io.ObjectInputStream in) + throws IOException { + decode(in); + } - /** - * Converts the certificate chain to a readable string. - */ - public String toString() { - String s = "[\n"; - if (mChain == null) - return "[empty]"; - for (int i = 0; i < mChain.length; i++) { - s += mChain[i].toString(); - } - s += "]\n"; - return s; - } + /** + * Converts the certificate chain to a readable string. + */ + public String toString() { + String s = "[\n"; + if (mChain == null) + return "[empty]"; + for (int i = 0; i < mChain.length; i++) { + s += mChain[i].toString(); + } + s += "]\n"; + return s; + } - private X509Certificate[] mChain = null; + private X509Certificate[] mChain = null; } diff --git a/pki/base/util/src/netscape/security/x509/CertificateExtensions.java b/pki/base/util/src/netscape/security/x509/CertificateExtensions.java index 6075715a..59f3a539 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateExtensions.java +++ b/pki/base/util/src/netscape/security/x509/CertificateExtensions.java @@ -37,14 +37,14 @@ import netscape.security.util.DerValue; /** * This class defines the Extensions attribute for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.11 * @see CertAttrSet */ public class CertificateExtensions extends Vector<Extension> -implements CertAttrSet, Serializable { + implements CertAttrSet, Serializable { /** * */ @@ -52,7 +52,7 @@ implements CertAttrSet, Serializable { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions"; /** * name @@ -65,8 +65,8 @@ implements CertAttrSet, Serializable { public void parseExtension(Extension ext) throws IOException { try { @SuppressWarnings("unchecked") - Class<Extension> extClass = (Class<Extension>) OIDMap.getClass(ext.getExtensionId()); - if (extClass == null) { // Unsupported extension + Class<Extension> extClass = (Class<Extension>) OIDMap.getClass(ext.getExtensionId()); + if (extClass == null) { // Unsupported extension if (ext.isCritical()) { throw new IOException("Unsupported CRITICAL extension: " + ext.getExtensionId()); @@ -76,7 +76,7 @@ implements CertAttrSet, Serializable { return; } } - Class<?>[] params = {Boolean.class, Object.class}; + Class<?>[] params = { Boolean.class, Object.class }; Constructor<Extension> cons = extClass.getConstructor(params); byte[] extData = ext.getExtensionValue(); @@ -86,8 +86,8 @@ implements CertAttrSet, Serializable { for (int i = 0; i < extLen; i++) { Array.setByte(value, i, extData[i]); } - Object[] passed = new Object[]{new Boolean(ext.isCritical()), - value}; + Object[] passed = new Object[] { new Boolean(ext.isCritical()), + value }; Extension certExt = cons.newInstance(passed); if (certExt != null && certExt.getName() != null) { map.put(certExt.getName(), (Extension) certExt); @@ -106,17 +106,17 @@ implements CertAttrSet, Serializable { * Default constructor for the certificate attribute. */ public CertificateExtensions() { - map = new Hashtable<String, Extension> (); + map = new Hashtable<String, Extension>(); } /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the Extension from. * @exception IOException on decoding errors. */ public CertificateExtensions(DerInputStream in) - throws IOException { + throws IOException { map = new Hashtable<String, Extension>(); DerValue[] exts = in.getSequence(5); @@ -129,7 +129,7 @@ implements CertAttrSet, Serializable { /** * Decode the extensions from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -148,17 +148,17 @@ implements CertAttrSet, Serializable { /** * Decode the extensions from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ public void decodeEx(InputStream in) throws IOException { DerValue val = new DerValue(in); DerInputStream str = null; - if (val.isConstructed() && val.isContextSpecific((byte)3)) { - str = val.data; + if (val.isConstructed() && val.isContextSpecific((byte) 3)) { + str = val.data; } else { - str = val.toDerInputStream(); + str = val.toDerInputStream(); } map = new Hashtable<String, Extension>(); @@ -171,40 +171,40 @@ implements CertAttrSet, Serializable { } private synchronized void writeObject(ObjectOutputStream stream) - throws CertificateException, IOException { + throws CertificateException, IOException { encode(stream); } private synchronized void readObject(ObjectInputStream stream) - throws CertificateException, IOException { - decodeEx(stream); + throws CertificateException, IOException { + decodeEx(stream); } /** * Encode the extensions in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception CertificateException on encoding errors. * @exception IOException on errors. */ public void encode(OutputStream out) - throws CertificateException, IOException { + throws CertificateException, IOException { DerOutputStream extOut = new DerOutputStream(); for (int i = 0; i < size(); i++) { Object thisOne = elementAt(i); if (thisOne instanceof CertAttrSet) - ((CertAttrSet)thisOne).encode(extOut); + ((CertAttrSet) thisOne).encode(extOut); else if (thisOne instanceof Extension) - ((Extension)thisOne).encode(extOut); + ((Extension) thisOne).encode(extOut); else throw new CertificateException("Invalid extension object"); } DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.tag_Sequence,extOut); + seq.write(DerValue.tag_Sequence, extOut); DerOutputStream tmp = new DerOutputStream(); - tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)3), + tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 3), seq); out.write(tmp.toByteArray()); @@ -212,17 +212,19 @@ implements CertAttrSet, Serializable { /** * Set the attribute value. + * * @param name the extension name used in the cache. * @param obj the object to set. * @exception IOException if the object could not be cached. */ public void set(String name, Object obj) throws IOException { - map.put(name,(Extension) obj); + map.put(name, (Extension) obj); addElement((Extension) obj); } /** * Get the attribute value. + * * @param name the extension name used in the lookup. * @exception IOException if named extension is not found. */ @@ -236,6 +238,7 @@ implements CertAttrSet, Serializable { /** * Delete the attribute value. + * * @param name the extension name used in the lookup. * @exception IOException if named extension is not found. */ @@ -248,9 +251,8 @@ implements CertAttrSet, Serializable { removeElement(obj); } - public Enumeration<String> getNames() - { - return map.keys(); + public Enumeration<String> getNames() { + return map.keys(); } /** @@ -261,15 +263,14 @@ implements CertAttrSet, Serializable { return (map.elements()); } - - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { return (map.keys()); } - + /** * Return the name of this attribute. */ - public String getName () { + public String getName() { return (NAME); } } diff --git a/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java b/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java index 55f21d2a..d018849c 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java +++ b/pki/base/util/src/netscape/security/x509/CertificateIssuerExtension.java @@ -28,22 +28,18 @@ import java.util.Vector; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * Represent the CRL Certificate Issuer Extension. - * - * <p>This CRL entry extension identifies the certificate - * issuer associated with an entry in an indirect CRL, - * i.e. a CRL that has the indirectCRL indicator set - * in its issuing distribution point extension. - * + * + * <p> + * This CRL entry extension identifies the certificate issuer associated with an entry in an indirect CRL, i.e. a CRL that has the indirectCRL indicator set in its issuing distribution point extension. + * * @see Extension * @see CertAttrSet */ public class CertificateIssuerExtension extends Extension - implements CertAttrSet -{ + implements CertAttrSet { /** * */ @@ -65,10 +61,10 @@ public class CertificateIssuerExtension extends Extension try { OIDMap.addAttribute(CertificateIssuerExtension.class.getName(), OID, CertificateIssuerExtension.class.getSimpleName()); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } } - // Encode this extension private void encodeThis() throws IOException { DerOutputStream os = new DerOutputStream(); @@ -83,29 +79,27 @@ public class CertificateIssuerExtension extends Extension /** * Create a CertificateIssuerExtension with the passed GeneralNames * and criticality. - * + * * @param critical true if the extension is to be treated as critical. * @param names the GeneralNames for the issuer. * @exception IOException on error. */ public CertificateIssuerExtension(Boolean critical, GeneralNames names) - throws IOException - { + throws IOException { this.names = names; this.extensionId = PKIXExtensions.CertificateIssuer_Id; this.critical = critical.booleanValue(); encodeThis(); } - /** + /** * Create a CertificateIssuerExtension with the passed GeneralNames. - * + * * @param names the GeneralNames for the issuer. * @exception IOException on error. */ public CertificateIssuerExtension(GeneralNames names) - throws IOException - { + throws IOException { this.names = names; this.extensionId = PKIXExtensions.CertificateIssuer_Id; this.critical = true; @@ -123,14 +117,13 @@ public class CertificateIssuerExtension extends Extension /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public CertificateIssuerExtension(Boolean critical, Object value) - throws IOException - { + throws IOException { this.extensionId = PKIXExtensions.CertificateIssuer_Id; this.critical = critical.booleanValue(); @@ -147,21 +140,22 @@ public class CertificateIssuerExtension extends Extension throw new IOException("CertificateIssuerExtension: " + e.toString()); } - } - - /** - * Returns a printable representation of the CertificateIssuerName. - */ - public String toString() { - if (names == null) return ""; - String s = super.toString() + "CertificateIssuerName [\n" + } + + /** + * Returns a printable representation of the CertificateIssuerName. + */ + public String toString() { + if (names == null) + return ""; + String s = super.toString() + "CertificateIssuerName [\n" + names.toString() + "]\n"; - return (s); - } + return (s); + } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -171,7 +165,7 @@ public class CertificateIssuerExtension extends Extension /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding error. */ @@ -195,9 +189,9 @@ public class CertificateIssuerExtension extends Extension throw new IOException("Attribute value should be of" + " type GeneralNames."); } - names = (GeneralNames)obj; + names = (GeneralNames) obj; } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateIssuerName."); } } @@ -209,7 +203,7 @@ public class CertificateIssuerExtension extends Extension if (name.equalsIgnoreCase(CERTIFICATE_ISSUER)) { return (names); } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateIssuerName."); } } @@ -221,7 +215,7 @@ public class CertificateIssuerExtension extends Extension if (name.equalsIgnoreCase(CERTIFICATE_ISSUER)) { names = null; } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateIssuerName."); } } @@ -238,4 +232,3 @@ public class CertificateIssuerExtension extends Extension } } - diff --git a/pki/base/util/src/netscape/security/x509/CertificateIssuerName.java b/pki/base/util/src/netscape/security/x509/CertificateIssuerName.java index 47c44ed4..a2f9026c 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateIssuerName.java +++ b/pki/base/util/src/netscape/security/x509/CertificateIssuerName.java @@ -29,7 +29,7 @@ import netscape.security.util.DerValue; /** * This class defines the X500Name attribute for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.6 @@ -39,7 +39,7 @@ public class CertificateIssuerName implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.issuer"; /** * Sub attributes name for this CertAttrSet. @@ -48,11 +48,11 @@ public class CertificateIssuerName implements CertAttrSet { public static final String DN_NAME = "dname"; // Private data member - private X500Name dnName; + private X500Name dnName; /** * Default constructor for the certificate attribute. - * + * * @param name the X500Name */ public CertificateIssuerName(X500Name name) { @@ -61,7 +61,7 @@ public class CertificateIssuerName implements CertAttrSet { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the X500Name from. * @exception IOException on decoding errors. */ @@ -71,7 +71,7 @@ public class CertificateIssuerName implements CertAttrSet { /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the X500Name from. * @exception IOException on decoding errors. */ @@ -84,13 +84,14 @@ public class CertificateIssuerName implements CertAttrSet { * Return the name as user readable string. */ public String toString() { - if (dnName == null) return ""; - return(dnName.toString()); + if (dnName == null) + return ""; + return (dnName.toString()); } /** * Encode the name in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception IOException on errors. */ @@ -103,7 +104,7 @@ public class CertificateIssuerName implements CertAttrSet { /** * Decode the name in DER form from the stream. - * + * * @param in the InputStream to marshal the contents from. * @exception IOException on errors. */ @@ -120,7 +121,7 @@ public class CertificateIssuerName implements CertAttrSet { throw new IOException("Attribute must be of type X500Name."); } if (name.equalsIgnoreCase(DN_NAME)) { - this.dnName = (X500Name)obj; + this.dnName = (X500Name) obj; } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateIssuerName."); @@ -132,7 +133,7 @@ public class CertificateIssuerName implements CertAttrSet { */ public Object get(String name) throws IOException { if (name.equalsIgnoreCase(DN_NAME)) { - return(dnName); + return (dnName); } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateIssuerName."); @@ -166,6 +167,6 @@ public class CertificateIssuerName implements CertAttrSet { * Return the name of this attribute. */ public String getName() { - return(NAME); + return (NAME); } } diff --git a/pki/base/util/src/netscape/security/x509/CertificateIssuerUniqueIdentity.java b/pki/base/util/src/netscape/security/x509/CertificateIssuerUniqueIdentity.java index 52baa621..351116ff 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateIssuerUniqueIdentity.java +++ b/pki/base/util/src/netscape/security/x509/CertificateIssuerUniqueIdentity.java @@ -30,19 +30,19 @@ import netscape.security.util.DerValue; /** * This class defines the subject/issuer unique identity attribute * for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.6 * @see CertAttrSet */ public class CertificateIssuerUniqueIdentity implements CertAttrSet { - private UniqueIdentity id; + private UniqueIdentity id; /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.issuerID"; /** * Sub attributes name for this CertAttrSet. @@ -52,7 +52,7 @@ public class CertificateIssuerUniqueIdentity implements CertAttrSet { /** * Default constructor for the certificate attribute. - * + * * @param key the UniqueIdentity */ public CertificateIssuerUniqueIdentity(UniqueIdentity id) { @@ -61,35 +61,35 @@ public class CertificateIssuerUniqueIdentity implements CertAttrSet { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the UniqueIdentity from. * @exception IOException on decoding errors. */ public CertificateIssuerUniqueIdentity(DerInputStream in) - throws IOException { + throws IOException { id = new UniqueIdentity(in); } /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the UniqueIdentity from. * @exception IOException on decoding errors. */ public CertificateIssuerUniqueIdentity(InputStream in) - throws IOException { + throws IOException { DerValue val = new DerValue(in); id = new UniqueIdentity(val); } /** * Create the object, decoding the values from the passed DER value. - * + * * @param in the DerValue to read the UniqueIdentity from. * @exception IOException on decoding errors. */ public CertificateIssuerUniqueIdentity(DerValue val) - throws IOException { + throws IOException { id = new UniqueIdentity(val); } @@ -97,13 +97,14 @@ public class CertificateIssuerUniqueIdentity implements CertAttrSet { * Return the identity as user readable string. */ public String toString() { - if (id == null) return ""; + if (id == null) + return ""; return (id.toString()); } /** * Decode the identity in DER form from the stream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on errors. */ @@ -114,13 +115,13 @@ public class CertificateIssuerUniqueIdentity implements CertAttrSet { /** * Encode the identity in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception IOException on errors. */ public void encode(OutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); - id.encode(tmp,DerValue.createTag(DerValue.TAG_CONTEXT,false,(byte)1)); + id.encode(tmp, DerValue.createTag(DerValue.TAG_CONTEXT, false, (byte) 1)); out.write(tmp.toByteArray()); } @@ -133,7 +134,7 @@ public class CertificateIssuerUniqueIdentity implements CertAttrSet { throw new IOException("Attribute must be of type UniqueIdentity."); } if (name.equalsIgnoreCase(ID)) { - id = (UniqueIdentity)obj; + id = (UniqueIdentity) obj; } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateIssuerUniqueIdentity."); diff --git a/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java b/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java index 19a986b3..a917ac49 100644 --- a/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java +++ b/pki/base/util/src/netscape/security/x509/CertificatePoliciesExtension.java @@ -16,7 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package netscape.security.x509; - + import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -29,31 +29,24 @@ import java.util.Vector; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - + /** * This class defines the Certificate Policies Extension. * - * <p>The certificate policies extension conatins a sequence of policy - * information terms, each of which consists of an object identifier - * (OID) and optional qualifiers. These policy information terms - * indicate the policy under which the certificate has been issued and - * the purposes for which the certificate may be used. Aplications with - * specific policy requirements are expected to have a list of those - * policies which they will accept and to compare the policy OIDs in the - * certificate to that list. If this extension is critical, the path - * validation software must be able to interpret this extension, or must - * reject the certificate. - * + * <p> + * The certificate policies extension conatins a sequence of policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. These policy information terms indicate the policy under which the certificate has been issued and the purposes for which the certificate may be used. Aplications with specific policy requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in the certificate to that list. If + * this extension is critical, the path validation software must be able to interpret this extension, or must reject the certificate. + * * <pre> * CertificatePolicies ::= SEQUENECE OF PolicyInformation * </pre> - * - *@author Christine Ho - *@see Extension - *@see CertAttrSet + * + * @author Christine Ho + * @see Extension + * @see CertAttrSet */ public class CertificatePoliciesExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * @@ -67,21 +60,20 @@ implements CertAttrSet { /** * Attribute names. */ - public static final String INFOS = "infos"; - + public static final String INFOS = "infos"; // Private data members private Vector<CertificatePolicyInfo> mInfos; - + // Encode this extension value private void encodeThis() throws IOException { DerOutputStream os = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); - + for (int i = 0; i < mInfos.size(); i++) { - ((CertificatePolicyInfo)mInfos.elementAt(i)).encode(tmp); + ((CertificatePolicyInfo) mInfos.elementAt(i)).encode(tmp); } - os.write(DerValue.tag_Sequence,tmp); + os.write(DerValue.tag_Sequence, tmp); extensionValue = os.toByteArray(); } @@ -93,8 +85,8 @@ implements CertAttrSet { } /** - * Create a CertificatePolicies with the Vector of CertificatePolicyInfo. - * + * Create a CertificatePolicies with the Vector of CertificatePolicyInfo. + * * @param infos the Vector of CertificatePolicyInfo. */ public CertificatePoliciesExtension(Vector<CertificatePolicyInfo> infos) throws IOException { @@ -103,32 +95,32 @@ implements CertAttrSet { this.critical = false; encodeThis(); } - + /** * Create a default CertificatePoliciesExtension. */ - public CertificatePoliciesExtension() { - this.extensionId = PKIXExtensions.CertificatePolicies_Id; + public CertificatePoliciesExtension() { + this.extensionId = PKIXExtensions.CertificatePolicies_Id; critical = false; - mInfos = new Vector<CertificatePolicyInfo>(1,1); + mInfos = new Vector<CertificatePolicyInfo>(1, 1); } /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public CertificatePoliciesExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = PKIXExtensions.CertificatePolicies_Id; + throws IOException { + this.extensionId = PKIXExtensions.CertificatePolicies_Id; this.critical = critical.booleanValue(); - + int len = Array.getLength(value); - byte [] extValue = new byte[len]; + byte[] extValue = new byte[len]; for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); + extValue[i] = Array.getByte(value, i); } this.extensionValue = extValue; DerValue val = new DerValue(extValue); @@ -148,16 +140,17 @@ implements CertAttrSet { * Returns a printable representation of the policy extension. */ public String toString() { - if (mInfos == null) return ""; + if (mInfos == null) + return ""; String s = super.toString() + "Certificate Policies [\n" + mInfos.toString() + "]\n"; - + return (s); } - + /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -174,32 +167,32 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ public void decode(InputStream in) throws IOException { throw new IOException("Method not to be called directly."); } - + /** * Set the attribute value. */ @SuppressWarnings("unchecked") - public void set(String name, Object obj) throws IOException { + public void set(String name, Object obj) throws IOException { clearValue(); if (name.equalsIgnoreCase(INFOS)) { if (!(obj instanceof Vector)) { - throw new IOException("Attribute value should be of" + + throw new IOException("Attribute value should be of" + " type Vector."); } - mInfos = (Vector<CertificatePolicyInfo>)obj; + mInfos = (Vector<CertificatePolicyInfo>) obj; } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificatePoliciesExtension."); } } - + /** * Get the attribute value. */ @@ -207,11 +200,11 @@ implements CertAttrSet { if (name.equalsIgnoreCase(INFOS)) { return (mInfos); } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificatePoliciesExtension."); } } - + /** * Delete the attribute value. */ @@ -219,11 +212,11 @@ implements CertAttrSet { if (name.equalsIgnoreCase(INFOS)) { mInfos = null; } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificatePoliciesExtension."); } } - + /** * Return an enumeration of attributes existing within this * attribute. @@ -233,101 +226,99 @@ implements CertAttrSet { elements.addElement(mInfos); return (elements.elements()); } - - private static final String[] NAMES = {INFOS}; - @Override - public Enumeration<String> getAttributeNames() { - // TODO Auto-generated method stub - return Collections.enumeration(Arrays.asList(NAMES)); - } - - - public static void main(String args[]) - { -/** From ASN.1 dump + private static final String[] NAMES = { INFOS }; - 0 30 133: SEQUENCE { - 3 30 45: . SEQUENCE { - 5 06 3: . . OBJECT IDENTIFIER '1 2 3 5' - 10 30 38: . . SEQUENCE { - 12 30 36: . . . SEQUENCE { - 14 06 8: . . . . OBJECT IDENTIFIER cps (1 3 6 1 5 5 7 2 1) - : . . . . . (PKIX policy qualifier) - 24 16 24: . . . . IA5String 'http://home.netscape.com' - : . . . . } - : . . . } - : . . } - 50 30 84: . SEQUENCE { - 52 06 2: . . OBJECT IDENTIFIER '2 3 5' - 56 30 78: . . SEQUENCE { - 58 30 36: . . . SEQUENCE { - 60 06 8: . . . . OBJECT IDENTIFIER cps (1 3 6 1 5 5 7 2 1) - : . . . . . (PKIX policy qualifier) - 70 16 24: . . . . IA5String 'http://home.netscape.com' - : . . . . } - 96 30 38: . . . SEQUENCE { - 98 06 8: . . . . OBJECT IDENTIFIER unotice (1 3 6 1 5 5 7 2 2) - : . . . . . (PKIX policy qualifier) - 108 30 26: . . . . SEQUENCE { - 110 30 16: . . . . . SEQUENCE { - 112 1E 8: . . . . . . BMPString (1993) '_..o.r.g' - 122 02 1: . . . . . . INTEGER 1 - 125 02 1: . . . . . . INTEGER 2 - : . . . . . . } - 128 1E 6: . . . . . BMPString (1993) '_..d.t' - : . . . . . } - : . . . . } - : . . . } - : . . } - : . } + @Override + public Enumeration<String> getAttributeNames() { + // TODO Auto-generated method stub + return Collections.enumeration(Arrays.asList(NAMES)); + } - **/ + public static void main(String args[]) { - CertificatePolicyId plcyId0 = new CertificatePolicyId( - new ObjectIdentifier("1.2.3.5") - ); - PolicyQualifiers qualifiers0 = new PolicyQualifiers(); - CPSuri cpsQualifier0 = new CPSuri("http://home.netscape.com"); - PolicyQualifierInfo qualifierInfo0 = new PolicyQualifierInfo( - PolicyQualifierInfo.QT_CPS, - cpsQualifier0 - ); - qualifiers0.add(qualifierInfo0); - CertificatePolicyInfo info0 = new CertificatePolicyInfo( - plcyId0, qualifiers0); - CertificatePolicyId plcyId1 = new CertificatePolicyId( - new ObjectIdentifier("2.3.5") - ); - PolicyQualifiers qualifiers1 = new PolicyQualifiers(); - DisplayText org1 = new DisplayText(DisplayText.tag_BMPString, - "org"); - int nums[] = {1, 2}; - NoticeReference nr1 = new NoticeReference(org1, nums); - DisplayText dt1 = new DisplayText(DisplayText.tag_BMPString, - "dt"); - UserNotice userNotice1 = new UserNotice(nr1, dt1); - PolicyQualifierInfo qualifierInfo1 = new PolicyQualifierInfo( - PolicyQualifierInfo.QT_UNOTICE, - userNotice1 - ); - qualifiers1.add(qualifierInfo0); - qualifiers1.add(qualifierInfo1); - CertificatePolicyInfo info1 = new CertificatePolicyInfo( - plcyId1, qualifiers1); - Vector<CertificatePolicyInfo> infos = new Vector<CertificatePolicyInfo>(); - infos.addElement(info0); - infos.addElement(info1); - try { - CertificatePoliciesExtension ext = - new CertificatePoliciesExtension(infos); + /** + * From ASN.1 dump + * + * 0 30 133: SEQUENCE { + * 3 30 45: . SEQUENCE { + * 5 06 3: . . OBJECT IDENTIFIER '1 2 3 5' + * 10 30 38: . . SEQUENCE { + * 12 30 36: . . . SEQUENCE { + * 14 06 8: . . . . OBJECT IDENTIFIER cps (1 3 6 1 5 5 7 2 1) + * : . . . . . (PKIX policy qualifier) + * 24 16 24: . . . . IA5String 'http://home.netscape.com' + * : . . . . } + * : . . . } + * : . . } + * 50 30 84: . SEQUENCE { + * 52 06 2: . . OBJECT IDENTIFIER '2 3 5' + * 56 30 78: . . SEQUENCE { + * 58 30 36: . . . SEQUENCE { + * 60 06 8: . . . . OBJECT IDENTIFIER cps (1 3 6 1 5 5 7 2 1) + * : . . . . . (PKIX policy qualifier) + * 70 16 24: . . . . IA5String 'http://home.netscape.com' + * : . . . . } + * 96 30 38: . . . SEQUENCE { + * 98 06 8: . . . . OBJECT IDENTIFIER unotice (1 3 6 1 5 5 7 2 2) + * : . . . . . (PKIX policy qualifier) + * 108 30 26: . . . . SEQUENCE { + * 110 30 16: . . . . . SEQUENCE { + * 112 1E 8: . . . . . . BMPString (1993) '_..o.r.g' + * 122 02 1: . . . . . . INTEGER 1 + * 125 02 1: . . . . . . INTEGER 2 + * : . . . . . . } + * 128 1E 6: . . . . . BMPString (1993) '_..d.t' + * : . . . . . } + * : . . . . } + * : . . . } + * : . . } + * : . } + **/ - // BASE64 encode the whole thing and write it to stdout - System.out.println( com.netscape.osutil.OSUtil.BtoA(ext.getExtensionValue()) ); - } catch (IOException e) { - System.out.println(e.toString()); - } - } + CertificatePolicyId plcyId0 = new CertificatePolicyId( + new ObjectIdentifier("1.2.3.5") + ); + PolicyQualifiers qualifiers0 = new PolicyQualifiers(); + CPSuri cpsQualifier0 = new CPSuri("http://home.netscape.com"); + PolicyQualifierInfo qualifierInfo0 = new PolicyQualifierInfo( + PolicyQualifierInfo.QT_CPS, + cpsQualifier0 + ); + qualifiers0.add(qualifierInfo0); + CertificatePolicyInfo info0 = new CertificatePolicyInfo( + plcyId0, qualifiers0); + CertificatePolicyId plcyId1 = new CertificatePolicyId( + new ObjectIdentifier("2.3.5") + ); + PolicyQualifiers qualifiers1 = new PolicyQualifiers(); + DisplayText org1 = new DisplayText(DisplayText.tag_BMPString, + "org"); + int nums[] = { 1, 2 }; + NoticeReference nr1 = new NoticeReference(org1, nums); + DisplayText dt1 = new DisplayText(DisplayText.tag_BMPString, + "dt"); + UserNotice userNotice1 = new UserNotice(nr1, dt1); + PolicyQualifierInfo qualifierInfo1 = new PolicyQualifierInfo( + PolicyQualifierInfo.QT_UNOTICE, + userNotice1 + ); + qualifiers1.add(qualifierInfo0); + qualifiers1.add(qualifierInfo1); + CertificatePolicyInfo info1 = new CertificatePolicyInfo( + plcyId1, qualifiers1); + Vector<CertificatePolicyInfo> infos = new Vector<CertificatePolicyInfo>(); + infos.addElement(info0); + infos.addElement(info1); + try { + CertificatePoliciesExtension ext = + new CertificatePoliciesExtension(infos); + + // BASE64 encode the whole thing and write it to stdout + System.out.println(com.netscape.osutil.OSUtil.BtoA(ext.getExtensionValue())); + } catch (IOException e) { + System.out.println(e.toString()); + } + } - } diff --git a/pki/base/util/src/netscape/security/x509/CertificatePolicyId.java b/pki/base/util/src/netscape/security/x509/CertificatePolicyId.java index 2577764f..bfc93b0b 100644 --- a/pki/base/util/src/netscape/security/x509/CertificatePolicyId.java +++ b/pki/base/util/src/netscape/security/x509/CertificatePolicyId.java @@ -23,10 +23,9 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - /** * Represent the CertificatePolicyId ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.5 @@ -40,7 +39,7 @@ public class CertificatePolicyId implements java.io.Serializable { /** * Create a CertificatePolicyId with the ObjectIdentifier. - * + * * @param id the ObjectIdentifier for the policy id. */ public CertificatePolicyId(ObjectIdentifier id) { @@ -49,7 +48,7 @@ public class CertificatePolicyId implements java.io.Serializable { /** * Create the object from its Der encoded value. - * + * * @param val the DER encoded value for the same. */ public CertificatePolicyId(DerValue val) throws IOException { @@ -76,7 +75,7 @@ public class CertificatePolicyId implements java.io.Serializable { /** * Write the CertificatePolicyId to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ diff --git a/pki/base/util/src/netscape/security/x509/CertificatePolicyInfo.java b/pki/base/util/src/netscape/security/x509/CertificatePolicyInfo.java index 50387261..33e541c6 100644 --- a/pki/base/util/src/netscape/security/x509/CertificatePolicyInfo.java +++ b/pki/base/util/src/netscape/security/x509/CertificatePolicyInfo.java @@ -21,38 +21,38 @@ import java.io.IOException; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - + /** * Represent the CertificatePolicyInformation ASN.1 object. - * - * @author Christine Ho + * + * @author Christine Ho */ public class CertificatePolicyInfo implements java.io.Serializable { - /** + /** * */ private static final long serialVersionUID = -8516006396099280477L; private CertificatePolicyId mPolicyIdentifier; - private PolicyQualifiers mPolicyQualifiers; + private PolicyQualifiers mPolicyQualifiers; /** * Create a CertificatePolicyInfo with the passed CertificatePolicyId's. - * + * * @param id the CertificatePolicyId. */ public CertificatePolicyInfo(CertificatePolicyId id) { this.mPolicyIdentifier = id; - this.mPolicyQualifiers= null; + this.mPolicyQualifiers = null; } public CertificatePolicyInfo(CertificatePolicyId id, PolicyQualifiers qualifiers) { this.mPolicyIdentifier = id; - this.mPolicyQualifiers= qualifiers; + this.mPolicyQualifiers = qualifiers; } /** * Create the CertificatePolicyInfo from the DER encoded value. - * + * * @param val the DER encoded value of the same. */ public CertificatePolicyInfo(DerValue val) throws IOException { @@ -60,18 +60,18 @@ public class CertificatePolicyInfo implements java.io.Serializable { throw new IOException("Invalid encoding for CertificatePolicyInfo"); } mPolicyIdentifier = new CertificatePolicyId(val.data.getDerValue()); - // The specification is not clear on whether qualifier is - // optional or not. GTE CyberTrust Root certificate has - // no qualifier. - if (val.data.available() == 0) { - mPolicyQualifiers = null; - } else { - mPolicyQualifiers = new PolicyQualifiers(val.data.getDerValue()); - } + // The specification is not clear on whether qualifier is + // optional or not. GTE CyberTrust Root certificate has + // no qualifier. + if (val.data.available() == 0) { + mPolicyQualifiers = null; + } else { + mPolicyQualifiers = new PolicyQualifiers(val.data.getDerValue()); + } } - + /** - * return the policy identifier of the policy info + * return the policy identifier of the policy info */ public CertificatePolicyId getPolicyIdentifier() { return (mPolicyIdentifier); @@ -91,20 +91,20 @@ public class CertificatePolicyInfo implements java.io.Serializable { + "]\n"; return (s); } - + /** * Write the CertificatePolicyInfo to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ public void encode(DerOutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); - + mPolicyIdentifier.encode(tmp); - if (mPolicyQualifiers != null) { - mPolicyQualifiers.encode(tmp); - } - out.write(DerValue.tag_Sequence,tmp); + if (mPolicyQualifiers != null) { + mPolicyQualifiers.encode(tmp); + } + out.write(DerValue.tag_Sequence, tmp); } } diff --git a/pki/base/util/src/netscape/security/x509/CertificatePolicyMap.java b/pki/base/util/src/netscape/security/x509/CertificatePolicyMap.java index 7ae6ce10..75ddf331 100644 --- a/pki/base/util/src/netscape/security/x509/CertificatePolicyMap.java +++ b/pki/base/util/src/netscape/security/x509/CertificatePolicyMap.java @@ -24,7 +24,7 @@ import netscape.security.util.DerValue; /** * Represent the CertificatePolicyMap ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.5 @@ -35,7 +35,7 @@ public class CertificatePolicyMap { /** * Create a CertificatePolicyMap with the passed CertificatePolicyId's. - * + * * @param issuer the CertificatePolicyId for the issuer CA. * @param subject the CertificatePolicyId for the subject CA. */ @@ -47,7 +47,7 @@ public class CertificatePolicyMap { /** * Create the CertificatePolicyMap from the DER encoded value. - * + * * @param val the DER encoded value of the same. */ public CertificatePolicyMap(DerValue val) throws IOException { @@ -86,7 +86,7 @@ public class CertificatePolicyMap { /** * Write the CertificatePolicyMap to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ @@ -95,6 +95,6 @@ public class CertificatePolicyMap { issuerDomain.encode(tmp); subjectDomain.encode(tmp); - out.write(DerValue.tag_Sequence,tmp); + out.write(DerValue.tag_Sequence, tmp); } } diff --git a/pki/base/util/src/netscape/security/x509/CertificatePolicySet.java b/pki/base/util/src/netscape/security/x509/CertificatePolicySet.java index fafa7764..86d9c107 100644 --- a/pki/base/util/src/netscape/security/x509/CertificatePolicySet.java +++ b/pki/base/util/src/netscape/security/x509/CertificatePolicySet.java @@ -26,17 +26,17 @@ import netscape.security.util.DerValue; /** * This class defines the certificate policy set ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.4 */ public class CertificatePolicySet { - private Vector<CertificatePolicyId> ids; + private Vector<CertificatePolicyId> ids; /** * The default constructor for this class. - * + * * @param ids the sequence of CertificatePolicyId's. */ public CertificatePolicySet(Vector<CertificatePolicyId> ids) { @@ -45,14 +45,14 @@ public class CertificatePolicySet { /** * Create the object from the DerValue. - * + * * @param in the passed DerInputStream. * @exception IOException on decoding errors. */ public CertificatePolicySet(DerInputStream in) throws IOException { ids = new Vector<CertificatePolicyId>(1, 1); DerValue[] seq = in.getSequence(5); - + for (int i = 0; i < seq.length; i++) { CertificatePolicyId id = new CertificatePolicyId(seq[i]); ids.addElement(id); @@ -72,15 +72,15 @@ public class CertificatePolicySet { /** * Encode the policy set to the output stream. - * + * * @param out the DerOutputStream to encode the data to. */ public void encode(DerOutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); for (int i = 0; i < ids.size(); i++) { - ((CertificatePolicyId)ids.elementAt(i)).encode(tmp); + ((CertificatePolicyId) ids.elementAt(i)).encode(tmp); } - out.write(DerValue.tag_Sequence,tmp); + out.write(DerValue.tag_Sequence, tmp); } } diff --git a/pki/base/util/src/netscape/security/x509/CertificateSerialNumber.java b/pki/base/util/src/netscape/security/x509/CertificateSerialNumber.java index a73a9ec2..e9655178 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateSerialNumber.java +++ b/pki/base/util/src/netscape/security/x509/CertificateSerialNumber.java @@ -30,7 +30,7 @@ import netscape.security.util.DerValue; /** * This class defines the SerialNumber attribute for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.6 @@ -49,29 +49,29 @@ public class CertificateSerialNumber implements CertAttrSet { public static final String NAME = "serialNumber"; public static final String NUMBER = "number"; - private SerialNumber serial; + private SerialNumber serial; /** * Default constructor for the certificate attribute. - * + * * @param serial the serial number for the certificate. */ public CertificateSerialNumber(BigInteger num) { - this.serial = new SerialNumber(num); + this.serial = new SerialNumber(num); } /** * Default constructor for the certificate attribute. - * + * * @param serial the serial number for the certificate. */ public CertificateSerialNumber(int num) { - this.serial = new SerialNumber(num); + this.serial = new SerialNumber(num); } /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the serial number from. * @exception IOException on decoding errors. */ @@ -81,7 +81,7 @@ public class CertificateSerialNumber implements CertAttrSet { /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the serial number from. * @exception IOException on decoding errors. */ @@ -91,7 +91,7 @@ public class CertificateSerialNumber implements CertAttrSet { /** * Create the object, decoding the values from the passed DerValue. - * + * * @param val the DER encoded value. * @exception IOException on decoding errors. */ @@ -103,13 +103,14 @@ public class CertificateSerialNumber implements CertAttrSet { * Return the serial number as user readable string. */ public String toString() { - if (serial == null) return ""; + if (serial == null) + return ""; return (serial.toString()); } /** * Encode the serial number in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception IOException on errors. */ @@ -122,7 +123,7 @@ public class CertificateSerialNumber implements CertAttrSet { /** * Decode the serial number in DER form from the stream. - * + * * @param in the InputStream to marshal the contents from. * @exception IOException on errors. */ @@ -139,7 +140,7 @@ public class CertificateSerialNumber implements CertAttrSet { throw new IOException("Attribute must be of type SerialNumber."); } if (name.equalsIgnoreCase(NUMBER)) { - serial = (SerialNumber)obj; + serial = (SerialNumber) obj; } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateSerialNumber."); @@ -177,10 +178,10 @@ public class CertificateSerialNumber implements CertAttrSet { public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(NUMBER); - + return (elements.elements()); } - + /** * Return the name of this attribute. */ diff --git a/pki/base/util/src/netscape/security/x509/CertificateSubjectName.java b/pki/base/util/src/netscape/security/x509/CertificateSubjectName.java index e9c558ef..6159638b 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateSubjectName.java +++ b/pki/base/util/src/netscape/security/x509/CertificateSubjectName.java @@ -32,7 +32,7 @@ import netscape.security.util.DerValue; /** * This class defines the X500Name attribute for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.6 @@ -46,7 +46,7 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.subject"; /** * Sub attributes name for this CertAttrSet. @@ -55,11 +55,11 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { public static final String DN_NAME = "dname"; // Private data member - private X500Name dnName; + private X500Name dnName; /** * Default constructor for the certificate attribute. - * + * * @param name the X500Name */ public CertificateSubjectName(X500Name name) { @@ -68,7 +68,7 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the X500Name from. * @exception IOException on decoding errors. */ @@ -78,7 +78,7 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the X500Name from. * @exception IOException on decoding errors. */ @@ -91,23 +91,24 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { * Return the name as user readable string. */ public String toString() { - if (dnName == null) return ""; - return(dnName.toString()); + if (dnName == null) + return ""; + return (dnName.toString()); } private synchronized void writeObject(ObjectOutputStream stream) - throws IOException { + throws IOException { encode(stream); } private synchronized void readObject(ObjectInputStream stream) - throws IOException { - decodeEx(stream); + throws IOException { + decodeEx(stream); } /** * Encode the name in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception IOException on errors. */ @@ -120,7 +121,7 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { /** * Decode the name in DER form from the stream. - * + * * @param in the InputStream to marshal the contents from. * @exception IOException on errors. */ @@ -133,7 +134,7 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { /** * Decode the name in DER form from the stream. - * + * * @param in the InputStream to marshal the contents from. * @exception IOException on errors. */ @@ -151,7 +152,7 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { throw new IOException("Attribute must be of type X500Name."); } if (name.equalsIgnoreCase(DN_NAME)) { - this.dnName = (X500Name)obj; + this.dnName = (X500Name) obj; } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateSubjectName."); @@ -163,7 +164,7 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { */ public Object get(String name) throws IOException { if (name.equalsIgnoreCase(DN_NAME)) { - return(dnName); + return (dnName); } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet:CertificateSubjectName."); @@ -190,13 +191,13 @@ public class CertificateSubjectName implements CertAttrSet, Serializable { Vector<String> elements = new Vector<String>(); elements.addElement(DN_NAME); - return(elements.elements()); + return (elements.elements()); } /** * Return the name of this attribute. */ public String getName() { - return(NAME); + return (NAME); } } diff --git a/pki/base/util/src/netscape/security/x509/CertificateSubjectUniqueIdentity.java b/pki/base/util/src/netscape/security/x509/CertificateSubjectUniqueIdentity.java index 7a3294cb..51687e86 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateSubjectUniqueIdentity.java +++ b/pki/base/util/src/netscape/security/x509/CertificateSubjectUniqueIdentity.java @@ -30,7 +30,7 @@ import netscape.security.util.DerValue; /** * This class defines the subject/issuer unique identity attribute * for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.6 @@ -40,7 +40,7 @@ public class CertificateSubjectUniqueIdentity implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.subjectID"; /** * Sub attributes name for this CertAttrSet. @@ -48,11 +48,11 @@ public class CertificateSubjectUniqueIdentity implements CertAttrSet { public static final String NAME = "subjectID"; public static final String ID = "id"; - private UniqueIdentity id; + private UniqueIdentity id; /** * Default constructor for the certificate attribute. - * + * * @param key the UniqueIdentity */ public CertificateSubjectUniqueIdentity(UniqueIdentity id) { @@ -61,35 +61,35 @@ public class CertificateSubjectUniqueIdentity implements CertAttrSet { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the UniqueIdentity from. * @exception IOException on decoding errors. */ public CertificateSubjectUniqueIdentity(DerInputStream in) - throws IOException { + throws IOException { id = new UniqueIdentity(in); } /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the UniqueIdentity from. * @exception IOException on decoding errors. */ public CertificateSubjectUniqueIdentity(InputStream in) - throws IOException { + throws IOException { DerValue val = new DerValue(in); id = new UniqueIdentity(val); } /** * Create the object, decoding the values from the passed DER value. - * + * * @param in the DerValue to read the UniqueIdentity from. * @exception IOException on decoding errors. */ public CertificateSubjectUniqueIdentity(DerValue val) - throws IOException { + throws IOException { id = new UniqueIdentity(val); } @@ -97,13 +97,14 @@ public class CertificateSubjectUniqueIdentity implements CertAttrSet { * Return the identity as user readable string. */ public String toString() { - if (id == null) return ""; - return(id.toString()); + if (id == null) + return ""; + return (id.toString()); } /** * Decode the identity in DER form from the stream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on errors. */ @@ -114,13 +115,13 @@ public class CertificateSubjectUniqueIdentity implements CertAttrSet { /** * Encode the identity in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception IOException on errors. */ public void encode(OutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); - id.encode(tmp,DerValue.createTag(DerValue.TAG_CONTEXT,false,(byte)2)); + id.encode(tmp, DerValue.createTag(DerValue.TAG_CONTEXT, false, (byte) 2)); out.write(tmp.toByteArray()); } @@ -133,7 +134,7 @@ public class CertificateSubjectUniqueIdentity implements CertAttrSet { throw new IOException("Attribute must be of type UniqueIdentity."); } if (name.equalsIgnoreCase(ID)) { - id = (UniqueIdentity)obj; + id = (UniqueIdentity) obj; } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateSubjectUniqueIdentity."); @@ -145,7 +146,7 @@ public class CertificateSubjectUniqueIdentity implements CertAttrSet { */ public Object get(String name) throws IOException { if (name.equalsIgnoreCase(ID)) { - return(id); + return (id); } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateSubjectUniqueIdentity."); @@ -171,10 +172,10 @@ public class CertificateSubjectUniqueIdentity implements CertAttrSet { public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(ID); - + return (elements.elements()); } - + /** * Return the name of this attribute. */ diff --git a/pki/base/util/src/netscape/security/x509/CertificateValidity.java b/pki/base/util/src/netscape/security/x509/CertificateValidity.java index 8188e8b3..0c2c841b 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateValidity.java +++ b/pki/base/util/src/netscape/security/x509/CertificateValidity.java @@ -35,7 +35,7 @@ import netscape.security.util.DerValue; /** * This class defines the interval for which the certificate is valid. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.12 @@ -49,7 +49,7 @@ public class CertificateValidity implements CertAttrSet, Serializable { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.validity"; /** * Sub attributes name for this CertAttrSet. @@ -60,17 +60,17 @@ public class CertificateValidity implements CertAttrSet, Serializable { private static final long YR_2050 = 2524636800000L; // Private data members - private Date notBefore; - private Date notAfter; + private Date notBefore; + private Date notAfter; // Returns the first time the certificate is valid. - private Date getNotBefore() { + private Date getNotBefore() { return (new Date(notBefore.getTime())); } // Returns the last time the certificate is valid. private Date getNotAfter() { - return (new Date(notAfter.getTime())); + return (new Date(notAfter.getTime())); } // Construct the class from the DerValue @@ -108,15 +108,16 @@ public class CertificateValidity implements CertAttrSet, Serializable { /** * Default constructor for the class. */ - public CertificateValidity() { } + public CertificateValidity() { + } /** * The default constructor for this class for the specified interval. - * + * * @param notBefore the date and time before which the certificate - * is not valid. + * is not valid. * @param notAfter the date and time after which the certificate is - * not valid. + * not valid. */ public CertificateValidity(Date notBefore, Date notAfter) { this.notBefore = notBefore; @@ -125,7 +126,7 @@ public class CertificateValidity implements CertAttrSet, Serializable { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the CertificateValidity from. * @exception IOException on decoding errors. */ @@ -141,12 +142,12 @@ public class CertificateValidity implements CertAttrSet, Serializable { if (notBefore == null || notAfter == null) return ""; return ("Validity: [From: " + notBefore.toString() + - ",\n To: " + notAfter.toString() + "]"); + ",\n To: " + notAfter.toString() + "]"); } /** * Decode the CertificateValidity period from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on errors. */ @@ -156,18 +157,18 @@ public class CertificateValidity implements CertAttrSet, Serializable { } private synchronized void writeObject(ObjectOutputStream stream) - throws IOException { + throws IOException { encode(stream); } private synchronized void readObject(ObjectInputStream stream) - throws IOException { - decode(stream); + throws IOException { + decode(stream); } /** * Encode the CertificateValidity period in DER form to the stream. - * + * * @param out the OutputStream to marshal the contents to. * @exception IOException on errors. */ @@ -182,7 +183,7 @@ public class CertificateValidity implements CertAttrSet, Serializable { DerOutputStream pair = new DerOutputStream(); if (notBefore.getTime() < YR_2050) { - pair.putUTCTime(notBefore); + pair.putUTCTime(notBefore); } else pair.putGeneralizedTime(notBefore); @@ -192,7 +193,7 @@ public class CertificateValidity implements CertAttrSet, Serializable { pair.putGeneralizedTime(notAfter); } DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.tag_Sequence,pair); + seq.write(DerValue.tag_Sequence, pair); out.write(seq.toByteArray()); } @@ -205,9 +206,9 @@ public class CertificateValidity implements CertAttrSet, Serializable { throw new IOException("Attribute must be of type Date."); } if (name.equalsIgnoreCase(NOT_BEFORE)) { - notBefore = (Date)obj; + notBefore = (Date) obj; } else if (name.equalsIgnoreCase(NOT_AFTER)) { - notAfter = (Date)obj; + notAfter = (Date) obj; } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateValidity."); @@ -250,10 +251,10 @@ public class CertificateValidity implements CertAttrSet, Serializable { Vector<String> elements = new Vector<String>(); elements.addElement(NOT_BEFORE); elements.addElement(NOT_AFTER); - + return (elements.elements()); } - + /** * Return the name of this attribute. */ @@ -263,30 +264,31 @@ public class CertificateValidity implements CertAttrSet, Serializable { /** * Verify that the current time is within the validity period. - * + * * @exception CertificateExpiredException if the certificate has expired. * @exception CertificateNotYetValidException if the certificate is not - * yet valid. + * yet valid. */ public void valid() - throws CertificateNotYetValidException, CertificateExpiredException { + throws CertificateNotYetValidException, CertificateExpiredException { Date now = new Date(); valid(now); } /** * Verify that the passed time is within the validity period. + * * @param now the Date against which to compare the validity - * period. - * + * period. + * * @exception CertificateExpiredException if the certificate has expired - * with respect to the <code>Date</code> supplied. + * with respect to the <code>Date</code> supplied. * @exception CertificateNotYetValidException if the certificate is not - * yet valid with respect to the <code>Date</code> supplied. + * yet valid with respect to the <code>Date</code> supplied. * */ public void valid(Date now) - throws CertificateNotYetValidException, CertificateExpiredException { + throws CertificateNotYetValidException, CertificateExpiredException { /* * we use the internal Dates rather than the passed in Date * because someone could override the Date methods after() diff --git a/pki/base/util/src/netscape/security/x509/CertificateVersion.java b/pki/base/util/src/netscape/security/x509/CertificateVersion.java index 951509c7..d3659779 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateVersion.java +++ b/pki/base/util/src/netscape/security/x509/CertificateVersion.java @@ -30,7 +30,7 @@ import netscape.security.util.DerValue; /** * This class defines the version of the X509 Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.8 @@ -40,19 +40,19 @@ public class CertificateVersion implements CertAttrSet { /** * X509Certificate Version 1 */ - public static final int V1 = 0; + public static final int V1 = 0; /** * X509Certificate Version 2 */ - public static final int V2 = 1; + public static final int V2 = 1; /** * X509Certificate Version 3 */ - public static final int V3 = 2; + public static final int V3 = 2; /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.version"; /** * Sub attributes name for this CertAttrSet. @@ -64,8 +64,8 @@ public class CertificateVersion implements CertAttrSet { int version = V1; // Returns the version number. - private int getVersion() { - return(version); + private int getVersion() { + return (version); } // Construct the class from the passed DerValue @@ -74,14 +74,14 @@ public class CertificateVersion implements CertAttrSet { derVal = derVal.data.getDerValue(); version = derVal.getInteger().toInt(); if (derVal.data.available() != 0) { - throw new IOException("X.509 version, bad format"); + throw new IOException("X.509 version, bad format"); } } } /** * The default constructor for this class, - * sets the version to 0 (i.e. X.509 version 1). + * sets the version to 0 (i.e. X.509 version 1). */ public CertificateVersion() { version = V1; @@ -89,7 +89,7 @@ public class CertificateVersion implements CertAttrSet { /** * The constructor for this class for the required version. - * + * * @param version the version for the certificate. * @exception IOException if the version is not valid. */ @@ -106,7 +106,7 @@ public class CertificateVersion implements CertAttrSet { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the CertificateVersion from. * @exception IOException on decoding errors. */ @@ -119,7 +119,7 @@ public class CertificateVersion implements CertAttrSet { /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the CertificateVersion from. * @exception IOException on decoding errors. */ @@ -132,13 +132,13 @@ public class CertificateVersion implements CertAttrSet { /** * Create the object, decoding the values from the passed DerValue. - * + * * @param val the Der encoded value. * @exception IOException on decoding errors. */ public CertificateVersion(DerValue val) throws IOException { version = V1; - + construct(val); } @@ -146,12 +146,12 @@ public class CertificateVersion implements CertAttrSet { * Return the version number of the certificate. */ public String toString() { - return("Version: V" + (version+1)); + return ("Version: V" + (version + 1)); } /** * Encode the CertificateVersion period in DER form to the stream. - * + * * @param out the OutputStream to marshal the contents to. * @exception IOException on errors. */ @@ -164,7 +164,7 @@ public class CertificateVersion implements CertAttrSet { tmp.putInteger(new BigInt(version)); DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte)0), + seq.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0), tmp); out.write(seq.toByteArray()); @@ -172,14 +172,14 @@ public class CertificateVersion implements CertAttrSet { /** * Decode the CertificateVersion period in DER form from the stream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on errors. */ public void decode(InputStream in) throws IOException { DerValue derVal = new DerValue(in); construct(derVal); - } + } /** * Set the attribute value. @@ -189,7 +189,7 @@ public class CertificateVersion implements CertAttrSet { throw new IOException("Attribute must be of type Integer."); } if (name.equalsIgnoreCase(VERSION)) { - version = ((Integer)obj).intValue(); + version = ((Integer) obj).intValue(); } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateVersion."); @@ -201,7 +201,7 @@ public class CertificateVersion implements CertAttrSet { */ public Object get(String name) throws IOException { if (name.equalsIgnoreCase(VERSION)) { - return(Integer.valueOf(getVersion())); + return (Integer.valueOf(getVersion())); } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateVersion."); @@ -235,13 +235,13 @@ public class CertificateVersion implements CertAttrSet { * Return the name of this attribute. */ public String getName() { - return(NAME); + return (NAME); } /** * Compare versions. */ public int compare(int vers) { - return(version - vers); + return (version - vers); } } diff --git a/pki/base/util/src/netscape/security/x509/CertificateX509Key.java b/pki/base/util/src/netscape/security/x509/CertificateX509Key.java index f3507a14..c7003bb8 100644 --- a/pki/base/util/src/netscape/security/x509/CertificateX509Key.java +++ b/pki/base/util/src/netscape/security/x509/CertificateX509Key.java @@ -32,7 +32,7 @@ import netscape.security.util.DerValue; /** * This class defines the X509Key attribute for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.5 @@ -46,7 +46,7 @@ public class CertificateX509Key implements CertAttrSet, Serializable { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.key"; /** * Sub attributes name for this CertAttrSet. @@ -55,11 +55,11 @@ public class CertificateX509Key implements CertAttrSet, Serializable { public static final String KEY = "value"; // Private data member - private X509Key key; + private X509Key key; /** * Default constructor for the certificate attribute. - * + * * @param key the X509Key */ public CertificateX509Key(X509Key key) { @@ -68,7 +68,7 @@ public class CertificateX509Key implements CertAttrSet, Serializable { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the X509Key from. * @exception IOException on decoding errors. */ @@ -79,7 +79,7 @@ public class CertificateX509Key implements CertAttrSet, Serializable { /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the X509Key from. * @exception IOException on decoding errors. */ @@ -92,13 +92,14 @@ public class CertificateX509Key implements CertAttrSet, Serializable { * Return the key as printable string. */ public String toString() { - if (key == null) return ""; - return(key.toString()); + if (key == null) + return ""; + return (key.toString()); } /** * Decode the key in DER form from the stream. - * + * * @param in the InputStream to unmarshal the contents from * @exception IOException on decoding or validity errors. */ @@ -108,18 +109,18 @@ public class CertificateX509Key implements CertAttrSet, Serializable { } private synchronized void writeObject(ObjectOutputStream stream) - throws IOException { + throws IOException { encode(stream); } private synchronized void readObject(ObjectInputStream stream) - throws IOException { - decode(stream); + throws IOException { + decode(stream); } /** * Encode the key in DER form to the stream. - * + * * @param out the OutputStream to marshal the contents to. * @exception IOException on errors. */ @@ -138,7 +139,7 @@ public class CertificateX509Key implements CertAttrSet, Serializable { throw new IOException("Attribute must be of type X509Key."); } if (name.equalsIgnoreCase(KEY)) { - this.key = (X509Key)obj; + this.key = (X509Key) obj; } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateX509Key."); @@ -150,7 +151,7 @@ public class CertificateX509Key implements CertAttrSet, Serializable { */ public Object get(String name) throws IOException { if (name.equalsIgnoreCase(KEY)) { - return(key); + return (key); } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateX509Key."); @@ -161,12 +162,12 @@ public class CertificateX509Key implements CertAttrSet, Serializable { * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(KEY)) { - key = null; - } else { + if (name.equalsIgnoreCase(KEY)) { + key = null; + } else { throw new IOException("Attribute name not recognized by " + "CertAttrSet: CertificateX509Key."); - } + } } /** @@ -177,13 +178,13 @@ public class CertificateX509Key implements CertAttrSet, Serializable { Vector<String> elements = new Vector<String>(); elements.addElement(KEY); - return(elements.elements()); + return (elements.elements()); } /** * Return the name of this attribute. */ public String getName() { - return(NAME); + return (NAME); } } diff --git a/pki/base/util/src/netscape/security/x509/DNSName.java b/pki/base/util/src/netscape/security/x509/DNSName.java index 361c2357..831f51cc 100644 --- a/pki/base/util/src/netscape/security/x509/DNSName.java +++ b/pki/base/util/src/netscape/security/x509/DNSName.java @@ -25,7 +25,7 @@ import netscape.security.util.DerValue; /** * This class implements the DNSName as required by the GeneralNames * ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.4 @@ -39,7 +39,7 @@ public class DNSName implements GeneralNameInterface { /** * Create the DNSName object from the passed encoded Der value. - * + * * @param derValue the encoded DER DNSName. * @exception IOException on error. */ @@ -49,7 +49,7 @@ public class DNSName implements GeneralNameInterface { /** * Create the DNSName object with the specified name. - * + * * @param name the DNSName. */ public DNSName(String name) { @@ -65,7 +65,7 @@ public class DNSName implements GeneralNameInterface { /** * Encode the DNS name into the DerOutputStream. - * + * * @param out the DER stream to encode the DNSName to. * @exception IOException on encoding errors. */ diff --git a/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java b/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java index 5a56547a..0904a93c 100755 --- a/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java +++ b/pki/base/util/src/netscape/security/x509/DeltaCRLIndicatorExtension.java @@ -32,19 +32,15 @@ import netscape.security.util.DerValue; /** * Represent the Delta CRL Indicator Extension. - * - * <p>The delta CRL indicator is a critical CRL extension - * that identifies a delta-CRL. The value of BaseCRLNumber - * identifies the CRL number of the base CRL that was used - * as the starting point in the generation of this delta- CRL. - * The delta-CRL contains the changes between the base CRL - * and the current CRL issued along with the delta-CRL. - * + * + * <p> + * The delta CRL indicator is a critical CRL extension that identifies a delta-CRL. The value of BaseCRLNumber identifies the CRL number of the base CRL that was used as the starting point in the generation of this delta- CRL. The delta-CRL contains the changes between the base CRL and the current CRL issued along with the delta-CRL. + * * @see Extension * @see CertAttrSet */ public class DeltaCRLIndicatorExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * @@ -66,7 +62,8 @@ implements CertAttrSet { try { OIDMap.addAttribute(DeltaCRLIndicatorExtension.class.getName(), OID, DeltaCRLIndicatorExtension.class.getSimpleName()); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } } // Encode this extension value @@ -81,7 +78,7 @@ implements CertAttrSet { /** * Create a DeltaCRLIndicatorExtension with the integer value. * The criticality is set to true. - * + * * @param baseCRLNum the value to be set for the extension. */ public DeltaCRLIndicatorExtension(int baseCRLNum) throws IOException { @@ -94,7 +91,7 @@ implements CertAttrSet { /** * Create a DeltaCRLIndicatorExtension with the BigInteger value. * The criticality is set to true. - * + * * @param baseCRLNum the value to be set for the extension. */ public DeltaCRLIndicatorExtension(BigInteger baseCRLNum) throws IOException { @@ -106,12 +103,12 @@ implements CertAttrSet { /** * Create a DeltaCRLIndicatorExtension with the BigInteger value. - * + * * @param critical true if the extension is to be treated as critical. * @param baseCRLNum the value to be set for the extension. */ public DeltaCRLIndicatorExtension(Boolean critical, BigInteger baseCRLNum) - throws IOException { + throws IOException { this.baseCRLNumber = new BigInt(baseCRLNum); this.extensionId = PKIXExtensions.DeltaCRLIndicator_Id; this.critical = critical.booleanValue(); @@ -120,13 +117,13 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public DeltaCRLIndicatorExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.DeltaCRLIndicator_Id; this.critical = critical.booleanValue(); @@ -148,9 +145,9 @@ implements CertAttrSet { if (!(obj instanceof BigInteger)) { throw new IOException("Attribute must be of type BigInteger."); } - baseCRLNumber = new BigInt((BigInteger)obj); + baseCRLNumber = new BigInt((BigInteger) obj); } else { - throw new IOException("Attribute name not recognized by"+ + throw new IOException("Attribute name not recognized by" + " CertAttrSet:DeltaCRLIndicator."); } } @@ -160,10 +157,12 @@ implements CertAttrSet { */ public Object get(String name) throws IOException { if (name.equalsIgnoreCase(NUMBER)) { - if (baseCRLNumber == null) return null; - else return baseCRLNumber.toBigInteger(); + if (baseCRLNumber == null) + return null; + else + return baseCRLNumber.toBigInteger(); } else { - throw new IOException("Attribute name not recognized by"+ + throw new IOException("Attribute name not recognized by" + " CertAttrSet:DeltaCRLIndicator."); } } @@ -175,7 +174,7 @@ implements CertAttrSet { if (name.equalsIgnoreCase(NUMBER)) { baseCRLNumber = null; } else { - throw new IOException("Attribute name not recognized by"+ + throw new IOException("Attribute name not recognized by" + " CertAttrSet:DeltaCRLIndicator."); } } @@ -185,14 +184,14 @@ implements CertAttrSet { */ public String toString() { String s = super.toString() + "Delta CRL Indicator: " + - ((baseCRLNumber == null) ? "": baseCRLNumber.toString()) + ((baseCRLNumber == null) ? "" : baseCRLNumber.toString()) + "\n"; return (s); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -202,31 +201,30 @@ implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - - if (this.extensionValue == null) { - this.extensionId = PKIXExtensions.DeltaCRLIndicator_Id; - this.critical = true; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + DerOutputStream tmp = new DerOutputStream(); + + if (this.extensionValue == null) { + this.extensionId = PKIXExtensions.DeltaCRLIndicator_Id; + this.critical = true; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(NUMBER); return (elements.elements()); } } - diff --git a/pki/base/util/src/netscape/security/x509/DirStrConverter.java b/pki/base/util/src/netscape/security/x509/DirStrConverter.java index f6ade91a..7c52707f 100644 --- a/pki/base/util/src/netscape/security/x509/DirStrConverter.java +++ b/pki/base/util/src/netscape/security/x509/DirStrConverter.java @@ -30,33 +30,24 @@ import netscape.security.util.DerValue; * A DirStrConverter converts a string to a DerValue of ASN.1 Directory String, * which is a CHOICE of Printable (subset of ASCII), T.61 (Teletex) or * Universal String (UCS-4), and vice versa. - * - * <p>The string to DerValue conversion is done as follows. - * If the string has only PrintableString characters it is converted - * to a ASN.1 Printable String using the PrintableString - * encoder from the global default ASN1CharStrConvMap. - * If it has only characters covered in the PrintableString or T.61 - * character set it is converted to a ASN.1 T.61 string using the T.61 - * encoder from the ASN1CharStrCovnMap. - * Otherwise it is converted to a ASN.1 UniversalString (UCS-4 character set) - * which covers all characters. - * + * + * <p> + * The string to DerValue conversion is done as follows. If the string has only PrintableString characters it is converted to a ASN.1 Printable String using the PrintableString encoder from the global default ASN1CharStrConvMap. If it has only characters covered in the PrintableString or T.61 character set it is converted to a ASN.1 T.61 string using the T.61 encoder from the ASN1CharStrCovnMap. Otherwise it is converted to a ASN.1 UniversalString (UCS-4 character set) which covers all + * characters. + * * @see AVAValueConverter * @see ASN1CharStrConvMap - * + * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. */ - -public class DirStrConverter implements AVAValueConverter -{ +public class DirStrConverter implements AVAValueConverter { // public constructors /** * Constructs a DirStrConverter. */ - public DirStrConverter() - { + public DirStrConverter() { } // public functions @@ -65,34 +56,32 @@ public class DirStrConverter implements AVAValueConverter * Converts a string to a DER encoded ASN1 Directory String, which is a * CHOICE of PrintableString, T.61String or UniversalString. * The string is taken as is i.e. should not be in Ldap DN string syntax. - * - * @param ds a string representing a directory string value. - * - * @return a DerValue - * - * @exception IOException if the string cannot be converted, such as - * when a UniversalString encoder - * isn't available and the string contains - * characters covered only in the universal - * string (or UCS-4) character set. + * + * @param ds a string representing a directory string value. + * + * @return a DerValue + * + * @exception IOException if the string cannot be converted, such as + * when a UniversalString encoder + * isn't available and the string contains + * characters covered only in the universal + * string (or UCS-4) character set. */ - private static byte[] DefEncodingOrder = - new byte[] { - DerValue.tag_PrintableString, - DerValue.tag_T61String, - DerValue.tag_UniversalString - }; - - public static synchronized void - setDefEncodingOrder(byte[] defEncodingOrder) - { - DefEncodingOrder = defEncodingOrder; + private static byte[] DefEncodingOrder = + new byte[] { + DerValue.tag_PrintableString, + DerValue.tag_T61String, + DerValue.tag_UniversalString + }; + + public static synchronized void + setDefEncodingOrder(byte[] defEncodingOrder) { + DefEncodingOrder = defEncodingOrder; } - public DerValue getValue(String ds) - throws IOException - { - return getValue(ds, DefEncodingOrder); + public DerValue getValue(String ds) + throws IOException { + return getValue(ds, DefEncodingOrder); } /** @@ -102,12 +91,14 @@ public class DirStrConverter implements AVAValueConverter // try to convert to printable, then t61 the universal - // i.e. from minimal to the most liberal. - if (tags == null || tags.length == 0) tags = DefEncodingOrder; + if (tags == null || tags.length == 0) + tags = DefEncodingOrder; for (int i = 0; i < tags.length; i++) { try { CharsetEncoder encoder = ASN1CharStrConvMap.getDefault().getEncoder(tags[i]); - if (encoder == null) continue; + if (encoder == null) + continue; CharBuffer charBuffer = CharBuffer.wrap(valueString.toCharArray()); ByteBuffer byteBuffer = encoder.encode(charBuffer); @@ -120,60 +111,58 @@ public class DirStrConverter implements AVAValueConverter } throw new IOException( - "Cannot convert the directory string value to a ASN.1 type"); + "Cannot convert the directory string value to a ASN.1 type"); } /** * Creates a DerValue from a BER encoded value, obtained from for example * a attribute value in octothorpe form of a Ldap DN string. * Checks if the BER encoded value is legal for a DirectoryString. - * + * * NOTE: currently only supports DER encoding for the BER encoded value. - * - * @param berStream Byte array of a BER encoded value. - * - * @return DerValue object. - * - * @exception IOException If the BER value cannot be converted to a - * valid Directory String DER value. + * + * @param berStream Byte array of a BER encoded value. + * + * @return DerValue object. + * + * @exception IOException If the BER value cannot be converted to a + * valid Directory String DER value. */ public DerValue getValue(byte[] berByteStream) - throws IOException - { - DerValue value = new DerValue(berByteStream); - - /* - if (value.tag != DerValue.tag_PrintableString && - value.tag != DerValue.tag_T61String && - value.tag != DerValue.tag_UniversalString) - throw new IOException("Invalid Directory String AVA Value"); - */ - - return value; + throws IOException { + DerValue value = new DerValue(berByteStream); + + /* + if (value.tag != DerValue.tag_PrintableString && + value.tag != DerValue.tag_T61String && + value.tag != DerValue.tag_UniversalString) + throw new IOException("Invalid Directory String AVA Value"); + */ + + return value; } /** * Converts a DerValue to a string. * The string is not in any syntax, such as RFC1779 string syntax. - * - * @param avaValue a DerValue - * @return a string if the value can be converted. - * @exception IOException if a decoder needed for the - * conversion is not available. + * + * @param avaValue a DerValue + * @return a string if the value can be converted. + * @exception IOException if a decoder needed for the + * conversion is not available. */ public String getAsString(DerValue avaValue) - throws IOException - { - /* - if (avaValue.tag != DerValue.tag_PrintableString && - avaValue.tag != DerValue.tag_BMPString && - avaValue.tag != DerValue.tag_UniversalString && - avaValue.tag != DerValue.tag_T61String) - throw new IllegalArgumentException( - "Invalid Directory String value"); - // NOTE will return null if a decoder is not available. - */ - return avaValue.getASN1CharString(); + throws IOException { + /* + if (avaValue.tag != DerValue.tag_PrintableString && + avaValue.tag != DerValue.tag_BMPString && + avaValue.tag != DerValue.tag_UniversalString && + avaValue.tag != DerValue.tag_T61String) + throw new IllegalArgumentException( + "Invalid Directory String value"); + // NOTE will return null if a decoder is not available. + */ + return avaValue.getASN1CharString(); } } diff --git a/pki/base/util/src/netscape/security/x509/DisplayText.java b/pki/base/util/src/netscape/security/x509/DisplayText.java index 44bb4b76..a379617a 100644 --- a/pki/base/util/src/netscape/security/x509/DisplayText.java +++ b/pki/base/util/src/netscape/security/x509/DisplayText.java @@ -22,47 +22,46 @@ import java.io.IOException; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * Represent the DisplayText. - * + * * DisplayText ::= CHOICE { - * visibleString VisibleString (SIZE (1..200)), - * bmpString BMPString (SIZE (1..200)), - * utf8String UTF8String (SIZE (1..200)), + * visibleString VisibleString (SIZE (1..200)), + * bmpString BMPString (SIZE (1..200)), + * utf8String UTF8String (SIZE (1..200)), * } - * + * * @author Thomas Kwan */ public class DisplayText { /** Tag value indicating an ASN.1 "BMPString" value. */ - public final static byte tag_IA5String = 0x16; - public final static byte tag_BMPString = 0x1E; - public final static byte tag_VisibleString = 0x1A; - public final static byte tag_UTF8String = 0x0C; + public final static byte tag_IA5String = 0x16; + public final static byte tag_BMPString = 0x1E; + public final static byte tag_VisibleString = 0x1A; + public final static byte tag_UTF8String = 0x0C; private byte mTag; private String mS = null; public DisplayText(byte tag, String s) { - mTag = tag; - mS = s; + mTag = tag; + mS = s; } public DisplayText(DerValue val) throws IOException { - mTag = val.tag; - mS = val.getAsString(); + mTag = val.tag; + mS = val.getAsString(); } /** * Write the DisplayText to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ public void encode(DerOutputStream out) throws IOException { - out.putStringType(mTag, mS); + out.putStringType(mTag, mS); } public String getText() { @@ -72,14 +71,11 @@ public class DisplayText { public String toString() { if (mTag == tag_IA5String) { return "IA5String: " + mS; - } - else if (mTag == tag_BMPString) { + } else if (mTag == tag_BMPString) { return "BMPString: " + mS; - } - else if (mTag == tag_VisibleString) { + } else if (mTag == tag_VisibleString) { return "VisibleString: " + mS; - } - else { + } else { return "UTF8String: " + mS; } } diff --git a/pki/base/util/src/netscape/security/x509/EDIPartyName.java b/pki/base/util/src/netscape/security/x509/EDIPartyName.java index 92f713ca..0c69242c 100644 --- a/pki/base/util/src/netscape/security/x509/EDIPartyName.java +++ b/pki/base/util/src/netscape/security/x509/EDIPartyName.java @@ -26,12 +26,13 @@ import netscape.security.util.DerValue; /** * This class defines the EDIPartyName of the GeneralName choice. * The ASN.1 syntax for this is: + * * <pre> * EDIPartyName ::= SEQUENCE { * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } * </pre> - * + * * @author Hemma Prafullchandra * @version 1.2 * @see GeneralName @@ -53,7 +54,7 @@ public class EDIPartyName implements GeneralNameInterface { /** * Create the EDIPartyName object from the specified names. - * + * * @param assignerName the name of the assigner * @param partyName the name of the EDI party. */ @@ -64,7 +65,7 @@ public class EDIPartyName implements GeneralNameInterface { /** * Create the EDIPartyName object from the specified name. - * + * * @param partyName the name of the EDI party. */ public EDIPartyName(String partyName) { @@ -73,10 +74,10 @@ public class EDIPartyName implements GeneralNameInterface { /** * Create the EDIPartyName object from the passed encoded Der value. - * + * * @param derValue the encoded DER EDIPartyName. * @exception IOException on error. - */ + */ public EDIPartyName(DerValue derValue) throws IOException { DerInputStream in = new DerInputStream(derValue.toByteArray()); DerValue[] seq = in.getSequence(2); @@ -87,20 +88,20 @@ public class EDIPartyName implements GeneralNameInterface { for (int i = 0; i < len; i++) { DerValue opt = seq[i]; - if (opt.isContextSpecific((byte)TAG_ASSIGNER) && - !opt.isConstructed()) { + if (opt.isContextSpecific((byte) TAG_ASSIGNER) && + !opt.isConstructed()) { if (assigner != null) throw new IOException("Duplicate nameAssigner found in" + " EDIPartyName"); - opt = opt.data.getDerValue(); + opt = opt.data.getDerValue(); assigner = opt.getAsString(); } - if (opt.isContextSpecific((byte)TAG_PARTYNAME) && - !opt.isConstructed()) { + if (opt.isContextSpecific((byte) TAG_PARTYNAME) && + !opt.isConstructed()) { if (party != null) throw new IOException("Duplicate partyName found in" + " EDIPartyName"); - opt = opt.data.getDerValue(); + opt = opt.data.getDerValue(); party = opt.getAsString(); } } @@ -115,7 +116,7 @@ public class EDIPartyName implements GeneralNameInterface { /** * Encode the EDI party name into the DerOutputStream. - * + * * @param out the DER stream to encode the EDIPartyName to. * @exception IOException on encoding errors. */ @@ -131,7 +132,7 @@ public class EDIPartyName implements GeneralNameInterface { false, TAG_ASSIGNER), tmp2); } if (party == null) - throw new IOException("Cannot have null partyName"); + throw new IOException("Cannot have null partyName"); // XXX - shd check is chars fit into PrintableString tmp.putPrintableString(party); @@ -145,9 +146,9 @@ public class EDIPartyName implements GeneralNameInterface { * Return the printable string. */ public String toString() { - return ("EDIPartyName: " + + return ("EDIPartyName: " + ((assigner == null) ? "" : - (" nameAssigner = " + assigner + ",")) + (" nameAssigner = " + assigner + ",")) + " partyName = " + party); } } diff --git a/pki/base/util/src/netscape/security/x509/Extension.java b/pki/base/util/src/netscape/security/x509/Extension.java index 41f3da6f..d066f8bc 100644 --- a/pki/base/util/src/netscape/security/x509/Extension.java +++ b/pki/base/util/src/netscape/security/x509/Extension.java @@ -25,27 +25,24 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - /** * Represent a X509 Extension Attribute. - * - * <p>Extensions are addiitonal attributes which can be inserted in a X509 - * v3 certificate. For example a "Driving License Certificate" could have - * the driving license number as a extension. - * - * <p>Extensions are represented as a sequence of the extension identifier - * (Object Identifier), a boolean flag stating whether the extension is to - * be treated as being critical and the extension value itself (this is again - * a DER encoding of the extension value). + * + * <p> + * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension. + * + * <p> + * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value). + * * <pre> * ASN.1 definition of Extension: * Extension ::= SEQUENCE { - * ExtensionId OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extensionValue OCTET STRING + * ExtensionId OBJECT IDENTIFIER, + * critical BOOLEAN DEFAULT FALSE, + * extensionValue OCTET STRING * } * </pre> - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.9 @@ -55,14 +52,15 @@ public class Extension implements Serializable { * */ private static final long serialVersionUID = -643549610716024753L; - protected ObjectIdentifier extensionId = null; - protected boolean critical = false; - protected byte[] extensionValue = null; + protected ObjectIdentifier extensionId = null; + protected boolean critical = false; + protected byte[] extensionValue = null; /** - * Default constructor. Used only by sub-classes. + * Default constructor. Used only by sub-classes. */ - public Extension() { } + public Extension() { + } /** * Constructs an extension from a DER encoded array of bytes. @@ -120,7 +118,7 @@ public class Extension implements Serializable { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors */ @@ -134,7 +132,7 @@ public class Extension implements Serializable { if (critical) bytes.putBoolean(critical); if (extensionValue != null) - bytes.putOctetString(extensionValue); + bytes.putOctetString(extensionValue); out.write(DerValue.tag_Sequence, bytes); } @@ -147,11 +145,11 @@ public class Extension implements Serializable { } public void setCritical(boolean c) { - critical = c; + critical = c; } public void clearValue() { - extensionValue = null; + extensionValue = null; } /** @@ -162,7 +160,7 @@ public class Extension implements Serializable { } public void setExtensionId(ObjectIdentifier oid) { - extensionId = oid; + extensionId = oid; } /** @@ -195,9 +193,9 @@ public class Extension implements Serializable { } return (s); } - - public String getName(){ - return this.getClass().getSimpleName(); + + public String getName() { + return this.getClass().getSimpleName(); } - + } diff --git a/pki/base/util/src/netscape/security/x509/Extensions.java b/pki/base/util/src/netscape/security/x509/Extensions.java index 328f4a2e..bbe00600 100644 --- a/pki/base/util/src/netscape/security/x509/Extensions.java +++ b/pki/base/util/src/netscape/security/x509/Extensions.java @@ -34,14 +34,14 @@ import netscape.security.util.DerValue; /** * This class defines the Extensions attribute for the Certificate. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.11 * @see CertAttrSet */ public class Extensions extends Vector<Extension> -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -49,7 +49,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions"; /** * name @@ -62,8 +62,8 @@ implements CertAttrSet { public void parseExtension(Extension ext) throws IOException { try { @SuppressWarnings("unchecked") - Class<Extension> extClass = (Class<Extension>) OIDMap.getClass(ext.getExtensionId()); - if (extClass == null) { // Unsupported extension + Class<Extension> extClass = (Class<Extension>) OIDMap.getClass(ext.getExtensionId()); + if (extClass == null) { // Unsupported extension if (ext.isCritical()) { throw new IOException("Unsupported CRITICAL extension: " + ext.getExtensionId()); @@ -78,23 +78,23 @@ implements CertAttrSet { byte[] extData = ext.getExtensionValue(); int extLen = extData.length; - Object value = Array.newInstance(byte.class, extLen); - - for (int i = 0; i < extLen; i++) { - Array.setByte(value, i, extData[i]); - } - Object[] passed = new Object[] {new Boolean(ext.isCritical()), - value}; + Object value = Array.newInstance(byte.class, extLen); + + for (int i = 0; i < extLen; i++) { + Array.setByte(value, i, extData[i]); + } + Object[] passed = new Object[] { new Boolean(ext.isCritical()), + value }; Extension certExt = cons.newInstance(passed); - map.put(certExt.getName(), certExt); + map.put(certExt.getName(), certExt); addElement(certExt); } catch (NoSuchMethodException nosuch) { throw new IOException(nosuch.toString()); } catch (InvocationTargetException invk) { throw new IOException(invk.getTargetException().toString()); - } catch (Exception e) { - throw new IOException(e.toString()); + } catch (Exception e) { + throw new IOException(e.toString()); } } @@ -107,12 +107,12 @@ implements CertAttrSet { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the Extension from. * @exception IOException on decoding errors. */ public Extensions(DerInputStream in) - throws IOException { + throws IOException { map = new Hashtable<String, Extension>(); DerValue[] exts = in.getSequence(5); @@ -125,7 +125,7 @@ implements CertAttrSet { /** * Decode the extensions from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -144,44 +144,45 @@ implements CertAttrSet { /** * Encode the extensions in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception CertificateException on encoding errors. * @exception IOException on errors. */ public void encode(OutputStream out) - throws CertificateException, IOException { + throws CertificateException, IOException { DerOutputStream extOut = new DerOutputStream(); for (int i = 0; i < size(); i++) { Object thisOne = elementAt(i); if (thisOne instanceof CertAttrSet) - ((CertAttrSet)thisOne).encode(extOut); + ((CertAttrSet) thisOne).encode(extOut); else if (thisOne instanceof Extension) - ((Extension)thisOne).encode(extOut); + ((Extension) thisOne).encode(extOut); else throw new CertificateException("Invalid extension object"); } DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.tag_Sequence,extOut); - + seq.write(DerValue.tag_Sequence, extOut); out.write(seq.toByteArray()); } /** * Set the attribute value. + * * @param name the extension name used in the cache. * @param obj the object to set. * @exception IOException if the object could not be cached. */ public void set(String name, Object obj) throws IOException { - map.put(name,(Extension) obj); + map.put(name, (Extension) obj); addElement((Extension) obj); } /** * Get the attribute value. + * * @param name the extension name used in the lookup. * @exception IOException if named extension is not found. */ @@ -195,6 +196,7 @@ implements CertAttrSet { /** * Delete the attribute value. + * * @param name the extension name used in the lookup. * @exception IOException if named extension is not found. */ @@ -211,14 +213,14 @@ implements CertAttrSet { * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { return map.keys(); } /** * Return the name of this attribute. */ - public String getName () { + public String getName() { return getClass().getSimpleName(); } } diff --git a/pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java b/pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java index 2a479cfc..a029c62f 100644 --- a/pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java +++ b/pki/base/util/src/netscape/security/x509/FreshestCRLExtension.java @@ -39,19 +39,19 @@ import org.mozilla.jss.asn1.SEQUENCE; * An extension that tells applications where to find * the latest (freshest) delta CRL for this certificate * or full CRL. - * + * * <pre> * cRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - * + * * DistributionPoint ::= SEQUENCE { * distributionPoint [0] DistributionPointName OPTIONAL, * reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL } - * + * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * + * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), @@ -63,8 +63,7 @@ import org.mozilla.jss.asn1.SEQUENCE; * </pre> */ public class FreshestCRLExtension extends Extension - implements CertAttrSet -{ + implements CertAttrSet { /** * @@ -74,14 +73,13 @@ public class FreshestCRLExtension extends Extension // vector of CRLDistributionPoint private SEQUENCE distributionPoints = new SEQUENCE(); - public FreshestCRLExtension() { + public FreshestCRLExtension() { this.extensionId = PKIXExtensions.FreshestCRL_Id; this.critical = false; } // Cached DER-encoding to improve performance. - private byte[] cachedEncoding=null; - + private byte[] cachedEncoding = null; // The Object Identifier for this extension. public static final String OID = "2.5.29.46"; @@ -90,7 +88,8 @@ public class FreshestCRLExtension extends Extension try { OIDMap.addAttribute(FreshestCRLExtension.class.getName(), OID, FreshestCRLExtension.class.getSimpleName()); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } } /** @@ -99,29 +98,29 @@ public class FreshestCRLExtension extends Extension * extension. */ public FreshestCRLExtension(Boolean critical, Object value) - //throws IOException + //throws IOException { - try { - this.extensionId = PKIXExtensions.FreshestCRL_Id; - this.critical = critical.booleanValue(); - this.extensionValue = (byte[])((byte[])value).clone(); - - // decode the value try { - SEQUENCE.OF_Template seqOfCRLDP = - new SEQUENCE.OF_Template( CRLDistributionPoint.getTemplate() ); - - distributionPoints = - (SEQUENCE) ASN1Util.decode( seqOfCRLDP, extensionValue ); - } catch(InvalidBERException e) { - throw new IOException("Invalid BER-encoding: " + e.toString()); + this.extensionId = PKIXExtensions.FreshestCRL_Id; + this.critical = critical.booleanValue(); + this.extensionValue = (byte[]) ((byte[]) value).clone(); + + // decode the value + try { + SEQUENCE.OF_Template seqOfCRLDP = + new SEQUENCE.OF_Template(CRLDistributionPoint.getTemplate()); + + distributionPoints = + (SEQUENCE) ASN1Util.decode(seqOfCRLDP, extensionValue); + } catch (InvalidBERException e) { + throw new IOException("Invalid BER-encoding: " + e.toString()); + } + } catch (IOException e) { + System.out.println("Big error"); + System.out.println(e); + e.printStackTrace(); + //throw e; } - } catch(IOException e) { - System.out.println("Big error"); - System.out.println(e); - e.printStackTrace(); - //throw e; - } } /** @@ -156,10 +155,10 @@ public class FreshestCRLExtension extends Extension return (CRLDistributionPoint) distributionPoints.elementAt(index); } - /** - * Sets the criticality of this extension. PKIX dictates that this + /** + * Sets the criticality of this extension. PKIX dictates that this * extension SHOULD NOT be critical, so applications can make it critical - * if they have a very good reason. By default, the extension is not + * if they have a very good reason. By default, the extension is not * critical. */ public void setCritical(boolean critical) { @@ -198,9 +197,8 @@ public class FreshestCRLExtension extends Extension * DER-encodes this extension to the given OutputStream. */ public void encode(OutputStream ostream) - throws CertificateException, IOException - { - if( cachedEncoding == null ) { + throws CertificateException, IOException { + if (cachedEncoding == null) { // only re-encode if necessary DerOutputStream tmp = new DerOutputStream(); encode(tmp); @@ -210,30 +208,26 @@ public class FreshestCRLExtension extends Extension } public void decode(InputStream in) - throws CertificateException, IOException - { + throws CertificateException, IOException { throw new IOException("Not supported"); } public void set(String name, Object obj) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:FreshestCRLExtension"); + throws CertificateException, IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:FreshestCRLExtension"); } public Object get(String name) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:FreshestCRLExtension"); + throws CertificateException, IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:FreshestCRLExtension"); } public void delete(String name) - throws CertificateException, IOException - { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:FreshestCRLExtension"); + throws CertificateException, IOException { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:FreshestCRLExtension"); } /* @@ -243,70 +237,67 @@ public class FreshestCRLExtension extends Extension return (new Vector<String>()).elements(); } - /** * Test driver. */ public static void main(String args[]) { - try { - - if( args.length != 1 ) { - System.out.println("Usage: FreshestCRLExtentions "+ - "<outfile>"); - System.exit(-1); - } + try { - BufferedOutputStream bos = new BufferedOutputStream( - new FileOutputStream(args[0]) ); - - - // URI only - CRLDistributionPoint cdp = new CRLDistributionPoint(); - URIName uri = new URIName("http://www.mycrl.com/go/here"); - GeneralNames generalNames = new GeneralNames(); - generalNames.addElement(uri); - cdp.setFullName(generalNames); - FreshestCRLExtension crldpExt = - new FreshestCRLExtension(cdp); - - // DN only - cdp = new CRLDistributionPoint(); - X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org"+ - ",OU=Certificate Server,O=Fedora,C=US"); - generalNames = new GeneralNames(); - generalNames.addElement(dn); - cdp.setFullName(generalNames); - crldpExt.addPoint(cdp); - - // DN + reason - BitArray ba = new BitArray(5, new byte[] {(byte)0x28} ); - cdp = new CRLDistributionPoint(); - cdp.setFullName(generalNames); - cdp.setReasons(ba); - crldpExt.addPoint(cdp); - - - // relative DN + reason + crlIssuer - cdp = new CRLDistributionPoint(); - RDN rdn = new RDN("OU=foobar dept"); - cdp.setRelativeName(rdn); - cdp.setReasons(ba); - cdp.setCRLIssuer(generalNames); - crldpExt.addPoint(cdp); - - crldpExt.setCritical(true); - crldpExt.encode(bos); - - bos.close(); - - } catch(Exception e) { + if (args.length != 1) { + System.out.println("Usage: FreshestCRLExtentions " + + "<outfile>"); + System.exit(-1); + } + + BufferedOutputStream bos = new BufferedOutputStream( + new FileOutputStream(args[0])); + + // URI only + CRLDistributionPoint cdp = new CRLDistributionPoint(); + URIName uri = new URIName("http://www.mycrl.com/go/here"); + GeneralNames generalNames = new GeneralNames(); + generalNames.addElement(uri); + cdp.setFullName(generalNames); + FreshestCRLExtension crldpExt = + new FreshestCRLExtension(cdp); + + // DN only + cdp = new CRLDistributionPoint(); + X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + + ",OU=Certificate Server,O=Fedora,C=US"); + generalNames = new GeneralNames(); + generalNames.addElement(dn); + cdp.setFullName(generalNames); + crldpExt.addPoint(cdp); + + // DN + reason + BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 }); + cdp = new CRLDistributionPoint(); + cdp.setFullName(generalNames); + cdp.setReasons(ba); + crldpExt.addPoint(cdp); + + // relative DN + reason + crlIssuer + cdp = new CRLDistributionPoint(); + RDN rdn = new RDN("OU=foobar dept"); + cdp.setRelativeName(rdn); + cdp.setReasons(ba); + cdp.setCRLIssuer(generalNames); + crldpExt.addPoint(cdp); + + crldpExt.setCritical(true); + crldpExt.encode(bos); + + bos.close(); + + } catch (Exception e) { e.printStackTrace(); - } + } } - /** - * Represents a reason that a cert may be revoked. These reasons are + /** + * Represents a reason that a cert may be revoked. These reasons are * expressed in a ReasonFlags bit string. */ public static class Reason { @@ -314,19 +305,21 @@ public class FreshestCRLExtension extends Extension private String name; private byte bitMask; - private Reason() { } + private Reason() { + } + private Reason(String name, byte bitMask) { this.name = name; this.bitMask = bitMask; map.put(name, this); - list.addElement(this); + list.addElement(this); } private static Hashtable<String, Reason> map = new Hashtable<String, Reason>(); - private static Vector<Reason> list = new Vector<Reason>(); + private static Vector<Reason> list = new Vector<Reason>(); public static Reason fromString(String name) { - return map.get(name); + return map.get(name); } public String getName() { @@ -337,61 +330,61 @@ public class FreshestCRLExtension extends Extension return bitMask; } - /** - * Given a bit array representing reason flags, extracts the reasons - * and returns them as an array. - * - * @param bitFlags A bit vector containing reason flags. - * @return An array of reasons contained in the bit vector. - * May be zero-length but will not be null. - */ - public static Reason[] bitArrayToReasonArray(byte bitFlags) { - return bitArrayToReasonArray( new byte[] { bitFlags } ); - } - - /** - * Given a bit array representing reason flags, extracts the reasons - * and returns them as an array. Currently, only the first byte - * of the bitflags are examined. - * - * @param bitFlags A bit vector containing reason flags. The format - * is big-endian (MSB first). Only the first byte is examined. - * @return An array of reasons contained in the bit vector. - * May be zero-length but will not be null. - */ - public static Reason[] bitArrayToReasonArray(byte[] bitFlags) { - byte first = bitFlags[0]; - int size = list.size(); - Vector<Reason> result = new Vector<Reason>(); - for(int i = 0; i < size; i++) { - Reason r = (Reason) list.elementAt(i); - byte b = r.getBitMask(); - if( (first & b) != 0 ) { - result.addElement(r); - } - } - size = result.size(); - Reason[] retval = new Reason[size]; - for(int i=0; i < size; i++) { - retval[i] = result.elementAt(i); - } - return retval; - } - + /** + * Given a bit array representing reason flags, extracts the reasons + * and returns them as an array. + * + * @param bitFlags A bit vector containing reason flags. + * @return An array of reasons contained in the bit vector. + * May be zero-length but will not be null. + */ + public static Reason[] bitArrayToReasonArray(byte bitFlags) { + return bitArrayToReasonArray(new byte[] { bitFlags }); + } + + /** + * Given a bit array representing reason flags, extracts the reasons + * and returns them as an array. Currently, only the first byte + * of the bitflags are examined. + * + * @param bitFlags A bit vector containing reason flags. The format + * is big-endian (MSB first). Only the first byte is examined. + * @return An array of reasons contained in the bit vector. + * May be zero-length but will not be null. + */ + public static Reason[] bitArrayToReasonArray(byte[] bitFlags) { + byte first = bitFlags[0]; + int size = list.size(); + Vector<Reason> result = new Vector<Reason>(); + for (int i = 0; i < size; i++) { + Reason r = (Reason) list.elementAt(i); + byte b = r.getBitMask(); + if ((first & b) != 0) { + result.addElement(r); + } + } + size = result.size(); + Reason[] retval = new Reason[size]; + for (int i = 0; i < size; i++) { + retval[i] = result.elementAt(i); + } + return retval; + } + public static final Reason UNUSED = - new Reason("unused", (byte) 0x80); + new Reason("unused", (byte) 0x80); public static final Reason KEY_COMPROMISE = - new Reason("keyCompromise", (byte) 0x40); + new Reason("keyCompromise", (byte) 0x40); public static final Reason CA_COMPROMISE = - new Reason("cACompromise", (byte) 0x20); + new Reason("cACompromise", (byte) 0x20); public static final Reason AFFILIATION_CHANGED = - new Reason("affiliationChanged", (byte) 0x10); + new Reason("affiliationChanged", (byte) 0x10); public static final Reason SUPERSEDED = - new Reason("superseded", (byte) 0x08); + new Reason("superseded", (byte) 0x08); public static final Reason CESSATION_OF_OPERATION = - new Reason("cessationOfOperation", (byte) 0x04); + new Reason("cessationOfOperation", (byte) 0x04); public static final Reason CERTIFICATE_HOLD = - new Reason("certificateHold", (byte) 0x02); + new Reason("certificateHold", (byte) 0x02); } } diff --git a/pki/base/util/src/netscape/security/x509/GeneralName.java b/pki/base/util/src/netscape/security/x509/GeneralName.java index bc3395c5..5ed98d83 100644 --- a/pki/base/util/src/netscape/security/x509/GeneralName.java +++ b/pki/base/util/src/netscape/security/x509/GeneralName.java @@ -26,6 +26,7 @@ import netscape.security.util.DerValue; * This class implements the ASN.1 GeneralName object class. * <p> * The ASN.1 syntax for this is: + * * <pre> * GeneralName ::= CHOICE { * otherName [0] OtherName, @@ -39,6 +40,7 @@ import netscape.security.util.DerValue; * registeredID [8] OBJECT IDENTIFIER * } * </pre> + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.7 @@ -54,7 +56,7 @@ public class GeneralName implements GeneralNameInterface { /** * Default constructor for the class. - * + * * @param name the selected CHOICE from the list. */ public GeneralName(GeneralNameInterface name) { @@ -63,11 +65,11 @@ public class GeneralName implements GeneralNameInterface { /** * Create the object from its DER encoded value. - * + * * @param encName the DER encoded GeneralName. */ public GeneralName(DerValue encName) throws IOException { - short tag = (byte)(encName.tag & 0x1f); + short tag = (byte) (encName.tag & 0x1f); // NB. this is always encoded with the IMPLICIT tag // The checks only make sense if we assume implicit tagging, @@ -76,50 +78,50 @@ public class GeneralName implements GeneralNameInterface { case GeneralNameInterface.NAME_RFC822: if (encName.isContextSpecific() && !encName.isConstructed()) { encName.resetTag(DerValue.tag_IA5String); - name = new RFC822Name(encName); + name = new RFC822Name(encName); } else - throw new IOException("Invalid encoding of RFC822 name"); - break; + throw new IOException("Invalid encoding of RFC822 name"); + break; case GeneralNameInterface.NAME_DNS: if (encName.isContextSpecific() && !encName.isConstructed()) { encName.resetTag(DerValue.tag_IA5String); - name = new DNSName(encName); + name = new DNSName(encName); } else - throw new IOException("Invalid encoding of DNS name"); - break; + throw new IOException("Invalid encoding of DNS name"); + break; case GeneralNameInterface.NAME_URI: if (encName.isContextSpecific() && !encName.isConstructed()) { encName.resetTag(DerValue.tag_IA5String); - name = new URIName(encName); + name = new URIName(encName); } else - throw new IOException("Invalid encoding of URI"); - break; + throw new IOException("Invalid encoding of URI"); + break; case GeneralNameInterface.NAME_IP: if (encName.isContextSpecific() && !encName.isConstructed()) { encName.resetTag(DerValue.tag_OctetString); - name = new IPAddressName(encName); + name = new IPAddressName(encName); } else - throw new IOException("Invalid encoding of IP address"); - break; + throw new IOException("Invalid encoding of IP address"); + break; - case GeneralNameInterface.NAME_ANY: - if (encName.isContextSpecific() && encName.isConstructed()) { - encName.resetTag(DerValue.tag_OctetString); + case GeneralNameInterface.NAME_ANY: + if (encName.isContextSpecific() && encName.isConstructed()) { + encName.resetTag(DerValue.tag_OctetString); name = new OtherName(encName); - } else + } else throw new IOException("Invalid encoding of other name"); break; case GeneralNameInterface.NAME_OID: if (encName.isContextSpecific() && !encName.isConstructed()) { encName.resetTag(DerValue.tag_ObjectId); - name = new OIDName(encName); + name = new OIDName(encName); } else - throw new IOException("Invalid encoding of OID name"); - break; + throw new IOException("Invalid encoding of OID name"); + break; case GeneralNameInterface.NAME_DIRECTORY: if (encName.isContextSpecific() && encName.isConstructed()) { @@ -130,23 +132,23 @@ public class GeneralName implements GeneralNameInterface { // string so we can get at the content bytes. encName.resetTag(DerValue.tag_OctetString); byte[] content = encName.getOctetString(); - name = new X500Name( content ); + name = new X500Name(content); } else - throw new IOException("Invalid encoding of Directory name"); - break; + throw new IOException("Invalid encoding of Directory name"); + break; case GeneralNameInterface.NAME_EDI: if (encName.isContextSpecific() && encName.isConstructed()) { encName.resetTag(DerValue.tag_Sequence); name = new EDIPartyName(encName); } else - throw new IOException("Invalid encoding of EDI name"); - break; + throw new IOException("Invalid encoding of EDI name"); + break; default: - throw new IOException("Unrecognized GeneralName tag, (" - + tag +")"); - } + throw new IOException("Unrecognized GeneralName tag, (" + + tag + ")"); + } } /** @@ -163,35 +165,35 @@ public class GeneralName implements GeneralNameInterface { return (name.toString()); } - /** - * Encode the name to the specified DerOutputStream. - * - * @param out the DerOutputStream to encode the the GeneralName to. - * @exception IOException on encoding errors. - */ - public void encode(DerOutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - name.encode(tmp); - int nameType = name.getType(); - boolean constructedForm; - - if (nameType == GeneralNameInterface.NAME_ANY || - nameType == GeneralNameInterface.NAME_X400 || - nameType == GeneralNameInterface.NAME_DIRECTORY || - nameType == GeneralNameInterface.NAME_EDI) { - constructedForm = true; - } else { - constructedForm = false; - } - - if( nameType == GeneralNameInterface.NAME_DIRECTORY ) { - // EXPLICIT tag, because Name is a CHOICE type - out.write(DerValue.createTag(DerValue.TAG_CONTEXT, - constructedForm, (byte)nameType), tmp); - } else { - // IMPLICIT tag, the default - out.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - constructedForm, (byte)nameType), tmp); - } - } + /** + * Encode the name to the specified DerOutputStream. + * + * @param out the DerOutputStream to encode the the GeneralName to. + * @exception IOException on encoding errors. + */ + public void encode(DerOutputStream out) throws IOException { + DerOutputStream tmp = new DerOutputStream(); + name.encode(tmp); + int nameType = name.getType(); + boolean constructedForm; + + if (nameType == GeneralNameInterface.NAME_ANY || + nameType == GeneralNameInterface.NAME_X400 || + nameType == GeneralNameInterface.NAME_DIRECTORY || + nameType == GeneralNameInterface.NAME_EDI) { + constructedForm = true; + } else { + constructedForm = false; + } + + if (nameType == GeneralNameInterface.NAME_DIRECTORY) { + // EXPLICIT tag, because Name is a CHOICE type + out.write(DerValue.createTag(DerValue.TAG_CONTEXT, + constructedForm, (byte) nameType), tmp); + } else { + // IMPLICIT tag, the default + out.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + constructedForm, (byte) nameType), tmp); + } + } } diff --git a/pki/base/util/src/netscape/security/x509/GeneralNameInterface.java b/pki/base/util/src/netscape/security/x509/GeneralNameInterface.java index 962206e0..4a967366 100644 --- a/pki/base/util/src/netscape/security/x509/GeneralNameInterface.java +++ b/pki/base/util/src/netscape/security/x509/GeneralNameInterface.java @@ -24,7 +24,7 @@ import netscape.security.util.DerOutputStream; /** * This interface specifies the abstract methods which have to be * implemented by all the members of the GeneralNames ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.6 @@ -51,10 +51,10 @@ public interface GeneralNameInterface extends java.io.Serializable { /** * Encode the name to the specified DerOutputStream. - * + * * @param out the DerOutputStream to encode the GeneralName to. * @exception IOException thrown if the GeneralName could not be - * encoded. + * encoded. */ void encode(DerOutputStream out) throws IOException; } diff --git a/pki/base/util/src/netscape/security/x509/GeneralNames.java b/pki/base/util/src/netscape/security/x509/GeneralNames.java index d647dd96..9e06db5a 100644 --- a/pki/base/util/src/netscape/security/x509/GeneralNames.java +++ b/pki/base/util/src/netscape/security/x509/GeneralNames.java @@ -26,11 +26,14 @@ import netscape.security.util.DerValue; /** * This object class represents the GeneralNames type required in - * X509 certificates. - * <p>The ASN.1 syntax for this is: + * X509 certificates. + * <p> + * The ASN.1 syntax for this is: + * * <pre> * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * </pre> + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.7 @@ -43,17 +46,17 @@ public class GeneralNames extends Vector<GeneralNameInterface> { /** * Create the GeneralNames, decoding from the passed DerValue. - * - * <b>Caution when using this constructor. It may be broken! - * Better to call addElement(gni) directly where gni is - * a GeneralNameInterface object </b> - * + * + * <b>Caution when using this constructor. It may be broken! + * Better to call addElement(gni) directly where gni is + * a GeneralNameInterface object </b> + * * @param derVal the DerValue to construct the GeneralNames from. * @exception GeneralNamesException on decoding error. * @exception IOException on error. */ public GeneralNames(DerValue derVal) - throws IOException, GeneralNamesException { + throws IOException, GeneralNamesException { if (derVal.tag != DerValue.tag_Sequence) { throw new IOException("Invalid encoding for GeneralNames."); } @@ -70,42 +73,42 @@ public class GeneralNames extends Vector<GeneralNameInterface> { } } - /** - * Create the GeneralNames - * - * @param names a non-empty array of names to put into the - * generalNames - */ - - public GeneralNames(GeneralNameInterface[] names) - throws GeneralNamesException { - if (names == null || names.length==0) - throw new GeneralNamesException("Cannot create empty GeneralNames"); - - for (int i=0;i<names.length;i++) { - addElement(names[i]); - } - } + /** + * Create the GeneralNames + * + * @param names a non-empty array of names to put into the + * generalNames + */ + public GeneralNames(GeneralNameInterface[] names) + throws GeneralNamesException { + if (names == null || names.length == 0) + throw new GeneralNamesException("Cannot create empty GeneralNames"); + for (int i = 0; i < names.length; i++) { + addElement(names[i]); + } + } /** * The default constructor for this class. */ public GeneralNames() { - super(1,1); + super(1, 1); } /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception GeneralNamesException on encoding error. * @exception IOException on error. */ public void encode(DerOutputStream out) - throws IOException, GeneralNamesException { - if (size() == 0) { return; } + throws IOException, GeneralNamesException { + if (size() == 0) { + return; + } Enumeration<GeneralNameInterface> names = elements(); DerOutputStream temp = new DerOutputStream(); @@ -113,34 +116,35 @@ public class GeneralNames extends Vector<GeneralNameInterface> { while (names.hasMoreElements()) { Object obj = names.nextElement(); if (!(obj instanceof GeneralNameInterface)) { - throw new GeneralNamesException("Element in GeneralNames " + throw new GeneralNamesException("Element in GeneralNames " + "not of type GeneralName."); } - GeneralNameInterface intf = (GeneralNameInterface)obj; - if (obj instanceof GeneralName) { - intf.encode(temp); - } else { - DerOutputStream gname = new DerOutputStream(); - intf.encode(gname); - int nameType = intf.getType(); - // constructed form - if (nameType == GeneralNameInterface.NAME_ANY || - nameType == GeneralNameInterface.NAME_X400 || - nameType == GeneralNameInterface.NAME_EDI) { - - temp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)nameType), gname); - } else if ( nameType == GeneralNameInterface.NAME_DIRECTORY ) { - // EXPLICIT tag because directoryName is a CHOICE - temp.write(DerValue.createTag(DerValue.TAG_CONTEXT, - true, (byte)nameType), gname); - } else // primitive form - temp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, - false, (byte)nameType), gname); - } + GeneralNameInterface intf = (GeneralNameInterface) obj; + if (obj instanceof GeneralName) { + intf.encode(temp); + } else { + DerOutputStream gname = new DerOutputStream(); + intf.encode(gname); + int nameType = intf.getType(); + // constructed form + if (nameType == GeneralNameInterface.NAME_ANY || + nameType == GeneralNameInterface.NAME_X400 || + nameType == GeneralNameInterface.NAME_EDI) { + + temp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) nameType), gname); + } else if (nameType == GeneralNameInterface.NAME_DIRECTORY) { + // EXPLICIT tag because directoryName is a CHOICE + temp.write(DerValue.createTag(DerValue.TAG_CONTEXT, + true, (byte) nameType), gname); + } else + // primitive form + temp.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, + false, (byte) nameType), gname); + } } - - out.write(DerValue.tag_Sequence,temp); + + out.write(DerValue.tag_Sequence, temp); } } diff --git a/pki/base/util/src/netscape/security/x509/GeneralNamesException.java b/pki/base/util/src/netscape/security/x509/GeneralNamesException.java index 11c763fd..6309ed11 100644 --- a/pki/base/util/src/netscape/security/x509/GeneralNamesException.java +++ b/pki/base/util/src/netscape/security/x509/GeneralNamesException.java @@ -21,7 +21,7 @@ import java.security.GeneralSecurityException; /** * Generic General Names Exception. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.4 @@ -41,7 +41,7 @@ public class GeneralNamesException extends GeneralSecurityException { /** * Constructs the exception with the specified error message. - * + * * @param message the requisite error message. */ public GeneralNamesException(String message) { diff --git a/pki/base/util/src/netscape/security/x509/GeneralSubtree.java b/pki/base/util/src/netscape/security/x509/GeneralSubtree.java index 84ceca96..635427e0 100644 --- a/pki/base/util/src/netscape/security/x509/GeneralSubtree.java +++ b/pki/base/util/src/netscape/security/x509/GeneralSubtree.java @@ -26,6 +26,7 @@ import netscape.security.util.PrettyPrintFormat; /** * Represent the GeneralSubtree ASN.1 object, whose syntax is: + * * <pre> * GeneralSubtree ::= SEQUENCE { * base GeneralName, @@ -34,6 +35,7 @@ import netscape.security.util.PrettyPrintFormat; * } * BaseDistance ::= INTEGER (0..MAX) * </pre> + * * @version 1.5 * @author Amit Kapoor * @author Hemma Prafullchandra @@ -41,17 +43,17 @@ import netscape.security.util.PrettyPrintFormat; public class GeneralSubtree { private static final byte TAG_MIN = 0; private static final byte TAG_MAX = 1; - private static final int MIN_DEFAULT = 0; + private static final int MIN_DEFAULT = 0; - private GeneralName name; - private int minimum = MIN_DEFAULT; - private int maximum = -1; + private GeneralName name; + private int minimum = MIN_DEFAULT; + private int maximum = -1; private PrettyPrintFormat pp = new PrettyPrintFormat(":"); /** * The default constructor for the class. - * + * * @param name the GeneralName * @param min the minimum BaseDistance * @param max the maximum BaseDistance @@ -64,7 +66,7 @@ public class GeneralSubtree { /** * Create the object from its DER encoded form. - * + * * @param val the DER encoded from of the same. */ public GeneralSubtree(DerValue val) throws IOException { @@ -81,13 +83,13 @@ public class GeneralSubtree { if (opt.isContextSpecific(TAG_MIN) && !opt.isConstructed()) { opt.resetTag(DerValue.tag_Integer); - minimum = (opt.getInteger()).toInt(); + minimum = (opt.getInteger()).toInt(); } else if (opt.isContextSpecific(TAG_MAX) && !opt.isConstructed()) { opt.resetTag(DerValue.tag_Integer); - maximum = (opt.getInteger()).toInt(); - } else - throw new IOException("Invalid encoding of GeneralSubtree."); + maximum = (opt.getInteger()).toInt(); + } else + throw new IOException("Invalid encoding of GeneralSubtree."); } } @@ -96,31 +98,31 @@ public class GeneralSubtree { */ public String toString() { String s = "\n GeneralSubtree: [\n" + - " GeneralName: " + ((name == null) ? "" : name.toString()) + - "\n Minimum: " + minimum; - if (maximum == -1) { - s += "\t Maximum: undefined"; - } else - s += "\t Maximum: " + maximum; - s += " ]\n"; + " GeneralName: " + ((name == null) ? "" : name.toString()) + + "\n Minimum: " + minimum; + if (maximum == -1) { + s += "\t Maximum: undefined"; + } else + s += "\t Maximum: " + maximum; + s += " ]\n"; return (s); } public String toPrint(int indent) { - String s = "\n"+pp.indent(indent) + "GeneralSubtree: [\n" + pp.indent(indent+2) + - "GeneralName: " + ((name == null) ? "" : name.toString()) + - "\n"+pp.indent(indent+2) + "Minimum: " + minimum; - if (maximum == -1) { - s += "\n" + pp.indent(indent+2) + "Maximum: undefined"; - } else - s += "\n" + pp.indent(indent+2) + "Maximum: " + maximum; - s += "]\n"; + String s = "\n" + pp.indent(indent) + "GeneralSubtree: [\n" + pp.indent(indent + 2) + + "GeneralName: " + ((name == null) ? "" : name.toString()) + + "\n" + pp.indent(indent + 2) + "Minimum: " + minimum; + if (maximum == -1) { + s += "\n" + pp.indent(indent + 2) + "Maximum: undefined"; + } else + s += "\n" + pp.indent(indent + 2) + "Maximum: " + maximum; + s += "]\n"; return (s); } /** * Encode the GeneralSubtree. - * + * * @param out the DerOutputStream to encode this object to. */ public void encode(DerOutputStream out) throws IOException { @@ -128,8 +130,7 @@ public class GeneralSubtree { name.encode(seq); - if (minimum != MIN_DEFAULT) - { + if (minimum != MIN_DEFAULT) { DerOutputStream tmp = new DerOutputStream(); tmp.putInteger(new BigInt(minimum)); seq.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, @@ -141,7 +142,7 @@ public class GeneralSubtree { seq.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_MAX), tmp); } - out.write(DerValue.tag_Sequence,seq); + out.write(DerValue.tag_Sequence, seq); } public GeneralName getGeneralName() { diff --git a/pki/base/util/src/netscape/security/x509/GeneralSubtrees.java b/pki/base/util/src/netscape/security/x509/GeneralSubtrees.java index 840fdf9e..37097ca7 100644 --- a/pki/base/util/src/netscape/security/x509/GeneralSubtrees.java +++ b/pki/base/util/src/netscape/security/x509/GeneralSubtrees.java @@ -27,19 +27,19 @@ import netscape.security.util.PrettyPrintFormat; /** * Represent the GeneralSubtrees ASN.1 object. - * + * * @version 1.4 - * + * * @author Amit Kapoor * @author Hemma Prafullchandra */ public class GeneralSubtrees { - private Vector<GeneralSubtree> trees; + private Vector<GeneralSubtree> trees; private PrettyPrintFormat pp = new PrettyPrintFormat(":"); /** * The default constructor for the class. - * + * * @param trees the sequence of GeneralSubtree. */ public GeneralSubtrees(Vector<GeneralSubtree> trees) { @@ -48,7 +48,7 @@ public class GeneralSubtrees { /** * Create the object from the passed DER encoded form. - * + * * @param val the DER encoded form of the same. */ public GeneralSubtrees(DerValue val) throws IOException { @@ -76,28 +76,28 @@ public class GeneralSubtrees { public String toPrint(int indent) { String s = ""; - GeneralSubtree element; + GeneralSubtree element; - for (Enumeration<GeneralSubtree> e = trees.elements() ; e.hasMoreElements() ;) { - element = (GeneralSubtree) e.nextElement(); - s = s + pp.indent(indent+4)+ element.toPrint(indent) +"\n"; - } + for (Enumeration<GeneralSubtree> e = trees.elements(); e.hasMoreElements();) { + element = (GeneralSubtree) e.nextElement(); + s = s + pp.indent(indent + 4) + element.toPrint(indent) + "\n"; + } return (s); } /** * Encode the GeneralSubtrees. - * + * * @param out the DerOutputStrean to encode this object to. */ public void encode(DerOutputStream out) throws IOException { DerOutputStream seq = new DerOutputStream(); for (int i = 0; i < trees.size(); i++) { - ((GeneralSubtree)trees.elementAt(i)).encode(seq); + ((GeneralSubtree) trees.elementAt(i)).encode(seq); } - out.write(DerValue.tag_Sequence,seq); + out.write(DerValue.tag_Sequence, seq); } public Vector<GeneralSubtree> getSubtrees() { diff --git a/pki/base/util/src/netscape/security/x509/GenericValueConverter.java b/pki/base/util/src/netscape/security/x509/GenericValueConverter.java index 64377e6e..dbea7d86 100644 --- a/pki/base/util/src/netscape/security/x509/GenericValueConverter.java +++ b/pki/base/util/src/netscape/security/x509/GenericValueConverter.java @@ -27,66 +27,55 @@ import netscape.security.util.ASN1CharStrConvMap; import netscape.security.util.DerValue; /** - * A GenericValueConverter converts a string that is not associated with - * a particular attribute to a DER encoded ASN.1 character string type. + * A GenericValueConverter converts a string that is not associated with + * a particular attribute to a DER encoded ASN.1 character string type. * Currently supports PrintableString, IA5String, BMPString T.61String and * Universal String. * - * <p>The conversion is done as follows. - * An encoder is obtained for the all the character sets - * from the global default ASN1CharStrConvMap. - * The encoders are then used to convert the string to the - * smallest character set first -- printableString. - * If the string contains characters outside of that character set, - * it is converted to the next character set -- IA5String character set. - * If that is not enough it is converted to a BMPString, then - * Universal String which contains all characters. - * + * <p> + * The conversion is done as follows. An encoder is obtained for the all the character sets from the global default ASN1CharStrConvMap. The encoders are then used to convert the string to the smallest character set first -- printableString. If the string contains characters outside of that character set, it is converted to the next character set -- IA5String character set. If that is not enough it is converted to a BMPString, then Universal String which contains all characters. + * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. * */ -public class GenericValueConverter implements AVAValueConverter -{ - public GenericValueConverter() - { +public class GenericValueConverter implements AVAValueConverter { + public GenericValueConverter() { } /** - * Converts a string to a DER encoded ASN.1 primtable string, defined here - * as a PrintableString, IA5String, T.61String, BMPString or + * Converts a string to a DER encoded ASN.1 primtable string, defined here + * as a PrintableString, IA5String, T.61String, BMPString or * UniversalString. The string is not expected to be encoded in any form. * - * <p>If an encoder is not available for a character set that - * is needed to convert the string, the string cannot be converted and - * an IOException is thrown. For example, if the string contains characters - * outside the PrintableString character and only a PrintableString - * encoder is available then an IOException is thrown. + * <p> + * If an encoder is not available for a character set that is needed to convert the string, the string cannot be converted and an IOException is thrown. For example, if the string contains characters outside the PrintableString character and only a PrintableString encoder is available then an IOException is thrown. + * + * @param s A string representing a generic attribute string value. * - * @param s A string representing a generic attribute string value. - * - * @return The DER value of the attribute. + * @return The DER value of the attribute. * - * @exception IOException if the string cannot be converted, such as - * when an encoder needed is - * unavailable. + * @exception IOException if the string cannot be converted, such as + * when an encoder needed is + * unavailable. */ public DerValue getValue(String s) - throws IOException - { - return getValue(s, null); + throws IOException { + return getValue(s, null); } public DerValue getValue(String valueString, byte[] tags) throws IOException { // try to convert to printable, then t61 the universal - // i.e. from minimal coverage to the broadest. - if (tags == null || tags.length == 0) tags = DefEncodingTags; + if (tags == null || tags.length == 0) + tags = DefEncodingTags; for (int i = 0; i < tags.length; i++) { try { CharsetEncoder encoder = ASN1CharStrConvMap.getDefault().getEncoder(tags[i]); - if (encoder == null) continue; + if (encoder == null) + continue; CharBuffer charBuffer = CharBuffer.wrap(valueString.toCharArray()); ByteBuffer byteBuffer = encoder.encode(charBuffer); @@ -99,52 +88,50 @@ public class GenericValueConverter implements AVAValueConverter } throw new IOException( - "Cannot convert the string value to a ASN.1 type"); + "Cannot convert the string value to a ASN.1 type"); } - /** + /** * Creates a DerValue from the byte array of BER encoded value. * * NOTE: currently only supports DER encoding (a form of BER) on input . - * - * @param berStream Byte array of a BER encoded value. - * - * @return DerValue object. * - * @exception IOException If the BER value cannot be converted to a - * valid Directory String DER value. + * @param berStream Byte array of a BER encoded value. + * + * @return DerValue object. + * + * @exception IOException If the BER value cannot be converted to a + * valid Directory String DER value. */ public DerValue getValue(byte[] berByteStream) - throws IOException - { - // accepts any tag. - DerValue value = new DerValue(berByteStream); - return value; + throws IOException { + // accepts any tag. + DerValue value = new DerValue(berByteStream); + return value; } /** - * Converts a DerValue of ASN1 Character string type to a java string + * Converts a DerValue of ASN1 Character string type to a java string * (the string is not encoded in any form). * - * @param avaValue A DerValue - * @return A string representing the attribute value. - * @exception IOException if a decoder needed for the - * conversion is not available or if BER value - * is not one of the ASN1 character string types - * here. + * @param avaValue A DerValue + * @return A string representing the attribute value. + * @exception IOException if a decoder needed for the + * conversion is not available or if BER value + * is not one of the ASN1 character string types + * here. */ - public String getAsString(DerValue avaValue) - throws IOException - { - return avaValue.getASN1CharString(); + public String getAsString(DerValue avaValue) + throws IOException { + return avaValue.getASN1CharString(); } - private static byte DefEncodingTags[] = { - DerValue.tag_PrintableString, - DerValue.tag_IA5String, - DerValue.tag_BMPString, - DerValue.tag_UTF8String, - DerValue.tag_T61String, - DerValue.tag_UniversalString - }; + private static byte DefEncodingTags[] = { + DerValue.tag_PrintableString, + DerValue.tag_IA5String, + DerValue.tag_BMPString, + DerValue.tag_UTF8String, + DerValue.tag_T61String, + DerValue.tag_UniversalString + }; } diff --git a/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java b/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java index 7f996250..45427e39 100644 --- a/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java +++ b/pki/base/util/src/netscape/security/x509/HoldInstructionExtension.java @@ -30,22 +30,18 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - /** * Represent the CRL Hold Instruction Code Extension. - * - * <p>The hold instruction code is a non-critical CRL entry - * extension that provides a registered instruction identifier - * which indicates the action to be taken after encountering - * a certificate that has been placed on hold. - * + * + * <p> + * The hold instruction code is a non-critical CRL entry extension that provides a registered instruction identifier which indicates the action to be taken after encountering a certificate that has been placed on hold. + * * @see Extension * @see CertAttrSet */ - public class HoldInstructionExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * @@ -62,35 +58,35 @@ implements CertAttrSet { public static final String OID = "2.5.29.23"; public static final String NONE_HOLD_INSTR_OID_STR = - "1.2.840.10040.2.1"; + "1.2.840.10040.2.1"; public static final ObjectIdentifier NONE_HOLD_INSTR_OID = - new ObjectIdentifier(NONE_HOLD_INSTR_OID_STR); + new ObjectIdentifier(NONE_HOLD_INSTR_OID_STR); public static final String CALL_ISSUER_HOLD_INSTR_OID_STR = - "1.2.840.10040.2.2"; + "1.2.840.10040.2.2"; public static final ObjectIdentifier CALL_ISSUER_HOLD_INSTR_OID = - new ObjectIdentifier(CALL_ISSUER_HOLD_INSTR_OID_STR); + new ObjectIdentifier(CALL_ISSUER_HOLD_INSTR_OID_STR); public static final String REJECT_HOLD_INSTR_OID_STR = - "1.2.840.10040.2.3"; + "1.2.840.10040.2.3"; public static final ObjectIdentifier REJECT_HOLD_INSTR_OID = - new ObjectIdentifier(REJECT_HOLD_INSTR_OID_STR); + new ObjectIdentifier(REJECT_HOLD_INSTR_OID_STR); - private ObjectIdentifier holdInstructionCodeOIDs[] = {NONE_HOLD_INSTR_OID, + private ObjectIdentifier holdInstructionCodeOIDs[] = { NONE_HOLD_INSTR_OID, CALL_ISSUER_HOLD_INSTR_OID, - REJECT_HOLD_INSTR_OID}; + REJECT_HOLD_INSTR_OID }; private ObjectIdentifier holdInstructionCodeOID = null; - private String holdInstructionDescription[] = {"None", + private String holdInstructionDescription[] = { "None", "Call Issuer", - "Reject"}; - + "Reject" }; static { try { OIDMap.addAttribute(HoldInstructionExtension.class.getName(), OID, HoldInstructionExtension.class.getSimpleName()); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } } private int getHoldInstructionCodeFromOID(ObjectIdentifier oid) { @@ -106,7 +102,7 @@ implements CertAttrSet { if (oid != null) { int i = getHoldInstructionCodeFromOID(oid); if (i > 0 && i < 4) - description = holdInstructionDescription[i-1]; + description = holdInstructionDescription[i - 1]; } return (description); } @@ -123,15 +119,14 @@ implements CertAttrSet { /** * Create a HoldInstructionExtension with the date. * The criticality is set to false. - * + * * @param code the value to be set for the extension. */ public HoldInstructionExtension(int code) - throws IOException - { + throws IOException { if (code < 1 || code > 3) throw new IOException("Invalid hold instruction code"); - holdInstructionCodeOID = holdInstructionCodeOIDs[code-1]; + holdInstructionCodeOID = holdInstructionCodeOIDs[code - 1]; this.extensionId = PKIXExtensions.HoldInstructionCode_Id; this.critical = false; encodeThis(); @@ -140,12 +135,11 @@ implements CertAttrSet { /** * Create a HoldInstructionExtension with the date. * The criticality is set to false. - * + * * @param oidStr the value to be set for the extension. */ public HoldInstructionExtension(String oidStr) - throws IOException - { + throws IOException { ObjectIdentifier oid = new ObjectIdentifier(oidStr); if (oid == null || getHoldInstructionCodeFromOID(oid) == 0) throw new IOException("Invalid hold instruction code"); @@ -158,12 +152,11 @@ implements CertAttrSet { /** * Create a HoldInstructionExtension with the date. * The criticality is set to false. - * + * * @param oid the value to be set for the extension. */ public HoldInstructionExtension(ObjectIdentifier oid) - throws IOException - { + throws IOException { if (getHoldInstructionCodeFromOID(oid) == 0) throw new IOException("Invalid hold instruction code"); holdInstructionCodeOID = oid; @@ -175,16 +168,15 @@ implements CertAttrSet { /** * Create a HoldInstructionExtension with the date. * The criticality is set to false. - * + * * @param critical true if the extension is to be treated as critical. * @param code the value to be set for the extension. */ public HoldInstructionExtension(Boolean critical, int code) - throws IOException - { + throws IOException { if (code < 1 || code > 3) throw new IOException("Invalid hold instruction code"); - holdInstructionCodeOID = holdInstructionCodeOIDs[code-1]; + holdInstructionCodeOID = holdInstructionCodeOIDs[code - 1]; this.extensionId = PKIXExtensions.HoldInstructionCode_Id; this.critical = critical.booleanValue(); encodeThis(); @@ -193,13 +185,12 @@ implements CertAttrSet { /** * Create a HoldInstructionExtension with the date. * The criticality is set to false. - * + * * @param critical true if the extension is to be treated as critical. * @param oidStr the value to be set for the extension. */ public HoldInstructionExtension(Boolean critical, String oidStr) - throws IOException - { + throws IOException { ObjectIdentifier oid = new ObjectIdentifier(oidStr); if (oid == null || getHoldInstructionCodeFromOID(oid) == 0) throw new IOException("Invalid hold instruction code"); @@ -212,13 +203,12 @@ implements CertAttrSet { /** * Create a HoldInstructionExtension with the date. * The criticality is set to false. - * + * * @param critical true if the extension is to be treated as critical. * @param oid the value to be set for the extension. */ public HoldInstructionExtension(Boolean critical, ObjectIdentifier oid) - throws IOException - { + throws IOException { if (getHoldInstructionCodeFromOID(oid) == 0) throw new IOException("Invalid hold instruction code"); holdInstructionCodeOID = oid; @@ -229,14 +219,13 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public HoldInstructionExtension(Boolean critical, Object value) - throws IOException - { + throws IOException { this.extensionId = PKIXExtensions.HoldInstructionCode_Id; this.critical = critical.booleanValue(); @@ -260,13 +249,11 @@ implements CertAttrSet { /** * Get the hold instruction code. */ - public ObjectIdentifier getHoldInstructionCode() - { + public ObjectIdentifier getHoldInstructionCode() { return holdInstructionCodeOID; } - public String getHoldInstructionCodeDescription() - { + public String getHoldInstructionCodeDescription() { return getHoldInstructionDescription(holdInstructionCodeOID); } @@ -278,9 +265,9 @@ implements CertAttrSet { if (!(obj instanceof ObjectIdentifier)) { throw new IOException("Attribute must be of type String."); } - holdInstructionCodeOID = (ObjectIdentifier)obj; + holdInstructionCodeOID = (ObjectIdentifier) obj; } else { - throw new IOException("Attribute name not recognized by"+ + throw new IOException("Attribute name not recognized by" + " CertAttrSet:HoldInstructionCode."); } } @@ -292,7 +279,7 @@ implements CertAttrSet { if (name.equalsIgnoreCase(HOLD_INSTRUCTION)) { return holdInstructionCodeOID; } else { - throw new IOException("Attribute name not recognized by"+ + throw new IOException("Attribute name not recognized by" + " CertAttrSet:HoldInstructionCode."); } } @@ -304,7 +291,7 @@ implements CertAttrSet { if (name.equalsIgnoreCase(HOLD_INSTRUCTION)) { holdInstructionCodeOID = null; } else { - throw new IOException("Attribute name not recognized by"+ + throw new IOException("Attribute name not recognized by" + " CertAttrSet:HoldInstructionCode."); } } @@ -313,14 +300,14 @@ implements CertAttrSet { * Returns a printable representation of the HoldInstructionExtension. */ public String toString() { - String s = super.toString() + "Hold Instruction Code: "+ - getHoldInstructionDescription(holdInstructionCodeOID)+"\n"; + String s = super.toString() + "Hold Instruction Code: " + + getHoldInstructionDescription(holdInstructionCodeOID) + "\n"; return (s); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -330,31 +317,30 @@ implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - - if (this.extensionValue == null) { - this.extensionId = PKIXExtensions.HoldInstructionCode_Id; - this.critical = true; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + DerOutputStream tmp = new DerOutputStream(); + + if (this.extensionValue == null) { + this.extensionId = PKIXExtensions.HoldInstructionCode_Id; + this.critical = true; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(HOLD_INSTRUCTION); return (elements.elements()); } } - diff --git a/pki/base/util/src/netscape/security/x509/IA5StringConverter.java b/pki/base/util/src/netscape/security/x509/IA5StringConverter.java index fe3e3eb1..eced75a5 100644 --- a/pki/base/util/src/netscape/security/x509/IA5StringConverter.java +++ b/pki/base/util/src/netscape/security/x509/IA5StringConverter.java @@ -27,23 +27,22 @@ import netscape.security.util.ASN1CharStrConvMap; import netscape.security.util.DerValue; /** - * A AVAValueConverter that converts a IA5String attribute to a DerValue + * A AVAValueConverter that converts a IA5String attribute to a DerValue * and vice versa. An example an attribute that is a IA5String string is "E". + * * @see AVAValueConverter - * + * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. */ -public class IA5StringConverter implements AVAValueConverter -{ +public class IA5StringConverter implements AVAValueConverter { // public constructors /* * Contructs a IA5String Converter. */ - public IA5StringConverter() - { - } + public IA5StringConverter() { + } /* * Converts a string with ASN.1 IA5String characters to a DerValue. @@ -56,21 +55,21 @@ public class IA5StringConverter implements AVAValueConverter * available for the conversion. */ public DerValue getValue(String valueString) - throws IOException - { - return getValue(valueString, null); + throws IOException { + return getValue(valueString, null); } public DerValue getValue(String valueString, byte[] tags) throws IOException { try { CharsetEncoder encoder = ASN1CharStrConvMap.getDefault().getEncoder(DerValue.tag_IA5String); - if (encoder == null) throw new IOException("No encoder for IA5String"); + if (encoder == null) + throw new IOException("No encoder for IA5String"); CharBuffer charBuffer = CharBuffer.wrap(valueString.toCharArray()); ByteBuffer byteBuffer = encoder.encode(charBuffer); return new DerValue(DerValue.tag_IA5String, - byteBuffer.array(), byteBuffer.arrayOffset(), byteBuffer.limit()); + byteBuffer.array(), byteBuffer.arrayOffset(), byteBuffer.limit()); } catch (CharacterCodingException e) { throw new IllegalArgumentException("Invalid IA5String AVA Value string"); @@ -91,14 +90,13 @@ public class IA5StringConverter implements AVAValueConverter * to a IA5String DER value. */ public DerValue getValue(byte[] berStream) - throws IOException - { - DerValue value = new DerValue(berStream); - if (value.tag == DerValue.tag_IA5String) - return value; - if (value.tag == DerValue.tag_PrintableString) - return value; - throw new IOException("Invalid IA5String AVA Value."); + throws IOException { + DerValue value = new DerValue(berStream); + if (value.tag == DerValue.tag_IA5String) + return value; + if (value.tag == DerValue.tag_PrintableString) + return value; + throw new IOException("Invalid IA5String AVA Value."); } /* @@ -113,14 +111,13 @@ public class IA5StringConverter implements AVAValueConverter * The DerValue cannot be converted to a string * with IA5String characters. */ - public String getAsString(DerValue avaValue) - throws IOException - { - if (avaValue.tag == DerValue.tag_IA5String) - return avaValue.getIA5String(); - if (avaValue.tag == DerValue.tag_PrintableString) - return avaValue.getPrintableString(); - throw new IOException("Invalid IA5String AVA Value."); + public String getAsString(DerValue avaValue) + throws IOException { + if (avaValue.tag == DerValue.tag_IA5String) + return avaValue.getIA5String(); + if (avaValue.tag == DerValue.tag_PrintableString) + return avaValue.getPrintableString(); + throw new IOException("Invalid IA5String AVA Value."); } } diff --git a/pki/base/util/src/netscape/security/x509/IPAddressName.java b/pki/base/util/src/netscape/security/x509/IPAddressName.java index 510a4f5a..75b5bc56 100644 --- a/pki/base/util/src/netscape/security/x509/IPAddressName.java +++ b/pki/base/util/src/netscape/security/x509/IPAddressName.java @@ -26,13 +26,13 @@ import netscape.security.util.DerValue; /** * This class implements the IPAddressName as required by the GeneralNames * ASN.1 object. - * + * * @see GeneralName * @see GeneralNameInterface * @see GeneralNames - * + * * @version 1.2 - * + * * @author Amit Kapoor * @author Hemma Prafullchandra */ @@ -45,7 +45,7 @@ public class IPAddressName implements GeneralNameInterface { /** * Create the IPAddressName object from the passed encoded Der value. - * + * * @param derValue the encoded DER IPAddressName. * @exception IOException on error. */ @@ -55,7 +55,7 @@ public class IPAddressName implements GeneralNameInterface { /** * Create the IPAddressName object with the specified name. - * + * * @param name the IPAddressName. */ public IPAddressName(byte[] address) { @@ -69,54 +69,51 @@ public class IPAddressName implements GeneralNameInterface { /** * Create the IPAddressName object with a string representing the - * ip address and a string representing the netmask, with encoding + * ip address and a string representing the netmask, with encoding * having ip address encoding followed by the netmask encoding. * This form is needed for name constraints extension. - * + * * @param s the ip address in the format: n.n.n.n or x:x:x:x:x:x:x:x (RFC 1884) * @param netmask the netmask address in the format: n.n.n.n or x:x:x:x:x:x:x:x (RFC 1884) */ - public IPAddressName(String s, String netmask) - { - // Based on PKIX RFC2459. IPAddress has - // 8 bytes (instead of 4 bytes) in the - // context of NameConstraints - IPAddr ipAddr = null; - if (s.indexOf(':') != -1) { - ipAddr = IPv6; - address = new byte[IPv6_LEN*2]; - } else { - ipAddr = IPv4; - address = new byte[IPv4_LEN*2]; - } - StringTokenizer st = new StringTokenizer(s,","); - int numFilled = ipAddr.getIPAddr(st.nextToken(), address, 0); - if (st.hasMoreTokens()) { - ipAddr.getIPAddr(st.nextToken(), address, numFilled); - } - else { - for (int i=numFilled; i < address.length; i++) - address[i] = (byte)0xff; - } + public IPAddressName(String s, String netmask) { + // Based on PKIX RFC2459. IPAddress has + // 8 bytes (instead of 4 bytes) in the + // context of NameConstraints + IPAddr ipAddr = null; + if (s.indexOf(':') != -1) { + ipAddr = IPv6; + address = new byte[IPv6_LEN * 2]; + } else { + ipAddr = IPv4; + address = new byte[IPv4_LEN * 2]; + } + StringTokenizer st = new StringTokenizer(s, ","); + int numFilled = ipAddr.getIPAddr(st.nextToken(), address, 0); + if (st.hasMoreTokens()) { + ipAddr.getIPAddr(st.nextToken(), address, numFilled); + } else { + for (int i = numFilled; i < address.length; i++) + address[i] = (byte) 0xff; + } } - /** * Create the IPAddressName object with a string representing the * ip address. - * + * * @param s the ip address in the format: n.n.n.n or x:x:x:x:x:x:x:x */ public IPAddressName(String s) { - IPAddr ipAddr = null; - if (s.indexOf(':') != -1) { - ipAddr = IPv6; - address = new byte[IPv6_LEN]; - } else { - ipAddr = IPv4; - address = new byte[IPv4_LEN]; - } - ipAddr.getIPAddr(s, address, 0); + IPAddr ipAddr = null; + if (s.indexOf(':') != -1) { + ipAddr = IPv6; + address = new byte[IPv6_LEN]; + } else { + ipAddr = IPv4; + address = new byte[IPv4_LEN]; + } + ipAddr.getIPAddr(s, address, 0); } /** @@ -128,7 +125,7 @@ public class IPAddressName implements GeneralNameInterface { /** * Encode the IPAddress name into the DerOutputStream. - * + * * @param out the DER stream to encode the IPAddressName to. * @exception IOException on encoding errors. */ @@ -142,137 +139,139 @@ public class IPAddressName implements GeneralNameInterface { public String toString() { if (address.length == 4) { return ("IPAddress: " + (address[0] & 0xff) + "." - + (address[1] & 0xff) + "." - + (address[2] & 0xff) + "." - + (address[3] & 0xff)); + + (address[1] & 0xff) + "." + + (address[2] & 0xff) + "." + (address[3] & 0xff)); } else { - String r= "IPAddress: " + Integer.toHexString(address[0] & 0xff); + String r = "IPAddress: " + Integer.toHexString(address[0] & 0xff); String hexString = Integer.toHexString(address[1] & 0xff); - if (hexString.length() ==1) { - r = r+ "0" + hexString; + if (hexString.length() == 1) { + r = r + "0" + hexString; } else { r += hexString; } - for (int i=2; i < address.length; ) { - r+= ":" + Integer.toHexString(address[i] & 0xff); - hexString = Integer.toHexString(address[i+1] & 0xff); - if (hexString.length() ==1) { - r = r +"0" + hexString; + for (int i = 2; i < address.length;) { + r += ":" + Integer.toHexString(address[i] & 0xff); + hexString = Integer.toHexString(address[i + 1] & 0xff); + if (hexString.length() == 1) { + r = r + "0" + hexString; } else { r += hexString; } - i+=2; + i += 2; } return r; } } } -interface IPAddr -{ - public int getIPAddr(String s, byte[] address, int start); - public int getLength(); +interface IPAddr { + public int getIPAddr(String s, byte[] address, int start); + + public int getLength(); } -class IPv4Addr implements IPAddr -{ - protected static final int IPv4_LEN = 4; +class IPv4Addr implements IPAddr { + protected static final int IPv4_LEN = 4; - /** - * Gets an IP v4 address in the form n.n.n.n. - */ - public int getIPAddr(String s, byte[] address, int start) { - StringTokenizer st = new StringTokenizer(s,"."); - int nt = st.countTokens(); - if (nt != IPv4_LEN) - throw new InvalidIPAddressException(s); - try { - int end = start+nt; - for (int i=start; i<end; i++) { - Integer j = new Integer(st.nextToken()); - address[i] = (byte)j.intValue(); - } - } catch (NumberFormatException e) { - throw new InvalidIPAddressException(s); - } - return nt; - } + /** + * Gets an IP v4 address in the form n.n.n.n. + */ + public int getIPAddr(String s, byte[] address, int start) { + StringTokenizer st = new StringTokenizer(s, "."); + int nt = st.countTokens(); + if (nt != IPv4_LEN) + throw new InvalidIPAddressException(s); + try { + int end = start + nt; + for (int i = start; i < end; i++) { + Integer j = new Integer(st.nextToken()); + address[i] = (byte) j.intValue(); + } + } catch (NumberFormatException e) { + throw new InvalidIPAddressException(s); + } + return nt; + } - public int getLength() { return IPv4_LEN; } + public int getLength() { + return IPv4_LEN; + } } -class IPv6Addr implements IPAddr -{ - /** - * Gets an IP address in the forms as defined in RFC1884:<br> - * <ul> - * <li>x:x:x:x:x:x:x:x - * <li>...::xxx (using :: shorthand) - * <li>...:n.n.n.n (with n.n.n.n at the end) - * </ul> - */ - public int getIPAddr(String s, byte[] address, int start) { - int lastcolon = -2; - int end = start+16; - int idx = start; - for (int i = start; i < address.length; i++) - address[i] = 0; - if (s.indexOf('.') != -1) { // has n.n.n.n at the end - lastcolon = s.lastIndexOf(':'); - if (lastcolon == -1) - throw new InvalidIPAddressException(s); - end -= 4; - IPAddressName.IPv4.getIPAddr( - s.substring(lastcolon+1), address, end); - } - try { - String s1 = s; - if (lastcolon != -2) - s1 = s.substring(0, lastcolon+1); - int lastDoubleColon = s1.indexOf("::"); - String l = s1, r = null; - StringTokenizer lt = null, rt = null; - if (lastDoubleColon != -1) { - l = s1.substring(0, lastDoubleColon); - r = s1.substring(lastDoubleColon+2); - if (l.length() == 0) l = null; - if (r.length() == 0) r = null; - } - int at = 0; - if (l != null) { - lt = new StringTokenizer(l,":", false); - at += lt.countTokens(); - } - if (r != null) { - rt = new StringTokenizer(r,":", false); - at += rt.countTokens(); - } - if (at > 8 || - (lastcolon!=-2 && (at>6 || (lastDoubleColon==-1 && at!=6)))) - throw new InvalidIPAddressException(s); - if (l != null) { - while(lt.hasMoreTokens()) { - String tok = lt.nextToken(); - int j = Integer.parseInt(tok, 16); - address[idx++] = (byte)((j>>8) & 0xFF); - address[idx++] = (byte)(j & 0xFF); - } - } - if (r != null) { - idx = end-(rt.countTokens()*2); - while(rt.hasMoreTokens()) { - String tok = rt.nextToken(); - int j = Integer.parseInt(tok, 16); - address[idx++] = (byte)((j>>8) & 0xFF); - address[idx++] = (byte)(j & 0xFF); - } - } - } catch (NumberFormatException e) { - throw new InvalidIPAddressException(s); - } - return 16; - } +class IPv6Addr implements IPAddr { + /** + * Gets an IP address in the forms as defined in RFC1884:<br> + * <ul> + * <li>x:x:x:x:x:x:x:x + * <li>...::xxx (using :: shorthand) + * <li>...:n.n.n.n (with n.n.n.n at the end) + * </ul> + */ + public int getIPAddr(String s, byte[] address, int start) { + int lastcolon = -2; + int end = start + 16; + int idx = start; + for (int i = start; i < address.length; i++) + address[i] = 0; + if (s.indexOf('.') != -1) { // has n.n.n.n at the end + lastcolon = s.lastIndexOf(':'); + if (lastcolon == -1) + throw new InvalidIPAddressException(s); + end -= 4; + IPAddressName.IPv4.getIPAddr( + s.substring(lastcolon + 1), address, end); + } + try { + String s1 = s; + if (lastcolon != -2) + s1 = s.substring(0, lastcolon + 1); + int lastDoubleColon = s1.indexOf("::"); + String l = s1, r = null; + StringTokenizer lt = null, rt = null; + if (lastDoubleColon != -1) { + l = s1.substring(0, lastDoubleColon); + r = s1.substring(lastDoubleColon + 2); + if (l.length() == 0) + l = null; + if (r.length() == 0) + r = null; + } + int at = 0; + if (l != null) { + lt = new StringTokenizer(l, ":", false); + at += lt.countTokens(); + } + if (r != null) { + rt = new StringTokenizer(r, ":", false); + at += rt.countTokens(); + } + if (at > 8 || + (lastcolon != -2 && (at > 6 || (lastDoubleColon == -1 && at != 6)))) + throw new InvalidIPAddressException(s); + if (l != null) { + while (lt.hasMoreTokens()) { + String tok = lt.nextToken(); + int j = Integer.parseInt(tok, 16); + address[idx++] = (byte) ((j >> 8) & 0xFF); + address[idx++] = (byte) (j & 0xFF); + } + } + if (r != null) { + idx = end - (rt.countTokens() * 2); + while (rt.hasMoreTokens()) { + String tok = rt.nextToken(); + int j = Integer.parseInt(tok, 16); + address[idx++] = (byte) ((j >> 8) & 0xFF); + address[idx++] = (byte) (j & 0xFF); + } + } + } catch (NumberFormatException e) { + throw new InvalidIPAddressException(s); + } + return 16; + } - public int getLength() { return 16; } + public int getLength() { + return 16; + } } - diff --git a/pki/base/util/src/netscape/security/x509/InvalidIPAddressException.java b/pki/base/util/src/netscape/security/x509/InvalidIPAddressException.java index d58ff896..f544df20 100644 --- a/pki/base/util/src/netscape/security/x509/InvalidIPAddressException.java +++ b/pki/base/util/src/netscape/security/x509/InvalidIPAddressException.java @@ -17,16 +17,17 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.x509; -public class InvalidIPAddressException extends RuntimeException -{ - /** +public class InvalidIPAddressException extends RuntimeException { + /** * */ private static final long serialVersionUID = -1601934234587845028L; + public InvalidIPAddressException() { - super(); - } - public InvalidIPAddressException(String ip) { - super("Invalid IP Address '"+ip+"'"); - } + super(); + } + + public InvalidIPAddressException(String ip) { + super("Invalid IP Address '" + ip + "'"); + } } diff --git a/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java b/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java index 30909664..3f84dee7 100755 --- a/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java +++ b/pki/base/util/src/netscape/security/x509/InvalidityDateExtension.java @@ -30,22 +30,18 @@ import netscape.security.util.DerInputStream; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * Represent the CRL Invalidity Date Extension. - * - * <p>This CRL entry extension, if present, provides the date - * on which it is known or suspected that the private key was - * compromised or that the certificate otherwise became invalid. - * Invalidity date may be earlier than the revocation date. - * + * + * <p> + * This CRL entry extension, if present, provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid. Invalidity date may be earlier than the revocation date. + * * @see Extension * @see CertAttrSet */ - public class InvalidityDateExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * @@ -61,14 +57,14 @@ implements CertAttrSet { */ public static final String OID = "2.5.29.24"; - private Date invalidityDate = null; static { try { OIDMap.addAttribute(InvalidityDateExtension.class.getName(), OID, InvalidityDateExtension.class.getSimpleName()); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } } // Encode this extension value @@ -83,12 +79,11 @@ implements CertAttrSet { /** * Create a InvalidityDateExtension with the date. * The criticality is set to false. - * + * * @param dateOfInvalidity the value to be set for the extension. */ public InvalidityDateExtension(Date dateOfInvalidity) - throws IOException - { + throws IOException { this.invalidityDate = dateOfInvalidity; this.extensionId = PKIXExtensions.InvalidityDate_Id; this.critical = false; @@ -98,13 +93,12 @@ implements CertAttrSet { /** * Create a InvalidityDateExtension with the date. * The criticality is set to false. - * + * * @param critical true if the extension is to be treated as critical. * @param dateOfInvalidity the value to be set for the extension. */ public InvalidityDateExtension(Boolean critical, Date dateOfInvalidity) - throws IOException - { + throws IOException { this.invalidityDate = dateOfInvalidity; this.extensionId = PKIXExtensions.InvalidityDate_Id; this.critical = critical.booleanValue(); @@ -113,14 +107,13 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public InvalidityDateExtension(Boolean critical, Object value) - throws IOException - { + throws IOException { this.extensionId = PKIXExtensions.InvalidityDate_Id; this.critical = critical.booleanValue(); @@ -142,8 +135,7 @@ implements CertAttrSet { /** * Get the invalidity date. */ - public Date getInvalidityDate() - { + public Date getInvalidityDate() { return invalidityDate; } @@ -155,9 +147,9 @@ implements CertAttrSet { if (!(obj instanceof Date)) { throw new IOException("Attribute must be of type Date."); } - invalidityDate = (Date)obj; - } else { - throw new IOException("Attribute name not recognized by"+ + invalidityDate = (Date) obj; + } else { + throw new IOException("Attribute name not recognized by" + " CertAttrSet:InvalidityDate."); } } @@ -167,10 +159,12 @@ implements CertAttrSet { */ public Object get(String name) throws IOException { if (name.equalsIgnoreCase(INVALIDITY_DATE)) { - if (invalidityDate == null) return null; - else return invalidityDate; + if (invalidityDate == null) + return null; + else + return invalidityDate; } else { - throw new IOException("Attribute name not recognized by"+ + throw new IOException("Attribute name not recognized by" + " CertAttrSet:InvalidityDate."); } } @@ -182,7 +176,7 @@ implements CertAttrSet { if (name.equalsIgnoreCase(INVALIDITY_DATE)) { invalidityDate = null; } else { - throw new IOException("Attribute name not recognized by"+ + throw new IOException("Attribute name not recognized by" + " CertAttrSet:InvalidityDate."); } } @@ -199,7 +193,7 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -209,31 +203,30 @@ implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - - if (this.extensionValue == null) { - this.extensionId = PKIXExtensions.InvalidityDate_Id; - this.critical = true; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + DerOutputStream tmp = new DerOutputStream(); + + if (this.extensionValue == null) { + this.extensionId = PKIXExtensions.InvalidityDate_Id; + this.critical = true; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(INVALIDITY_DATE); return (elements.elements()); } } - diff --git a/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java b/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java index eeb05c91..d2264251 100644 --- a/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java +++ b/pki/base/util/src/netscape/security/x509/IssuerAlternativeNameExtension.java @@ -29,15 +29,13 @@ import netscape.security.util.DerValue; /** * This represents the Issuer Alternative Name Extension. - * + * * This extension, if present, allows the issuer to specify multiple * alternative names. - * - * <p>Extensions are represented as a sequence of the extension identifier - * (Object Identifier), a boolean flag stating whether the extension is to - * be treated as being critical and the extension value itself (this is again - * a DER encoding of the extension value). - * + * + * <p> + * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value). + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.7 @@ -45,7 +43,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class IssuerAlternativeNameExtension -extends Extension implements CertAttrSet { + extends Extension implements CertAttrSet { /** * */ @@ -53,7 +51,7 @@ extends Extension implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.IssuerAlternativeName"; /** @@ -62,7 +60,7 @@ extends Extension implements CertAttrSet { public static final String ISSUER_NAME = "issuer_name"; // private data members - GeneralNames names; + GeneralNames names; // Encode this extension private void encodeThis() throws IOException { @@ -77,13 +75,13 @@ extends Extension implements CertAttrSet { /** * Create a IssuerAlternativeNameExtension with the passed GeneralNames. - * + * * @param critical true if the extension is to be treated as critical. * @param names the GeneralNames for the issuer. * @exception IOException on error. */ public IssuerAlternativeNameExtension(Boolean critical, GeneralNames names) - throws IOException { + throws IOException { this.names = names; this.extensionId = PKIXExtensions.IssuerAlternativeName_Id; this.critical = critical.booleanValue(); @@ -92,12 +90,12 @@ extends Extension implements CertAttrSet { /** * Create a IssuerAlternativeNameExtension with the passed GeneralNames. - * + * * @param names the GeneralNames for the issuer. * @exception IOException on error. */ public IssuerAlternativeNameExtension(GeneralNames names) - throws IOException { + throws IOException { this.names = names; this.extensionId = PKIXExtensions.IssuerAlternativeName_Id; this.critical = false; @@ -115,21 +113,21 @@ extends Extension implements CertAttrSet { /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public IssuerAlternativeNameExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.IssuerAlternativeName_Id; this.critical = critical.booleanValue(); int len = Array.getLength(value); - byte[] extValue = new byte[len]; - for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); - } + byte[] extValue = new byte[len]; + for (int i = 0; i < len; i++) { + extValue[i] = Array.getByte(value, i); + } this.extensionValue = extValue; DerValue val = new DerValue(extValue); try { @@ -138,21 +136,22 @@ extends Extension implements CertAttrSet { throw new IOException("IssuerAlternativeNameExtension" + e.toString()); } - } - - /** - * Returns a printable representation of the IssuerAlternativeName. - */ - public String toString() { - if (names == null) return ""; - String s = super.toString() + "IssuerAlternativeName [\n" + } + + /** + * Returns a printable representation of the IssuerAlternativeName. + */ + public String toString() { + if (names == null) + return ""; + String s = super.toString() + "IssuerAlternativeName [\n" + names.toString() + "]\n"; - return (s); - } + return (s); + } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -162,19 +161,19 @@ extends Extension implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding error. */ public void encode(OutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); - if (extensionValue == null) { + if (extensionValue == null) { extensionId = PKIXExtensions.IssuerAlternativeName_Id; - critical = false; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + critical = false; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** @@ -182,40 +181,40 @@ extends Extension implements CertAttrSet { */ public void set(String name, Object obj) throws IOException { clearValue(); - if (name.equalsIgnoreCase(ISSUER_NAME)) { - if (!(obj instanceof GeneralNames)) { - throw new IOException("Attribute value should be of" + + if (name.equalsIgnoreCase(ISSUER_NAME)) { + if (!(obj instanceof GeneralNames)) { + throw new IOException("Attribute value should be of" + " type GeneralNames."); - } - names = (GeneralNames)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuerAlternativeName."); - } + } + names = (GeneralNames) obj; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuerAlternativeName."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(ISSUER_NAME)) { - return (names); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuerAlternativeName."); - } + if (name.equalsIgnoreCase(ISSUER_NAME)) { + return (names); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuerAlternativeName."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(ISSUER_NAME)) { - names = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuerAlternativeName."); - } + if (name.equalsIgnoreCase(ISSUER_NAME)) { + names = null; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuerAlternativeName."); + } } /** @@ -226,7 +225,7 @@ extends Extension implements CertAttrSet { Vector<String> elements = new Vector<String>(); elements.addElement(ISSUER_NAME); - return (elements.elements()); + return (elements.elements()); } } diff --git a/pki/base/util/src/netscape/security/x509/IssuingDistributionPoint.java b/pki/base/util/src/netscape/security/x509/IssuingDistributionPoint.java index 090b0cb3..0f0747f8 100644 --- a/pki/base/util/src/netscape/security/x509/IssuingDistributionPoint.java +++ b/pki/base/util/src/netscape/security/x509/IssuingDistributionPoint.java @@ -42,11 +42,11 @@ import org.mozilla.jss.asn1.Tag; * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, * onlySomeReasons [3] ReasonFlags OPTIONAL, * indirectCRL [4] BOOLEAN DEFAULT FALSE } - * + * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * + * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), @@ -55,9 +55,9 @@ import org.mozilla.jss.asn1.Tag; * superseded (4), * cessationOfOperation (5), * certificateHold (6) } - * + * * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * + * * GeneralName ::= CHOICE { * otherName [0] OtherName, * rfc822Name [1] IA5String, @@ -68,87 +68,84 @@ import org.mozilla.jss.asn1.Tag; * uniformResourceIdentifier [6] IA5String, * iPAddress [7] OCTET STRING, * registeredID [8] OBJECT IDENTIFIER} - * + * * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } - * + * * EDIPartyName ::= SEQUENCE { * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } - * + * * RelativeDistinguishedName ::= * SET OF AttributeTypeAndValue - * + * * AttributeTypeAndValue ::= SEQUENCE { * type AttributeType, * value AttributeValue } - * + * * AttributeType ::= OBJECT IDENTIFIER - * + * * AttributeValue ::= ANY DEFINED BY AttributeType * </pre> + * * See the documentation in <code>CRLDistributionPoint</code> for - * the <code>DistributionPointName</code> and <code>ReasonFlags</code> - * ASN.1 types. + * the <code>DistributionPointName</code> and <code>ReasonFlags</code> ASN.1 types. */ public class IssuingDistributionPoint implements ASN1Value { // at most one of the following two may be specified. One or both can // be null. - private GeneralNames fullName=null; - private RDN relativeName=null; + private GeneralNames fullName = null; + private RDN relativeName = null; - private boolean onlyContainsUserCerts=false; // DEFAULT FALSE - private boolean onlyContainsCACerts=false; // DEFAULT FALSE - private BitArray onlySomeReasons=null; // optional, may be null - private boolean indirectCRL=false; // DEFAULT FALSE + private boolean onlyContainsUserCerts = false; // DEFAULT FALSE + private boolean onlyContainsCACerts = false; // DEFAULT FALSE + private BitArray onlySomeReasons = null; // optional, may be null + private boolean indirectCRL = false; // DEFAULT FALSE // cache encoding of fullName private ANY fullNameEncoding; /** - * Returns the <code>fullName</code> of the - * <code>DistributionPointName</code>, which may be <code>null</code>. + * Returns the <code>fullName</code> of the <code>DistributionPointName</code>, which may be <code>null</code>. */ public GeneralNames getFullName() { return fullName; } /** - * Returns the <code>relativeName</code> of the - * <code>DistributionPointName</code>, which may be <code>null</code>. + * Returns the <code>relativeName</code> of the <code>DistributionPointName</code>, which may be <code>null</code>. */ public RDN getRelativeName() { return relativeName; } /** - * Sets the <code>fullName</code> of the - * <code>DistributionPointName</code>. It may be set to <code>null</code>. + * Sets the <code>fullName</code> of the <code>DistributionPointName</code>. It may be set to <code>null</code>. * If it is set to a non-null value, <code>relativeName</code> will be * set to <code>null</code>, because at most one of these two attributes * can be specified at a time. + * * @exception GeneralNamesException If an error occurs encoding the - * name. + * name. */ public void setFullName(GeneralNames fullName) - throws GeneralNamesException, IOException - { + throws GeneralNamesException, IOException { this.fullName = fullName; - if( fullName != null ) { + if (fullName != null) { // encode the name to catch any problems with it DerOutputStream derOut = new DerOutputStream(); fullName.encode(derOut); try { ANY raw = new ANY(derOut.toByteArray()); ByteArrayOutputStream bos = new ByteArrayOutputStream(); - raw.encodeWithAlternateTag( Tag.get(0), bos ); - fullNameEncoding = new ANY( bos.toByteArray() ); - } catch(InvalidBERException e) { + raw.encodeWithAlternateTag(Tag.get(0), bos); + fullNameEncoding = new ANY(bos.toByteArray()); + } catch (InvalidBERException e) { // assume this won't happen, since it would imply a bug // in DerOutputStream - throw new GeneralNamesException( e.toString() ); + throw new GeneralNamesException(e.toString()); } this.relativeName = null; @@ -156,15 +153,14 @@ public class IssuingDistributionPoint implements ASN1Value { } /** - * Sets the <code>relativeName</code> of the - * <code>DistributionPointName</code>. It may be set to <code>null</code>. + * Sets the <code>relativeName</code> of the <code>DistributionPointName</code>. It may be set to <code>null</code>. * If it is set to a non-null value, <code>fullName</code> will be * set to <code>null</code>, because at most one of these two attributes * can be specified at a time. */ public void setRelativeName(RDN relativeName) { this.relativeName = relativeName; - if( relativeName != null ) { + if (relativeName != null) { this.fullName = null; } } @@ -186,16 +182,14 @@ public class IssuingDistributionPoint implements ASN1Value { } /** - * Returns the reason flags for this distribution point. May be - * <code>null</code>. + * Returns the reason flags for this distribution point. May be <code>null</code>. */ public BitArray getOnlySomeReasons() { return onlySomeReasons; } /** - * Sets the reason flags for this distribution point. May be set to - * <code>null</code>. + * Sets the reason flags for this distribution point. May be set to <code>null</code>. */ public void setOnlySomeReasons(BitArray reasons) { this.onlySomeReasons = reasons; @@ -209,7 +203,6 @@ public class IssuingDistributionPoint implements ASN1Value { indirectCRL = b; } - ///////////////////////////////////////////////////////////// // DER encoding ///////////////////////////////////////////////////////////// @@ -224,101 +217,99 @@ public class IssuingDistributionPoint implements ASN1Value { } public void encode(Tag implicitTag, OutputStream ostream) - throws IOException - { + throws IOException { SEQUENCE seq = new SEQUENCE(); DerOutputStream derOut; - try { - - // Encodes the DistributionPointName. Because DistributionPointName - // is a CHOICE, the [0] tag is forced to be EXPLICIT. - if( fullName != null ) { - EXPLICIT distPoint = new EXPLICIT( Tag.get(0), fullNameEncoding); - seq.addElement( distPoint ); - } else if( relativeName != null ) { - derOut = new DerOutputStream(); - relativeName.encode(derOut); - ANY raw = new ANY(derOut.toByteArray()); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - raw.encodeWithAlternateTag( Tag.get(1), bos ); - ANY distPointName = new ANY(bos.toByteArray()); - EXPLICIT distPoint = new EXPLICIT( Tag.get(0), distPointName); - seq.addElement( distPoint ); - } + try { - if( onlyContainsUserCerts != false ) { - seq.addElement( Tag.get(1), new BOOLEAN(true)); - } - if( onlyContainsCACerts != false ) { - seq.addElement( Tag.get(2), new BOOLEAN(true)); - } + // Encodes the DistributionPointName. Because DistributionPointName + // is a CHOICE, the [0] tag is forced to be EXPLICIT. + if (fullName != null) { + EXPLICIT distPoint = new EXPLICIT(Tag.get(0), fullNameEncoding); + seq.addElement(distPoint); + } else if (relativeName != null) { + derOut = new DerOutputStream(); + relativeName.encode(derOut); + ANY raw = new ANY(derOut.toByteArray()); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + raw.encodeWithAlternateTag(Tag.get(1), bos); + ANY distPointName = new ANY(bos.toByteArray()); + EXPLICIT distPoint = new EXPLICIT(Tag.get(0), distPointName); + seq.addElement(distPoint); + } - // Encodes the ReasonFlags. - if( onlySomeReasons != null ) { - derOut = new DerOutputStream(); - derOut.putUnalignedBitString(onlySomeReasons); - ANY raw = new ANY(derOut.toByteArray()); - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - raw.encodeWithAlternateTag(Tag.get(3), bos); - ANY reasonEncoding = new ANY(bos.toByteArray()); - seq.addElement( reasonEncoding); - } + if (onlyContainsUserCerts != false) { + seq.addElement(Tag.get(1), new BOOLEAN(true)); + } + if (onlyContainsCACerts != false) { + seq.addElement(Tag.get(2), new BOOLEAN(true)); + } - if( indirectCRL != false ) { - seq.addElement( Tag.get(4), new BOOLEAN(true)); - } + // Encodes the ReasonFlags. + if (onlySomeReasons != null) { + derOut = new DerOutputStream(); + derOut.putUnalignedBitString(onlySomeReasons); + ANY raw = new ANY(derOut.toByteArray()); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + raw.encodeWithAlternateTag(Tag.get(3), bos); + ANY reasonEncoding = new ANY(bos.toByteArray()); + seq.addElement(reasonEncoding); + } + + if (indirectCRL != false) { + seq.addElement(Tag.get(4), new BOOLEAN(true)); + } - seq.encode(implicitTag, ostream); + seq.encode(implicitTag, ostream); - } catch(InvalidBERException e) { + } catch (InvalidBERException e) { // this shouldn't happen unless there is a bug in one of // the Sun encoding classes throw new IOException(e.toString()); - } + } } public static void main(String args[]) { - try { - if(args.length != 1) { - System.out.println("Usage: IssuingDistributionPoint <outfile>"); - System.exit(-1); - } + try { + if (args.length != 1) { + System.out.println("Usage: IssuingDistributionPoint <outfile>"); + System.exit(-1); + } - BufferedOutputStream bos = new BufferedOutputStream( - new FileOutputStream(args[0])); - - SEQUENCE idps = new SEQUENCE(); - - IssuingDistributionPoint idp = new IssuingDistributionPoint(); - - X500Name dn = new X500Name("CN=Skovw Wjasldk,E=nicolson@netscape.com"+ - ",OU=Certificate Server,O=Netscape,C=US"); - GeneralNames generalNames = new GeneralNames(); - generalNames.addElement(dn); - idp.setFullName(generalNames); - idps.addElement(idp); - - idp = new IssuingDistributionPoint(); - URIName uri = new URIName("http://www.mycrl.com/go/here"); - generalNames = new GeneralNames(); - generalNames.addElement(uri); - idp.setFullName(generalNames); - idp.setOnlyContainsUserCerts(true); - idp.setOnlyContainsCACerts(true); - idp.setIndirectCRL(true); - BitArray ba = new BitArray(5, new byte[] {(byte)0x28} ); - idp.setOnlySomeReasons(ba); - idps.addElement(idp); - - idps.encode(bos); - bos.close(); - } catch(Exception e) { - e.printStackTrace(); - } + BufferedOutputStream bos = new BufferedOutputStream( + new FileOutputStream(args[0])); + + SEQUENCE idps = new SEQUENCE(); + + IssuingDistributionPoint idp = new IssuingDistributionPoint(); + + X500Name dn = new X500Name("CN=Skovw Wjasldk,E=nicolson@netscape.com" + + ",OU=Certificate Server,O=Netscape,C=US"); + GeneralNames generalNames = new GeneralNames(); + generalNames.addElement(dn); + idp.setFullName(generalNames); + idps.addElement(idp); + + idp = new IssuingDistributionPoint(); + URIName uri = new URIName("http://www.mycrl.com/go/here"); + generalNames = new GeneralNames(); + generalNames.addElement(uri); + idp.setFullName(generalNames); + idp.setOnlyContainsUserCerts(true); + idp.setOnlyContainsCACerts(true); + idp.setIndirectCRL(true); + BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 }); + idp.setOnlySomeReasons(ba); + idps.addElement(idp); + + idps.encode(bos); + bos.close(); + } catch (Exception e) { + e.printStackTrace(); + } } } - diff --git a/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java b/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java index 2477591e..6a3d16b4 100644 --- a/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java +++ b/pki/base/util/src/netscape/security/x509/IssuingDistributionPointExtension.java @@ -35,7 +35,7 @@ import org.mozilla.jss.asn1.ASN1Util; /** * A critical CRL extension that identifies the CRL distribution point * for a particular CRL - * + * * <pre> * issuingDistributionPoint ::= SEQUENCE { * distributionPoint [0] DistributionPointName OPTIONAL, @@ -43,11 +43,11 @@ import org.mozilla.jss.asn1.ASN1Util; * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, * onlySomeReasons [3] ReasonFlags OPTIONAL, * indirectCRL [4] BOOLEAN DEFAULT FALSE } - * + * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - * + * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), @@ -56,9 +56,9 @@ import org.mozilla.jss.asn1.ASN1Util; * superseded (4), * cessationOfOperation (5), * certificateHold (6) } - * + * * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - * + * * GeneralName ::= CHOICE { * otherName [0] OtherName, * rfc822Name [1] IA5String, @@ -69,30 +69,29 @@ import org.mozilla.jss.asn1.ASN1Util; * uniformResourceIdentifier [6] IA5String, * iPAddress [7] OCTET STRING, * registeredID [8] OBJECT IDENTIFIER} - * + * * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } - * + * * EDIPartyName ::= SEQUENCE { * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString } - * + * * RelativeDistinguishedName ::= * SET OF AttributeTypeAndValue - * + * * AttributeTypeAndValue ::= SEQUENCE { * type AttributeType, * value AttributeValue } - * + * * AttributeType ::= OBJECT IDENTIFIER - * + * * AttributeValue ::= ANY DEFINED BY AttributeType * </pre> */ public class IssuingDistributionPointExtension extends Extension - implements CertAttrSet -{ + implements CertAttrSet { /** * */ @@ -112,27 +111,26 @@ public class IssuingDistributionPointExtension extends Extension private IssuingDistributionPoint issuingDistributionPoint = null; // Cached DER-encoding to improve performance. - private byte[] cachedEncoding=null; - + private byte[] cachedEncoding = null; static { try { OIDMap.addAttribute(IssuingDistributionPointExtension.class.getName(), OID, IssuingDistributionPointExtension.class.getSimpleName()); - } catch (CertificateException e) {} + } catch (CertificateException e) { + } } - /** * This constructor is very important, since it will be called * by the system. */ public IssuingDistributionPointExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.IssuingDistributionPoint_Id; this.critical = critical.booleanValue(); - this.extensionValue = (byte[])((byte[])value).clone(); + this.extensionValue = (byte[]) ((byte[]) value).clone(); byte[] extValue = this.extensionValue; issuingDistributionPoint = new IssuingDistributionPoint(); @@ -146,14 +144,14 @@ public class IssuingDistributionPointExtension extends Extension if (opt != null) { for (int i = 0; i < 5; i++) { - if (opt.isContextSpecific((byte)i)) { + if (opt.isContextSpecific((byte) i)) { if ((i == 0 && opt.isConstructed() && opt.data.available() != 0) || - (i != 0 && (!opt.isConstructed()) && opt.data.available() != 0)) { + (i != 0 && (!opt.isConstructed()) && opt.data.available() != 0)) { if (i == 0) { DerValue opt1 = opt.data.getDerValue(); if (opt1 != null) { - if (opt1.isContextSpecific((byte)0)) { + if (opt1.isContextSpecific((byte) 0)) { if (opt1.isConstructed() && opt1.data.available() != 0) { opt1.resetTag(DerValue.tag_Sequence); @@ -163,15 +161,15 @@ public class IssuingDistributionPointExtension extends Extension issuingDistributionPoint.setFullName(fullName); } } catch (GeneralNamesException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException("Invalid encoding of IssuingDistributionPoint " + e); } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException("Invalid encoding of IssuingDistributionPoint " + e); } } else { throw new IOException("Invalid encoding of IssuingDistributionPoint"); } - } else if (opt1.isContextSpecific((byte)1)) { + } else if (opt1.isContextSpecific((byte) 1)) { if (opt1.isConstructed() && opt1.data.available() != 0) { opt1.resetTag(DerValue.tag_Set); @@ -181,7 +179,7 @@ public class IssuingDistributionPointExtension extends Extension issuingDistributionPoint.setRelativeName(relativeName); } } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException("Invalid encoding of IssuingDistributionPoint " + e); } } else { throw new IOException("Invalid encoding of IssuingDistributionPoint"); @@ -196,7 +194,7 @@ public class IssuingDistributionPointExtension extends Extension issuingDistributionPoint.setOnlySomeReasons(reasons); byte[] a = reasons.toByteArray(); } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException("Invalid encoding of IssuingDistributionPoint " + e); } } else { @@ -211,7 +209,7 @@ public class IssuingDistributionPointExtension extends Extension issuingDistributionPoint.setIndirectCRL(b); } } catch (IOException e) { - throw new IOException("Invalid encoding of IssuingDistributionPoint "+e); + throw new IOException("Invalid encoding of IssuingDistributionPoint " + e); } } } else { @@ -226,7 +224,6 @@ public class IssuingDistributionPointExtension extends Extension } - /** * Creates a new IssuingDistributionPoint extension, with the given * issuing distribution point as the first element. @@ -244,17 +241,17 @@ public class IssuingDistributionPointExtension extends Extension return issuingDistributionPoint; } - /** - * Sets the criticality of this extension. PKIX dictates that this + /** + * Sets the criticality of this extension. PKIX dictates that this * extension SHOULD be critical, so applications can make it not critical - * if they have a very good reason. By default, the extension is critical. + * if they have a very good reason. By default, the extension is critical. */ public void setCritical(boolean critical) { this.critical = critical; } - /** - * Gets the criticality of this extension. PKIX dictates that this + /** + * Gets the criticality of this extension. PKIX dictates that this * extension SHOULD be critical, so by default, the extension is critical. */ public boolean getCritical(boolean critical) { @@ -291,9 +288,8 @@ public class IssuingDistributionPointExtension extends Extension * DER-encodes this extension to the given OutputStream. */ public void encode(OutputStream ostream) - throws CertificateException, IOException - { - if( cachedEncoding == null ) { + throws CertificateException, IOException { + if (cachedEncoding == null) { // only re-encode if necessary DerOutputStream tmp = new DerOutputStream(); encode(tmp); @@ -303,44 +299,40 @@ public class IssuingDistributionPointExtension extends Extension } public void decode(InputStream in) - throws CertificateException, IOException - { + throws CertificateException, IOException { throw new IOException("Not supported"); } public void set(String name, Object obj) - throws CertificateException, IOException - { + throws CertificateException, IOException { if (name.equalsIgnoreCase(ISSUING_DISTRIBUTION_POINT)) { if (!(obj instanceof IssuingDistributionPoint)) { throw new IOException("Attribute value should be of type IssuingDistributionPoint."); } - issuingDistributionPoint = (IssuingDistributionPoint)obj; + issuingDistributionPoint = (IssuingDistributionPoint) obj; } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuingDistributionPointExtension"); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuingDistributionPointExtension"); } } public Object get(String name) - throws CertificateException, IOException - { + throws CertificateException, IOException { if (name.equalsIgnoreCase(ISSUING_DISTRIBUTION_POINT)) { return issuingDistributionPoint; } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuingDistributionPointExtension"); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuingDistributionPointExtension"); } } public void delete(String name) - throws CertificateException, IOException - { + throws CertificateException, IOException { if (name.equalsIgnoreCase(ISSUING_DISTRIBUTION_POINT)) { issuingDistributionPoint = null; } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:IssuingDistributionPointExtension"); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:IssuingDistributionPointExtension"); } } @@ -348,70 +340,67 @@ public class IssuingDistributionPointExtension extends Extension Vector<String> elements = new Vector<String>(); elements.addElement(ISSUING_DISTRIBUTION_POINT); return (elements.elements()); -// return (new Vector()).elements(); + // return (new Vector()).elements(); } - /** * Test driver. */ public static void main(String args[]) { - try { + try { - if( args.length != 1 ) { - System.out.println("Usage: IssuingDistributionPointExtension "+ - "<outfile>"); - System.exit(-1); - } + if (args.length != 1) { + System.out.println("Usage: IssuingDistributionPointExtension " + + "<outfile>"); + System.exit(-1); + } - BufferedOutputStream bos = new BufferedOutputStream( - new FileOutputStream(args[0]) ); - - - // URI only - IssuingDistributionPoint idp = new IssuingDistributionPoint(); - URIName uri = new URIName("http://www.mycrl.com/go/here"); - GeneralNames generalNames = new GeneralNames(); - generalNames.addElement(uri); - idp.setFullName(generalNames); - IssuingDistributionPointExtension idpExt = - new IssuingDistributionPointExtension(idp); - - // DN only - idp = new IssuingDistributionPoint(); - X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org"+ - ",OU=Certificate Server,O=Fedora,C=US"); - generalNames = new GeneralNames(); - generalNames.addElement(dn); - idp.setFullName(generalNames); - idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); - - // DN + reason - BitArray ba = new BitArray(5, new byte[] {(byte)0x28} ); - idp = new IssuingDistributionPoint(); - idp.setFullName(generalNames); - idp.setOnlySomeReasons(ba); - idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); - - - // relative DN + reason + crlIssuer - idp = new IssuingDistributionPoint(); - RDN rdn = new RDN("OU=foobar dept"); - idp.setRelativeName(rdn); - idp.setOnlySomeReasons(ba); - idp.setOnlyContainsCACerts(true); - idp.setOnlyContainsUserCerts(true); - idp.setIndirectCRL(true); - idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); - - idpExt.setCritical(false); - idpExt.encode(bos); - - bos.close(); - - } catch(Exception e) { + BufferedOutputStream bos = new BufferedOutputStream( + new FileOutputStream(args[0])); + + // URI only + IssuingDistributionPoint idp = new IssuingDistributionPoint(); + URIName uri = new URIName("http://www.mycrl.com/go/here"); + GeneralNames generalNames = new GeneralNames(); + generalNames.addElement(uri); + idp.setFullName(generalNames); + IssuingDistributionPointExtension idpExt = + new IssuingDistributionPointExtension(idp); + + // DN only + idp = new IssuingDistributionPoint(); + X500Name dn = new X500Name("CN=Otis Smith,E=otis@fedoraproject.org" + + ",OU=Certificate Server,O=Fedora,C=US"); + generalNames = new GeneralNames(); + generalNames.addElement(dn); + idp.setFullName(generalNames); + idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); + + // DN + reason + BitArray ba = new BitArray(5, new byte[] { (byte) 0x28 }); + idp = new IssuingDistributionPoint(); + idp.setFullName(generalNames); + idp.setOnlySomeReasons(ba); + idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); + + // relative DN + reason + crlIssuer + idp = new IssuingDistributionPoint(); + RDN rdn = new RDN("OU=foobar dept"); + idp.setRelativeName(rdn); + idp.setOnlySomeReasons(ba); + idp.setOnlyContainsCACerts(true); + idp.setOnlyContainsUserCerts(true); + idp.setIndirectCRL(true); + idpExt.set(IssuingDistributionPointExtension.ISSUING_DISTRIBUTION_POINT, idp); + + idpExt.setCritical(false); + idpExt.encode(bos); + + bos.close(); + + } catch (Exception e) { e.printStackTrace(); - } + } } } diff --git a/pki/base/util/src/netscape/security/x509/KeyIdentifier.java b/pki/base/util/src/netscape/security/x509/KeyIdentifier.java index dd0e49cb..631f6fd6 100644 --- a/pki/base/util/src/netscape/security/x509/KeyIdentifier.java +++ b/pki/base/util/src/netscape/security/x509/KeyIdentifier.java @@ -24,7 +24,7 @@ import netscape.security.util.DerValue; /** * Represent the Key Identifier ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.4 @@ -38,7 +38,7 @@ public class KeyIdentifier implements java.io.Serializable { /** * Create a KeyIdentifier with the passed bit settings. - * + * * @param octetString the octet string identifying the key identifier. */ public KeyIdentifier(byte[] octetString) { @@ -47,7 +47,7 @@ public class KeyIdentifier implements java.io.Serializable { /** * Create a KeyIdentifier from the DER encoded value. - * + * * @param val the DerValue */ public KeyIdentifier(DerValue val) throws IOException { @@ -58,16 +58,16 @@ public class KeyIdentifier implements java.io.Serializable { * Return the value of the KeyIdentifier as byte array. */ public byte[] getIdentifier() { - return ((byte[])octetString.clone()); + return ((byte[]) octetString.clone()); } /** * Returns a printable representation of the KeyUsage. */ public String toString() { - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String octetbits = pp.toHexString(octetString); + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String octetbits = pp.toHexString(octetString); String s = "KeyIdentifier [\n"; s += octetbits; @@ -77,11 +77,11 @@ public class KeyIdentifier implements java.io.Serializable { /** * Write the KeyIdentifier to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException */ - void encode (DerOutputStream out) throws IOException { + void encode(DerOutputStream out) throws IOException { out.putOctetString(octetString); } } diff --git a/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java b/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java index 8d3aa21f..d637ac02 100644 --- a/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java +++ b/pki/base/util/src/netscape/security/x509/KeyUsageExtension.java @@ -30,13 +30,10 @@ import netscape.security.util.DerValue; /** * Represent the Key Usage Extension. - * - * <p>This extension, if present, defines the purpose (e.g., encipherment, - * signature, certificate signing) of the key contained in the certificate. - * The usage restriction might be employed when a multipurpose key is to be - * restricted (e.g., when an RSA key should be used only for signing or only - * for key encipherment). - * + * + * <p> + * This extension, if present, defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate. The usage restriction might be employed when a multipurpose key is to be restricted (e.g., when an RSA key should be used only for signing or only for key encipherment). + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.9 @@ -44,7 +41,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class KeyUsageExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * @@ -53,7 +50,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.KeyUsage"; /** * Attribute names. @@ -80,19 +77,19 @@ implements CertAttrSet { public static final int NBITS = 9; - public static String[] names = new String[NBITS]; - - static { - names[DIGITAL_SIGNATURE_BIT] = DIGITAL_SIGNATURE; - names[NON_REPUDIATION_BIT] = NON_REPUDIATION; - names[KEY_ENCIPHERMENT_BIT] = KEY_ENCIPHERMENT; - names[DATA_ENCIPHERMENT_BIT] = DATA_ENCIPHERMENT; - names[KEY_AGREEMENT_BIT] = KEY_AGREEMENT; - names[KEY_CERTSIGN_BIT] = KEY_CERTSIGN; - names[CRL_SIGN_BIT] = CRL_SIGN; - names[ENCIPHER_ONLY_BIT] = ENCIPHER_ONLY; - names[DECIPHER_ONLY_BIT] = DECIPHER_ONLY; - } + public static String[] names = new String[NBITS]; + + static { + names[DIGITAL_SIGNATURE_BIT] = DIGITAL_SIGNATURE; + names[NON_REPUDIATION_BIT] = NON_REPUDIATION; + names[KEY_ENCIPHERMENT_BIT] = KEY_ENCIPHERMENT; + names[DATA_ENCIPHERMENT_BIT] = DATA_ENCIPHERMENT; + names[KEY_AGREEMENT_BIT] = KEY_AGREEMENT; + names[KEY_CERTSIGN_BIT] = KEY_CERTSIGN; + names[CRL_SIGN_BIT] = CRL_SIGN; + names[ENCIPHER_ONLY_BIT] = ENCIPHER_ONLY; + names[DECIPHER_ONLY_BIT] = DECIPHER_ONLY; + } // Private data members private boolean[] bitString; @@ -106,12 +103,12 @@ implements CertAttrSet { /** * Check if bit is set. - * + * * @param position the position in the bit string to check. */ private boolean isSet(int position) { - if (bitString.length <= position) - return false; + if (bitString.length <= position) + return false; return bitString[position]; } @@ -119,32 +116,32 @@ implements CertAttrSet { * Set the bit at the specified position. */ private void set(int position, boolean val) { - // enlarge bitString if necessary + // enlarge bitString if necessary if (position >= bitString.length) { - boolean[] tmp = new boolean[position+1]; + boolean[] tmp = new boolean[position + 1]; System.arraycopy(bitString, 0, tmp, 0, bitString.length); bitString = tmp; } - bitString[position] = val; + bitString[position] = val; } /** * Create a KeyUsageExtension with the passed bit settings. The criticality * is set to true. - * + * * @param bitString the bits to be set for the extension. */ public KeyUsageExtension(boolean critical, byte[] bitString) throws IOException { - this.bitString = - new BitArray(bitString.length*8,bitString).toBooleanArray(); + this.bitString = + new BitArray(bitString.length * 8, bitString).toBooleanArray(); this.extensionId = PKIXExtensions.KeyUsage_Id; this.critical = critical; encodeThis(); } public KeyUsageExtension(byte[] bitString) throws IOException { - this.bitString = - new BitArray(bitString.length*8,bitString).toBooleanArray(); + this.bitString = + new BitArray(bitString.length * 8, bitString).toBooleanArray(); this.extensionId = PKIXExtensions.KeyUsage_Id; this.critical = true; encodeThis(); @@ -153,7 +150,7 @@ implements CertAttrSet { /** * Create a KeyUsageExtension with the passed bit settings. The criticality * is set to true. - * + * * @param bitString the bits to be set for the extension. */ public KeyUsageExtension(boolean critical, boolean[] bitString) throws IOException { @@ -173,7 +170,7 @@ implements CertAttrSet { /** * Create a KeyUsageExtension with the passed bit settings. The criticality * is set to true. - * + * * @param bitString the bits to be set for the extension. */ public KeyUsageExtension(BitArray bitString) throws IOException { @@ -185,13 +182,13 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value of the same. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public KeyUsageExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.KeyUsage_Id; this.critical = critical.booleanValue(); /* @@ -204,10 +201,10 @@ implements CertAttrSet { * } */ int len = Array.getLength(value); - byte[] extValue = new byte[len]; - for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); - } + byte[] extValue = new byte[len]; + for (int i = 0; i < len; i++) { + extValue[i] = Array.getByte(value, i); + } this.extensionValue = extValue; DerValue val = new DerValue(extValue); this.bitString = val.getUnalignedBitString().toBooleanArray(); @@ -228,88 +225,88 @@ implements CertAttrSet { public void set(String name, Object obj) throws IOException { clearValue(); if (!(obj instanceof Boolean)) { - throw new IOException("Attribute must be of type Boolean."); - } - boolean val = ((Boolean)obj).booleanValue(); - if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { - set(0,val); - } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { - set(1,val); - } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { - set(2,val); - } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { - set(3,val); - } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { - set(4,val); - } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { - set(5,val); - } else if (name.equalsIgnoreCase(CRL_SIGN)) { - set(6,val); - } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { - set(7,val); - } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { - set(8,val); - } else { - throw new IOException("Attribute name not recognized by" + throw new IOException("Attribute must be of type Boolean."); + } + boolean val = ((Boolean) obj).booleanValue(); + if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { + set(0, val); + } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { + set(1, val); + } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { + set(2, val); + } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { + set(3, val); + } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { + set(4, val); + } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { + set(5, val); + } else if (name.equalsIgnoreCase(CRL_SIGN)) { + set(6, val); + } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { + set(7, val); + } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { + set(8, val); + } else { + throw new IOException("Attribute name not recognized by" + " CertAttrSet:KeyUsage."); - } - encodeThis(); + } + encodeThis(); } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { - return new Boolean(isSet(0)); - } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { - return new Boolean(isSet(1)); - } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { - return new Boolean(isSet(2)); - } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { - return new Boolean(isSet(3)); - } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { - return new Boolean(isSet(4)); - } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { - return new Boolean(isSet(5)); - } else if (name.equalsIgnoreCase(CRL_SIGN)) { - return new Boolean(isSet(6)); - } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { - return new Boolean(isSet(7)); - } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { - return new Boolean(isSet(8)); - } else { - throw new IOException("Attribute name not recognized by" + if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { + return new Boolean(isSet(0)); + } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { + return new Boolean(isSet(1)); + } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { + return new Boolean(isSet(2)); + } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { + return new Boolean(isSet(3)); + } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { + return new Boolean(isSet(4)); + } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { + return new Boolean(isSet(5)); + } else if (name.equalsIgnoreCase(CRL_SIGN)) { + return new Boolean(isSet(6)); + } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { + return new Boolean(isSet(7)); + } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { + return new Boolean(isSet(8)); + } else { + throw new IOException("Attribute name not recognized by" + " CertAttrSet:KeyUsage."); - } + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { - set(0,false); - } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { - set(1,false); - } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { - set(2,false); - } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { - set(3,false); - } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { - set(4,false); - } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { - set(5,false); - } else if (name.equalsIgnoreCase(CRL_SIGN)) { - set(6,false); - } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { - set(7,false); - } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { - set(8,false); - } else { - throw new IOException("Attribute name not recognized by" + if (name.equalsIgnoreCase(DIGITAL_SIGNATURE)) { + set(0, false); + } else if (name.equalsIgnoreCase(NON_REPUDIATION)) { + set(1, false); + } else if (name.equalsIgnoreCase(KEY_ENCIPHERMENT)) { + set(2, false); + } else if (name.equalsIgnoreCase(DATA_ENCIPHERMENT)) { + set(3, false); + } else if (name.equalsIgnoreCase(KEY_AGREEMENT)) { + set(4, false); + } else if (name.equalsIgnoreCase(KEY_CERTSIGN)) { + set(5, false); + } else if (name.equalsIgnoreCase(CRL_SIGN)) { + set(6, false); + } else if (name.equalsIgnoreCase(ENCIPHER_ONLY)) { + set(7, false); + } else if (name.equalsIgnoreCase(DECIPHER_ONLY)) { + set(8, false); + } else { + throw new IOException("Attribute name not recognized by" + " CertAttrSet:KeyUsage."); - } + } } /** @@ -318,36 +315,37 @@ implements CertAttrSet { public String toString() { String s = super.toString() + "KeyUsage [\n"; - try { - if (isSet(0)) { - s += " DigitalSignature\n"; - } - if (isSet(1)) { - s += " Non_repudiation\n"; - } - if (isSet(2)) { - s += " Key_Encipherment\n"; - } - if (isSet(3)) { - s += " Data_Encipherment\n"; - } - if (isSet(4)) { - s += " Key_Agreement\n"; - } - if (isSet(5)) { - s += " Key_CertSign\n"; - } - if (isSet(6)) { - s += " Crl_Sign\n"; + try { + if (isSet(0)) { + s += " DigitalSignature\n"; + } + if (isSet(1)) { + s += " Non_repudiation\n"; + } + if (isSet(2)) { + s += " Key_Encipherment\n"; + } + if (isSet(3)) { + s += " Data_Encipherment\n"; + } + if (isSet(4)) { + s += " Key_Agreement\n"; + } + if (isSet(5)) { + s += " Key_CertSign\n"; + } + if (isSet(6)) { + s += " Crl_Sign\n"; + } + if (isSet(7)) { + s += " Encipher_Only\n"; + } + if (isSet(8)) { + s += " Decipher_Only\n"; + } + } catch (ArrayIndexOutOfBoundsException ex) { } - if (isSet(7)) { - s += " Encipher_Only\n"; - } - if (isSet(8)) { - s += " Decipher_Only\n"; - } - } catch (ArrayIndexOutOfBoundsException ex) {} - + s += "]\n"; return (s); @@ -355,7 +353,7 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -365,27 +363,27 @@ implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - - if (this.extensionValue == null) { - this.extensionId = PKIXExtensions.KeyUsage_Id; - this.critical = true; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + DerOutputStream tmp = new DerOutputStream(); + + if (this.extensionValue == null) { + this.extensionId = PKIXExtensions.KeyUsage_Id; + this.critical = true; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(DIGITAL_SIGNATURE); elements.addElement(NON_REPUDIATION); @@ -397,12 +395,11 @@ implements CertAttrSet { elements.addElement(ENCIPHER_ONLY); elements.addElement(DECIPHER_ONLY); - return (elements.elements()); + return (elements.elements()); } - public boolean[] getBits() { - return (boolean[]) bitString.clone(); + return (boolean[]) bitString.clone(); } } diff --git a/pki/base/util/src/netscape/security/x509/LdapDNStrConverter.java b/pki/base/util/src/netscape/security/x509/LdapDNStrConverter.java index caf9ad01..a8cb8781 100644 --- a/pki/base/util/src/netscape/security/x509/LdapDNStrConverter.java +++ b/pki/base/util/src/netscape/security/x509/LdapDNStrConverter.java @@ -20,64 +20,63 @@ package netscape.security.x509; import java.io.IOException; /** - * Abstract class that converts a Ldap DN String to an X500Name, RDN or AVA + * Abstract class that converts a Ldap DN String to an X500Name, RDN or AVA * and vice versa, except the string is a java string in unicode. * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. */ -public abstract class LdapDNStrConverter -{ +public abstract class LdapDNStrConverter { // // public parsing methods. // /** * Converts a Ldap DN string to a X500Name object. - * - * @param dn a Ldap DN String. - * - * @return an X500Name object for the Ldap DN String. + * + * @param dn a Ldap DN String. + * + * @return an X500Name object for the Ldap DN String. */ - public abstract X500Name parseDN(String dn) - throws IOException; + public abstract X500Name parseDN(String dn) + throws IOException; - /** - * Like parseDN with a specified DER encoding order for Directory Strings. - */ - public abstract X500Name parseDN(String dn, byte[] tags) - throws IOException; + /** + * Like parseDN with a specified DER encoding order for Directory Strings. + */ + public abstract X500Name parseDN(String dn, byte[] tags) + throws IOException; - /** + /** * Converts a Ldap DN string to a RDN object. * - * @param rdn a Ldap DN String - * - * @return an RDN object. + * @param rdn a Ldap DN String + * + * @return an RDN object. */ - public abstract RDN parseRDN(String rdn) - throws IOException; + public abstract RDN parseRDN(String rdn) + throws IOException; - /** - * Like parseRDN with a specified DER encoding order for Directory Strings. - */ - public abstract RDN parseRDN(String rdn, byte[] tags) - throws IOException; + /** + * Like parseRDN with a specified DER encoding order for Directory Strings. + */ + public abstract RDN parseRDN(String rdn, byte[] tags) + throws IOException; - /** + /** * Converts a Ldap DN string to a AVA object. - * - * @param ava a Ldap DN string. - * @return an AVA object. + * + * @param ava a Ldap DN string. + * @return an AVA object. */ - public abstract AVA parseAVA(String ava) - throws IOException; + public abstract AVA parseAVA(String ava) + throws IOException; - /** - * Like parseAVA with a specified DER encoding order for Directory Strings. - */ - public abstract AVA parseAVA(String rdn, byte[] tags) - throws IOException; + /** + * Like parseAVA with a specified DER encoding order for Directory Strings. + */ + public abstract AVA parseAVA(String rdn, byte[] tags) + throws IOException; // // public encoding methods. @@ -85,25 +84,25 @@ public abstract class LdapDNStrConverter /** * Converts a X500Name object to a Ldap dn string. - * - * @param dn an X500Name object. - * @return a Ldap DN String. + * + * @param dn an X500Name object. + * @return a Ldap DN String. */ public abstract String encodeDN(X500Name dn) throws IOException; /** * Converts an RDN object to a Ldap dn string. * - * @param rdn an RDN object. - * @return a Ldap dn string. + * @param rdn an RDN object. + * @return a Ldap dn string. */ public abstract String encodeRDN(RDN rdn) throws IOException; /** * Converts an AVA object to a Ldap dn string. * - * @param ava An AVA object. - * @return A Ldap dn string. + * @param ava An AVA object. + * @return A Ldap dn string. */ public abstract String encodeAVA(AVA ava) throws IOException; @@ -117,32 +116,29 @@ public abstract class LdapDNStrConverter * X500NameAttrMap and accepts unknown OIDs. * * @see netscape.security.x509.LdapV3DNStrConverter - * - * @return The global default LdapDNStrConverter instance. + * + * @return The global default LdapDNStrConverter instance. */ - public static LdapDNStrConverter getDefault() - { - return defaultConverter; + public static LdapDNStrConverter getDefault() { + return defaultConverter; } /** * Set the global default LdapDNStrConverter object. - * - * @param defConverter A LdapDNStrConverter object to become - * the global default. + * + * @param defConverter A LdapDNStrConverter object to become + * the global default. */ - public static void setDefault(LdapDNStrConverter defConverter) - { - if (defConverter == null) - throw new IllegalArgumentException( - "The default Ldap DN String converter cannot be set to null."); - defaultConverter = defConverter; + public static void setDefault(LdapDNStrConverter defConverter) { + if (defConverter == null) + throw new IllegalArgumentException( + "The default Ldap DN String converter cannot be set to null."); + defaultConverter = defConverter; } // // private static variables // - private static LdapDNStrConverter - defaultConverter = new LdapV3DNStrConverter(); + private static LdapDNStrConverter defaultConverter = new LdapV3DNStrConverter(); } diff --git a/pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java b/pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java index 32670f67..fd6e15bf 100644 --- a/pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java +++ b/pki/base/util/src/netscape/security/x509/LdapV3DNStrConverter.java @@ -39,19 +39,17 @@ import netscape.security.util.ObjectIdentifier; * A converter that converts Ldap v3 DN strings as specified in * draft-ietf-asid-ldapv3-dn-03.txt to a X500Name, RDN or AVA and * vice versa. - * + * * @see LdapDNStrConverter * @see X500Name * @see RDN * @see AVA * @see X500NameAttrMap - * + * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. */ - -public class LdapV3DNStrConverter extends LdapDNStrConverter -{ +public class LdapV3DNStrConverter extends LdapDNStrConverter { // // Constructors // @@ -59,31 +57,29 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter /** * Constructs a LdapV3DNStrConverter using the global default * X500NameAttrMap and accept OIDs not in the default X500NameAttrMap. + * * @see X500NameAttrMap */ - public LdapV3DNStrConverter() - { + public LdapV3DNStrConverter() { attrMap = X500NameAttrMap.getDefault(); - - acceptUnknownOids = true; + acceptUnknownOids = true; } /** * Constructs a LdapV3DNStrConverter using the specified X500NameAttrMap * and a boolean indicating whether to accept OIDs not listed in the * X500NameAttrMap. - * - * @param attributeMap a X500NameAttrMap + * + * @param attributeMap a X500NameAttrMap * @param doAcceptUnknownOids whether to convert unregistered OIDs - * (oids not in the X500NameAttrMap) + * (oids not in the X500NameAttrMap) * @see X500NameAttrMap */ public LdapV3DNStrConverter(X500NameAttrMap attributeMap, - boolean doAcceptUnknownOids) - { - attrMap = attributeMap; - acceptUnknownOids = doAcceptUnknownOids; + boolean doAcceptUnknownOids) { + attrMap = attributeMap; + acceptUnknownOids = doAcceptUnknownOids; } @@ -94,129 +90,119 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter /** * Parse a Ldap v3 DN string to a X500Name. - * - * @param dn a LDAP v3 DN String - * @return a X500Name + * + * @param dn a LDAP v3 DN String + * @return a X500Name * @exception IOException if an error occurs during the conversion. */ public X500Name parseDN(String dn) - throws IOException - { - return parseDN(dn, null); + throws IOException { + return parseDN(dn, null); } /** - * Like parseDN(String) with a DER encoding order given as argument for + * Like parseDN(String) with a DER encoding order given as argument for * Directory Strings. */ public X500Name parseDN(String dn, byte[] encodingOrder) - throws IOException - { - StringReader dn_reader = new StringReader(dn); - PushbackReader in = new PushbackReader(dn_reader, 5); - Vector<RDN> rdnVector = new Vector<RDN>(); + throws IOException { + StringReader dn_reader = new StringReader(dn); + PushbackReader in = new PushbackReader(dn_reader, 5); + Vector<RDN> rdnVector = new Vector<RDN>(); RDN[] names; - return parseDN(in, encodingOrder); + return parseDN(in, encodingOrder); } /** * Parse a Ldap v3 DN string with a RDN component to a RDN - * - * @param rdn a LDAP v3 DN String - * @return a RDN + * + * @param rdn a LDAP v3 DN String + * @return a RDN * @exception IOException if an error occurs during the conversion. */ public RDN parseRDN(String rdn) - throws IOException - { - return parseRDN(rdn, null); + throws IOException { + return parseRDN(rdn, null); } /** - * Like parseRDN(String) with a DER encoding order given as argument for + * Like parseRDN(String) with a DER encoding order given as argument for * Directory Strings. */ public RDN parseRDN(String rdn, byte[] encodingOrder) - throws IOException - { - StringReader rdn_reader = new StringReader(rdn); - PushbackReader in = new PushbackReader(rdn_reader, 5); - Vector<AVA> avaVector = new Vector<AVA>(); + throws IOException { + StringReader rdn_reader = new StringReader(rdn); + PushbackReader in = new PushbackReader(rdn_reader, 5); + Vector<AVA> avaVector = new Vector<AVA>(); AVA[] assertion; - return parseRDN(in, null); + return parseRDN(in, null); } /** * Parse a Ldap v3 DN string with a AVA component to a AVA. - * - * @param ava a LDAP v3 DN string - * @return a AVA + * + * @param ava a LDAP v3 DN string + * @return a AVA */ public AVA parseAVA(String ava) - throws IOException - { - return parseAVA(ava, null); + throws IOException { + return parseAVA(ava, null); } /** - * Like parseDN(String) with a DER encoding order given as argument for + * Like parseDN(String) with a DER encoding order given as argument for * Directory Strings. */ public AVA parseAVA(String ava, byte[] encodingOrder) - throws IOException - { - StringReader ava_reader = new StringReader(ava); - PushbackReader in = new PushbackReader(ava_reader, 5); + throws IOException { + StringReader ava_reader = new StringReader(ava); + PushbackReader in = new PushbackReader(ava_reader, 5); - return parseAVA(in, encodingOrder); + return parseAVA(in, encodingOrder); } - // // public parsing methods called by other methods. // /** * Parses a Ldap DN string in a string reader to a X500Name. - * - * @param in Pushback string reader for a Ldap DN string. - * The pushback reader must have a pushback buffer size > 2. - * - * @return a X500Name - * - * @exception IOException if any reading or parsing error occurs. + * + * @param in Pushback string reader for a Ldap DN string. + * The pushback reader must have a pushback buffer size > 2. + * + * @return a X500Name + * + * @exception IOException if any reading or parsing error occurs. */ public X500Name parseDN(PushbackReader in) - throws IOException - { - return parseDN(in, null); + throws IOException { + return parseDN(in, null); } /** - * Like parseDN(PushbackReader in) with a DER encoding order given as + * Like parseDN(PushbackReader in) with a DER encoding order given as * argument for Directory Strings. */ public X500Name parseDN(PushbackReader in, byte[] encodingOrder) - throws IOException - { - RDN rdn; - int lastChar; + throws IOException { + RDN rdn; + int lastChar; Vector<RDN> rdnVector = new Vector<RDN>(); - RDN names[]; - int i,j; + RDN names[]; + int i, j; - do { + do { rdn = parseRDN(in, encodingOrder); rdnVector.addElement(rdn); - lastChar = in.read(); - } - while (lastChar == ',' || lastChar == ';'); + lastChar = in.read(); + } while (lastChar == ',' || lastChar == ';'); names = new RDN[rdnVector.size()]; - for (i=0, j=rdnVector.size()-1; i < rdnVector.size(); i++, j--) - names[j] = (RDN)rdnVector.elementAt(i); + for (i = 0, j = rdnVector.size() - 1; i < rdnVector.size(); i++, j--) + names[j] = (RDN) rdnVector.elementAt(i); return new X500Name(names); } @@ -224,110 +210,103 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter * Parses Ldap DN string with a rdn component * from a string reader to a RDN. The string reader will point * to the separator after the rdn component or -1 if at end of string. - * - * @param in Pushback string reader containing a Ldap DN string with - * at least one rdn component. + * + * @param in Pushback string reader containing a Ldap DN string with + * at least one rdn component. * The pushback reader must have a pushback buffer size > 2. - * - * @return RDN object of the first rdn component in the Ldap DN string. - * + * + * @return RDN object of the first rdn component in the Ldap DN string. + * * @exception IOException if any read or parse error occurs. */ public RDN parseRDN(PushbackReader in) - throws IOException - { - return parseRDN(in, null); + throws IOException { + return parseRDN(in, null); } /** - * Like parseRDN(PushbackReader) with a DER encoding order given as + * Like parseRDN(PushbackReader) with a DER encoding order given as * argument for Directory Strings. */ public RDN parseRDN(PushbackReader in, byte[] encodingOrder) - throws IOException - { - Vector<AVA> avaVector = new Vector<AVA>(); - AVA ava; - int lastChar; - AVA assertion[]; - - do { - ava = parseAVA(in, encodingOrder); - avaVector.addElement(ava); - lastChar = in.read(); - } - while (lastChar == '+' ); - - if (lastChar != -1) - in.unread(lastChar); - - assertion = new AVA[avaVector.size()]; - for (int i = 0; i < avaVector.size(); i++) - assertion[i] = (AVA)avaVector.elementAt(i); - return new RDN(assertion); + throws IOException { + Vector<AVA> avaVector = new Vector<AVA>(); + AVA ava; + int lastChar; + AVA assertion[]; + + do { + ava = parseAVA(in, encodingOrder); + avaVector.addElement(ava); + lastChar = in.read(); + } while (lastChar == '+'); + + if (lastChar != -1) + in.unread(lastChar); + + assertion = new AVA[avaVector.size()]; + for (int i = 0; i < avaVector.size(); i++) + assertion[i] = (AVA) avaVector.elementAt(i); + return new RDN(assertion); } /** * Parses a Ldap DN string with a AVA component * from a string reader to an AVA. The string reader will point * to the AVA separator after the ava string or -1 if end of string. - * - * @param in a Pushback reader containg a Ldap string with - * at least one AVA component. - * The Pushback reader must have a pushback buffer size > 2. - * - * @return AVA object of the first AVA component in the Ldap DN string. + * + * @param in a Pushback reader containg a Ldap string with + * at least one AVA component. + * The Pushback reader must have a pushback buffer size > 2. + * + * @return AVA object of the first AVA component in the Ldap DN string. */ public AVA parseAVA(PushbackReader in) - throws IOException - { - return parseAVA(in, null); + throws IOException { + return parseAVA(in, null); } /** - * Like parseAVA(PushbackReader) with a DER encoding order given as + * Like parseAVA(PushbackReader) with a DER encoding order given as * argument for Directory Strings. */ public AVA parseAVA(PushbackReader in, byte[] encodingOrder) - throws IOException - { - int c; - ObjectIdentifier oid; - DerValue value; - StringBuffer keywordBuf; - StringBuffer valueBuf; - ByteArrayOutputStream berStream; + throws IOException { + int c; + ObjectIdentifier oid; + DerValue value; + StringBuffer keywordBuf; + StringBuffer valueBuf; + ByteArrayOutputStream berStream; char hexChar1, hexChar2; - CharArrayWriter hexCharsBuf; + CharArrayWriter hexCharsBuf; String endChars; /* First get the keyword indicating the attribute's type, * and map it to the appropriate OID. */ - keywordBuf = new StringBuffer(); + keywordBuf = new StringBuffer(); for (;;) { - c = in.read (); + c = in.read(); if (c == '=') break; - if (c == -1) - { + if (c == -1) { throw new IOException("Bad AVA format: Missing '='"); } - keywordBuf.append ((char)c); + keywordBuf.append((char) c); } - oid = parseAVAKeyword(keywordBuf.toString()); + oid = parseAVAKeyword(keywordBuf.toString()); - /* Now parse the value. "#hex", a quoted string, or a string - * terminated by "+", ",", ";", ">". Whitespace before or after - * the value is stripped. - */ - for (c = in.read (); c == ' '; c = in.read ()) + /* Now parse the value. "#hex", a quoted string, or a string + * terminated by "+", ",", ";", ">". Whitespace before or after + * the value is stripped. + */ + for (c = in.read(); c == ' '; c = in.read()) continue; if (c == -1) throw new IOException("Bad AVA format: Missing attribute value"); - if (c == '#') - { + if (c == '#') { /* * NOTE per LDAPv3 dn string ietf standard the value represented * by this form is a BER value. But we only support DER value here @@ -336,34 +315,32 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter berStream = new ByteArrayOutputStream(); int b; for (;;) { - hexChar1 = (char)(c = in.read()); + hexChar1 = (char) (c = in.read()); if (c == -1 || octoEndChars.indexOf(c) > 0) // end of value break; - hexChar2 = (char)(c = in.read()); - if (hexDigits.indexOf(hexChar1) == -1 || - hexDigits.indexOf(hexChar2) == -1) + hexChar2 = (char) (c = in.read()); + if (hexDigits.indexOf(hexChar1) == -1 || + hexDigits.indexOf(hexChar2) == -1) throw new IOException("Bad AVA value: bad hex value."); - b = (Character.digit(hexChar1, 16)<<4) + - Character.digit(hexChar2, 16); + b = (Character.digit(hexChar1, 16) << 4) + + Character.digit(hexChar2, 16); berStream.write(b); } if (berStream.size() == 0) throw new IOException("bad AVA format: invalid hex value"); - value = parseAVAValue(berStream.toByteArray(), oid); + value = parseAVAValue(berStream.toByteArray(), oid); - while (c == ' ' && c != -1) + while (c == ' ' && c != -1) c = in.read(); - } - else - { - valueBuf = new StringBuffer (); - boolean quoted = false; - if (c == '"') { + } else { + valueBuf = new StringBuffer(); + boolean quoted = false; + if (c == '"') { quoted = true; endChars = quotedEndChars; if ((c = in.read()) == -1) - throw new IOException("Bad AVA format: Missing attrValue"); + throw new IOException("Bad AVA format: Missing attrValue"); } else { endChars = valueEndChars; } @@ -377,65 +354,62 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter throw new IOException("Bad AVA format: expecting " + "escaped char."); // expect escaping of special chars, space and CR. - if (specialChars.indexOf((char)c) != -1 || c == '\n' || - c == '\\' || c == '"' || c == ' ') { - valueBuf.append((char)c); - } - else if (hexDigits.indexOf(c) != -1) { - hexCharsBuf = new CharArrayWriter(); - // handle sequence of '\' hexpair - do { - hexChar1 = (char)c; - hexChar2 = (char)(c = in.read()); - if (hexDigits.indexOf((char)c) == -1) - throw new IOException("Bad AVA format: " + - "invalid escaped hex pair"); - hexCharsBuf.write(hexChar1); - hexCharsBuf.write(hexChar2); - // read ahead to next '\' hex-char if any. - if ((c = in.read()) == -1) - break; - if (c != '\\') { - in.unread(c); - break; - } - if ((c = in.read()) == -1) - throw new IOException("Bad AVA format: "+ - "expecting escaped char."); - if (hexDigits.indexOf((char)c) == -1) { - in.unread(c); - in.unread((int)'\\'); - break; - } - } while (true); - valueBuf.append( - getStringFromHexpairs(hexCharsBuf.toCharArray())); - } - else { + if (specialChars.indexOf((char) c) != -1 || c == '\n' || + c == '\\' || c == '"' || c == ' ') { + valueBuf.append((char) c); + } else if (hexDigits.indexOf(c) != -1) { + hexCharsBuf = new CharArrayWriter(); + // handle sequence of '\' hexpair + do { + hexChar1 = (char) c; + hexChar2 = (char) (c = in.read()); + if (hexDigits.indexOf((char) c) == -1) + throw new IOException("Bad AVA format: " + + "invalid escaped hex pair"); + hexCharsBuf.write(hexChar1); + hexCharsBuf.write(hexChar2); + // read ahead to next '\' hex-char if any. + if ((c = in.read()) == -1) + break; + if (c != '\\') { + in.unread(c); + break; + } + if ((c = in.read()) == -1) + throw new IOException("Bad AVA format: " + + "expecting escaped char."); + if (hexDigits.indexOf((char) c) == -1) { + in.unread(c); + in.unread((int) '\\'); + break; + } + } while (true); + valueBuf.append( + getStringFromHexpairs(hexCharsBuf.toCharArray())); + } else { throw new IOException("Bad AVA format: " + "invalid escaping"); } - } - else - valueBuf.append((char)c); + } else + valueBuf.append((char) c); c = in.read(); } - value = parseAVAValue( - valueBuf.toString().trim(), oid, encodingOrder); + value = parseAVAValue( + valueBuf.toString().trim(), oid, encodingOrder); if (quoted) { // move to next non-white space do { c = in.read(); } while (c == ' '); - if (c != -1 && valueEndChars.indexOf(c) == -1) + if (c != -1 && valueEndChars.indexOf(c) == -1) throw new IOException( - "Bad AVA format: separator expected at end of ava."); + "Bad AVA format: separator expected at end of ava."); } } - if (c != -1) - in.unread(c); + if (c != -1) + in.unread(c); return new AVA(oid, value); } @@ -445,48 +419,44 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter * from the attribute map or, if this keyword is an OID not * in the attribute map, create a new ObjectIdentifier for the keyword * if acceptUnknownOids is true. - * - * @param avaKeyword AVA keyword from a Ldap DN string. - * - * @return a ObjectIdentifier object - * @exception IOException if the keyword is an OID not in the attribute - * map and acceptUnknownOids is false, or - * if an error occurs during conversion. + * + * @param avaKeyword AVA keyword from a Ldap DN string. + * + * @return a ObjectIdentifier object + * @exception IOException if the keyword is an OID not in the attribute + * map and acceptUnknownOids is false, or + * if an error occurs during conversion. */ public ObjectIdentifier parseAVAKeyword(String avaKeyword) - throws IOException - { - String keyword = avaKeyword.toUpperCase().trim(); - String oid_str = null; - ObjectIdentifier oid, new_oid; - - - if (Character.digit(keyword.charAt(0), 10) != -1) { - // value is an oid string of 1.2.3.4 - oid_str = keyword; - } - else if (keyword.startsWith("oid.") || keyword.startsWith("OID.")) { - // value is an oid string of oid.1.2.3.4 or OID.1.2... - oid_str = keyword.substring(4); - } - - if (oid_str != null) { - // value is an oid string of 1.2.3.4 or oid.1.2.3.4 or OID.1.2... - new_oid = new ObjectIdentifier(oid_str); - oid = attrMap.getOid(new_oid); - if (oid == null) { - if (!acceptUnknownOids) - throw new IOException("Unknown AVA OID."); - oid = new_oid; - } - } - else { - oid = attrMap.getOid(keyword); - if (oid == null) - throw new IOException("Unknown AVA keyword '"+keyword+"'."); - } - - return oid; + throws IOException { + String keyword = avaKeyword.toUpperCase().trim(); + String oid_str = null; + ObjectIdentifier oid, new_oid; + + if (Character.digit(keyword.charAt(0), 10) != -1) { + // value is an oid string of 1.2.3.4 + oid_str = keyword; + } else if (keyword.startsWith("oid.") || keyword.startsWith("OID.")) { + // value is an oid string of oid.1.2.3.4 or OID.1.2... + oid_str = keyword.substring(4); + } + + if (oid_str != null) { + // value is an oid string of 1.2.3.4 or oid.1.2.3.4 or OID.1.2... + new_oid = new ObjectIdentifier(oid_str); + oid = attrMap.getOid(new_oid); + if (oid == null) { + if (!acceptUnknownOids) + throw new IOException("Unknown AVA OID."); + oid = new_oid; + } + } else { + oid = attrMap.getOid(keyword); + if (oid == null) + throw new IOException("Unknown AVA keyword '" + keyword + "'."); + } + + return oid; } /** @@ -496,297 +466,284 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter * to a DerValue of ASN.1 type PrintableString, T61String or * UniversalString. A Directory String is a ASN.1 CHOICE of Printable, * T.61 or Universal string. - * - * @param avaValueString a attribute value from a Ldap DN string. - * @param oid OID of the attribute. - * - * @return DerValue for the value. - * - * @exception IOException if an error occurs during conversion. + * + * @param avaValueString a attribute value from a Ldap DN string. + * @param oid OID of the attribute. + * + * @return DerValue for the value. + * + * @exception IOException if an error occurs during conversion. * @see AVAValueConverter */ public DerValue parseAVAValue(String avaValueString, ObjectIdentifier oid) - throws IOException - { - return parseAVAValue(avaValueString, oid, null); + throws IOException { + return parseAVAValue(avaValueString, oid, null); } /** - * Like parseAVAValue(String) with a DER encoding order given as argument + * Like parseAVAValue(String) with a DER encoding order given as argument * for Directory Strings. */ public DerValue parseAVAValue( - String avaValueString, ObjectIdentifier oid, byte[] encodingOrder) - throws IOException - { - AVAValueConverter valueConverter = attrMap.getValueConverter(oid); - if (valueConverter == null) { - if (!acceptUnknownOids) { - throw new IllegalArgumentException( - "Unrecognized OID for AVA value conversion"); - } else { - valueConverter = new GenericValueConverter(); - } - } - return valueConverter.getValue(avaValueString, encodingOrder); + String avaValueString, ObjectIdentifier oid, byte[] encodingOrder) + throws IOException { + AVAValueConverter valueConverter = attrMap.getValueConverter(oid); + if (valueConverter == null) { + if (!acceptUnknownOids) { + throw new IllegalArgumentException( + "Unrecognized OID for AVA value conversion"); + } else { + valueConverter = new GenericValueConverter(); + } + } + return valueConverter.getValue(avaValueString, encodingOrder); } /** * Converts a value in BER encoding, for example given in octothorpe form * in a Ldap v3 dn string, to a DerValue. Checks if the BER encoded value - * is a legal value for the attribute. <p> - * <strong><i>NOTE:</i></strong> only DER encoded values are supported for - * the BER encoded value. - * - * @param berValue a value in BER encoding - * @param oid ObjectIdentifier of the attribute. - * - * @return DerValue for the BER encoded value + * is a legal value for the attribute. + * <p> + * <strong><i>NOTE:</i></strong> only DER encoded values are supported for the BER encoded value. + * + * @param berValue a value in BER encoding + * @param oid ObjectIdentifier of the attribute. + * + * @return DerValue for the BER encoded value * @exception IOException if an error occurs during conversion. */ public DerValue parseAVAValue(byte[] berValue, ObjectIdentifier oid) - throws IOException - { - AVAValueConverter valueConverter = attrMap.getValueConverter(oid); - if (valueConverter == null && !acceptUnknownOids) { - throw new IllegalArgumentException( - "Unrecognized OID for AVA value conversion"); - } else { - valueConverter = new GenericValueConverter(); - } - return valueConverter.getValue(berValue); + throws IOException { + AVAValueConverter valueConverter = attrMap.getValueConverter(oid); + if (valueConverter == null && !acceptUnknownOids) { + throw new IllegalArgumentException( + "Unrecognized OID for AVA value conversion"); + } else { + valueConverter = new GenericValueConverter(); + } + return valueConverter.getValue(berValue); } - // // public encoding methods. // /** * Converts a X500Name object to a Ldap v3 DN string (except in unicode). - * - * @param x500name a X500Name - * - * @return a Ldap v3 DN String (except in unicode). - * - * @exception IOException if an error is encountered during conversion. + * + * @param x500name a X500Name + * + * @return a Ldap v3 DN String (except in unicode). + * + * @exception IOException if an error is encountered during conversion. */ public String encodeDN(X500Name x500name) - throws IOException - { - RDN[] rdns = x500name.getNames(); - // String fullname = null; - StringBuffer fullname = new StringBuffer(); - String s; - int i; - if (rdns.length == 0) - return ""; - i = rdns.length-1; - fullname.append(encodeRDN(rdns[i--])); - while (i >= 0) { - s = encodeRDN(rdns[i--]); - fullname.append(","); - fullname.append(s); - }; - return fullname.toString(); + throws IOException { + RDN[] rdns = x500name.getNames(); + // String fullname = null; + StringBuffer fullname = new StringBuffer(); + String s; + int i; + if (rdns.length == 0) + return ""; + i = rdns.length - 1; + fullname.append(encodeRDN(rdns[i--])); + while (i >= 0) { + s = encodeRDN(rdns[i--]); + fullname.append(","); + fullname.append(s); + } + ; + return fullname.toString(); } /** * Converts a RDN to a Ldap v3 DN string (except in unicode). - * - * @param rdn a RDN - * - * @return a LDAP v3 DN string (except in unicode). - * - * @exception IOException if an error is encountered during conversion. + * + * @param rdn a RDN + * + * @return a LDAP v3 DN string (except in unicode). + * + * @exception IOException if an error is encountered during conversion. */ public String encodeRDN(RDN rdn) - throws IOException - { - AVA[] avas = rdn.getAssertion(); - // String relname = null; - StringBuffer relname = new StringBuffer(); - String s; - int i=0; - - relname.append(encodeAVA(avas[i++])); - while (i <avas.length) { - s = encodeAVA(avas[i++]); - relname.append("+"); - relname.append(s); - }; - return relname.toString(); + throws IOException { + AVA[] avas = rdn.getAssertion(); + // String relname = null; + StringBuffer relname = new StringBuffer(); + String s; + int i = 0; + + relname.append(encodeAVA(avas[i++])); + while (i < avas.length) { + s = encodeAVA(avas[i++]); + relname.append("+"); + relname.append(s); + } + ; + return relname.toString(); } /** * Converts a AVA to a Ldap v3 DN String (except in unicode). - * - * @param ava an AVA - * - * @return a Ldap v3 DN string (except in unicode). - * - * @exception IOException If an error is encountered during exception. + * + * @param ava an AVA + * + * @return a Ldap v3 DN string (except in unicode). + * + * @exception IOException If an error is encountered during exception. */ public String encodeAVA(AVA ava) - throws IOException - { - if(ava == null) - { - return ""; + throws IOException { + if (ava == null) { + return ""; } - ObjectIdentifier oid = ava.getOid(); - DerValue value = ava.getValue(); - String keyword, valueStr; + ObjectIdentifier oid = ava.getOid(); + DerValue value = ava.getValue(); + String keyword, valueStr; - // get attribute name + // get attribute name - keyword = encodeOID(oid); - valueStr = encodeValue(value, oid); + keyword = encodeOID(oid); + valueStr = encodeValue(value, oid); - return keyword+"="+valueStr; + return keyword + "=" + valueStr; } /** * Converts an OID to a attribute keyword in a Ldap v3 DN string * - either a keyword if known or a string of "1.2.3.4" syntax. - * - * @param oid a ObjectIdentifier - * - * @return a keyword to use in a Ldap V3 DN string. - * - * @exception IOException if an error is encountered during conversion. + * + * @param oid a ObjectIdentifier + * + * @return a keyword to use in a Ldap V3 DN string. + * + * @exception IOException if an error is encountered during conversion. */ public String encodeOID(ObjectIdentifier oid) - throws IOException - { - String keyword = attrMap.getName(oid); - if (keyword == null) { - if (acceptUnknownOids) - keyword = oid.toString(); - else - throw new IOException("Unknown OID"); - } - return keyword; + throws IOException { + String keyword = attrMap.getName(oid); + if (keyword == null) { + if (acceptUnknownOids) + keyword = oid.toString(); + else + throw new IOException("Unknown OID"); + } + return keyword; } /** * Converts a value as a DerValue to a string in a Ldap V3 DN String. * If the value cannot be converted to a string it will be encoded in * octothorpe form. - * - * @param attrValue a value as a DerValue. - * @param oid OID for the attribute. - * @return a string for the value in a LDAP v3 DN String + * + * @param attrValue a value as a DerValue. + * @param oid OID for the attribute. + * @return a string for the value in a LDAP v3 DN String * @exception IOException if an error occurs during conversion. */ public String encodeValue(DerValue attrValue, ObjectIdentifier oid) - throws IOException - { - /* - * Construct the value with as little copying and garbage - * production as practical. - */ - StringBuffer retval = new StringBuffer (30); - int i,j; - String temp = null; - AVAValueConverter valueConverter; + throws IOException { + /* + * Construct the value with as little copying and garbage + * production as practical. + */ + StringBuffer retval = new StringBuffer(30); + int i, j; + String temp = null; + AVAValueConverter valueConverter; X500NameAttrMap lAttrMap = attrMap; - - if(attrValue.tag == DerValue.tag_UTF8String) - { + if (attrValue.tag == DerValue.tag_UTF8String) { lAttrMap = X500NameAttrMap.getDirDefault(); - + } - valueConverter = lAttrMap.getValueConverter(oid); - if (valueConverter == null) { - if (acceptUnknownOids) - valueConverter = new GenericValueConverter(); - else - throw new IOException( - "Unknown AVA type for encoding AVA value"); - } - - try { - temp = valueConverter.getAsString(attrValue); - - if (temp == null) { - // convert to octothorpe form. - byte data [] = attrValue.toByteArray(); - - retval.append ('#'); - for (i = 0; i < data.length; i++) { - retval.append (hexDigits.charAt ((data [i] >> 4) & 0x0f)); - retval.append (hexDigits.charAt (data [i] & 0x0f)); - } - - } else { - - retval.append(encodeString(temp)); - - } - } catch (IOException e) { - throw new IllegalArgumentException ("malformed AVA DER Value"); - } - - return retval.toString (); + valueConverter = lAttrMap.getValueConverter(oid); + if (valueConverter == null) { + if (acceptUnknownOids) + valueConverter = new GenericValueConverter(); + else + throw new IOException( + "Unknown AVA type for encoding AVA value"); + } + + try { + temp = valueConverter.getAsString(attrValue); + + if (temp == null) { + // convert to octothorpe form. + byte data[] = attrValue.toByteArray(); + + retval.append('#'); + for (i = 0; i < data.length; i++) { + retval.append(hexDigits.charAt((data[i] >> 4) & 0x0f)); + retval.append(hexDigits.charAt(data[i] & 0x0f)); + } + + } else { + + retval.append(encodeString(temp)); + + } + } catch (IOException e) { + throw new IllegalArgumentException("malformed AVA DER Value"); + } + + return retval.toString(); } /** * converts a raw value string to a string in Ldap V3 DN string format. + * * @param valueStr a 'raw' value string. * @return a attribute value string in Ldap V3 DN string format. */ - public String encodeString(String valueStr) - { - int i,j; - int len; - StringBuffer retval = new StringBuffer(); - - /* - * generate string according to ldapv3 DN. escaping is used. - * Strings generated this way are acceptable by rfc1779 - * implementations. - */ - len = valueStr.length (); - - // get index of first space at the end of the string. - for (j = len-1; j >= 0 && valueStr.charAt(j) == ' '; j--) - continue; - - // escape spaces at the beginning of the string. - for (i = 0; i <= j && valueStr.charAt(i) == ' '; i++) { - retval.append('\\'); - retval.append(valueStr.charAt(i)); - } - - // escape special characters in the middle of the string. - for ( ; i <= j ; i++) { - if (valueStr.charAt(i) == '\\') { - retval.append('\\'); - retval.append(valueStr.charAt(i)); - } else - if (specialChars.indexOf(valueStr.charAt(i)) != -1) { - retval.append('\\'); - retval.append(valueStr.charAt(i)); - } else - if (valueStr.charAt(i) == '"') { + public String encodeString(String valueStr) { + int i, j; + int len; + StringBuffer retval = new StringBuffer(); + + /* + * generate string according to ldapv3 DN. escaping is used. + * Strings generated this way are acceptable by rfc1779 + * implementations. + */ + len = valueStr.length(); + + // get index of first space at the end of the string. + for (j = len - 1; j >= 0 && valueStr.charAt(j) == ' '; j--) + continue; + + // escape spaces at the beginning of the string. + for (i = 0; i <= j && valueStr.charAt(i) == ' '; i++) { + retval.append('\\'); + retval.append(valueStr.charAt(i)); + } + + // escape special characters in the middle of the string. + for (; i <= j; i++) { + if (valueStr.charAt(i) == '\\') { retval.append('\\'); retval.append(valueStr.charAt(i)); - } - else - retval.append(valueStr.charAt(i)); - } + } else if (specialChars.indexOf(valueStr.charAt(i)) != -1) { + retval.append('\\'); + retval.append(valueStr.charAt(i)); + } else if (valueStr.charAt(i) == '"') { + retval.append('\\'); + retval.append(valueStr.charAt(i)); + } else + retval.append(valueStr.charAt(i)); + } - // esacape spaces at the end. - for ( ; i < valueStr.length(); i++) { - retval.append('\\'); - retval.append(' '); - } + // esacape spaces at the end. + for (; i < valueStr.length(); i++) { + retval.append('\\'); + retval.append(' '); + } - return retval.toString(); + return retval.toString(); } // @@ -795,22 +752,22 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter /** * gets the X500NameAttrMap used by the converter. + * * @return X500NameAttrMap used by this converter. */ - public X500NameAttrMap getAttrMap() - { - return attrMap; + public X500NameAttrMap getAttrMap() { + return attrMap; } /** * returns true if the converter accepts unregistered attributes i.e. * OIDS not in the X500NameAttrMap. - * @return true if converter converts attributes not in the - * X500NameAttrMap. + * + * @return true if converter converts attributes not in the + * X500NameAttrMap. */ - public boolean getAcceptUnknownOids() - { - return acceptUnknownOids; + public boolean getAcceptUnknownOids() { + return acceptUnknownOids; } // @@ -836,19 +793,18 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter */ protected static final String hexDigits = "0123456789ABCDEFabcdef"; - /** * Parse a sequence of hex pairs, each pair a UTF8 byte to a java string. * For example, "4C75C48D" is "Luc", the last c with caron. */ protected static char[] getStringFromHexpairs(char[] hexPairs) throws UnsupportedEncodingException { try { - byte[] buffer = new byte[hexPairs.length/2]; + byte[] buffer = new byte[hexPairs.length / 2]; - for (int i=0; i < buffer.length; i++) { + for (int i = 0; i < buffer.length; i++) { buffer[i] = (byte) - ((Character.digit( hexPairs[i*2], 16 ) << 4) + - Character.digit( hexPairs[i*2+1], 16 )); + ((Character.digit(hexPairs[i * 2], 16) << 4) + + Character.digit(hexPairs[i * 2 + 1], 16)); } Charset charset = Charset.forName("UTF-8"); @@ -861,12 +817,12 @@ public class LdapV3DNStrConverter extends LdapDNStrConverter } catch (UnsupportedCharsetException e) { throw new UnsupportedEncodingException( - "No UTF8 byte to char converter to use for "+ - "parsing LDAP DN String"); + "No UTF8 byte to char converter to use for " + + "parsing LDAP DN String"); } catch (CharacterCodingException e) { throw new IllegalArgumentException( - "Invalid hex pair in LDAP DN String."); + "Invalid hex pair in LDAP DN String."); } } } diff --git a/pki/base/util/src/netscape/security/x509/NSCCommentExtension.java b/pki/base/util/src/netscape/security/x509/NSCCommentExtension.java index bc68dadc..291f8368 100644 --- a/pki/base/util/src/netscape/security/x509/NSCCommentExtension.java +++ b/pki/base/util/src/netscape/security/x509/NSCCommentExtension.java @@ -16,7 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- package netscape.security.x509; - + import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -32,12 +32,12 @@ import netscape.security.util.PrettyPrintFormat; /** * This class defines the NSCCommentExtension * - *@author asondhi - *@see Extension - *@see CertAttrSet + * @author asondhi + * @see Extension + * @see CertAttrSet */ public class NSCCommentExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * @@ -51,30 +51,29 @@ implements CertAttrSet { /** * Attribute names. */ - public static final String INFOS = "infos"; - public static final ObjectIdentifier OID = - new ObjectIdentifier("2.16.840.1.113730.1.13"); + public static final String INFOS = "infos"; + public static final ObjectIdentifier OID = + new ObjectIdentifier("2.16.840.1.113730.1.13"); public String mComment = null; - // Private data members private Vector<Object> mInfos; private PrettyPrintFormat pp = new PrettyPrintFormat(":"); - + // Encode this extension value private void encodeThis() throws IOException { DerOutputStream os = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); - - os.putIA5String(mComment); + + os.putIA5String(mComment); // os.write(DerValue.tag_Sequence,tmp); - extensionValue = os.toByteArray(); + extensionValue = os.toByteArray(); } /** - * Create a NSCCommentExtension with the Vector of CertificatePolicyInfo. - * + * Create a NSCCommentExtension with the Vector of CertificatePolicyInfo. + * * @param infos the Vector of CertificatePolicyInfo. */ public NSCCommentExtension(boolean critical, String comment) throws IOException { @@ -83,61 +82,63 @@ implements CertAttrSet { this.critical = critical; encodeThis(); } - + /** * Create a default NSCCommentExtension. */ - public NSCCommentExtension(boolean critical) { + public NSCCommentExtension(boolean critical) { this.extensionId = new ObjectIdentifier("2.16.840.1.113730.1.13"); this.critical = critical; - mInfos = new Vector<Object>(1,1); + mInfos = new Vector<Object>(1, 1); } /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public NSCCommentExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = new ObjectIdentifier("2.16.840.1.113730.1.13"); + throws IOException { + this.extensionId = new ObjectIdentifier("2.16.840.1.113730.1.13"); this.critical = critical.booleanValue(); - + int len = Array.getLength(value); - byte [] extValue = new byte[len]; + byte[] extValue = new byte[len]; for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); + extValue[i] = Array.getByte(value, i); } this.extensionValue = extValue; DerValue val = new DerValue(extValue); - mComment = val.getIA5String(); + mComment = val.getIA5String(); } /** * Returns a printable representation of the policy extension. */ public String toString() { - if (mInfos == null) return ""; + if (mInfos == null) + return ""; String s = super.toString() + "Netscape Comment [\n" + mInfos.toString() + "]\n"; - + return (s); } - + public String toPrint(int indent) { String s; - s = "Comment :\n" + pp.indent(indent+4) + - ((mComment == null) ? "" : mComment.trim()) + "\n"; - + s = "Comment :\n" + pp.indent(indent + 4) + + ((mComment == null) ? "" : mComment.trim()) + "\n"; + return (s); } + /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -154,14 +155,14 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ public void decode(InputStream in) throws IOException { throw new IOException("Method not to be called directly."); } - + public String getComment() { return mComment; } @@ -170,20 +171,20 @@ implements CertAttrSet { * Set the attribute value. */ @SuppressWarnings("unchecked") - public void set(String name, Object obj) throws IOException { + public void set(String name, Object obj) throws IOException { clearValue(); if (name.equalsIgnoreCase(INFOS)) { if (!(obj instanceof Vector)) { - throw new IOException("Attribute value should be of" + + throw new IOException("Attribute value should be of" + " type Vector."); } - mInfos = (Vector<Object>)obj; + mInfos = (Vector<Object>) obj; } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:NSCCommentExtension."); } } - + /** * Get the attribute value. */ @@ -191,11 +192,11 @@ implements CertAttrSet { if (name.equalsIgnoreCase(INFOS)) { return (mInfos); } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:NSCCommentExtension."); } } - + /** * Delete the attribute value. */ @@ -203,20 +204,19 @@ implements CertAttrSet { if (name.equalsIgnoreCase(INFOS)) { mInfos = null; } else { - throw new IOException("Attribute name not recognized by " + + throw new IOException("Attribute name not recognized by " + "CertAttrSet:NSCCommentExtension."); } } - + /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(INFOS); return (elements.elements()); } - } diff --git a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java index c7928b85..91ae17c9 100644 --- a/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/NameConstraintsExtension.java @@ -28,18 +28,13 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.PrettyPrintFormat; - /** * This class defines the Name Constraints Extension. * <p> - * The name constraints extension provides permitted and excluded - * subtrees that place restrictions on names that may be included within - * a certificate issued by a given CA. Restrictions may apply to the - * subject distinguished name or subject alternative names. Any name - * matching a restriction in the excluded subtrees field is invalid - * regardless of information appearing in the permitted subtrees. + * The name constraints extension provides permitted and excluded subtrees that place restrictions on names that may be included within a certificate issued by a given CA. Restrictions may apply to the subject distinguished name or subject alternative names. Any name matching a restriction in the excluded subtrees field is invalid regardless of information appearing in the permitted subtrees. * <p> * The ASN.1 syntax for this is: + * * <pre> * NameConstraints ::= SEQUENCE { * permittedSubtrees [0] GeneralSubtrees OPTIONAL, @@ -52,7 +47,7 @@ import netscape.security.util.PrettyPrintFormat; * maximum [1] BaseDistance OPTIONAL } * BaseDistance ::== INTEGER (0..MAX) * </pre> - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.10 @@ -60,7 +55,7 @@ import netscape.security.util.PrettyPrintFormat; * @see CertAttrSet */ public class NameConstraintsExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -68,7 +63,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.NameConstraints"; /** * Attribute names. @@ -80,8 +75,8 @@ implements CertAttrSet { private static final byte TAG_PERMITTED = 0; private static final byte TAG_EXCLUDED = 1; - private GeneralSubtrees permitted; - private GeneralSubtrees excluded; + private GeneralSubtrees permitted; + private GeneralSubtrees excluded; private PrettyPrintFormat pp = new PrettyPrintFormat(":"); @@ -90,13 +85,13 @@ implements CertAttrSet { DerOutputStream seq = new DerOutputStream(); DerOutputStream tagged = new DerOutputStream(); - if ((permitted != null) &&(permitted.getSubtrees().size()>0)) { + if ((permitted != null) && (permitted.getSubtrees().size() > 0)) { DerOutputStream tmp = new DerOutputStream(); permitted.encode(tmp); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_PERMITTED), tmp); } - if ((excluded != null) && (excluded.getSubtrees().size()>0)) { + if ((excluded != null) && (excluded.getSubtrees().size() > 0)) { DerOutputStream tmp = new DerOutputStream(); excluded.encode(tmp); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, @@ -114,25 +109,25 @@ implements CertAttrSet { * The default constructor for this class. Either parameter * can be set to null to indicate it is omitted but both * cannot be null. - * + * * @param permitted the permitted GeneralSubtrees (null for optional). * @param excluded the excluded GeneralSubtrees (null for optional). */ public NameConstraintsExtension(GeneralSubtrees permitted, GeneralSubtrees excluded) - throws IOException { - init(false, permitted, excluded); + throws IOException { + init(false, permitted, excluded); } - public NameConstraintsExtension(boolean critical, - GeneralSubtrees permitted, GeneralSubtrees excluded) - throws IOException { - init(critical, permitted, excluded); + public NameConstraintsExtension(boolean critical, + GeneralSubtrees permitted, GeneralSubtrees excluded) + throws IOException { + init(critical, permitted, excluded); } - private void init(boolean critical, - GeneralSubtrees permitted, GeneralSubtrees excluded) - throws IOException { + private void init(boolean critical, + GeneralSubtrees permitted, GeneralSubtrees excluded) + throws IOException { if (permitted == null && excluded == null) { throw new IOException("NameConstraints: Invalid arguments"); } @@ -146,13 +141,13 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public NameConstraintsExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.NameConstraints_Id; this.critical = critical.booleanValue(); @@ -160,7 +155,7 @@ implements CertAttrSet { throw new IOException("Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; @@ -177,26 +172,26 @@ implements CertAttrSet { DerValue opt = val.data.getDerValue(); if (opt.isContextSpecific(TAG_PERMITTED) && opt.isConstructed()) { - if (permitted != null) { - throw new IOException("Duplicate permitted " + - "GeneralSubtrees in NameConstraintsExtension."); - } + if (permitted != null) { + throw new IOException("Duplicate permitted " + + "GeneralSubtrees in NameConstraintsExtension."); + } opt.resetTag(DerValue.tag_Sequence); - permitted = new GeneralSubtrees(opt); + permitted = new GeneralSubtrees(opt); } else if (opt.isContextSpecific(TAG_EXCLUDED) && opt.isConstructed()) { - if (excluded != null) { - throw new IOException("Duplicate excluded " + + if (excluded != null) { + throw new IOException("Duplicate excluded " + "GeneralSubtrees in NameConstraintsExtension."); - } + } opt.resetTag(DerValue.tag_Sequence); - excluded = new GeneralSubtrees(opt); + excluded = new GeneralSubtrees(opt); } else - throw new IOException("Invalid encoding of " + + throw new IOException("Invalid encoding of " + "NameConstraintsExtension."); - } } + } /** * Return the printable string. @@ -204,24 +199,23 @@ implements CertAttrSet { public String toString() { return (super.toString() + "NameConstraints: [" + ((permitted == null) ? "" : - ("\n Permitted:" + permitted.toString())) + + ("\n Permitted:" + permitted.toString())) + ((excluded == null) ? "" : - ("\n Excluded:" + excluded.toString())) - + " ]\n"); + ("\n Excluded:" + excluded.toString())) + " ]\n"); } public String toPrint(int indent) { - return ("GeneralSubtrees: "+ - ((permitted == null) ? "" : - ("\n"+pp.indent(indent+2)+"Permitted:" + permitted.toPrint(indent+4))) + - ((excluded == null) ? "" : - ("\n"+pp.indent(indent+2)+"Excluded:" + excluded.toPrint(indent+4))) + "\n"); + return ("GeneralSubtrees: " + + ((permitted == null) ? "" : + ("\n" + pp.indent(indent + 2) + "Permitted:" + permitted.toPrint(indent + 4))) + + ((excluded == null) ? "" : + ("\n" + pp.indent(indent + 2) + "Excluded:" + excluded.toPrint(indent + 4))) + "\n"); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -231,7 +225,7 @@ implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -242,7 +236,7 @@ implements CertAttrSet { encodeThis(); } super.encode(tmp); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); } /** @@ -250,62 +244,62 @@ implements CertAttrSet { */ public void set(String name, Object obj) throws IOException { clearValue(); - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - if (!(obj instanceof GeneralSubtrees)) { - throw new IOException("Attribute value should be" + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + if (!(obj instanceof GeneralSubtrees)) { + throw new IOException("Attribute value should be" + " of type GeneralSubtrees."); - } - permitted = (GeneralSubtrees)obj; - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - if (!(obj instanceof GeneralSubtrees)) { - throw new IOException("Attribute value should be " + } + permitted = (GeneralSubtrees) obj; + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + if (!(obj instanceof GeneralSubtrees)) { + throw new IOException("Attribute value should be " + "of type GeneralSubtrees."); - } - excluded = (GeneralSubtrees)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:NameConstraintsExtension."); - } + } + excluded = (GeneralSubtrees) obj; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - return (permitted); - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - return (excluded); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:NameConstraintsExtension."); - } + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + return (permitted); + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + return (excluded); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { - permitted = null; - } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { - excluded = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:NameConstraintsExtension."); - } + if (name.equalsIgnoreCase(PERMITTED_SUBTREES)) { + permitted = null; + } else if (name.equalsIgnoreCase(EXCLUDED_SUBTREES)) { + excluded = null; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:NameConstraintsExtension."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(PERMITTED_SUBTREES); elements.addElement(EXCLUDED_SUBTREES); - return (elements.elements()); + return (elements.elements()); } } diff --git a/pki/base/util/src/netscape/security/x509/NoticeReference.java b/pki/base/util/src/netscape/security/x509/NoticeReference.java index 9c232f3c..150b34f4 100644 --- a/pki/base/util/src/netscape/security/x509/NoticeReference.java +++ b/pki/base/util/src/netscape/security/x509/NoticeReference.java @@ -24,15 +24,14 @@ import netscape.security.util.BigInt; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * Represent the NoticeReference. - * + * * NoticeReference ::= SEQUENCE { - * organization DisplayText, - * noticeNumbers SEQUENCE OF INTEGER + * organization DisplayText, + * noticeNumbers SEQUENCE OF INTEGER * } - * + * * @author Thomas Kwan */ public class NoticeReference { @@ -41,8 +40,8 @@ public class NoticeReference { private int mNumbers[] = null; public NoticeReference(DisplayText org, int numbers[]) { - mOrg = org; - mNumbers = numbers; + mOrg = org; + mNumbers = numbers; } public NoticeReference(DerValue val) throws IOException { @@ -54,32 +53,31 @@ public class NoticeReference { if (integers.tag != DerValue.tag_Sequence) { throw new IOException("Invalid encoding for NoticeReference (integers)"); } - Vector<BigInt> num = new Vector<BigInt>(); + Vector<BigInt> num = new Vector<BigInt>(); while (integers.data.available() != 0) { - DerValue i = integers.data.getDerValue(); - BigInt bigI = i.getInteger(); - num.addElement(bigI); - } - if (num.size() <= 0) - return; - mNumbers = new int[num.size()]; - for (int i = 0; i < num.size(); i++) { - mNumbers[i] = num.elementAt(i).toInt(); - } + DerValue i = integers.data.getDerValue(); + BigInt bigI = i.getInteger(); + num.addElement(bigI); + } + if (num.size() <= 0) + return; + mNumbers = new int[num.size()]; + for (int i = 0; i < num.size(); i++) { + mNumbers[i] = num.elementAt(i).toInt(); + } } - public DisplayText getOrganization() - { - return mOrg; + public DisplayText getOrganization() { + return mOrg; } public int[] getNumbers() { - return mNumbers; + return mNumbers; } /** * Write the NoticeReference to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ @@ -87,10 +85,10 @@ public class NoticeReference { DerOutputStream tmp = new DerOutputStream(); mOrg.encode(tmp); DerOutputStream iseq = new DerOutputStream(); - for (int i = 0; i < mNumbers.length; i++) { - iseq.putInteger(new BigInt(mNumbers[i])); - } - tmp.write(DerValue.tag_Sequence,iseq); - out.write(DerValue.tag_Sequence,tmp); + for (int i = 0; i < mNumbers.length; i++) { + iseq.putInteger(new BigInt(mNumbers[i])); + } + tmp.write(DerValue.tag_Sequence, iseq); + out.write(DerValue.tag_Sequence, tmp); } } diff --git a/pki/base/util/src/netscape/security/x509/OIDMap.java b/pki/base/util/src/netscape/security/x509/OIDMap.java index 97e8d26e..7d21ab52 100644 --- a/pki/base/util/src/netscape/security/x509/OIDMap.java +++ b/pki/base/util/src/netscape/security/x509/OIDMap.java @@ -29,9 +29,9 @@ import netscape.security.util.ObjectIdentifier; /** * This class defines the mapping from OID & name to classes and vice - * versa. Used by CertificateExtensions & PKCS10 to get the java + * versa. Used by CertificateExtensions & PKCS10 to get the java * classes associated with a particular OID/name. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.12 @@ -43,9 +43,9 @@ public class OIDMap { * the local system. */ public static final String EXTENSIONS_HOME = - (System.getProperty("java.home") + File.separator + "lib" - + File.separator + "security" + File.separator + "cert" - + File.separator); + (System.getProperty("java.home") + File.separator + "lib" + + File.separator + "security" + File.separator + "cert" + + File.separator); /** * File names for where OIDs and Classes are registered * for V3 extensions. @@ -59,36 +59,36 @@ public class OIDMap { X509CertInfo.EXTENSIONS; private static final String AUTH_KEY_IDENTIFIER = ROOT + "." + AuthorityKeyIdentifierExtension.class.getSimpleName(); - private static final String SUB_KEY_IDENTIFIER = ROOT + "." + + private static final String SUB_KEY_IDENTIFIER = ROOT + "." + SubjectKeyIdentifierExtension.class.getSimpleName(); - private static final String KEY_USAGE = ROOT + "." + + private static final String KEY_USAGE = ROOT + "." + KeyUsageExtension.class.getSimpleName(); - private static final String PRIVATE_KEY_USAGE = ROOT + "." + + private static final String PRIVATE_KEY_USAGE = ROOT + "." + PrivateKeyUsageExtension.class.getSimpleName(); - private static final String POLICY_MAPPINGS = ROOT + "." + + private static final String POLICY_MAPPINGS = ROOT + "." + PolicyMappingsExtension.class.getSimpleName(); - private static final String SUB_ALT_NAME = ROOT + "." + + private static final String SUB_ALT_NAME = ROOT + "." + SubjectAlternativeNameExtension.class.getSimpleName(); - private static final String ISSUER_ALT_NAME = ROOT + "." + + private static final String ISSUER_ALT_NAME = ROOT + "." + IssuerAlternativeNameExtension.class.getSimpleName(); - private static final String BASIC_CONSTRAINTS = ROOT + "." + + private static final String BASIC_CONSTRAINTS = ROOT + "." + BasicConstraintsExtension.class.getSimpleName(); - private static final String NAME_CONSTRAINTS = ROOT + "." + + private static final String NAME_CONSTRAINTS = ROOT + "." + NameConstraintsExtension.class.getSimpleName(); - private static final String POLICY_CONSTRAINTS = ROOT + "." + + private static final String POLICY_CONSTRAINTS = ROOT + "." + PolicyConstraintsExtension.class.getSimpleName(); - private static final String CERT_POLICIES = //ROOT + "." + - CertificatePoliciesExtension.class.getSimpleName(); - private static final String SUBJ_DIR_ATTR = //ROOT + "." + - SubjectDirAttributesExtension.class.getSimpleName(); + private static final String CERT_POLICIES = //ROOT + "." + + CertificatePoliciesExtension.class.getSimpleName(); + private static final String SUBJ_DIR_ATTR = //ROOT + "." + + SubjectDirAttributesExtension.class.getSimpleName(); public static final String EXT_KEY_USAGE_NAME = "ExtendedKeyUsageExtension"; public static final String EXT_INHIBIT_ANY_POLICY_NAME = "InhibitAnyPolicyExtension"; private static final String EXT_KEY_USAGE = //ROOT + "." + - EXT_KEY_USAGE_NAME; + EXT_KEY_USAGE_NAME; - private static final String CRL_NUMBER = ROOT + "." + + private static final String CRL_NUMBER = ROOT + "." + CRLNumberExtension.class.getSimpleName(); - private static final String CRL_REASON = ROOT + "." + + private static final String CRL_REASON = ROOT + "." + CRLReasonExtension.class.getSimpleName(); private static final Hashtable<ObjectIdentifier, String> oid2Name = new Hashtable<ObjectIdentifier, String>(); @@ -103,25 +103,25 @@ public class OIDMap { // Load the default name to oid map (EXTENSIONS_OIDS) private static void loadNamesDefault(Properties props) { - props.put(SUB_KEY_IDENTIFIER,"2.5.29.14"); - props.put(KEY_USAGE,"2.5.29.15"); - props.put(PRIVATE_KEY_USAGE,"2.5.29.16"); - props.put(SUB_ALT_NAME,"2.5.29.17"); - props.put(ISSUER_ALT_NAME,"2.5.29.18"); - props.put(BASIC_CONSTRAINTS,"2.5.29.19"); - props.put(CRL_NUMBER,"2.5.29.20"); - props.put(CRL_REASON,"2.5.29.21"); - props.put(NAME_CONSTRAINTS,"2.5.29.30"); - props.put(POLICY_MAPPINGS,"2.5.29.33"); - props.put(POLICY_CONSTRAINTS,"2.5.29.36"); - props.put(CERT_POLICIES,"2.5.29.32"); - props.put(AUTH_KEY_IDENTIFIER,"2.5.29.35"); - props.put(SUBJ_DIR_ATTR,"2.5.29.9"); - props.put(EXT_KEY_USAGE,"2.5.29.37"); + props.put(SUB_KEY_IDENTIFIER, "2.5.29.14"); + props.put(KEY_USAGE, "2.5.29.15"); + props.put(PRIVATE_KEY_USAGE, "2.5.29.16"); + props.put(SUB_ALT_NAME, "2.5.29.17"); + props.put(ISSUER_ALT_NAME, "2.5.29.18"); + props.put(BASIC_CONSTRAINTS, "2.5.29.19"); + props.put(CRL_NUMBER, "2.5.29.20"); + props.put(CRL_REASON, "2.5.29.21"); + props.put(NAME_CONSTRAINTS, "2.5.29.30"); + props.put(POLICY_MAPPINGS, "2.5.29.33"); + props.put(POLICY_CONSTRAINTS, "2.5.29.36"); + props.put(CERT_POLICIES, "2.5.29.32"); + props.put(AUTH_KEY_IDENTIFIER, "2.5.29.35"); + props.put(SUBJ_DIR_ATTR, "2.5.29.9"); + props.put(EXT_KEY_USAGE, "2.5.29.37"); } // Load the default name to class map (EXTENSIONS_CLASSES) - private static void loadClassDefault (Properties props) { + private static void loadClassDefault(Properties props) { props.put(AUTH_KEY_IDENTIFIER, "netscape.security.x509.AuthorityKeyIdentifierExtension"); props.put(SUB_KEY_IDENTIFIER, @@ -153,7 +153,7 @@ public class OIDMap { } // Return the file along with location - private static File certificatePropFile (String fileName) { + private static File certificatePropFile(String fileName) { return (new File(EXTENSIONS_HOME + fileName)); } @@ -166,11 +166,11 @@ public class OIDMap { loadNamesDefault(props); } else { try { - FileInputStream fis = new FileInputStream(namesMap); - props.load(fis); + FileInputStream fis = new FileInputStream(namesMap); + props.load(fis); fis.close(); } catch (IOException e) { - loadNamesDefault(props); + loadNamesDefault(props); } } @@ -194,10 +194,10 @@ public class OIDMap { loadClassDefault(props); } else { try { - FileInputStream fis = new FileInputStream(classMap); - props.load(fis); + FileInputStream fis = new FileInputStream(classMap); + props.load(fis); } catch (IOException e) { - loadClassDefault(props); + loadClassDefault(props); } } @@ -212,92 +212,92 @@ public class OIDMap { /** * Add a name to lookup table. - * + * * @param className the name of the fully qualified class implementing - * the asn object. + * the asn object. * @param oid the string representation of the object identifier for - * the class. + * the class. * @param name the name of the attribute. * @exception CertificateException on errors. */ public static void addAttribute(String className, String oid, String name) - throws CertificateException { + throws CertificateException { ObjectIdentifier objId = new ObjectIdentifier(oid); - if (oid2Name.get(objId) != null) { - throw new CertificateException("Object identifier already exists."); - } - if (name2OID.get(name) != null) { - throw new CertificateException("Name already exists."); - } - if (name2Class.get(className) != null) { - throw new CertificateException("Class already exists."); - } - oid2Name.put(objId, name); - name2OID.put(name, objId); - name2Class.put(name, className); + if (oid2Name.get(objId) != null) { + throw new CertificateException("Object identifier already exists."); + } + if (name2OID.get(name) != null) { + throw new CertificateException("Name already exists."); + } + if (name2Class.get(className) != null) { + throw new CertificateException("Class already exists."); + } + oid2Name.put(objId, name); + name2OID.put(name, objId); + name2Class.put(name, className); } /** * Return user friendly name associated with the OID. - * + * * @param oid the name of the object identifier to be returned. * @return the user friendly name or null if no name - * is registered for this oid. + * is registered for this oid. */ public static String getName(ObjectIdentifier oid) { - return (String)oid2Name.get(oid); - } + return (String) oid2Name.get(oid); + } /** * Return Object identifier for user friendly name. - * + * * @param name the user friendly name. - * @return the Object Identifier or null if no oid - * is registered for this name. + * @return the Object Identifier or null if no oid + * is registered for this name. */ public static ObjectIdentifier getOID(String name) { - return (ObjectIdentifier)name2OID.get(name); - } + return (ObjectIdentifier) name2OID.get(name); + } /** * Return the java class object associated with the user friendly name. - * + * * @param name the user friendly name. * @exception CertificateException if class cannot be instantiated. */ public static Class<?> getClass(String name) throws CertificateException { - String className = (String)name2Class.get(name); + String className = (String) name2Class.get(name); if (className == null) return null; try { Class<?> extClass = Class.forName(className); - return (extClass); - } catch (Exception e) { - throw new CertificateException("Error instantiating class for " + return (extClass); + } catch (Exception e) { + throw new CertificateException("Error instantiating class for " + name + " " + e.toString()); - } + } } /** * Return the java class object associated with the object identifier.. - * + * * @param oid the name of the object identifier to be returned. * @exception CertificateException if class cannot be instatiated. */ public static Class<?> getClass(ObjectIdentifier oid) - throws CertificateException { + throws CertificateException { String name = getName(oid); if (name == null) return null; - String className = (String)name2Class.get(name); + String className = (String) name2Class.get(name); if (className == null) return null; try { Class<?> extClass = Class.forName(className); - return (extClass); - } catch (Exception e) { - throw new CertificateException("Error instantiating class for " + return (extClass); + } catch (Exception e) { + throw new CertificateException("Error instantiating class for " + name + " " + e.toString()); - } + } } } diff --git a/pki/base/util/src/netscape/security/x509/OIDName.java b/pki/base/util/src/netscape/security/x509/OIDName.java index 61d44771..e5c1b7ac 100644 --- a/pki/base/util/src/netscape/security/x509/OIDName.java +++ b/pki/base/util/src/netscape/security/x509/OIDName.java @@ -26,7 +26,7 @@ import netscape.security.util.ObjectIdentifier; /** * This class implements the OIDName as required by the GeneralNames * ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.3 @@ -35,7 +35,7 @@ import netscape.security.util.ObjectIdentifier; * @see GeneralNameInterface */ public class OIDName implements GeneralNameInterface { - /** + /** * */ private static final long serialVersionUID = 9198510631835117121L; @@ -43,7 +43,7 @@ public class OIDName implements GeneralNameInterface { /** * Create the OIDName object from the passed encoded Der value. - * + * * @param derValue the encoded DER OIDName. * @exception IOException on error. */ @@ -53,7 +53,7 @@ public class OIDName implements GeneralNameInterface { /** * Create the OIDName object with the specified name. - * + * * @param name the OIDName. */ public OIDName(ObjectIdentifier oid) { @@ -61,7 +61,7 @@ public class OIDName implements GeneralNameInterface { } public OIDName(String oid) { - this.oid = new ObjectIdentifier(oid); + this.oid = new ObjectIdentifier(oid); } /** @@ -73,7 +73,7 @@ public class OIDName implements GeneralNameInterface { /** * Encode the OID name into the DerOutputStream. - * + * * @param out the DER stream to encode the OIDName to. * @exception IOException on encoding errors. */ diff --git a/pki/base/util/src/netscape/security/x509/OtherName.java b/pki/base/util/src/netscape/security/x509/OtherName.java index c4815bb2..38d3a0af 100644 --- a/pki/base/util/src/netscape/security/x509/OtherName.java +++ b/pki/base/util/src/netscape/security/x509/OtherName.java @@ -27,18 +27,18 @@ import netscape.security.util.ObjectIdentifier; /** * This class implements the OtherName as required by the GeneralNames * ASN.1 object. - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id - * } - * + * + * OtherName ::= SEQUENCE { + * type-id OBJECT IDENTIFIER, + * value [0] EXPLICIT ANY DEFINED BY type-id + * } + * * @see GeneralName * @see GeneralNameInterface * @see GeneralNames - * + * * @version 1.2 - * + * * @author Amit Kapoor * @author Hemma Prafullchandra */ @@ -52,7 +52,7 @@ public class OtherName implements GeneralNameInterface { /** * Create the IPAddressName object from the passed encoded Der value. - * + * * @param derValue the encoded DER IPAddressName. * @exception IOException on error. */ @@ -61,61 +61,60 @@ public class OtherName implements GeneralNameInterface { } public OtherName(ObjectIdentifier oid, byte data[]) { - mOID = oid; - DerOutputStream dos = new DerOutputStream(); - try { - dos.putDerValue(new DerValue(data)); - } catch (IOException e) { - } - mData = dos.toByteArray(); + mOID = oid; + DerOutputStream dos = new DerOutputStream(); + try { + dos.putDerValue(new DerValue(data)); + } catch (IOException e) { + } + mData = dos.toByteArray(); } /** * Constructs a string-based other name. */ public OtherName(ObjectIdentifier oid, byte tag, String value) { - mOID = oid; - DerOutputStream dos = new DerOutputStream(); - try { - if (tag == DerValue.tag_PrintableString) { - dos.putPrintableString(value); - } else if (tag == DerValue.tag_IA5String) { - dos.putIA5String(value); - } else if (tag == DerValue.tag_BMPString) { - dos.putBMPString(value); - } else if (tag == DerValue.tag_UTF8String) { - dos.putUTF8String(value); + mOID = oid; + DerOutputStream dos = new DerOutputStream(); + try { + if (tag == DerValue.tag_PrintableString) { + dos.putPrintableString(value); + } else if (tag == DerValue.tag_IA5String) { + dos.putIA5String(value); + } else if (tag == DerValue.tag_BMPString) { + dos.putBMPString(value); + } else if (tag == DerValue.tag_UTF8String) { + dos.putUTF8String(value); + } + } catch (IOException e) { } - } catch (IOException e) { - } - mData = dos.toByteArray(); + mData = dos.toByteArray(); } public OtherName(ObjectIdentifier oid, String value) { - mOID = oid; - DerOutputStream dos = new DerOutputStream(); - try { - dos.putPrintableString(value); - } catch (IOException e) { - } - mData = dos.toByteArray(); + mOID = oid; + DerOutputStream dos = new DerOutputStream(); + try { + dos.putPrintableString(value); + } catch (IOException e) { + } + mData = dos.toByteArray(); } /** * Create the IPAddressName object with the specified name. - * + * * @param name the IPAddressName. */ public OtherName(byte[] data) { try { - decodeThis(new DerValue(data)); + decodeThis(new DerValue(data)); } catch (IOException e) { } } - public ObjectIdentifier getOID() - { - return mOID; + public ObjectIdentifier getOID() { + return mOID; } /** @@ -127,7 +126,7 @@ public class OtherName implements GeneralNameInterface { /** * Encode the IPAddress name into the DerOutputStream. - * + * * @param out the DER stream to encode the IPAddressName to. * @exception IOException on encoding errors. */ @@ -139,7 +138,7 @@ public class OtherName implements GeneralNameInterface { DerOutputStream tmp1 = new DerOutputStream(); tmp1.write(mData); tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, - (byte)0x80), tmp1); + (byte) 0x80), tmp1); out.write(DerValue.tag_SequenceOf, tmp); } @@ -152,10 +151,9 @@ public class OtherName implements GeneralNameInterface { // Decode this extension value private void decodeThis(DerValue derVal) throws IOException { - // if (derVal.tag != DerValue.tag_Sequence) { - // throw new IOException("Invalid encoding for other name"); - // } - + // if (derVal.tag != DerValue.tag_Sequence) { + // throw new IOException("Invalid encoding for other name"); + // } // Decode all the Attributes mOID = derVal.data.getOID(); @@ -176,21 +174,21 @@ public class OtherName implements GeneralNameInterface { public String toString() { if (mData != null) { try { - DerValue data = new DerValue(mData); - if (data.tag == DerValue.tag_PrintableString) { - return "OtherName: (PrintableString)" + mOID + "," + data.getPrintableString(); - } else if (data.tag == DerValue.tag_IA5String) { - return "OtherName: (IA5String)" + mOID + "," + data.getIA5String(); - } else if (data.tag == DerValue.tag_BMPString) { - return "OtherName: (BMPString)" + mOID + "," + data.getIA5String(); - } else if (data.tag == DerValue.tag_UTF8String) { - return "OtherName: (UTF8String)" + mOID + "," + data.getUTF8String(); - } else { - return "OtherName: (Any)" + mOID + "," + toStr(data.toByteArray()); - } - } catch (IOException e) { - - return "OtherName: (Any)" + mOID + "," + toStr(mData); + DerValue data = new DerValue(mData); + if (data.tag == DerValue.tag_PrintableString) { + return "OtherName: (PrintableString)" + mOID + "," + data.getPrintableString(); + } else if (data.tag == DerValue.tag_IA5String) { + return "OtherName: (IA5String)" + mOID + "," + data.getIA5String(); + } else if (data.tag == DerValue.tag_BMPString) { + return "OtherName: (BMPString)" + mOID + "," + data.getIA5String(); + } else if (data.tag == DerValue.tag_UTF8String) { + return "OtherName: (UTF8String)" + mOID + "," + data.getUTF8String(); + } else { + return "OtherName: (Any)" + mOID + "," + toStr(data.toByteArray()); + } + } catch (IOException e) { + + return "OtherName: (Any)" + mOID + "," + toStr(mData); } } else { return "OtherName: "; @@ -200,13 +198,11 @@ public class OtherName implements GeneralNameInterface { public String toStr(byte data[]) { StringBuffer b = new StringBuffer(); for (int i = 0; i < data.length; i++) { - if ((data[i] & 0xff) < 16) { - b.append("0"); - } - b.append(Integer.toString((int)(data[i] & 0xff), 0x10)); + if ((data[i] & 0xff) < 16) { + b.append("0"); + } + b.append(Integer.toString((int) (data[i] & 0xff), 0x10)); } return b.toString(); } } - - diff --git a/pki/base/util/src/netscape/security/x509/PKIXExtensions.java b/pki/base/util/src/netscape/security/x509/PKIXExtensions.java index 8593d923..cb903c80 100644 --- a/pki/base/util/src/netscape/security/x509/PKIXExtensions.java +++ b/pki/base/util/src/netscape/security/x509/PKIXExtensions.java @@ -21,90 +21,80 @@ import netscape.security.util.ObjectIdentifier; /** * Lists all the object identifiers of the X509 extensions of the PKIX profile. - * - * <p>Extensions are addiitonal attributes which can be inserted in a X509 - * v3 certificate. For example a "Driving License Certificate" could have - * the driving license number as a extension. - * - * <p>Extensions are represented as a sequence of the extension identifier - * (Object Identifier), a boolean flag stating whether the extension is to - * be treated as being critical and the extension value itself (this is again - * a DER encoding of the extension value). - * + * + * <p> + * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension. + * + * <p> + * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value). + * * @see Extension - * + * * @version 1.4 - * + * * @author Amit Kapoor * @author Hemma Prafullchandra */ public class PKIXExtensions { // The object identifiers - private static final int AuthorityKey_data [] = { 2, 5, 29, 35 }; - private static final int SubjectKey_data [] = { 2, 5, 29, 14 }; - private static final int KeyUsage_data [] = { 2, 5, 29, 15 }; - private static final int PrivateKeyUsage_data [] = { 2, 5, 29, 16 }; - private static final int CertificatePolicies_data [] = { 2, 5, 29, 32 }; - private static final int PolicyMappings_data [] = { 2, 5, 29, 33 }; - private static final int SubjectAlternativeName_data [] = { 2, 5, 29, 17 }; - private static final int IssuerAlternativeName_data [] = { 2, 5, 29, 18 }; - private static final int SubjectDirectoryAttributes_data [] = { 2, 5, 29, 9 }; - private static final int BasicConstraints_data [] = { 2, 5, 29, 19 }; - private static final int NameConstraints_data [] = { 2, 5, 29, 30 }; - private static final int PolicyConstraints_data [] = { 2, 5, 29, 36 }; - private static final int CRLDistributionPoints_data [] = { 2, 5, 29, 31 }; - private static final int CRLNumber_data [] = { 2, 5, 29, 20 }; - private static final int IssuingDistributionPoint_data [] = { 2, 5, 29, 28 }; - private static final int DeltaCRLIndicator_data [] = { 2, 5, 29, 27 }; - private static final int ReasonCode_data [] = { 2, 5, 29, 21 }; - private static final int HoldInstructionCode_data [] = { 2, 5, 29, 23 }; - private static final int InvalidityDate_data [] = { 2, 5, 29, 24 }; - private static final int CertificateIssuer_data [] = { 2, 5, 29, 29 }; - private static final int FreshestCRL_data [] = { 2, 5, 29, 46 }; + private static final int AuthorityKey_data[] = { 2, 5, 29, 35 }; + private static final int SubjectKey_data[] = { 2, 5, 29, 14 }; + private static final int KeyUsage_data[] = { 2, 5, 29, 15 }; + private static final int PrivateKeyUsage_data[] = { 2, 5, 29, 16 }; + private static final int CertificatePolicies_data[] = { 2, 5, 29, 32 }; + private static final int PolicyMappings_data[] = { 2, 5, 29, 33 }; + private static final int SubjectAlternativeName_data[] = { 2, 5, 29, 17 }; + private static final int IssuerAlternativeName_data[] = { 2, 5, 29, 18 }; + private static final int SubjectDirectoryAttributes_data[] = { 2, 5, 29, 9 }; + private static final int BasicConstraints_data[] = { 2, 5, 29, 19 }; + private static final int NameConstraints_data[] = { 2, 5, 29, 30 }; + private static final int PolicyConstraints_data[] = { 2, 5, 29, 36 }; + private static final int CRLDistributionPoints_data[] = { 2, 5, 29, 31 }; + private static final int CRLNumber_data[] = { 2, 5, 29, 20 }; + private static final int IssuingDistributionPoint_data[] = { 2, 5, 29, 28 }; + private static final int DeltaCRLIndicator_data[] = { 2, 5, 29, 27 }; + private static final int ReasonCode_data[] = { 2, 5, 29, 21 }; + private static final int HoldInstructionCode_data[] = { 2, 5, 29, 23 }; + private static final int InvalidityDate_data[] = { 2, 5, 29, 24 }; + private static final int CertificateIssuer_data[] = { 2, 5, 29, 29 }; + private static final int FreshestCRL_data[] = { 2, 5, 29, 46 }; /** * Identifies the particular public key used to sign the certificate. */ - public static final ObjectIdentifier AuthorityKey_Id - = new ObjectIdentifier(AuthorityKey_data); + public static final ObjectIdentifier AuthorityKey_Id = new ObjectIdentifier(AuthorityKey_data); /** * Identifies the particular public key used in an application. */ - public static final ObjectIdentifier SubjectKey_Id - = new ObjectIdentifier(SubjectKey_data); + public static final ObjectIdentifier SubjectKey_Id = new ObjectIdentifier(SubjectKey_data); /** * Defines the purpose of the key contained in the certificate. */ - public static final ObjectIdentifier KeyUsage_Id - = new ObjectIdentifier(KeyUsage_data); + public static final ObjectIdentifier KeyUsage_Id = new ObjectIdentifier(KeyUsage_data); /** * Allows the certificate issuer to specify a different validity period * for the private key than the certificate. */ - public static final ObjectIdentifier PrivateKeyUsage_Id - = new ObjectIdentifier(PrivateKeyUsage_data); + public static final ObjectIdentifier PrivateKeyUsage_Id = new ObjectIdentifier(PrivateKeyUsage_data); /** * Contains the sequence of policy information terms. */ - public static final ObjectIdentifier CertificatePolicies_Id - = new ObjectIdentifier(CertificatePolicies_data); + public static final ObjectIdentifier CertificatePolicies_Id = new ObjectIdentifier(CertificatePolicies_data); /** * Lists pairs of objectidentifiers of policies considered equivalent by the * issuing CA to the subject CA. */ - public static final ObjectIdentifier PolicyMappings_Id - = new ObjectIdentifier(PolicyMappings_data); + public static final ObjectIdentifier PolicyMappings_Id = new ObjectIdentifier(PolicyMappings_data); /** * Allows additional identities to be bound to the subject of the certificate. */ - public static final ObjectIdentifier SubjectAlternativeName_Id - = new ObjectIdentifier(SubjectAlternativeName_data); + public static final ObjectIdentifier SubjectAlternativeName_Id = new ObjectIdentifier(SubjectAlternativeName_data); /** * Allows additional identities to be associated with the certificate issuer. @@ -116,8 +106,7 @@ public class PKIXExtensions { * Identifies additional directory attributes. * This extension is always non-critical. */ - public static final ObjectIdentifier SubjectDirectoryAttributes_Id - = new ObjectIdentifier(SubjectDirectoryAttributes_data); + public static final ObjectIdentifier SubjectDirectoryAttributes_Id = new ObjectIdentifier(SubjectDirectoryAttributes_data); /** * Identifies whether the subject of the certificate is a CA and how deep @@ -130,73 +119,62 @@ public class PKIXExtensions { * Provides for permitted and excluded subtrees that place restrictions * on names that may be included within a certificate issued by a given CA. */ - public static final ObjectIdentifier NameConstraints_Id - = new ObjectIdentifier(NameConstraints_data); + public static final ObjectIdentifier NameConstraints_Id = new ObjectIdentifier(NameConstraints_data); /** * Used to either prohibit policy mapping or limit the set of policies * that can be in subsequent certificates. */ - public static final ObjectIdentifier PolicyConstraints_Id - = new ObjectIdentifier(PolicyConstraints_data); + public static final ObjectIdentifier PolicyConstraints_Id = new ObjectIdentifier(PolicyConstraints_data); /** * Identifies how CRL information is obtained. */ - public static final ObjectIdentifier CRLDistributionPoints_Id - = new ObjectIdentifier(CRLDistributionPoints_data); + public static final ObjectIdentifier CRLDistributionPoints_Id = new ObjectIdentifier(CRLDistributionPoints_data); /** * Conveys a monotonically increasing sequence number for each CRL * issued by a given CA. */ - public static final ObjectIdentifier CRLNumber_Id - = new ObjectIdentifier(CRLNumber_data); + public static final ObjectIdentifier CRLNumber_Id = new ObjectIdentifier(CRLNumber_data); /** * Identifies the CRL distribution point for a particular CRL. */ - public static final ObjectIdentifier IssuingDistributionPoint_Id - = new ObjectIdentifier(IssuingDistributionPoint_data); + public static final ObjectIdentifier IssuingDistributionPoint_Id = new ObjectIdentifier(IssuingDistributionPoint_data); /** * Identifies the delta CRL. */ - public static final ObjectIdentifier DeltaCRLIndicator_Id - = new ObjectIdentifier(DeltaCRLIndicator_data); + public static final ObjectIdentifier DeltaCRLIndicator_Id = new ObjectIdentifier(DeltaCRLIndicator_data); /** * Identifies the reason for the certificate revocation. */ - public static final ObjectIdentifier ReasonCode_Id - = new ObjectIdentifier(ReasonCode_data); + public static final ObjectIdentifier ReasonCode_Id = new ObjectIdentifier(ReasonCode_data); /** * This extension provides a registered instruction identifier indicating * the action to be taken, after encountering a certificate that has been * placed on hold. */ - public static final ObjectIdentifier HoldInstructionCode_Id - = new ObjectIdentifier(HoldInstructionCode_data); + public static final ObjectIdentifier HoldInstructionCode_Id = new ObjectIdentifier(HoldInstructionCode_data); /** * Identifies the date on which it is known or suspected that the private * key was compromised or that the certificate otherwise became invalid. */ - public static final ObjectIdentifier InvalidityDate_Id - = new ObjectIdentifier(InvalidityDate_data); + public static final ObjectIdentifier InvalidityDate_Id = new ObjectIdentifier(InvalidityDate_data); /** * Identifies the date on which it is known or suspected that the private * key was compromised or that the certificate otherwise became invalid. */ - public static final ObjectIdentifier CertificateIssuer_Id - = new ObjectIdentifier(CertificateIssuer_data); + public static final ObjectIdentifier CertificateIssuer_Id = new ObjectIdentifier(CertificateIssuer_data); /** * Identifies how delta CRL information is obtained. */ - public static final ObjectIdentifier FreshestCRL_Id - = new ObjectIdentifier(FreshestCRL_data); + public static final ObjectIdentifier FreshestCRL_Id = new ObjectIdentifier(FreshestCRL_data); } diff --git a/pki/base/util/src/netscape/security/x509/PolicyConstraint.java b/pki/base/util/src/netscape/security/x509/PolicyConstraint.java index 83bfa1a6..22f9cebe 100644 --- a/pki/base/util/src/netscape/security/x509/PolicyConstraint.java +++ b/pki/base/util/src/netscape/security/x509/PolicyConstraint.java @@ -26,7 +26,7 @@ import netscape.security.util.DerValue; /** * This class defines the PolicyConstraint ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.4 @@ -42,7 +42,7 @@ public class PolicyConstraint { /** * The default constructor for this object - * + * * @param set the CertificatePolicySet (null for optional). * @param require require explicit policy (-1 for optional). * @param inhibit inhibit policy mapping (-1 for optional). @@ -55,35 +55,35 @@ public class PolicyConstraint { /** * Create the PolicyConstraint from the DerValue. - * + * * @param val the DerValue of the PolicyConstraint. * @exception IOException on decoding errors. */ public PolicyConstraint(DerValue val) throws IOException { if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Sequence tag missing for PolicyConstraint."); - } - DerInputStream in = val.data; - while (in != null && in.available() != 0) { - DerValue next = in.getDerValue(); - switch (next.tag & 0x1f) { - case TAG_SET: - this.set = new CertificatePolicySet(next.data); - break; - - case TAG_REQUIRE: - next = next.data.getDerValue(); - this.require = (next.getInteger()).toInt(); - break; - - case TAG_INHIBIT: - next = next.data.getDerValue(); - this.inhibit = (next.getInteger()).toInt(); - break; - - default: - throw new IOException("Invalid tag option for PolicyConstraint."); - } + throw new IOException("Sequence tag missing for PolicyConstraint."); + } + DerInputStream in = val.data; + while (in != null && in.available() != 0) { + DerValue next = in.getDerValue(); + switch (next.tag & 0x1f) { + case TAG_SET: + this.set = new CertificatePolicySet(next.data); + break; + + case TAG_REQUIRE: + next = next.data.getDerValue(); + this.require = (next.getInteger()).toInt(); + break; + + case TAG_INHIBIT: + next = next.data.getDerValue(); + this.inhibit = (next.getInteger()).toInt(); + break; + + default: + throw new IOException("Invalid tag option for PolicyConstraint."); + } } } @@ -91,23 +91,23 @@ public class PolicyConstraint { * Return user readable form of the object. */ public String toString() { - String s = ((set != null) ? - "PolicyConstraint: [\n" - + " PolicySet:[" + set.toString() + "]\n" - + " Require:" + require + "\n" - + " Inhibit:" + inhibit + "\n" - + "]\n" : - "PolicyConstraint: [\n" - + " PolicySet:[null]\n" - + " Require:" + require + "\n" - + " Inhibit:" + inhibit + "\n" - + "]\n"); + String s = ((set != null) ? + "PolicyConstraint: [\n" + + " PolicySet:[" + set.toString() + "]\n" + + " Require:" + require + "\n" + + " Inhibit:" + inhibit + "\n" + + "]\n" : + "PolicyConstraint: [\n" + + " PolicySet:[null]\n" + + " Require:" + require + "\n" + + " Inhibit:" + inhibit + "\n" + + "]\n"); return (s); } /** * Encode the object to the output stream. - * + * * @param out the DerOutputStream to encode the object to. */ public void encode(DerOutputStream out) throws IOException { @@ -131,6 +131,6 @@ public class PolicyConstraint { tagged.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, TAG_INHIBIT), tmp); } - out.write(DerValue.tag_Sequence,tagged); + out.write(DerValue.tag_Sequence, tagged); } } diff --git a/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java b/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java index 39e7fbfb..c096a091 100644 --- a/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java +++ b/pki/base/util/src/netscape/security/x509/PolicyConstraintsExtension.java @@ -33,13 +33,10 @@ import netscape.security.util.DerValue; * This class defines the certificate extension which specifies the * Policy constraints. * <p> - * The policy constraints extension can be used in certificates issued - * to CAs. The policy constraints extension constrains path validation - * in two ways. It can be used to prohibit policy mapping or require - * that each certificate in a path contain an acceptable policy - * identifier.<p> - * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the - * module definition): + * The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier. + * <p> + * The ASN.1 syntax for this is (IMPLICIT tagging is defined in the module definition): + * * <pre> * PolicyConstraints ::= SEQUENCE { * requireExplicitPolicy [0] SkipCerts OPTIONAL, @@ -47,6 +44,7 @@ import netscape.security.util.DerValue; * } * SkipCerts ::= INTEGER (0..MAX) * </pre> + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.9 @@ -54,7 +52,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class PolicyConstraintsExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -62,7 +60,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.PolicyConstraints"; /** * Attribute names. @@ -86,19 +84,19 @@ implements CertAttrSet { tmp.putInteger(new BigInt(require)); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_REQUIRE), tmp); - } + } if (inhibit != -1) { - DerOutputStream tmp = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); tmp.putInteger(new BigInt(inhibit)); tagged.writeImplicit(DerValue.createTag(DerValue.TAG_CONTEXT, false, TAG_INHIBIT), tmp); } seq.write(DerValue.tag_Sequence, tagged); - extensionValue = seq.toByteArray(); + extensionValue = seq.toByteArray(); } /** - * Create a PolicyConstraintsExtension object with criticality and + * Create a PolicyConstraintsExtension object with criticality and * both require explicit policy and inhibit policy mapping. * * @param critical whether this extension should be critical @@ -106,52 +104,52 @@ implements CertAttrSet { * @param inhibit inhibit policy mapping (-1 for optional). */ public PolicyConstraintsExtension(boolean crit, int require, int inhibit) - throws IOException { - init(crit, require, inhibit); + throws IOException { + init(crit, require, inhibit); } /** * Create a PolicyConstraintsExtension object with both * require explicit policy and inhibit policy mapping. - * + * * @param require require explicit policy (-1 for optional). * @param inhibit inhibit policy mapping (-1 for optional). */ public PolicyConstraintsExtension(int require, int inhibit) - throws IOException { - init(false, require, inhibit); + throws IOException { + init(false, require, inhibit); } private void init(boolean crit, int require, int inhibit) - throws IOException { + throws IOException { this.require = require; this.inhibit = inhibit; - this.extensionId = PKIXExtensions.PolicyConstraints_Id; - this.critical = crit; + this.extensionId = PKIXExtensions.PolicyConstraints_Id; + this.critical = crit; encodeThis(); } /** * Create the extension from its DER encoded value and criticality. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public PolicyConstraintsExtension(Boolean critical, Object value) - throws IOException { - this.extensionId = PKIXExtensions.PolicyConstraints_Id; - this.critical = critical.booleanValue(); + throws IOException { + this.extensionId = PKIXExtensions.PolicyConstraints_Id; + this.critical = critical.booleanValue(); if (!(value instanceof byte[])) throw new IOException("Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; - DerValue val = new DerValue(extValue); + DerValue val = new DerValue(extValue); if (val.tag != DerValue.tag_Sequence) { throw new IOException("Sequence tag missing for PolicyConstraint."); } @@ -162,7 +160,7 @@ implements CertAttrSet { if (next.isContextSpecific(TAG_REQUIRE) && !next.isConstructed()) { if (this.require != -1) throw new IOException("Duplicate requireExplicitPolicy" + - "found in the PolicyConstraintsExtension"); + "found in the PolicyConstraintsExtension"); next.resetTag(DerValue.tag_Integer); this.require = (next.getInteger()).toInt(); @@ -170,12 +168,12 @@ implements CertAttrSet { !next.isConstructed()) { if (this.inhibit != -1) throw new IOException("Duplicate inhibitPolicyMapping" + - "found in the PolicyConstraintsExtension"); + "found in the PolicyConstraintsExtension"); next.resetTag(DerValue.tag_Integer); this.inhibit = (next.getInteger()).toInt(); } else throw new IOException("Invalid encoding of PolicyConstraint"); - } + } } /** @@ -184,12 +182,12 @@ implements CertAttrSet { public String toString() { String s; s = super.toString() + "PolicyConstraints: [" + " Require: "; - if (require == -1) + if (require == -1) s += "unspecified;"; else s += require + ";"; s += "\tInhibit: "; - if (inhibit == -1) + if (inhibit == -1) s += "unspecified"; else s += inhibit; @@ -199,7 +197,7 @@ implements CertAttrSet { /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -209,91 +207,90 @@ implements CertAttrSet { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); if (extensionValue == null) { - extensionId = PKIXExtensions.PolicyConstraints_Id; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + extensionId = PKIXExtensions.PolicyConstraints_Id; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** * Set the attribute value. */ public void set(String name, Object obj) throws IOException { - clearValue(); - if (!(obj instanceof Integer)) { - throw new IOException("Attribute value should be of type Integer."); - } - if (name.equalsIgnoreCase(REQUIRE)) { - require = ((Integer)obj).intValue(); - } else if (name.equalsIgnoreCase(INHIBIT)) { - inhibit = ((Integer)obj).intValue(); - } else { - throw new IOException("Attribute name " + "[" + name + "]" + - " not recognized by " + - "CertAttrSet:PolicyConstraints."); - } + clearValue(); + if (!(obj instanceof Integer)) { + throw new IOException("Attribute value should be of type Integer."); + } + if (name.equalsIgnoreCase(REQUIRE)) { + require = ((Integer) obj).intValue(); + } else if (name.equalsIgnoreCase(INHIBIT)) { + inhibit = ((Integer) obj).intValue(); + } else { + throw new IOException("Attribute name " + "[" + name + "]" + + " not recognized by " + + "CertAttrSet:PolicyConstraints."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(REQUIRE)) { - return Integer.valueOf(require); - } else if (name.equalsIgnoreCase(INHIBIT)) { - return Integer.valueOf(inhibit); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyConstraints."); - } + if (name.equalsIgnoreCase(REQUIRE)) { + return Integer.valueOf(require); + } else if (name.equalsIgnoreCase(INHIBIT)) { + return Integer.valueOf(inhibit); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:PolicyConstraints."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(REQUIRE)) { - require = -1; - } else if (name.equalsIgnoreCase(INHIBIT)) { - inhibit = -1; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyConstraints."); - } + if (name.equalsIgnoreCase(REQUIRE)) { + require = -1; + } else if (name.equalsIgnoreCase(INHIBIT)) { + inhibit = -1; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:PolicyConstraints."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(REQUIRE); elements.addElement(INHIBIT); - return (elements.elements()); + return (elements.elements()); } - /** * returns the requireExplicitMapping parameter. */ public int getRequireExplicitMapping() { - return require; + return require; } /** - * returns the inhibitPolicyMapping parameter. + * returns the inhibitPolicyMapping parameter. */ public int getInhibitPolicyMapping() { - return inhibit; + return inhibit; } } diff --git a/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java b/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java index c31acf92..40dcfec4 100644 --- a/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java +++ b/pki/base/util/src/netscape/security/x509/PolicyMappingsExtension.java @@ -29,18 +29,15 @@ import netscape.security.util.DerValue; /** * Represent the Policy Mappings Extension. - * + * * This extension, if present, identifies the certificate policies considered * identical between the issuing and the subject CA. - * <p>Extensions are addiitonal attributes which can be inserted in a X509 - * v3 certificate. For example a "Driving License Certificate" could have - * the driving license number as a extension. - * - * <p>Extensions are represented as a sequence of the extension identifier - * (Object Identifier), a boolean flag stating whether the extension is to - * be treated as being critical and the extension value itself (this is again - * a DER encoding of the extension value). - * + * <p> + * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension. + * + * <p> + * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value). + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.7 @@ -48,7 +45,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class PolicyMappingsExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -56,7 +53,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.PolicyMappings"; /** * Attribute names. @@ -72,34 +69,34 @@ implements CertAttrSet { DerOutputStream tmp = new DerOutputStream(); for (int i = 0; i < maps.size(); i++) { - ((CertificatePolicyMap)maps.elementAt(i)).encode(tmp); + ((CertificatePolicyMap) maps.elementAt(i)).encode(tmp); } - os.write(DerValue.tag_Sequence,tmp); + os.write(DerValue.tag_Sequence, tmp); extensionValue = os.toByteArray(); } /** * Create a PolicyMappings with the Vector of CertificatePolicyMap. - * + * * @param maps the Vector of CertificatePolicyMap. */ public PolicyMappingsExtension(Vector<CertificatePolicyMap> map) throws IOException { - init(false, map); + init(false, map); } /** * Create a PolicyMappings with the Vector of CertificatePolicyMap. - * + * * @param maps the Vector of CertificatePolicyMap. */ - public PolicyMappingsExtension(boolean critical, Vector<CertificatePolicyMap> map) - throws IOException { - init(critical, map); - } + public PolicyMappingsExtension(boolean critical, Vector<CertificatePolicyMap> map) + throws IOException { + init(critical, map); + } - /** - * init policy with criticality and map. - */ + /** + * init policy with criticality and map. + */ private void init(boolean critical, Vector<CertificatePolicyMap> map) throws IOException { this.maps = map; this.extensionId = PKIXExtensions.PolicyMappings_Id; @@ -113,26 +110,26 @@ implements CertAttrSet { public PolicyMappingsExtension() { extensionId = PKIXExtensions.PolicyMappings_Id; critical = false; - maps = new Vector<CertificatePolicyMap>(1,1); + maps = new Vector<CertificatePolicyMap>(1, 1); } /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public PolicyMappingsExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.PolicyMappings_Id; this.critical = critical.booleanValue(); int len = Array.getLength(value); - byte [] extValue = new byte[len]; - for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value, i); - } + byte[] extValue = new byte[len]; + for (int i = 0; i < len; i++) { + extValue[i] = Array.getByte(value, i); + } this.extensionValue = extValue; DerValue val = new DerValue(extValue); if (val.tag != DerValue.tag_Sequence) { @@ -151,7 +148,8 @@ implements CertAttrSet { * Returns a printable representation of the policy map. */ public String toString() { - if (maps == null) return ""; + if (maps == null) + return ""; String s = super.toString() + "PolicyMappings [\n" + maps.toString() + "]\n"; @@ -160,7 +158,7 @@ implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -172,12 +170,12 @@ implements CertAttrSet { encodeThis(); } super.encode(tmp); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -188,63 +186,62 @@ implements CertAttrSet { /** * Set the attribute value. */ - @SuppressWarnings("unchecked") - public void set(String name, Object obj) throws IOException { - clearValue(); - if (name.equalsIgnoreCase(MAP)) { - if (!(obj instanceof Vector)) { - throw new IOException("Attribute value should be of" + + @SuppressWarnings("unchecked") + public void set(String name, Object obj) throws IOException { + clearValue(); + if (name.equalsIgnoreCase(MAP)) { + if (!(obj instanceof Vector)) { + throw new IOException("Attribute value should be of" + " type Vector."); - } - maps = (Vector<CertificatePolicyMap>)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyMappingsExtension."); - } + } + maps = (Vector<CertificatePolicyMap>) obj; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:PolicyMappingsExtension."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(MAP)) { - return (maps); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyMappingsExtension."); - } + if (name.equalsIgnoreCase(MAP)) { + return (maps); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:PolicyMappingsExtension."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(MAP)) { - maps = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:PolicyMappingsExtension."); - } + if (name.equalsIgnoreCase(MAP)) { + maps = null; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:PolicyMappingsExtension."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(MAP); - return (elements.elements()); + return (elements.elements()); } - /** * Returns an enumeration of the mappings in the extension. */ public Enumeration<CertificatePolicyMap> getMappings() { - if (maps == null) - return null; - return maps.elements(); + if (maps == null) + return null; + return maps.elements(); } } diff --git a/pki/base/util/src/netscape/security/x509/PolicyQualifierInfo.java b/pki/base/util/src/netscape/security/x509/PolicyQualifierInfo.java index da0ab384..56d3e32c 100644 --- a/pki/base/util/src/netscape/security/x509/PolicyQualifierInfo.java +++ b/pki/base/util/src/netscape/security/x509/PolicyQualifierInfo.java @@ -23,18 +23,17 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - /** * Represent the PolicyQualifierInfo. - * + * * policyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId - * qualifier ANY DEFINED BY policyQualifierId + * policyQualifierId PolicyQualifierId + * qualifier ANY DEFINED BY policyQualifierId * } - * + * * @author Thomas Kwan */ -public class PolicyQualifierInfo implements java.io.Serializable { +public class PolicyQualifierInfo implements java.io.Serializable { /** * @@ -42,57 +41,55 @@ public class PolicyQualifierInfo implements java.io.Serializable { private static final long serialVersionUID = -2930016944517192379L; public static final int OID_CPS[] = { 1, 3, 6, 1, 5, 5, 7, 2, 1 }; public static final ObjectIdentifier QT_CPS = new - ObjectIdentifier(OID_CPS); + ObjectIdentifier(OID_CPS); public static final int OID_UNOTICE[] = { 1, 3, 6, 1, 5, 5, 7, 2, 2 }; public static final ObjectIdentifier QT_UNOTICE = new - ObjectIdentifier(OID_UNOTICE); + ObjectIdentifier(OID_UNOTICE); private ObjectIdentifier mId = null; private Qualifier mQualifier = null; /** * Create a PolicyQualifierInfo - * + * * @param id the ObjectIdentifier for the policy id. */ public PolicyQualifierInfo(ObjectIdentifier id, Qualifier qualifier) { - mId = id; - mQualifier = qualifier; + mId = id; + mQualifier = qualifier; } /** * Create the object from its Der encoded value. - * + * * @param val the DER encoded value for the same. */ public PolicyQualifierInfo(DerValue val) throws IOException { - if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding for PolicyQualifierInfo."); - } + if (val.tag != DerValue.tag_Sequence) { + throw new IOException("Invalid encoding for PolicyQualifierInfo."); + } DerValue did = val.data.getDerValue(); mId = did.getOID(); - if (val.data.available() != 0) { - DerValue qualifier = val.data.getDerValue(); - if (qualifier.tag == DerValue.tag_IA5String) { - mQualifier = new CPSuri(qualifier); - } else { - mQualifier = new UserNotice(qualifier); - } - } + if (val.data.available() != 0) { + DerValue qualifier = val.data.getDerValue(); + if (qualifier.tag == DerValue.tag_IA5String) { + mQualifier = new CPSuri(qualifier); + } else { + mQualifier = new UserNotice(qualifier); + } + } } - public ObjectIdentifier getId() - { - return mId; + public ObjectIdentifier getId() { + return mId; } /** * Returns object of type CPSuri or UserNotice. */ - public Qualifier getQualifier() - { - return mQualifier; + public Qualifier getQualifier() { + return mQualifier; } /** @@ -108,14 +105,14 @@ public class PolicyQualifierInfo implements java.io.Serializable { /** * Write the PolicyQualifier to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ public void encode(DerOutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - tmp.putOID(mId); - mQualifier.encode(tmp); - out.write(DerValue.tag_Sequence,tmp); + DerOutputStream tmp = new DerOutputStream(); + tmp.putOID(mId); + mQualifier.encode(tmp); + out.write(DerValue.tag_Sequence, tmp); } } diff --git a/pki/base/util/src/netscape/security/x509/PolicyQualifiers.java b/pki/base/util/src/netscape/security/x509/PolicyQualifiers.java index fd2c161b..ee756f50 100644 --- a/pki/base/util/src/netscape/security/x509/PolicyQualifiers.java +++ b/pki/base/util/src/netscape/security/x509/PolicyQualifiers.java @@ -23,12 +23,11 @@ import java.util.Vector; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * Represent the PolicyQualifiers. - * + * * policyQualifiers ::= SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo - * + * * @author Thomas Kwan */ public class PolicyQualifiers implements java.io.Serializable { @@ -41,7 +40,7 @@ public class PolicyQualifiers implements java.io.Serializable { /** * Create a PolicyQualifiers with the ObjectIdentifier. - * + * * @param id the ObjectIdentifier for the policy id. */ public PolicyQualifiers() { @@ -49,29 +48,28 @@ public class PolicyQualifiers implements java.io.Serializable { /** * Create the object from its Der encoded value. - * + * * @param val the DER encoded value for the same. */ public PolicyQualifiers(DerValue val) throws IOException { - if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding for " + "PolicyQualifiers."); - } - while (val.data.available() != 0) { - DerValue pq = val.data.getDerValue(); - PolicyQualifierInfo info = new PolicyQualifierInfo(pq); - add(info); - } + if (val.tag != DerValue.tag_Sequence) { + throw new IOException("Invalid encoding for " + "PolicyQualifiers."); + } + while (val.data.available() != 0) { + DerValue pq = val.data.getDerValue(); + PolicyQualifierInfo info = new PolicyQualifierInfo(pq); + add(info); + } } public void add(PolicyQualifierInfo info) { mInfo.addElement(info); } - public int size() - { + public int size() { return mInfo.size(); } - + public PolicyQualifierInfo getInfoAt(int i) { return mInfo.elementAt(i); } @@ -82,8 +80,8 @@ public class PolicyQualifiers implements java.io.Serializable { public String toString() { String s = "PolicyQualifiers: ["; for (int i = 0; i < mInfo.size(); i++) { - PolicyQualifierInfo pq = mInfo.elementAt(i); - s = s + pq.toString(); + PolicyQualifierInfo pq = mInfo.elementAt(i); + s = s + pq.toString(); } s = s + "]\n"; @@ -92,17 +90,17 @@ public class PolicyQualifiers implements java.io.Serializable { /** * Write the PolicyQualifiers to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ public void encode(DerOutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); - + for (int i = 0; i < mInfo.size(); i++) { - PolicyQualifierInfo pq = mInfo.elementAt(i); - pq.encode(tmp); - } + PolicyQualifierInfo pq = mInfo.elementAt(i); + pq.encode(tmp); + } out.write(DerValue.tag_Sequence, tmp); } diff --git a/pki/base/util/src/netscape/security/x509/PrintableConverter.java b/pki/base/util/src/netscape/security/x509/PrintableConverter.java index b3bcd732..d63696d8 100644 --- a/pki/base/util/src/netscape/security/x509/PrintableConverter.java +++ b/pki/base/util/src/netscape/security/x509/PrintableConverter.java @@ -27,49 +27,47 @@ import netscape.security.util.ASN1CharStrConvMap; import netscape.security.util.DerValue; /** - * A AVAValueConverter that converts a Printable String attribute to a DerValue + * A AVAValueConverter that converts a Printable String attribute to a DerValue * and vice versa. An example an attribute that is a printable string is "C". - * + * * @see ASN1CharStrConvMap * @see AVAValueConverter - * + * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. */ -public class PrintableConverter implements AVAValueConverter -{ +public class PrintableConverter implements AVAValueConverter { // public constructors. - public PrintableConverter() - { + public PrintableConverter() { } /** * Converts a string with ASN.1 Printable characters to a DerValue. * - * @param valueString a string with Printable characters. + * @param valueString a string with Printable characters. * - * @return a DerValue. + * @return a DerValue. * - * @exception IOException if a Printable encoder is not - * available for the conversion. + * @exception IOException if a Printable encoder is not + * available for the conversion. */ public DerValue getValue(String valueString) - throws IOException - { - return getValue(valueString, null); + throws IOException { + return getValue(valueString, null); } public DerValue getValue(String valueString, byte[] tags) throws IOException { try { CharsetEncoder encoder = ASN1CharStrConvMap.getDefault().getEncoder(DerValue.tag_PrintableString); - if (encoder == null) throw new IOException("No encoder for printable"); + if (encoder == null) + throw new IOException("No encoder for printable"); CharBuffer charBuffer = CharBuffer.wrap(valueString.toCharArray()); ByteBuffer byteBuffer = encoder.encode(charBuffer); return new DerValue(DerValue.tag_PrintableString, - byteBuffer.array(), byteBuffer.arrayOffset(), byteBuffer.limit()); + byteBuffer.array(), byteBuffer.arrayOffset(), byteBuffer.limit()); } catch (CharacterCodingException e) { throw new IllegalArgumentException("Invalid Printable String AVA Value", e); @@ -81,38 +79,36 @@ public class PrintableConverter implements AVAValueConverter * Checks if the BER encoded value is a PrintableString. * NOTE only DER encoded values are currently accepted on input. * - * @param berStream A byte array of the BER encoded value. + * @param berStream A byte array of the BER encoded value. * - * @return A DerValue. + * @return A DerValue. * - * @exception IOException if the BER value cannot be converted to a - * PrintableString DER value. + * @exception IOException if the BER value cannot be converted to a + * PrintableString DER value. */ public DerValue getValue(byte[] berStream) - throws IOException - { - DerValue value = new DerValue(berStream); - if (value.tag != DerValue.tag_PrintableString) - throw new IOException("Invalid Printable String AVA Value"); - return value; + throws IOException { + DerValue value = new DerValue(berStream); + if (value.tag != DerValue.tag_PrintableString) + throw new IOException("Invalid Printable String AVA Value"); + return value; } /** - * Converts a DerValue of PrintableString to a java string with - * PrintableString characters. + * Converts a DerValue of PrintableString to a java string with + * PrintableString characters. * - * @param avaValue a DerValue. - * - * @return a string with PrintableString characters. - * - * @exception IOException if the DerValue is not a PrintableString i.e. - * The DerValue cannot be converted to a string - * with PrintableString characters. + * @param avaValue a DerValue. + * + * @return a string with PrintableString characters. + * + * @exception IOException if the DerValue is not a PrintableString i.e. + * The DerValue cannot be converted to a string + * with PrintableString characters. */ public String getAsString(DerValue avaValue) - throws IOException - { - return avaValue.getPrintableString(); + throws IOException { + return avaValue.getPrintableString(); } } diff --git a/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java b/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java index 98a7a4d3..18a3c6ce 100644 --- a/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java +++ b/pki/base/util/src/netscape/security/x509/PrivateKeyUsageExtension.java @@ -35,21 +35,16 @@ import netscape.security.util.DerValue; /** * This class defines the Private Key Usage Extension. - * - * <p>The Private Key Usage Period extension allows the certificate issuer - * to specify a different validity period for the private key than the - * certificate. This extension is intended for use with digital - * signature keys. This extension consists of two optional components - * notBefore and notAfter. The private key associated with the - * certificate should not be used to sign objects before or after the - * times specified by the two components, respectively. - * + * + * <p> + * The Private Key Usage Period extension allows the certificate issuer to specify a different validity period for the private key than the certificate. This extension is intended for use with digital signature keys. This extension consists of two optional components notBefore and notAfter. The private key associated with the certificate should not be used to sign objects before or after the times specified by the two components, respectively. + * * <pre> * PrivateKeyUsagePeriod ::= SEQUENCE { * notBefore [0] GeneralizedTime OPTIONAL, * notAfter [1] GeneralizedTime OPTIONAL } * </pre> - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.12 @@ -57,7 +52,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class PrivateKeyUsageExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -65,7 +60,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.PrivateKeyUsage"; /** * Sub attributes name for this CertAttrSet. @@ -77,8 +72,8 @@ implements CertAttrSet { private static final byte TAG_BEFORE = 0; private static final byte TAG_AFTER = 1; - private Date notBefore; - private Date notAfter; + private Date notBefore; + private Date notAfter; // Encode this extension value. private void encodeThis() throws IOException { @@ -103,14 +98,14 @@ implements CertAttrSet { /** * The default constructor for PrivateKeyUsageExtension. - * + * * @param notBefore the date/time before which the private key - * should not be used. + * should not be used. * @param notAfter the date/time after which the private key - * should not be used. + * should not be used. */ public PrivateKeyUsageExtension(Date notBefore, Date notAfter) - throws IOException { + throws IOException { this.notBefore = notBefore; this.notAfter = notAfter; @@ -121,15 +116,15 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. - * + * * @exception CertificateException on certificate parsing errors. * @exception IOException on error. */ public PrivateKeyUsageExtension(Boolean critical, Object value) - throws CertificateException, IOException { + throws CertificateException, IOException { this.extensionId = PKIXExtensions.PrivateKeyUsage_Id; this.critical = critical.booleanValue(); @@ -137,38 +132,38 @@ implements CertAttrSet { throw new CertificateException("Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; - DerInputStream str = new DerInputStream(extValue); - DerValue[] seq = str.getSequence(2); + DerInputStream str = new DerInputStream(extValue); + DerValue[] seq = str.getSequence(2); // NB. this is always encoded with the IMPLICIT tag // The checks only make sense if we assume implicit tagging, // with explicit tagging the form is always constructed. - for (int i = 0; i < seq.length; i++) { + for (int i = 0; i < seq.length; i++) { DerValue opt = seq[i]; - if (opt.isContextSpecific((byte)TAG_BEFORE) && - !opt.isConstructed()) { - if (notBefore != null) { + if (opt.isContextSpecific((byte) TAG_BEFORE) && + !opt.isConstructed()) { + if (notBefore != null) { throw new CertificateParsingException( - "Duplicate notBefore in PrivateKeyUsage."); - } + "Duplicate notBefore in PrivateKeyUsage."); + } opt.resetTag(DerValue.tag_GeneralizedTime); - str = new DerInputStream(opt.toByteArray()); - notBefore = str.getGeneralizedTime(); + str = new DerInputStream(opt.toByteArray()); + notBefore = str.getGeneralizedTime(); - } else if (opt.isContextSpecific((byte)TAG_AFTER) && + } else if (opt.isContextSpecific((byte) TAG_AFTER) && !opt.isConstructed()) { - if (notAfter != null) { + if (notAfter != null) { throw new CertificateParsingException( - "Duplicate notAfter in PrivateKeyUsage."); - } + "Duplicate notAfter in PrivateKeyUsage."); + } opt.resetTag(DerValue.tag_GeneralizedTime); - str = new DerInputStream(opt.toByteArray()); - notAfter = str.getGeneralizedTime(); + str = new DerInputStream(opt.toByteArray()); + notAfter = str.getGeneralizedTime(); } else throw new IOException("Invalid encoding of " + "PrivateKeyUsageExtension"); @@ -179,7 +174,7 @@ implements CertAttrSet { * Return the printable string. */ public String toString() { - return(super.toString() + + return (super.toString() + "PrivateKeyUsage: [From: " + ((notBefore == null) ? "" : notBefore.toString()) + ", To: " + @@ -190,40 +185,40 @@ implements CertAttrSet { * Return notBefore date */ public Date getNotBefore() { - return(notBefore); + return (notBefore); } /** * Return notAfter date */ public Date getNotAfter() { - return(notAfter); + return (notAfter); } /** * Verify that that the current time is within the validity period. - * + * * @exception CertificateExpiredException if the certificate has expired. * @exception CertificateNotYetValidException if the certificate is not - * yet valid. - */ + * yet valid. + */ public void valid() - throws CertificateNotYetValidException, CertificateExpiredException { + throws CertificateNotYetValidException, CertificateExpiredException { Date now = new Date(); valid(now); } /** * Verify that that the passed time is within the validity period. - * + * * @exception CertificateExpiredException if the certificate has expired - * with respect to the <code>Date</code> supplied. + * with respect to the <code>Date</code> supplied. * @exception CertificateNotYetValidException if the certificate is not - * yet valid with respect to the <code>Date</code> supplied. - * + * yet valid with respect to the <code>Date</code> supplied. + * */ public void valid(Date now) - throws CertificateNotYetValidException, CertificateExpiredException { + throws CertificateNotYetValidException, CertificateExpiredException { /* * we use the internal Dates rather than the passed in Date * because someone could override the Date methods after() @@ -241,7 +236,7 @@ implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -253,12 +248,12 @@ implements CertAttrSet { encodeThis(); } super.encode(tmp); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception CertificateException on decoding errors. */ @@ -268,52 +263,55 @@ implements CertAttrSet { /** * Set the attribute value. + * * @exception CertificateException on attribute handling errors. */ public void set(String name, Object obj) - throws CertificateException { - clearValue(); + throws CertificateException { + clearValue(); if (!(obj instanceof Date)) { - throw new CertificateException("Attribute must be of type Date."); - } - if (name.equalsIgnoreCase(NOT_BEFORE)) { - notBefore = (Date)obj; - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - notAfter = (Date)obj; - } else { - throw new CertificateException("Attribute name not recognized by" + throw new CertificateException("Attribute must be of type Date."); + } + if (name.equalsIgnoreCase(NOT_BEFORE)) { + notBefore = (Date) obj; + } else if (name.equalsIgnoreCase(NOT_AFTER)) { + notAfter = (Date) obj; + } else { + throw new CertificateException("Attribute name not recognized by" + " CertAttrSet:PrivateKeyUsage."); - } + } } /** * Get the attribute value. + * * @exception CertificateException on attribute handling errors. */ public Object get(String name) throws CertificateException { - if (name.equalsIgnoreCase(NOT_BEFORE)) { - return (new Date(notBefore.getTime())); - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - return (new Date(notAfter.getTime())); - } else { - throw new CertificateException("Attribute name not recognized by" + if (name.equalsIgnoreCase(NOT_BEFORE)) { + return (new Date(notBefore.getTime())); + } else if (name.equalsIgnoreCase(NOT_AFTER)) { + return (new Date(notAfter.getTime())); + } else { + throw new CertificateException("Attribute name not recognized by" + " CertAttrSet:PrivateKeyUsage."); - } - } + } + } /** * Delete the attribute value. + * * @exception CertificateException on attribute handling errors. */ public void delete(String name) throws CertificateException { if (name.equalsIgnoreCase(NOT_BEFORE)) { - notBefore = null; - } else if (name.equalsIgnoreCase(NOT_AFTER)) { - notAfter = null; - } else { - throw new CertificateException("Attribute name not recognized by" + notBefore = null; + } else if (name.equalsIgnoreCase(NOT_AFTER)) { + notAfter = null; + } else { + throw new CertificateException("Attribute name not recognized by" + " CertAttrSet:PrivateKeyUsage."); - } + } } /** @@ -322,11 +320,10 @@ implements CertAttrSet { */ public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); - elements.addElement(NOT_BEFORE); - elements.addElement(NOT_AFTER); - - return(elements.elements()); + elements.addElement(NOT_BEFORE); + elements.addElement(NOT_AFTER); + + return (elements.elements()); } - } diff --git a/pki/base/util/src/netscape/security/x509/Qualifier.java b/pki/base/util/src/netscape/security/x509/Qualifier.java index 3d7168df..7c0c7edf 100644 --- a/pki/base/util/src/netscape/security/x509/Qualifier.java +++ b/pki/base/util/src/netscape/security/x509/Qualifier.java @@ -22,15 +22,14 @@ import java.io.IOException; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * Represent the Qualifier. - * + * * Qualifier ::= CHOICE { - * cPRuri CPSuri, - * userNotice UserNotice + * cPRuri CPSuri, + * userNotice UserNotice * } - * + * * @author Thomas Kwan */ public class Qualifier implements java.io.Serializable { @@ -42,23 +41,23 @@ public class Qualifier implements java.io.Serializable { /** * Create a PolicyQualifierInfo - * + * * @param id the ObjectIdentifier for the policy id. */ public Qualifier() { } public Qualifier(DerValue val) throws IOException { - // needs to override this + // needs to override this } /** * Write the PolicyQualifier to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ public void encode(DerOutputStream out) throws IOException { - // needs to override this + // needs to override this } } diff --git a/pki/base/util/src/netscape/security/x509/RDN.java b/pki/base/util/src/netscape/security/x509/RDN.java index 3ea5afbc..79e49463 100644 --- a/pki/base/util/src/netscape/security/x509/RDN.java +++ b/pki/base/util/src/netscape/security/x509/RDN.java @@ -26,15 +26,14 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - /** - * RDNs are a set of {attribute = value} assertions. Some of those - * attributes are "distinguished" (unique w/in context). Order is + * RDNs are a set of {attribute = value} assertions. Some of those + * attributes are "distinguished" (unique w/in context). Order is * never relevant. - * + * * Some X.500 names include only a single distinguished attribute - * per RDN. This style is currently common. - * + * per RDN. This style is currently common. + * * Note that DER-encoded RDNs sort AVAs by assertion OID ... so that * when we parse this data we don't have to worry about canonicalizing * it, but we'll need to sort them when we expose the RDN class more. @@ -44,273 +43,262 @@ import netscape.security.util.ObjectIdentifier; * @see LdapDNStrConverter */ -public -class RDN -{ +public class RDN { // public constructors - /** - * Constructs a RDN from a Ldap DN String with one RDN component + /** + * Constructs a RDN from a Ldap DN String with one RDN component * using the global default LdapDNStrConverter. + * * @see LdapDNStrConverter - * @param rdnString a Ldap DN string with one RDN component, e.g. as - * defined in RFC1779. - * @exception IOException if error occurs while parsing the string. + * @param rdnString a Ldap DN string with one RDN component, e.g. as + * defined in RFC1779. + * @exception IOException if error occurs while parsing the string. */ - public RDN (String rdnString) - throws IOException - { - RDN rdn = LdapDNStrConverter.getDefault().parseRDN(rdnString); - assertion = rdn.getAssertion(); + public RDN(String rdnString) + throws IOException { + RDN rdn = LdapDNStrConverter.getDefault().parseRDN(rdnString); + assertion = rdn.getAssertion(); } /** - * Like RDN(String) with a DER encoding order given as argument for + * Like RDN(String) with a DER encoding order given as argument for * Directory Strings. */ - public RDN (String rdnString, byte[] tags) - throws IOException - { - RDN rdn = LdapDNStrConverter.getDefault().parseRDN(rdnString, tags); - assertion = rdn.getAssertion(); + public RDN(String rdnString, byte[] tags) + throws IOException { + RDN rdn = LdapDNStrConverter.getDefault().parseRDN(rdnString, tags); + assertion = rdn.getAssertion(); } - /** - * Constructs a RDN from a Ldap DN string with one RDN component + /** + * Constructs a RDN from a Ldap DN string with one RDN component * using the specified Ldap DN Str converter. * For example, RFC1779StrConverter can be passed to parse a Ldap * DN string in RFC1779 format. + * * @see LdapDNStrConverter * @param rdnString Ldap DN string. * @param ldapDNStrConverter a LdapDNStrConverter. */ - public RDN (String rdnString, LdapDNStrConverter ldapDNStrConverter) - throws IOException - { - RDN rdn = ldapDNStrConverter.parseRDN(rdnString); - assertion = rdn.getAssertion(); + public RDN(String rdnString, LdapDNStrConverter ldapDNStrConverter) + throws IOException { + RDN rdn = ldapDNStrConverter.parseRDN(rdnString); + assertion = rdn.getAssertion(); } - /** - * Constructs a RDN from a DerValue. + /** + * Constructs a RDN from a DerValue. + * * @param set Der value of a set of AVAs. */ - public RDN (DerValue set) throws IOException - { - if (set.tag != DerValue.tag_Set) - throw new CertParseError ("X500 RDN"); - - int j_max = 50; // XXX j_max = f(data)!! - int j; - int i; - - AVA[] avas = new AVA [j_max]; - -// create a temporary array big enough for a huge set of AVA's - for (j = 0; j < j_max; j++) { - avas [j] = new AVA (set.data); - if (set.data.available() == 0) break; - } - -// copy the elements into it - if (j >= j_max-1) { - assertion = new AVA[j+1]; - } - else { - assertion = new AVA[j+1]; - for (i = 0; i<(j+1); i++) { - assertion[i] = avas[i]; - } - } - - /* - if (set.data.available () != 0) - // throw new CertParseError ("X500 RDN 2"); - System.out.println (" ... RDN parse, ignored bytes = " - + set.data.available ()); - */ + public RDN(DerValue set) throws IOException { + if (set.tag != DerValue.tag_Set) + throw new CertParseError("X500 RDN"); + + int j_max = 50; // XXX j_max = f(data)!! + int j; + int i; + + AVA[] avas = new AVA[j_max]; + + // create a temporary array big enough for a huge set of AVA's + for (j = 0; j < j_max; j++) { + avas[j] = new AVA(set.data); + if (set.data.available() == 0) + break; + } + + // copy the elements into it + if (j >= j_max - 1) { + assertion = new AVA[j + 1]; + } else { + assertion = new AVA[j + 1]; + for (i = 0; i < (j + 1); i++) { + assertion[i] = avas[i]; + } + } + + /* + if (set.data.available () != 0) + // throw new CertParseError ("X500 RDN 2"); + System.out.println (" ... RDN parse, ignored bytes = " + + set.data.available ()); + */ } - /** + /** * Constructs a RDN from a Der Input Stream. + * * @param in a Der Input Stream. */ - public RDN (DerInputStream in) throws IOException - { - /* an RDN is a SET of avas */ - DerValue avaset[] = in.getSet(1); - int i; - assertion = new AVA[avaset.length]; - for (i = 0; i < assertion.length; i++) - assertion[i] = new AVA(avaset[i].data); + public RDN(DerInputStream in) throws IOException { + /* an RDN is a SET of avas */ + DerValue avaset[] = in.getSet(1); + int i; + assertion = new AVA[avaset.length]; + for (i = 0; i < assertion.length; i++) + assertion[i] = new AVA(avaset[i].data); } /** * Constructs a RDN from an array of AVA. - * - * @param avas a AVA Array. + * + * @param avas a AVA Array. */ - public RDN(AVA avas[]) - { - assertion = (AVA[])avas.clone(); + public RDN(AVA avas[]) { + assertion = (AVA[]) avas.clone(); } /** * convenience method. */ - public RDN(Vector<AVA> avaVector) - { - int size = avaVector.size(); - assertion = new AVA[size]; - for (int i = 0; i < size; i++) { - assertion[i] = avaVector.elementAt(i); - } + public RDN(Vector<AVA> avaVector) { + int size = avaVector.size(); + assertion = new AVA[size]; + for (int i = 0; i < size; i++) { + assertion[i] = avaVector.elementAt(i); + } } - /** + /** * returns an array of AVA in the RDN. + * * @return array of AVA in this RDN. */ - public AVA[] getAssertion() - { - return (AVA[])assertion.clone(); + public AVA[] getAssertion() { + return (AVA[]) assertion.clone(); } - /** + /** * returns the number of AVAs in the RDN. + * * @return number of AVAs in this RDN. */ - public int getAssertionLength() - { - return assertion.length; + public int getAssertionLength() { + return assertion.length; } - private AVA assertion []; + private AVA assertion[]; - private class AVAEnumerator implements Enumeration<AVA> - { - private int index; + private class AVAEnumerator implements Enumeration<AVA> { + private int index; - public AVAEnumerator() { index = 0; } + public AVAEnumerator() { + index = 0; + } - public boolean hasMoreElements() - { - return (index < assertion.length); - } + public boolean hasMoreElements() { + return (index < assertion.length); + } - public AVA nextElement() - { - AVA ava = null; - if (index >= assertion.length) - return null; - return assertion[index++]; - } + public AVA nextElement() { + AVA ava = null; + if (index >= assertion.length) + return null; + return assertion[index++]; + } } - // other public methods. - /** - * Checks if this RDN is the same as another by comparing the AVAs + /** + * Checks if this RDN is the same as another by comparing the AVAs * in the RDNs. - * + * * @param other the other RDN. * @return true iff the other RDN is the same. */ - public boolean equals (RDN other) - { - int i; - - if (other == this) - return true; - if (assertion.length != other.assertion.length) - return false; - - for (i = 0; i < assertion.length; i++) - if (!assertion [i].equals (other.assertion [i])) - return false; - - return true; + public boolean equals(RDN other) { + int i; + + if (other == this) + return true; + if (assertion.length != other.assertion.length) + return false; + + for (i = 0; i < assertion.length; i++) + if (!assertion[i].equals(other.assertion[i])) + return false; + + return true; } - DerValue findAttribute (ObjectIdentifier oid) - { - int i; + DerValue findAttribute(ObjectIdentifier oid) { + int i; - for (i = 0; i < assertion.length; i++) - if (assertion [i].oid.equals (oid)) - return assertion [i].value; - return null; + for (i = 0; i < assertion.length; i++) + if (assertion[i].oid.equals(oid)) + return assertion[i].value; + return null; } - /** + /** * Encodes this RDN to a Der output stream. - * + * * @param out the Der Output Stream. */ - public void encode(DerOutputStream out) throws IOException - { - DerOutputStream tmp = new DerOutputStream (); - int i; - - for (i = 0; i < assertion.length; i++) - assertion [i].encode (tmp); - out.write (DerValue.tag_Set, tmp); + public void encode(DerOutputStream out) throws IOException { + DerOutputStream tmp = new DerOutputStream(); + int i; + + for (i = 0; i < assertion.length; i++) + assertion[i].encode(tmp); + out.write(DerValue.tag_Set, tmp); } - /** + /** * returns an enumeration of AVAs that make up this RDN. + * * @return an enumeration of AVAs that make up this RDN. */ - public Enumeration<AVA> getAVAs() - { - return new AVAEnumerator(); + public Enumeration<AVA> getAVAs() { + return new AVAEnumerator(); } /** - * Returns a Ldap DN string with one RDN component using the + * Returns a Ldap DN string with one RDN component using the * global default LdapDNStrConverter. + * * @see LdapDNStrConverter * @return the Ldap DN String of this RDN. * @exception IOException if an error occurs during the conversion. */ - public String toLdapDNString () - throws IOException - { - return LdapDNStrConverter.getDefault().encodeRDN(this); + public String toLdapDNString() + throws IOException { + return LdapDNStrConverter.getDefault().encodeRDN(this); } /** * Returns a Ldap DN String with this RDN component using the specified * LdapDNStrConverter. + * * @see LdapDNStrConverter * @param ldapDNStrConverter a LdapDNStrConverter. * @return a Ldap DN String. * @exception IOException if an error occurs in the conversion. */ - public String toLdapDNString (LdapDNStrConverter ldapDNStrConverter) - throws IOException - { - return ldapDNStrConverter.encodeRDN(this); + public String toLdapDNString(LdapDNStrConverter ldapDNStrConverter) + throws IOException { + return ldapDNStrConverter.encodeRDN(this); } /** * Returns a Ldap DN string with this RDN component using the global * default LdapDNStrConverter. + * * @see LdapDNStrConverter * @return the Ldap DN String with this RDN component, null if an error - * occurs in the conversion. + * occurs in the conversion. */ - public String toString() - { - String s; - try { - s = toLdapDNString(); - } - catch (IOException e) { - return null; - } - return s; + public String toString() { + String s; + try { + s = toLdapDNString(); + } catch (IOException e) { + return null; + } + return s; } } diff --git a/pki/base/util/src/netscape/security/x509/RFC1779StrConverter.java b/pki/base/util/src/netscape/security/x509/RFC1779StrConverter.java index 89383231..6527d0ff 100644 --- a/pki/base/util/src/netscape/security/x509/RFC1779StrConverter.java +++ b/pki/base/util/src/netscape/security/x509/RFC1779StrConverter.java @@ -24,84 +24,79 @@ import netscape.security.util.ObjectIdentifier; /** * Converts a RFC 1779 string to a X500Name, RDN or AVA object and vice versa. - * + * * @see LdapDNStrConverter * @see LdapV3DNStrConverter - * + * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. */ -public class RFC1779StrConverter extends LdapV3DNStrConverter -{ +public class RFC1779StrConverter extends LdapV3DNStrConverter { // // Constructors. // - /** + /** * Constructs a RFC1779StrConverter using the global default * X500NameAttrMap and accepts OIDs not listed in the attribute map. */ - public RFC1779StrConverter() - { - super(); + public RFC1779StrConverter() { + super(); } /** - * Constructs a RFC1779StrConverter using the specified X500NameAttrMap + * Constructs a RFC1779StrConverter using the specified X500NameAttrMap * and boolean for whether to accept OIDs not in the X500NameAttrMap. * - * @param attributeMap A X500NameAttrMap to use for this converter. - * @param doAcceptUnknownOids Accept unregistered attributes, i.e. OIDs - * not in the map). + * @param attributeMap A X500NameAttrMap to use for this converter. + * @param doAcceptUnknownOids Accept unregistered attributes, i.e. OIDs + * not in the map). */ - public RFC1779StrConverter(X500NameAttrMap attributeMap, - boolean doAcceptUnknownOids) - { - super(attributeMap, doAcceptUnknownOids); + public RFC1779StrConverter(X500NameAttrMap attributeMap, + boolean doAcceptUnknownOids) { + super(attributeMap, doAcceptUnknownOids); } // // overriding methods. // - /** - * Converts a OID to a attribute keyword in a Ldap DN string or + /** + * Converts a OID to a attribute keyword in a Ldap DN string or * to a "OID.1.2.3.4" string syntax as defined in RFC1779. - * - * @param oid an ObjectIdentifier. - * - * @return a attribute keyword or "OID.1.2.3.4" string. - * - * @exception IOException if an error occurs during the conversion. + * + * @param oid an ObjectIdentifier. + * + * @return a attribute keyword or "OID.1.2.3.4" string. + * + * @exception IOException if an error occurs during the conversion. */ public String encodeOID(ObjectIdentifier oid) - throws IOException - { - String keyword = attrMap.getName(oid); - if (keyword == null) - if (!acceptUnknownOids) - throw new IllegalArgumentException("Unrecognized OID"); - else - keyword = "OID" + "." + oid.toString(); - return keyword; + throws IOException { + String keyword = attrMap.getName(oid); + if (keyword == null) + if (!acceptUnknownOids) + throw new IllegalArgumentException("Unrecognized OID"); + else + keyword = "OID" + "." + oid.toString(); + return keyword; } - /** - * Converts a attribute value as a DerValue to a string in a + /** + * Converts a attribute value as a DerValue to a string in a * RFC1779 Ldap DN string. - * - * @param attrValue an attribute value. - * @param oid ObjectIdentifier for the attribute. - * @return a string in RFC1779 syntax. - * @exception IOException if an error occurs during the conversion. + * + * @param attrValue an attribute value. + * @param oid ObjectIdentifier for the attribute. + * @return a string in RFC1779 syntax. + * @exception IOException if an error occurs during the conversion. */ public String encodeValue(DerValue attrValue, ObjectIdentifier oid) - throws IOException - { - String s = super.encodeValue(attrValue, oid); - if (s.indexOf('\n') != -1) - return "\""+s+"\""; - else - return s; + throws IOException { + String s = super.encodeValue(attrValue, oid); + if (s.indexOf('\n') != -1) + return "\"" + s + "\""; + else + return s; } } diff --git a/pki/base/util/src/netscape/security/x509/RFC822Name.java b/pki/base/util/src/netscape/security/x509/RFC822Name.java index 236e5ecb..257b5c51 100644 --- a/pki/base/util/src/netscape/security/x509/RFC822Name.java +++ b/pki/base/util/src/netscape/security/x509/RFC822Name.java @@ -25,7 +25,7 @@ import netscape.security.util.DerValue; /** * This class implements the RFC822Name as required by the GeneralNames * ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.3 @@ -33,8 +33,7 @@ import netscape.security.util.DerValue; * @see GeneralNames * @see GeneralNameInterface */ -public class RFC822Name implements GeneralNameInterface -{ +public class RFC822Name implements GeneralNameInterface { /** * */ @@ -43,7 +42,7 @@ public class RFC822Name implements GeneralNameInterface /** * Create the RFC822Name object from the passed encoded Der value. - * + * * @param derValue the encoded DER RFC822Name. * @exception IOException on error. */ @@ -53,7 +52,7 @@ public class RFC822Name implements GeneralNameInterface /** * Create the RFC822Name object with the specified name. - * + * * @param name the RFC822Name. */ public RFC822Name(String name) { @@ -69,7 +68,7 @@ public class RFC822Name implements GeneralNameInterface /** * Encode the RFC822 name into the DerOutputStream. - * + * * @param out the DER stream to encode the RFC822Name to. * @exception IOException on encoding errors. */ diff --git a/pki/base/util/src/netscape/security/x509/ReasonFlags.java b/pki/base/util/src/netscape/security/x509/ReasonFlags.java index 809323ad..e43c7022 100755 --- a/pki/base/util/src/netscape/security/x509/ReasonFlags.java +++ b/pki/base/util/src/netscape/security/x509/ReasonFlags.java @@ -28,10 +28,10 @@ import netscape.security.util.DerValue; /** * Represent the CRL Reason Flags. - * - * <p>This extension, if present, defines the identifies - * the reason for the certificate revocation. - * + * + * <p> + * This extension, if present, defines the identifies the reason for the certificate revocation. + * * @author Hemma Prafullchandra * @version 1.3 * @see Extension @@ -47,19 +47,17 @@ public class ReasonFlags { public static final String CA_COMPROMISE = "ca_compromise"; public static final String AFFLIATION_CHANGED = "affliation_changed"; public static final String SUPERSEDED = "superseded"; - public static final String CESSATION_OF_OPERATION - = "cessation_of_operation"; + public static final String CESSATION_OF_OPERATION = "cessation_of_operation"; public static final String CERTIFICATION_HOLD = "certification_hold"; public static final String PRIVILEGE_WITHDRAWN = "privilege_withdrawn"; public static final String AA_COMPROMISE = "aa_compromise"; - // Private data members private boolean[] bitString; /** * Check if bit is set. - * + * * @param position the position in the bit string to check. */ private boolean isSet(int position) { @@ -70,27 +68,27 @@ public class ReasonFlags { * Set the bit at the specified position. */ private void set(int position, boolean val) { - // enlarge bitString if necessary + // enlarge bitString if necessary if (position >= bitString.length) { - boolean[] tmp = new boolean[position+1]; + boolean[] tmp = new boolean[position + 1]; System.arraycopy(bitString, 0, tmp, 0, bitString.length); bitString = tmp; } - bitString[position] = val; + bitString[position] = val; } /** * Create a ReasonFlags with the passed bit settings. - * + * * @param reasons the bits to be set for the ReasonFlags. */ public ReasonFlags(byte[] reasons) { - bitString = new BitArray(reasons.length*8, reasons).toBooleanArray(); + bitString = new BitArray(reasons.length * 8, reasons).toBooleanArray(); } /** * Create a ReasonFlags with the passed bit settings. - * + * * @param reasons the bits to be set for the ReasonFlags. */ public ReasonFlags(boolean[] reasons) { @@ -99,7 +97,7 @@ public class ReasonFlags { /** * Create a ReasonFlags with the passed bit settings. - * + * * @param reasons the bits to be set for the ReasonFlags. */ public ReasonFlags(BitArray reasons) { @@ -108,10 +106,10 @@ public class ReasonFlags { /** * Create the object from the passed DER encoded value. - * + * * @param in the DerInputStream to read the ReasonFlags from. * @exception IOException on decoding errors. - */ + */ public ReasonFlags(DerInputStream in) throws IOException { DerValue derVal = in.getDerValue(); this.bitString = derVal.getUnalignedBitString(true).toBooleanArray(); @@ -119,10 +117,10 @@ public class ReasonFlags { /** * Create the object from the passed DER encoded value. - * + * * @param derVal the DerValue decoded from the stream. * @exception IOException on decoding errors. - */ + */ public ReasonFlags(DerValue derVal) throws IOException { this.bitString = derVal.getUnalignedBitString(true).toBooleanArray(); } @@ -132,84 +130,84 @@ public class ReasonFlags { */ public void set(String name, Object obj) throws IOException { if (!(obj instanceof Boolean)) { - throw new IOException("Attribute must be of type Boolean."); - } - boolean val = ((Boolean)obj).booleanValue(); - if (name.equalsIgnoreCase(UNUSED)) { - set(0,val); - } else if (name.equalsIgnoreCase(KEY_COMPROMISE)) { - set(1,val); - } else if (name.equalsIgnoreCase(CA_COMPROMISE)) { - set(2,val); - } else if (name.equalsIgnoreCase(AFFLIATION_CHANGED)) { - set(3,val); - } else if (name.equalsIgnoreCase(SUPERSEDED)) { - set(4,val); - } else if (name.equalsIgnoreCase(CESSATION_OF_OPERATION)) { - set(5,val); - } else if (name.equalsIgnoreCase(CERTIFICATION_HOLD)) { - set(6,val); - } else if (name.equalsIgnoreCase(PRIVILEGE_WITHDRAWN)) { - set(7,val); - } else if (name.equalsIgnoreCase(AA_COMPROMISE)) { - set(8,val); - } else { - throw new IOException("Name not recognized by ReasonFlags"); - } + throw new IOException("Attribute must be of type Boolean."); + } + boolean val = ((Boolean) obj).booleanValue(); + if (name.equalsIgnoreCase(UNUSED)) { + set(0, val); + } else if (name.equalsIgnoreCase(KEY_COMPROMISE)) { + set(1, val); + } else if (name.equalsIgnoreCase(CA_COMPROMISE)) { + set(2, val); + } else if (name.equalsIgnoreCase(AFFLIATION_CHANGED)) { + set(3, val); + } else if (name.equalsIgnoreCase(SUPERSEDED)) { + set(4, val); + } else if (name.equalsIgnoreCase(CESSATION_OF_OPERATION)) { + set(5, val); + } else if (name.equalsIgnoreCase(CERTIFICATION_HOLD)) { + set(6, val); + } else if (name.equalsIgnoreCase(PRIVILEGE_WITHDRAWN)) { + set(7, val); + } else if (name.equalsIgnoreCase(AA_COMPROMISE)) { + set(8, val); + } else { + throw new IOException("Name not recognized by ReasonFlags"); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(UNUSED)) { - return new Boolean(isSet(0)); - } else if (name.equalsIgnoreCase(KEY_COMPROMISE)) { - return new Boolean(isSet(1)); - } else if (name.equalsIgnoreCase(CA_COMPROMISE)) { - return new Boolean(isSet(2)); - } else if (name.equalsIgnoreCase(AFFLIATION_CHANGED)) { - return new Boolean(isSet(3)); - } else if (name.equalsIgnoreCase(SUPERSEDED)) { - return new Boolean(isSet(4)); - } else if (name.equalsIgnoreCase(CESSATION_OF_OPERATION)) { - return new Boolean(isSet(5)); - } else if (name.equalsIgnoreCase(CERTIFICATION_HOLD)) { - return new Boolean(isSet(6)); - } else if (name.equalsIgnoreCase(PRIVILEGE_WITHDRAWN)) { - return new Boolean(isSet(7)); - } else if (name.equalsIgnoreCase(AA_COMPROMISE)) { - return new Boolean(isSet(8)); - } else { - throw new IOException("Name not recognized by ReasonFlags"); - } + if (name.equalsIgnoreCase(UNUSED)) { + return new Boolean(isSet(0)); + } else if (name.equalsIgnoreCase(KEY_COMPROMISE)) { + return new Boolean(isSet(1)); + } else if (name.equalsIgnoreCase(CA_COMPROMISE)) { + return new Boolean(isSet(2)); + } else if (name.equalsIgnoreCase(AFFLIATION_CHANGED)) { + return new Boolean(isSet(3)); + } else if (name.equalsIgnoreCase(SUPERSEDED)) { + return new Boolean(isSet(4)); + } else if (name.equalsIgnoreCase(CESSATION_OF_OPERATION)) { + return new Boolean(isSet(5)); + } else if (name.equalsIgnoreCase(CERTIFICATION_HOLD)) { + return new Boolean(isSet(6)); + } else if (name.equalsIgnoreCase(PRIVILEGE_WITHDRAWN)) { + return new Boolean(isSet(7)); + } else if (name.equalsIgnoreCase(AA_COMPROMISE)) { + return new Boolean(isSet(8)); + } else { + throw new IOException("Name not recognized by ReasonFlags"); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(UNUSED)) { - set(0,false); - } else if (name.equalsIgnoreCase(KEY_COMPROMISE)) { - set(1,false); - } else if (name.equalsIgnoreCase(CA_COMPROMISE)) { - set(2,false); - } else if (name.equalsIgnoreCase(AFFLIATION_CHANGED)) { - set(3,false); - } else if (name.equalsIgnoreCase(SUPERSEDED)) { - set(4,false); - } else if (name.equalsIgnoreCase(CESSATION_OF_OPERATION)) { - set(5,false); - } else if (name.equalsIgnoreCase(CERTIFICATION_HOLD)) { - set(6,false); - } else if (name.equalsIgnoreCase(PRIVILEGE_WITHDRAWN)) { - set(7,false); - } else if (name.equalsIgnoreCase(AA_COMPROMISE)) { - set(8,false); - } else { - throw new IOException("Name not recognized by ReasonFlags"); - } + if (name.equalsIgnoreCase(UNUSED)) { + set(0, false); + } else if (name.equalsIgnoreCase(KEY_COMPROMISE)) { + set(1, false); + } else if (name.equalsIgnoreCase(CA_COMPROMISE)) { + set(2, false); + } else if (name.equalsIgnoreCase(AFFLIATION_CHANGED)) { + set(3, false); + } else if (name.equalsIgnoreCase(SUPERSEDED)) { + set(4, false); + } else if (name.equalsIgnoreCase(CESSATION_OF_OPERATION)) { + set(5, false); + } else if (name.equalsIgnoreCase(CERTIFICATION_HOLD)) { + set(6, false); + } else if (name.equalsIgnoreCase(PRIVILEGE_WITHDRAWN)) { + set(7, false); + } else if (name.equalsIgnoreCase(AA_COMPROMISE)) { + set(8, false); + } else { + throw new IOException("Name not recognized by ReasonFlags"); + } } /** @@ -218,35 +216,36 @@ public class ReasonFlags { public String toString() { String s = super.toString() + "Reason Flags [\n"; - try { - if (isSet(0)) { - s += " Unused\n"; - } - if (isSet(1)) { - s += " Key Compromise\n"; - } - if (isSet(2)) { - s += " CA_Compromise\n"; - } - if (isSet(3)) { - s += " Affiliation_Changed\n"; - } - if (isSet(4)) { - s += " Superseded\n"; - } - if (isSet(5)) { - s += " Cessation Of Operation\n"; - } - if (isSet(6)) { - s += " Certificate Hold\n"; - } - if (isSet(7)) { - s += " Privilege Withdrawn\n"; - } - if (isSet(8)) { - s += " AA Compromise\n"; + try { + if (isSet(0)) { + s += " Unused\n"; + } + if (isSet(1)) { + s += " Key Compromise\n"; + } + if (isSet(2)) { + s += " CA_Compromise\n"; + } + if (isSet(3)) { + s += " Affiliation_Changed\n"; + } + if (isSet(4)) { + s += " Superseded\n"; + } + if (isSet(5)) { + s += " Cessation Of Operation\n"; + } + if (isSet(6)) { + s += " Certificate Hold\n"; + } + if (isSet(7)) { + s += " Privilege Withdrawn\n"; + } + if (isSet(8)) { + s += " AA Compromise\n"; + } + } catch (ArrayIndexOutOfBoundsException ex) { } - } catch (ArrayIndexOutOfBoundsException ex) {} s += "]\n"; @@ -255,7 +254,7 @@ public class ReasonFlags { /** * Write the extension to the DerOutputStream. - * + * * @param out the DerOutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -267,7 +266,7 @@ public class ReasonFlags { * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getElements () { + public Enumeration<String> getElements() { Vector<String> elements = new Vector<String>(); elements.addElement(UNUSED); elements.addElement(KEY_COMPROMISE); @@ -279,6 +278,6 @@ public class ReasonFlags { elements.addElement(PRIVILEGE_WITHDRAWN); elements.addElement(AA_COMPROMISE); - return (elements.elements()); + return (elements.elements()); } } diff --git a/pki/base/util/src/netscape/security/x509/RevocationReason.java b/pki/base/util/src/netscape/security/x509/RevocationReason.java index fc8c9634..419eb177 100644 --- a/pki/base/util/src/netscape/security/x509/RevocationReason.java +++ b/pki/base/util/src/netscape/security/x509/RevocationReason.java @@ -17,11 +17,10 @@ // --- END COPYRIGHT BLOCK --- package netscape.security.x509; - /** * Represent the enumerated type used in CRLReason Extension of CRL entry. - * - * + * + * * @author galperin * @version $Revision$, $Date$ */ @@ -46,10 +45,10 @@ public final class RevocationReason { /** * Create a RevocationReason with the passed integer value. - * + * * @param reason integer value of the enumeration alternative. */ - private RevocationReason(int reason){ + private RevocationReason(int reason) { this.mReason = reason; } @@ -57,44 +56,64 @@ public final class RevocationReason { return mReason; } - public static RevocationReason fromInt(int reason) { - if (reason == UNSPECIFIED.mReason) return UNSPECIFIED; - if (reason == KEY_COMPROMISE.mReason) return KEY_COMPROMISE; - if (reason == CA_COMPROMISE.mReason) return CA_COMPROMISE; - if (reason == AFFILIATION_CHANGED.mReason) return AFFILIATION_CHANGED; - if (reason == SUPERSEDED.mReason) return SUPERSEDED; - if (reason == CESSATION_OF_OPERATION.mReason) return CESSATION_OF_OPERATION; - if (reason == CERTIFICATE_HOLD.mReason) return CERTIFICATE_HOLD; - if (reason == REMOVE_FROM_CRL.mReason) return REMOVE_FROM_CRL; - if (reason == PRIVILEGE_WITHDRAWN.mReason) return PRIVILEGE_WITHDRAWN; - if (reason == AA_COMPROMISE.mReason) return AA_COMPROMISE; - return null; + public static RevocationReason fromInt(int reason) { + if (reason == UNSPECIFIED.mReason) + return UNSPECIFIED; + if (reason == KEY_COMPROMISE.mReason) + return KEY_COMPROMISE; + if (reason == CA_COMPROMISE.mReason) + return CA_COMPROMISE; + if (reason == AFFILIATION_CHANGED.mReason) + return AFFILIATION_CHANGED; + if (reason == SUPERSEDED.mReason) + return SUPERSEDED; + if (reason == CESSATION_OF_OPERATION.mReason) + return CESSATION_OF_OPERATION; + if (reason == CERTIFICATE_HOLD.mReason) + return CERTIFICATE_HOLD; + if (reason == REMOVE_FROM_CRL.mReason) + return REMOVE_FROM_CRL; + if (reason == PRIVILEGE_WITHDRAWN.mReason) + return PRIVILEGE_WITHDRAWN; + if (reason == AA_COMPROMISE.mReason) + return AA_COMPROMISE; + return null; } - public boolean equals(Object other) { - if (this == other) - return true; - else if (other instanceof RevocationReason) - return ((RevocationReason)other).mReason == mReason; - else - return false; - } + public boolean equals(Object other) { + if (this == other) + return true; + else if (other instanceof RevocationReason) + return ((RevocationReason) other).mReason == mReason; + else + return false; + } - public int hashCode() { - return mReason; - } + public int hashCode() { + return mReason; + } - public String toString() { - if (equals(UNSPECIFIED)) return "Unspecified"; - if (equals(KEY_COMPROMISE)) return "Key_Compromise"; - if (equals(CA_COMPROMISE)) return "CA_Compromise"; - if (equals(AFFILIATION_CHANGED)) return "Affiliation_Changed"; - if (equals(SUPERSEDED)) return "Superseded"; - if (equals(CESSATION_OF_OPERATION)) return "Cessation_of_Operation"; - if (equals(CERTIFICATE_HOLD)) return "Certificate_Hold"; - if (equals(REMOVE_FROM_CRL)) return "Remove_from_CRL"; - if (equals(PRIVILEGE_WITHDRAWN)) return "Privilege_Withdrawn"; - if (equals(AA_COMPROMISE)) return "AA_Compromise"; - return "[UNDEFINED]"; - } + public String toString() { + if (equals(UNSPECIFIED)) + return "Unspecified"; + if (equals(KEY_COMPROMISE)) + return "Key_Compromise"; + if (equals(CA_COMPROMISE)) + return "CA_Compromise"; + if (equals(AFFILIATION_CHANGED)) + return "Affiliation_Changed"; + if (equals(SUPERSEDED)) + return "Superseded"; + if (equals(CESSATION_OF_OPERATION)) + return "Cessation_of_Operation"; + if (equals(CERTIFICATE_HOLD)) + return "Certificate_Hold"; + if (equals(REMOVE_FROM_CRL)) + return "Remove_from_CRL"; + if (equals(PRIVILEGE_WITHDRAWN)) + return "Privilege_Withdrawn"; + if (equals(AA_COMPROMISE)) + return "AA_Compromise"; + return "[UNDEFINED]"; + } } diff --git a/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java b/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java index 5193dcb3..12c4270a 100755 --- a/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java +++ b/pki/base/util/src/netscape/security/x509/RevokedCertImpl.java @@ -37,9 +37,7 @@ import netscape.security.util.ObjectIdentifier; /** * <p> - * Abstract class for a revoked certificate in a CRL. This class is for each - * entry in the <code>revokedCertificates</code>, so it deals with the inner - * <em>SEQUENCE</em>. The ASN.1 definition for this is: + * Abstract class for a revoked certificate in a CRL. This class is for each entry in the <code>revokedCertificates</code>, so it deals with the inner <em>SEQUENCE</em>. The ASN.1 definition for this is: * * <pre> * revokedCertificates SEQUENCE OF SEQUENCE { @@ -67,278 +65,273 @@ import netscape.security.util.ObjectIdentifier; * @version 1.6 97/12/10 */ -public class RevokedCertImpl extends RevokedCertificate implements Serializable{ +public class RevokedCertImpl extends RevokedCertificate implements Serializable { /** * */ - private static final long serialVersionUID = -3449642360223397701L; - - - private SerialNumber serialNumber; - private Date revocationDate; - private CRLExtensions extensions = null; - private byte[] revokedCert; - private final static boolean isExplicit = false; - - /** - * Default constructor. - */ - public RevokedCertImpl() { - } - - /** - * Constructs a revoked certificate entry using the serial number and - * revocation date. - * - * @param num - * the serial number of the revoked certificate. - * @param date - * the Date on which revocation took place. - */ - public RevokedCertImpl(BigInteger num, Date date) { - this.serialNumber = new SerialNumber(num); - this.revocationDate = date; - } - - /** - * Constructs a revoked certificate entry using the serial number, - * revocation date and the entry extensions. - * - * @param num - * the serial number of the revoked certificate. - * @param date - * the Date on which revocation took place. - * @param crlEntryExts - * the extensions for this entry. - */ - public RevokedCertImpl(BigInteger num, Date date, CRLExtensions crlEntryExts) { - this.serialNumber = new SerialNumber(num); - this.revocationDate = date; - this.extensions = crlEntryExts; - } - - public byte[] getEncoded() throws CRLException { - // XXX NOT IMPLEMENTED - if (revokedCert == null) { - DerOutputStream os = new DerOutputStream(); - try { - encode(os); - } catch (Exception e) { - // revokedCert = null; - } - revokedCert = os.toByteArray(); - } - return revokedCert; - } - - public boolean hasUnsupportedCriticalExtension() { - // XXX NOT IMPLEMENTED - return true; - } - - /** - * Sets extensions for this impl. - * - * @param crlEntryExts - * CRLExtensions - */ - public void setExtensions(CRLExtensions crlEntryExts) { - this.extensions = crlEntryExts; - } - - /** - * Unmarshals a revoked certificate from its encoded form. - * - * @param revokedCert - * the encoded bytes. - * @exception CRLException - * on parsing errors. - * @exception X509ExtensionException - * on extension handling errors. - */ - public RevokedCertImpl(byte[] revokedCert) throws CRLException, - X509ExtensionException { - try { - DerValue derValue = new DerValue(revokedCert); - parse(derValue); - } catch (IOException e) { - throw new CRLException("Parsing error: " + e.toString()); - } - } - - /** - * Unmarshals a revoked certificate from its encoded form. - * - * @param derValue - * the DER value containing the revoked certificate. - * @exception CRLException - * on parsing errors. - * @exception X509ExtensionException - * on extension handling errors. - */ - public RevokedCertImpl(DerValue derValue) throws CRLException, - X509ExtensionException { - parse(derValue); - } - - /** - * Returns true if this revoked certificate entry has extensions, otherwise - * false. - * - * @return true if this CRL entry has extensions, otherwise false. - */ - public boolean hasExtensions() { - if (extensions == null) - return false; - else - return true; - } - - /** - * Decode a revoked certificate from an input stream. - * - * @param inStrm - * an input stream holding at least one revoked certificate - * @exception CRLException - * on parsing errors. - * @exception X509ExtensionException - * on extension handling errors. - */ - public void decode(InputStream inStrm) throws CRLException, - X509ExtensionException { - try { - DerValue derValue = new DerValue(inStrm); - parse(derValue); - } catch (IOException e) { - throw new CRLException("Parsing error: " + e.toString()); - } - } - - /** - * Encodes the revoked certificate to an output stream. - * - * @param outStrm - * an output stream to which the encoded revoked certificate is - * written. - * @exception CRLException - * on encoding errors. - * @exception X509ExtensionException - * on extension handling errors. - */ - public void encode(DerOutputStream outStrm) throws CRLException, - X509ExtensionException { - try { - if (revokedCert == null) { - DerOutputStream tmp = new DerOutputStream(); - // sequence { serialNumber, revocationDate, extensions } - serialNumber.encode(tmp); - - // from 2050 should encode GeneralizedTime - tmp.putUTCTime(revocationDate); - - if (extensions != null) - extensions.encode(tmp, isExplicit); - - DerOutputStream seq = new DerOutputStream(); - seq.write(DerValue.tag_Sequence, tmp); - - revokedCert = seq.toByteArray(); - } - outStrm.write(revokedCert); - } catch (IOException e) { - throw new CRLException("Encoding error: " + e.toString()); - } - } - - /** - * Gets the serial number for this RevokedCertificate, the - * <em>userCertificate</em>. - * - * @return the serial number. - */ - public BigInteger getSerialNumber() { - return ((BigInt) serialNumber.getNumber()).toBigInteger(); - } - - /** - * Gets the revocation date for this RevokedCertificate, the - * <em>revocationDate</em>. - * - * @return the revocation date. - */ - public Date getRevocationDate() { - return (new Date(revocationDate.getTime())); - } - - /** - * Returns extensions for this impl. - * - * @return the CRLExtensions - */ - public CRLExtensions getExtensions() { - return extensions; - } - - /** - * Returns a printable string of this revoked certificate. - * - * @return value of this revoked certificate in a printable form. - */ - public String toString() { - StringBuffer sb = new StringBuffer(); - - sb.append(serialNumber.toString()); - sb.append(" On: " + revocationDate.toString()); - if (extensions != null) { - sb.append("\n"); - for (int i = 0; i < extensions.size(); i++) - sb.append("Entry Extension[" + i + "]: " - + ((Extension) (extensions.elementAt(i))).toString()); - } - sb.append("\n"); - return (sb.toString()); - } + private static final long serialVersionUID = -3449642360223397701L; + + private SerialNumber serialNumber; + private Date revocationDate; + private CRLExtensions extensions = null; + private byte[] revokedCert; + private final static boolean isExplicit = false; + + /** + * Default constructor. + */ + public RevokedCertImpl() { + } + + /** + * Constructs a revoked certificate entry using the serial number and + * revocation date. + * + * @param num + * the serial number of the revoked certificate. + * @param date + * the Date on which revocation took place. + */ + public RevokedCertImpl(BigInteger num, Date date) { + this.serialNumber = new SerialNumber(num); + this.revocationDate = date; + } + + /** + * Constructs a revoked certificate entry using the serial number, + * revocation date and the entry extensions. + * + * @param num + * the serial number of the revoked certificate. + * @param date + * the Date on which revocation took place. + * @param crlEntryExts + * the extensions for this entry. + */ + public RevokedCertImpl(BigInteger num, Date date, CRLExtensions crlEntryExts) { + this.serialNumber = new SerialNumber(num); + this.revocationDate = date; + this.extensions = crlEntryExts; + } + + public byte[] getEncoded() throws CRLException { + // XXX NOT IMPLEMENTED + if (revokedCert == null) { + DerOutputStream os = new DerOutputStream(); + try { + encode(os); + } catch (Exception e) { + // revokedCert = null; + } + revokedCert = os.toByteArray(); + } + return revokedCert; + } + + public boolean hasUnsupportedCriticalExtension() { + // XXX NOT IMPLEMENTED + return true; + } + + /** + * Sets extensions for this impl. + * + * @param crlEntryExts + * CRLExtensions + */ + public void setExtensions(CRLExtensions crlEntryExts) { + this.extensions = crlEntryExts; + } + + /** + * Unmarshals a revoked certificate from its encoded form. + * + * @param revokedCert + * the encoded bytes. + * @exception CRLException + * on parsing errors. + * @exception X509ExtensionException + * on extension handling errors. + */ + public RevokedCertImpl(byte[] revokedCert) throws CRLException, + X509ExtensionException { + try { + DerValue derValue = new DerValue(revokedCert); + parse(derValue); + } catch (IOException e) { + throw new CRLException("Parsing error: " + e.toString()); + } + } + + /** + * Unmarshals a revoked certificate from its encoded form. + * + * @param derValue + * the DER value containing the revoked certificate. + * @exception CRLException + * on parsing errors. + * @exception X509ExtensionException + * on extension handling errors. + */ + public RevokedCertImpl(DerValue derValue) throws CRLException, + X509ExtensionException { + parse(derValue); + } + + /** + * Returns true if this revoked certificate entry has extensions, otherwise + * false. + * + * @return true if this CRL entry has extensions, otherwise false. + */ + public boolean hasExtensions() { + if (extensions == null) + return false; + else + return true; + } + + /** + * Decode a revoked certificate from an input stream. + * + * @param inStrm + * an input stream holding at least one revoked certificate + * @exception CRLException + * on parsing errors. + * @exception X509ExtensionException + * on extension handling errors. + */ + public void decode(InputStream inStrm) throws CRLException, + X509ExtensionException { + try { + DerValue derValue = new DerValue(inStrm); + parse(derValue); + } catch (IOException e) { + throw new CRLException("Parsing error: " + e.toString()); + } + } + + /** + * Encodes the revoked certificate to an output stream. + * + * @param outStrm + * an output stream to which the encoded revoked certificate is + * written. + * @exception CRLException + * on encoding errors. + * @exception X509ExtensionException + * on extension handling errors. + */ + public void encode(DerOutputStream outStrm) throws CRLException, + X509ExtensionException { + try { + if (revokedCert == null) { + DerOutputStream tmp = new DerOutputStream(); + // sequence { serialNumber, revocationDate, extensions } + serialNumber.encode(tmp); + + // from 2050 should encode GeneralizedTime + tmp.putUTCTime(revocationDate); + + if (extensions != null) + extensions.encode(tmp, isExplicit); + + DerOutputStream seq = new DerOutputStream(); + seq.write(DerValue.tag_Sequence, tmp); + + revokedCert = seq.toByteArray(); + } + outStrm.write(revokedCert); + } catch (IOException e) { + throw new CRLException("Encoding error: " + e.toString()); + } + } + + /** + * Gets the serial number for this RevokedCertificate, the <em>userCertificate</em>. + * + * @return the serial number. + */ + public BigInteger getSerialNumber() { + return ((BigInt) serialNumber.getNumber()).toBigInteger(); + } + + /** + * Gets the revocation date for this RevokedCertificate, the <em>revocationDate</em>. + * + * @return the revocation date. + */ + public Date getRevocationDate() { + return (new Date(revocationDate.getTime())); + } + + /** + * Returns extensions for this impl. + * + * @return the CRLExtensions + */ + public CRLExtensions getExtensions() { + return extensions; + } + + /** + * Returns a printable string of this revoked certificate. + * + * @return value of this revoked certificate in a printable form. + */ + public String toString() { + StringBuffer sb = new StringBuffer(); + + sb.append(serialNumber.toString()); + sb.append(" On: " + revocationDate.toString()); + if (extensions != null) { + sb.append("\n"); + for (int i = 0; i < extensions.size(); i++) + sb.append("Entry Extension[" + i + "]: " + + ((Extension) (extensions.elementAt(i))).toString()); + } + sb.append("\n"); + return (sb.toString()); + } /** * Gets a Set of the extension(s) marked CRITICAL in the * RevokedCertificate by OID strings. - * + * * @return a set of the extension oid strings in the - * Object that are marked critical. + * Object that are marked critical. */ public Set<String> getCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { ex = e.nextElement(); - if (ex.isCritical()) + if (ex.isCritical()) extSet.add(ex.getExtensionId().toString()); - } + } return extSet; } /** * Gets a Set of the extension(s) marked NON-CRITICAL in the * RevokedCertificate by OID strings. - * + * * @return a set of the extension oid strings in the - * Object that are marked critical. + * Object that are marked critical. */ public Set<String> getNonCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { ex = e.nextElement(); - if ( ! ex.isCritical()) + if (!ex.isCritical()) extSet.add(ex.getExtensionId().toString()); - } + } return extSet; } @@ -350,23 +343,22 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable{ * by ".", that means,<br> * <positive whole number>.<positive whole number>.<positive * whole number>.<...> - * + * * @param oid the Object Identifier value for the extension. * @return the DER encoded octet string of the extension value. */ public byte[] getExtensionValue(String oid) { if (extensions == null) return null; - try { - String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); + try { + String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); Extension crlExt = null; if (extAlias == null) { // may be unknown ObjectIdentifier findOID = new ObjectIdentifier(oid); Extension ex = null; ObjectIdentifier inCertOID; - for (Enumeration<Extension> e=extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { ex = e.nextElement(); inCertOID = ex.getExtensionId(); if (inCertOID.equals(findOID)) { @@ -376,24 +368,24 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable{ } } else crlExt = extensions.get(extAlias); - if (crlExt == null) + if (crlExt == null) return null; - byte[] extData = crlExt.getExtensionValue(); + byte[] extData = crlExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); - out.putOctetString(extData); + DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; - } + } } private void parse(DerValue derVal) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { - if (derVal.tag != DerValue.tag_Sequence) { + if (derVal.tag != DerValue.tag_Sequence) { throw new CRLException("Invalid encoded RevokedCertificate, " + "starting sequence tag missing."); } @@ -413,9 +405,9 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable{ // revocationDate try { int nextByte = derVal.data.peekByte(); - if ((byte)nextByte == DerValue.tag_UtcTime) { + if ((byte) nextByte == DerValue.tag_UtcTime) { this.revocationDate = derVal.data.getUTCTime(); - } else if ((byte)nextByte == DerValue.tag_GeneralizedTime) { + } else if ((byte) nextByte == DerValue.tag_GeneralizedTime) { this.revocationDate = derVal.data.getGeneralizedTime(); } else { throw new CRLException("Invalid encoding for RevokedCertificates"); @@ -426,7 +418,7 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable{ } if (derVal.data.available() == 0) - return; // no extensions + return; // no extensions // crlEntryExtensions try { @@ -437,25 +429,25 @@ public class RevokedCertImpl extends RevokedCertificate implements Serializable{ } } - /** - * Serialization write ... X.509 certificates serialize as themselves, and - * they're parsed when they get read back. (Actually they serialize as some - * type data from the serialization subsystem, then the cert data.) - */ - private synchronized void writeObject(ObjectOutputStream stream) - throws CRLException, X509ExtensionException, IOException { - DerOutputStream dos = new DerOutputStream(); - encode(dos); - dos.derEncode(stream); - } - - /** - * Serialization read ... X.509 certificates serialize as themselves, and - * they're parsed when they get read back. - */ - private synchronized void readObject(ObjectInputStream stream) - throws CRLException, X509ExtensionException, IOException { - decode(stream); - } + /** + * Serialization write ... X.509 certificates serialize as themselves, and + * they're parsed when they get read back. (Actually they serialize as some + * type data from the serialization subsystem, then the cert data.) + */ + private synchronized void writeObject(ObjectOutputStream stream) + throws CRLException, X509ExtensionException, IOException { + DerOutputStream dos = new DerOutputStream(); + encode(dos); + dos.derEncode(stream); + } + + /** + * Serialization read ... X.509 certificates serialize as themselves, and + * they're parsed when they get read back. + */ + private synchronized void readObject(ObjectInputStream stream) + throws CRLException, X509ExtensionException, IOException { + decode(stream); + } } diff --git a/pki/base/util/src/netscape/security/x509/RevokedCertificate.java b/pki/base/util/src/netscape/security/x509/RevokedCertificate.java index 7db553ad..2087d064 100644 --- a/pki/base/util/src/netscape/security/x509/RevokedCertificate.java +++ b/pki/base/util/src/netscape/security/x509/RevokedCertificate.java @@ -23,40 +23,41 @@ import java.security.cert.X509CRLEntry; import java.util.Date; /** - * <p>Abstract class for a revoked certificate in a CRL (Certificate - * Revocation List). - * + * <p> + * Abstract class for a revoked certificate in a CRL (Certificate Revocation List). + * * The ASN.1 definition for <em>revokedCertificates</em> is: + * * <pre> - * revokedCertificates SEQUENCE OF SEQUENCE { - * userCertificate CertificateSerialNumber, - * revocationDate ChoiceOfTime, - * crlEntryExtensions Extensions OPTIONAL - * -- if present, must be v2 - * } OPTIONAL - *<p> - * CertificateSerialNumber ::= INTEGER - *<p> - * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - *<p> - * Extension ::= SEQUENCE { - * extnId OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING - * -- contains a DER encoding of a value - * -- of the type registered for use with - * -- the extnId object identifier value - * } + * revokedCertificates SEQUENCE OF SEQUENCE { + * userCertificate CertificateSerialNumber, + * revocationDate ChoiceOfTime, + * crlEntryExtensions Extensions OPTIONAL + * -- if present, must be v2 + * } OPTIONAL + * <p> + * CertificateSerialNumber ::= INTEGER + * <p> + * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + * <p> + * Extension ::= SEQUENCE { + * extnId OBJECT IDENTIFIER, + * critical BOOLEAN DEFAULT FALSE, + * extnValue OCTET STRING + * -- contains a DER encoding of a value + * -- of the type registered for use with + * -- the extnId object identifier value + * } * </pre> * * @see X509CRL - * + * * @author Hemma Prafullchandra * @version 1.4 97/12/10 */ public abstract class RevokedCertificate extends X509CRLEntry { -/* implements X509Extension { */ + /* implements X509Extension { */ /** * Gets the serial number for this RevokedCertificate, @@ -77,20 +78,18 @@ public abstract class RevokedCertificate extends X509CRLEntry { /** * Returns true if this revoked certificate entry has * extensions. - * + * * @return true if this entry has extensions, false otherwise. */ public abstract boolean hasExtensions(); - - /** * Returns a string representation of this revoked certificate. - * + * * @return a string representation of this revoked certificate. */ public abstract String toString(); - + public abstract CRLExtensions getExtensions(); } diff --git a/pki/base/util/src/netscape/security/x509/SerialNumber.java b/pki/base/util/src/netscape/security/x509/SerialNumber.java index c59b03e0..a2d7109c 100644 --- a/pki/base/util/src/netscape/security/x509/SerialNumber.java +++ b/pki/base/util/src/netscape/security/x509/SerialNumber.java @@ -28,13 +28,13 @@ import netscape.security.util.DerValue; /** * This class defines the SerialNumber class used by certificates. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.5 */ public class SerialNumber { - private BigInt serialNum; + private BigInt serialNum; // Construct the class from the DerValue private void construct(DerValue derVal) throws IOException { @@ -46,7 +46,7 @@ public class SerialNumber { /** * The default constructor for this class using BigInteger. - * + * * @param num the BigInteger number used to create the serial number. */ public SerialNumber(BigInteger num) { @@ -56,10 +56,10 @@ public class SerialNumber { public SerialNumber(BigInt num) { serialNum = num; } - + /** * The default constructor for this class using int. - * + * * @param num the BigInteger number used to create the serial number. */ public SerialNumber(int num) { @@ -68,7 +68,7 @@ public class SerialNumber { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the SerialNumber from. * @exception IOException on decoding errors. */ @@ -79,7 +79,7 @@ public class SerialNumber { /** * Create the object, decoding the values from the passed DerValue. - * + * * @param val the DerValue to read the SerialNumber from. * @exception IOException on decoding errors. */ @@ -89,7 +89,7 @@ public class SerialNumber { /** * Create the object, decoding the values from the passed stream. - * + * * @param in the InputStream to read the SerialNumber from. * @exception IOException on decoding errors. */ @@ -107,7 +107,7 @@ public class SerialNumber { /** * Encode the SerialNumber in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @exception IOException on errors. */ diff --git a/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java b/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java index 53f4eadb..57c0b64b 100644 --- a/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java +++ b/pki/base/util/src/netscape/security/x509/SubjectAlternativeNameExtension.java @@ -29,20 +29,20 @@ import netscape.security.util.DerValue; /** * This represents the Subject Alternative Name Extension. - * + * * This extension, if present, allows the subject to specify multiple * alternative names. - * - * <p>Extensions are represented as a sequence of the extension identifier - * (Object Identifier), a boolean flag stating whether the extension is to - * be treated as being critical and the extension value itself (this is again - * a DER encoding of the extension value). + * + * <p> + * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value). * <p> * The ASN.1 syntax for this is: + * * <pre> * SubjectAltName ::= GeneralNames * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * </pre> + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.9 @@ -50,7 +50,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class SubjectAlternativeNameExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -58,7 +58,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.SubjectAlternativeName"; /** @@ -67,7 +67,7 @@ implements CertAttrSet { public static final String SUBJECT_NAME = "subject_name"; // private data members - GeneralNames names; + GeneralNames names; // Encode this extension private void encodeThis() throws IOException { @@ -82,19 +82,20 @@ implements CertAttrSet { /** * Create a SubjectAlternativeNameExtension with the passed GeneralNames. - * + * * @param names the GeneralNames for the subject. * @exception IOException on error. */ public SubjectAlternativeNameExtension(boolean critical, GeneralNames names) - throws IOException { + throws IOException { this.names = names; this.extensionId = PKIXExtensions.SubjectAlternativeName_Id; this.critical = critical; encodeThis(); } + public SubjectAlternativeNameExtension(GeneralNames names) - throws IOException { + throws IOException { this.names = names; this.extensionId = PKIXExtensions.SubjectAlternativeName_Id; this.critical = false; @@ -112,13 +113,13 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public SubjectAlternativeNameExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.SubjectAlternativeName_Id; this.critical = critical.booleanValue(); @@ -127,7 +128,7 @@ implements CertAttrSet { + "Illegal argument type"); int len = Array.getLength(value); - byte[] extValue = new byte[len]; + byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; @@ -137,21 +138,22 @@ implements CertAttrSet { } catch (GeneralNamesException e) { throw new IOException("SubjectAlternativeName: " + e); } - } - - /** - * Returns a printable representation of the SubjectAlternativeName. - */ - public String toString() { - if (names == null) return ""; - String s = super.toString() + "SubjectAlternativeName [\n" + } + + /** + * Returns a printable representation of the SubjectAlternativeName. + */ + public String toString() { + if (names == null) + return ""; + String s = super.toString() + "SubjectAlternativeName [\n" + names.toString() + "]\n"; - return (s); - } + return (s); + } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -161,71 +163,71 @@ implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ public void encode(OutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); if (extensionValue == null) { - extensionId = PKIXExtensions.SubjectAlternativeName_Id; - //critical = false; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); + extensionId = PKIXExtensions.SubjectAlternativeName_Id; + //critical = false; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); } /** * Set the attribute value. */ public void set(String name, Object obj) throws IOException { - clearValue(); - if (name.equalsIgnoreCase(SUBJECT_NAME)) { - if (!(obj instanceof GeneralNames)) { - throw new IOException("Attribute value should be of " + + clearValue(); + if (name.equalsIgnoreCase(SUBJECT_NAME)) { + if (!(obj instanceof GeneralNames)) { + throw new IOException("Attribute value should be of " + "type GeneralNames."); - } - names = (GeneralNames)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectAlternativeName."); - } + } + names = (GeneralNames) obj; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectAlternativeName."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(SUBJECT_NAME)) { - return (names); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectAlternativeName."); - } + if (name.equalsIgnoreCase(SUBJECT_NAME)) { + return (names); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectAlternativeName."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(SUBJECT_NAME)) { - names = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectAlternativeName."); - } + if (name.equalsIgnoreCase(SUBJECT_NAME)) { + names = null; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectAlternativeName."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(SUBJECT_NAME); - return (elements.elements()); + return (elements.elements()); } } diff --git a/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java b/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java index 134f0435..592652b4 100644 --- a/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java +++ b/pki/base/util/src/netscape/security/x509/SubjectDirAttributesExtension.java @@ -29,35 +29,34 @@ import netscape.security.util.DerValue; /** * This class represents the Subject Directory Attributes Extension. - * - * <p>The subject directory attributes extension is not recommended as an - * essential part of this profile, but it may be used in local environments. - * This extension MUST be non-critical. - * + * + * <p> + * The subject directory attributes extension is not recommended as an essential part of this profile, but it may be used in local environments. This extension MUST be non-critical. + * * <pre> * The ASN.1 syntax for this extension is: - * + * * SubjectDirectoryAttributes ::= SEQUENCE (1..MAX) OF Attribute - * + * * Attribute ::= SEQUENCE { - * type AttributeType, + * type AttributeType, * value SET OF AttributeValue * -- at least one value is required --} - * + * * AttributeType ::= OBJECT IDENTIFIER - * - * AttributeValue ::= ANY - * + * + * AttributeValue ::= ANY + * * </pre> - * + * * @author Christine Ho * @version 1.7 - * + * * @see CertAttrSet * @see Extension */ public class SubjectDirAttributesExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * @@ -67,10 +66,10 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ //public static final String IDENT = "x509.info.extensions.SubjectDirectoryAttributes"; public static final String IDENT = "Subject Directory Attributes"; - + /** * Attribute names. */ @@ -83,12 +82,12 @@ implements CertAttrSet { DerOutputStream out = new DerOutputStream(); DerOutputStream tmp = new DerOutputStream(); - //encoding the attributes - Enumeration<Attribute> attrs = attrList.elements(); - while (attrs.hasMoreElements()) { - Attribute attr = attrs.nextElement(); - attr.encode(tmp); - } + //encoding the attributes + Enumeration<Attribute> attrs = attrList.elements(); + while (attrs.hasMoreElements()) { + Attribute attr = attrs.nextElement(); + attr.encode(tmp); + } out.write(DerValue.tag_SequenceOf, tmp); this.extensionValue = out.toByteArray(); @@ -98,12 +97,12 @@ implements CertAttrSet { private void decodeThis(DerValue derVal) throws IOException { if (derVal.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding for "+ - "Subject Directory Attribute extension."); + throw new IOException("Invalid encoding for " + + "Subject Directory Attribute extension."); } if (derVal.data.available() == 0) { - throw new IOException(this.getClass().getSimpleName()+" No data available in " + throw new IOException(this.getClass().getSimpleName() + " No data available in " + "passed DER encoded value."); } @@ -117,79 +116,79 @@ implements CertAttrSet { /** * Default constructor for this object. - * + * * @param derVal Der encoded value of this extension */ public SubjectDirAttributesExtension(DerValue derVal) throws IOException { - this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; - this.critical = false; + this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; + this.critical = false; decodeThis(derVal); } /** * Default constructor for this object. - * + * * @param list Attribute object list */ public SubjectDirAttributesExtension(Attribute[] list) throws IOException { - this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; - this.critical = false; + this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; + this.critical = false; - if ((list == null)||(list.length==0)) { + if ((list == null) || (list.length == 0)) { throw new IOException("No data available in " + "passed Attribute List."); - } + } // add the Attributes for (int i = 0; i < list.length; i++) { - attrList.addElement(list[i]); - } + attrList.addElement(list[i]); + } } /** * Constructor from parsing extension - * + * * @param list Attribute object list */ public SubjectDirAttributesExtension(Boolean crit, Object value) - throws IOException { + throws IOException { - this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; + this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; this.critical = crit.booleanValue(); if (!(value instanceof byte[])) - throw new IOException(this.getClass().getSimpleName()+"Illegal argument type"); + throw new IOException(this.getClass().getSimpleName() + "Illegal argument type"); int len = Array.getLength(value); byte[] extValue = new byte[len]; System.arraycopy(value, 0, extValue, 0, len); this.extensionValue = extValue; - decodeThis(new DerValue(extValue)); + decodeThis(new DerValue(extValue)); } /** * Constructor for this object. - * + * * @param list Attribute object list * @param critical The criticality */ - public SubjectDirAttributesExtension(Attribute[] list, boolean critical) - throws IOException { + public SubjectDirAttributesExtension(Attribute[] list, boolean critical) + throws IOException { - this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; - this.critical = critical; + this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; + this.critical = critical; - if ((list == null)||(list.length==0)) { + if ((list == null) || (list.length == 0)) { throw new IOException("No data available in " + "passed Attribute List."); - } + } // add the Attributes for (int i = 0; i < list.length; i++) { - attrList.addElement(list[i]); - } + attrList.addElement(list[i]); + } } /** @@ -198,18 +197,18 @@ implements CertAttrSet { public String toString() { String s = super.toString() + "SubjectDirectoryAttributes:[\n"; - Enumeration<Attribute> attrs = attrList.elements(); - while (attrs.hasMoreElements()) { - Attribute attr = attrs.nextElement(); - s += attr.toString(); - } + Enumeration<Attribute> attrs = attrList.elements(); + while (attrs.hasMoreElements()) { + Attribute attr = attrs.nextElement(); + s += attr.toString(); + } return (s + "]\n"); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -218,44 +217,44 @@ implements CertAttrSet { decodeThis(val); } - /** - * Encode this extension value to the output stream. - * - * @param out the DerOutputStream to encode the extension to. - */ - public void encode(OutputStream out) throws IOException { - DerOutputStream tmp = new DerOutputStream(); - if (extensionValue == null) { - this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; - this.critical = false; - encodeThis(); - } - super.encode(tmp); - out.write(tmp.toByteArray()); - } + /** + * Encode this extension value to the output stream. + * + * @param out the DerOutputStream to encode the extension to. + */ + public void encode(OutputStream out) throws IOException { + DerOutputStream tmp = new DerOutputStream(); + if (extensionValue == null) { + this.extensionId = PKIXExtensions.SubjectDirectoryAttributes_Id; + this.critical = false; + encodeThis(); + } + super.encode(tmp); + out.write(tmp.toByteArray()); + } /** * Set the attribute value. */ public void set(String name, Object obj) throws IOException { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectDirectoryAttributes."); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectDirectoryAttributes."); } /** * Get the attribute value. */ public Object get(String name) throws IOException { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectDirectoryAttributes."); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectDirectoryAttributes."); } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectDirectoryAttributes."); + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectDirectoryAttributes."); } /** @@ -264,16 +263,15 @@ implements CertAttrSet { */ public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); - return (elements.elements()); + return (elements.elements()); } - /** * Returns an enumeration of attributes in the extension. */ public Enumeration<Attribute> getAttributesList() { - if (attrList == null) - return null; - return attrList.elements(); + if (attrList == null) + return null; + return attrList.elements(); } } diff --git a/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java b/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java index cbaf2ce5..a7a101cd 100644 --- a/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java +++ b/pki/base/util/src/netscape/security/x509/SubjectKeyIdentifierExtension.java @@ -29,20 +29,17 @@ import netscape.security.util.DerValue; /** * Represent the Subject Key Identifier Extension. - * + * * This extension, if present, provides a means of identifying the particular - * public key used in an application. This extension by default is marked + * public key used in an application. This extension by default is marked * non-critical. - * - * <p>Extensions are addiitonal attributes which can be inserted in a X509 - * v3 certificate. For example a "Driving License Certificate" could have - * the driving license number as a extension. - * - * <p>Extensions are represented as a sequence of the extension identifier - * (Object Identifier), a boolean flag stating whether the extension is to - * be treated as being critical and the extension value itself (this is again - * a DER encoding of the extension value). - * + * + * <p> + * Extensions are addiitonal attributes which can be inserted in a X509 v3 certificate. For example a "Driving License Certificate" could have the driving license number as a extension. + * + * <p> + * Extensions are represented as a sequence of the extension identifier (Object Identifier), a boolean flag stating whether the extension is to be treated as being critical and the extension value itself (this is again a DER encoding of the extension value). + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.7 @@ -50,7 +47,7 @@ import netscape.security.util.DerValue; * @see CertAttrSet */ public class SubjectKeyIdentifierExtension extends Extension -implements CertAttrSet { + implements CertAttrSet { /** * */ @@ -58,7 +55,7 @@ implements CertAttrSet { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info.extensions.SubjectKeyIdentifier"; /** @@ -79,18 +76,20 @@ implements CertAttrSet { /** * Create a SubjectKeyIdentifierExtension with the passed octet string. * The criticality is set to False. + * * @param octetString the octet string identifying the key identifier. */ - public SubjectKeyIdentifierExtension (boolean critical, byte[] octetString) - throws IOException { + public SubjectKeyIdentifierExtension(boolean critical, byte[] octetString) + throws IOException { id = new KeyIdentifier(octetString); this.extensionId = PKIXExtensions.SubjectKey_Id; this.critical = critical; encodeThis(); } - public SubjectKeyIdentifierExtension (byte[] octetString) - throws IOException { + + public SubjectKeyIdentifierExtension(byte[] octetString) + throws IOException { id = new KeyIdentifier(octetString); this.extensionId = PKIXExtensions.SubjectKey_Id; @@ -100,21 +99,21 @@ implements CertAttrSet { /** * Create the extension from the passed DER encoded value. - * + * * @param critical true if the extension is to be treated as critical. * @param value Array of DER encoded bytes of the actual value. * @exception IOException on error. */ public SubjectKeyIdentifierExtension(Boolean critical, Object value) - throws IOException { + throws IOException { this.extensionId = PKIXExtensions.SubjectKey_Id; this.critical = critical.booleanValue(); int len = Array.getLength(value); - byte[] extValue = new byte[len]; - for (int i = 0; i < len; i++) { - extValue[i] = Array.getByte(value,i); - } + byte[] extValue = new byte[len]; + for (int i = 0; i < len; i++) { + extValue[i] = Array.getByte(value, i); + } this.extensionValue = extValue; DerValue val = new DerValue(extValue); this.id = new KeyIdentifier(val); @@ -124,7 +123,8 @@ implements CertAttrSet { * Returns a printable representation. */ public String toString() { - if (id == null) return ""; + if (id == null) + return ""; String s = super.toString() + "SubjectKeyIdentifier [\n" + id.toString() + "]\n"; return (s); @@ -132,7 +132,7 @@ implements CertAttrSet { /** * Write the extension to the OutputStream. - * + * * @param out the OutputStream to write the extension to. * @exception IOException on encoding errors. */ @@ -144,12 +144,12 @@ implements CertAttrSet { encodeThis(); } super.encode(tmp); - out.write(tmp.toByteArray()); + out.write(tmp.toByteArray()); } /** * Decode the extension from the InputStream. - * + * * @param in the InputStream to unmarshal the contents from. * @exception IOException on decoding or validity errors. */ @@ -161,52 +161,52 @@ implements CertAttrSet { * Set the attribute value. */ public void set(String name, Object obj) throws IOException { - clearValue(); - if (name.equalsIgnoreCase(KEY_ID)) { - if (!(obj instanceof KeyIdentifier)) { - throw new IOException("Attribute value should be of" + + clearValue(); + if (name.equalsIgnoreCase(KEY_ID)) { + if (!(obj instanceof KeyIdentifier)) { + throw new IOException("Attribute value should be of" + " type KeyIdentifier."); - } - id = (KeyIdentifier)obj; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectKeyIdentifierExtension."); - } + } + id = (KeyIdentifier) obj; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectKeyIdentifierExtension."); + } } /** * Get the attribute value. */ public Object get(String name) throws IOException { - if (name.equalsIgnoreCase(KEY_ID)) { - return (id); - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectKeyIdentifierExtension."); - } + if (name.equalsIgnoreCase(KEY_ID)) { + return (id); + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectKeyIdentifierExtension."); + } } /** * Delete the attribute value. */ public void delete(String name) throws IOException { - if (name.equalsIgnoreCase(KEY_ID)) { - id = null; - } else { - throw new IOException("Attribute name not recognized by " + - "CertAttrSet:SubjectKeyIdentifierExtension."); - } + if (name.equalsIgnoreCase(KEY_ID)) { + id = null; + } else { + throw new IOException("Attribute name not recognized by " + + "CertAttrSet:SubjectKeyIdentifierExtension."); + } } /** * Return an enumeration of names of attributes existing within this * attribute. */ - public Enumeration<String> getAttributeNames () { + public Enumeration<String> getAttributeNames() { Vector<String> elements = new Vector<String>(); elements.addElement(KEY_ID); - return (elements.elements()); + return (elements.elements()); } } diff --git a/pki/base/util/src/netscape/security/x509/URIName.java b/pki/base/util/src/netscape/security/x509/URIName.java index 539ad249..cc321a3b 100644 --- a/pki/base/util/src/netscape/security/x509/URIName.java +++ b/pki/base/util/src/netscape/security/x509/URIName.java @@ -25,7 +25,7 @@ import netscape.security.util.DerValue; /** * This class implements the URIName as required by the GeneralNames * ASN.1 object. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.3 @@ -42,7 +42,7 @@ public class URIName implements GeneralNameInterface { /** * Create the URIName object from the passed encoded Der value. - * + * * @param derValue the encoded DER URIName. * @exception IOException on error. */ @@ -52,7 +52,7 @@ public class URIName implements GeneralNameInterface { /** * Create the URIName object with the specified name. - * + * * @param name the URIName. */ public URIName(String name) { @@ -68,7 +68,7 @@ public class URIName implements GeneralNameInterface { /** * Encode the URI name into the DerOutputStream. - * + * * @param out the DER stream to encode the URIName to. * @exception IOException on encoding errors. */ diff --git a/pki/base/util/src/netscape/security/x509/UniqueIdentity.java b/pki/base/util/src/netscape/security/x509/UniqueIdentity.java index b59f7d7f..5113efea 100644 --- a/pki/base/util/src/netscape/security/x509/UniqueIdentity.java +++ b/pki/base/util/src/netscape/security/x509/UniqueIdentity.java @@ -26,18 +26,18 @@ import netscape.security.util.DerValue; /** * This class defines the UniqueIdentity class used by certificates. - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.6 */ public class UniqueIdentity { // Private data members - private BitArray id; + private BitArray id; /** * The default constructor for this class. - * + * * @param id the byte array containing the unique identifier. */ public UniqueIdentity(BitArray id) { @@ -46,16 +46,16 @@ public class UniqueIdentity { /** * The default constructor for this class. - * + * * @param id the byte array containing the unique identifier. */ public UniqueIdentity(byte[] id) { - this.id = new BitArray(id.length*8, id); + this.id = new BitArray(id.length * 8, id); } /** * Create the object, decoding the values from the passed DER stream. - * + * * @param in the DerInputStream to read the UniqueIdentity from. * @exception IOException on decoding errors. */ @@ -66,7 +66,7 @@ public class UniqueIdentity { /** * Create the object, decoding the values from the passed DER stream. - * + * * @param derVal the DerValue decoded from the stream. * @param tag the tag the value is encoded under. * @exception IOException on decoding errors. @@ -84,14 +84,14 @@ public class UniqueIdentity { /** * Encode the UniqueIdentity in DER form to the stream. - * + * * @param out the DerOutputStream to marshal the contents to. * @param tag enocode it under the following tag. * @exception IOException on errors. */ public void encode(DerOutputStream out, byte tag) throws IOException { - byte[] bytes = id.toByteArray(); - int excessBits = bytes.length*8 - id.length(); + byte[] bytes = id.toByteArray(); + int excessBits = bytes.length * 8 - id.length(); out.write(tag); out.putLength(bytes.length + 1); @@ -104,7 +104,8 @@ public class UniqueIdentity { * Return the unique id. */ public boolean[] getId() { - if (id == null) return null; + if (id == null) + return null; return id.toBooleanArray(); } diff --git a/pki/base/util/src/netscape/security/x509/UserNotice.java b/pki/base/util/src/netscape/security/x509/UserNotice.java index ad649339..dc2e1d53 100644 --- a/pki/base/util/src/netscape/security/x509/UserNotice.java +++ b/pki/base/util/src/netscape/security/x509/UserNotice.java @@ -22,15 +22,14 @@ import java.io.IOException; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * Represent the UserNotice Qualifier. - * + * * UserNotice ::= SEQUENCE { - * noticeRef NoticeReference OPTIONAL, - * explicitText DisplayText OPTIONAL + * noticeRef NoticeReference OPTIONAL, + * explicitText DisplayText OPTIONAL * } - * + * * @author Thomas Kwan */ public class UserNotice extends Qualifier { @@ -43,28 +42,28 @@ public class UserNotice extends Qualifier { private DisplayText mDisplayText = null; public UserNotice(NoticeReference ref, DisplayText text) { - mNoticeReference = ref; - mDisplayText = text; + mNoticeReference = ref; + mDisplayText = text; } public UserNotice(DerValue val) throws IOException { - if (val.tag != DerValue.tag_Sequence) { - throw new IOException("Invalid encoding for UserNotice"); - } - // case 0: no element - if (val.data.available() == 0) - return; - // case 1: 1 element - DerValue inSeq = val.data.getDerValue(); - if (inSeq.tag == DerValue.tag_Sequence) { - mNoticeReference = new NoticeReference(inSeq); - } else { - mDisplayText = new DisplayText(inSeq); - } - if (val.data.available() == 0) - return; - // case 2: 2 elements - mDisplayText = new DisplayText(val.data.getDerValue()); + if (val.tag != DerValue.tag_Sequence) { + throw new IOException("Invalid encoding for UserNotice"); + } + // case 0: no element + if (val.data.available() == 0) + return; + // case 1: 1 element + DerValue inSeq = val.data.getDerValue(); + if (inSeq.tag == DerValue.tag_Sequence) { + mNoticeReference = new NoticeReference(inSeq); + } else { + mDisplayText = new DisplayText(inSeq); + } + if (val.data.available() == 0) + return; + // case 2: 2 elements + mDisplayText = new DisplayText(val.data.getDerValue()); } public NoticeReference getNoticeReference() { @@ -77,21 +76,21 @@ public class UserNotice extends Qualifier { /** * Write the UserNotice to the DerOutputStream. - * + * * @param out the DerOutputStream to write the object to. * @exception IOException on errors. */ public void encode(DerOutputStream out) throws IOException { DerOutputStream tmp = new DerOutputStream(); - // OPTIONAL - if (mNoticeReference != null) { - mNoticeReference.encode(tmp); - } - // OPTIONAL + // OPTIONAL + if (mNoticeReference != null) { + mNoticeReference.encode(tmp); + } + // OPTIONAL if (mDisplayText != null) { - mDisplayText.encode(tmp); + mDisplayText.encode(tmp); } - out.write(DerValue.tag_Sequence,tmp); + out.write(DerValue.tag_Sequence, tmp); } } diff --git a/pki/base/util/src/netscape/security/x509/X500Name.java b/pki/base/util/src/netscape/security/x509/X500Name.java index 9efe6c00..920b0e1e 100644 --- a/pki/base/util/src/netscape/security/x509/X500Name.java +++ b/pki/base/util/src/netscape/security/x509/X500Name.java @@ -27,19 +27,19 @@ import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; - /** * X.500 names are used to identify entities, such as those which are - * identified by X.509 certificates. They are world-wide, hierarchical, - * and descriptive. Entities can be identified by attributes, and in + * identified by X.509 certificates. They are world-wide, hierarchical, + * and descriptive. Entities can be identified by attributes, and in * some systems can be searched for according to those attributes. - * - * <P><em>This class exposes only partial X.500 name functionality. Most + * + * <P> + * <em>This class exposes only partial X.500 name functionality. Most * notably, it works best if Relative Distinguished Names only have one * (unique) attribute each, and if only the most common attributes need * to be visible to applications. This limitation, and others, will * be lifted over time.</em> - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra @@ -52,7 +52,6 @@ import netscape.security.util.ObjectIdentifier; * @see LdapDNStrConverter */ - public class X500Name implements Principal, GeneralNameInterface { /** * @@ -61,19 +60,17 @@ public class X500Name implements Principal, GeneralNameInterface { /** * Constructs a name from a Ldap DN string, such - * as &lb;CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US&rb;. The + * as &lb;CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US&rb;. The * older "/C=US/O=Sun Microsystems, Inc/OU=JavaSoft/CN=Dave" syntax - * is not currently supported. (The former is RFC 1779 style.) - * + * is not currently supported. (The former is RFC 1779 style.) + * * @param ldapDNString a Ldap DN String e.g. as defined in RFC1779 */ - public X500Name (String ldapDNString) - throws IOException - { - X500Name x500name; + public X500Name(String ldapDNString) + throws IOException { + X500Name x500name; - if(ldapDNString == null || ldapDNString.equals("")) - { + if (ldapDNString == null || ldapDNString.equals("")) { clear(); return; } @@ -84,109 +81,103 @@ public class X500Name implements Principal, GeneralNameInterface { /** * Constructs a X500Name from a Ldap DN String using the specified * LdapDNStrConverter. Also use the input tags. + * * @see LdapDNStrConverter - * + * * @param ldapDNString a Ldap DN String e.g. as defined in RFC1779. * @param ldapDNStrConverter A LdapDNStrConverter */ - public X500Name (String ldapDNString,LdapDNStrConverter ldapDNStrConverter,byte[] tags) - throws IOException - { + public X500Name(String ldapDNString, LdapDNStrConverter ldapDNStrConverter, byte[] tags) + throws IOException { - if(ldapDNString == null || ldapDNString.equals("")) - { + if (ldapDNString == null || ldapDNString.equals("")) { clear(); return; } X500Name x500name; - x500name = ldapDNStrConverter.parseDN(ldapDNString,tags); + x500name = ldapDNStrConverter.parseDN(ldapDNString, tags); names = x500name.getNames(); } - public X500Name (String ldapDNString, byte[] tags) - throws IOException - { - if(ldapDNString == null || ldapDNString.equals("")) - { + public X500Name(String ldapDNString, byte[] tags) + throws IOException { + if (ldapDNString == null || ldapDNString.equals("")) { clear(); return; } - X500Name x500name; - x500name = LdapDNStrConverter.getDefault().parseDN(ldapDNString, tags); - names = x500name.getNames(); + X500Name x500name; + x500name = LdapDNStrConverter.getDefault().parseDN(ldapDNString, tags); + names = x500name.getNames(); } /** * Constructs a X500Name from a Ldap DN String using the specified * LdapDNStrConverter. + * * @see LdapDNStrConverter - * + * * @param ldapDNString a Ldap DN String e.g. as defined in RFC1779. * @param ldapDNStrConverter A LdapDNStrConverter */ - public X500Name (String ldapDNString, - LdapDNStrConverter ldapDNStrConverter) - throws IOException - { - if(ldapDNString == null || ldapDNString.equals("")) - { + public X500Name(String ldapDNString, + LdapDNStrConverter ldapDNStrConverter) + throws IOException { + if (ldapDNString == null || ldapDNString.equals("")) { clear(); return; } - X500Name x500name; - x500name = ldapDNStrConverter.parseDN(ldapDNString); - names = x500name.getNames(); + X500Name x500name; + x500name = ldapDNStrConverter.parseDN(ldapDNString); + names = x500name.getNames(); } /** * Constructs a X500Name from fields common in enterprise application * environments. - * + * * @param commonName common name of a person, e.g. "Vivette Davis" * @param organizationUnit small organization name, e.g. "Purchasing" * @param organizationName large organization name, e.g. "Onizuka, Inc." * @param country two letter country code, e.g. "CH" */ - public X500Name ( - String commonName, - String organizationUnit, - String organizationName, - String country - ) throws IOException - { - DirStrConverter dirStrConverter = new DirStrConverter(); - PrintableConverter printableConverter = new PrintableConverter(); - DerValue val; - AVA[] assertion = new AVA[1]; // array is cloned in constructors. - int i = 4; - - names = new RDN [i]; - /* - * NOTE: it's only on output that little-endian - * ordering is used. - */ - assertion[0] = new AVA(commonName_oid, - dirStrConverter.getValue(commonName)); - names [--i] = new RDN (assertion); - - assertion[0] = new AVA(orgUnitName_oid, - dirStrConverter.getValue(organizationUnit)); - names [--i] = new RDN (assertion); - - assertion[0] = new AVA(orgName_oid, - dirStrConverter.getValue(organizationName)); - names [--i] = new RDN (assertion); - - assertion[0] = new AVA(countryName_oid, - printableConverter.getValue(country)); - names [--i] = new RDN (assertion); + public X500Name( + String commonName, + String organizationUnit, + String organizationName, + String country) throws IOException { + DirStrConverter dirStrConverter = new DirStrConverter(); + PrintableConverter printableConverter = new PrintableConverter(); + DerValue val; + AVA[] assertion = new AVA[1]; // array is cloned in constructors. + int i = 4; + + names = new RDN[i]; + /* + * NOTE: it's only on output that little-endian + * ordering is used. + */ + assertion[0] = new AVA(commonName_oid, + dirStrConverter.getValue(commonName)); + names[--i] = new RDN(assertion); + + assertion[0] = new AVA(orgUnitName_oid, + dirStrConverter.getValue(organizationUnit)); + names[--i] = new RDN(assertion); + + assertion[0] = new AVA(orgName_oid, + dirStrConverter.getValue(organizationName)); + names[--i] = new RDN(assertion); + + assertion[0] = new AVA(countryName_oid, + printableConverter.getValue(country)); + names[--i] = new RDN(assertion); } /** * Constructs a X500Name from fields common in Internet application * environments. - * + * * @param commonName common name of a person, e.g. "Vivette Davis" * @param organizationUnit small organization name, e.g. "Purchasing" * @param organizationName large organization name, e.g. "Onizuka, Inc." @@ -194,140 +185,133 @@ public class X500Name implements Principal, GeneralNameInterface { * @param stateName state name, e.g. "California" * @param country two letter country code, e.g. "CH" */ - public X500Name ( - String commonName, - String organizationUnit, - String organizationName, - String localityName, - String stateName, - String country - ) throws IOException - { - DirStrConverter dirStrConverter = new DirStrConverter(); - PrintableConverter printableConverter = new PrintableConverter(); - DerValue val; - AVA[] assertion = new AVA[1]; // array is cloned in constructors. - int i = 6; - - names = new RDN [i]; - /* - * NOTE: it's only on output that little-endian - * ordering is used. - */ - assertion[0] = new AVA(commonName_oid, - dirStrConverter.getValue(commonName)); - names [--i] = new RDN (assertion); - - assertion[0] = new AVA(orgUnitName_oid, - dirStrConverter.getValue(organizationUnit)); - names [--i] = new RDN (assertion); - - assertion[0] = new AVA(orgName_oid, - dirStrConverter.getValue(organizationName)); - names [--i] = new RDN (assertion); - - assertion[0] = new AVA(localityName_oid, - dirStrConverter.getValue(localityName)); - names [--i] = new RDN (assertion); - - assertion[0] = new AVA(stateName_oid, - dirStrConverter.getValue(stateName)); - names [--i] = new RDN (assertion); - - assertion[0] = new AVA(countryName_oid, - printableConverter.getValue(country)); - names [--i] = new RDN (assertion); - } - - - /** - * Constructs a name from an ASN.1 encoded value. The encoding + public X500Name( + String commonName, + String organizationUnit, + String organizationName, + String localityName, + String stateName, + String country) throws IOException { + DirStrConverter dirStrConverter = new DirStrConverter(); + PrintableConverter printableConverter = new PrintableConverter(); + DerValue val; + AVA[] assertion = new AVA[1]; // array is cloned in constructors. + int i = 6; + + names = new RDN[i]; + /* + * NOTE: it's only on output that little-endian + * ordering is used. + */ + assertion[0] = new AVA(commonName_oid, + dirStrConverter.getValue(commonName)); + names[--i] = new RDN(assertion); + + assertion[0] = new AVA(orgUnitName_oid, + dirStrConverter.getValue(organizationUnit)); + names[--i] = new RDN(assertion); + + assertion[0] = new AVA(orgName_oid, + dirStrConverter.getValue(organizationName)); + names[--i] = new RDN(assertion); + + assertion[0] = new AVA(localityName_oid, + dirStrConverter.getValue(localityName)); + names[--i] = new RDN(assertion); + + assertion[0] = new AVA(stateName_oid, + dirStrConverter.getValue(stateName)); + names[--i] = new RDN(assertion); + + assertion[0] = new AVA(countryName_oid, + printableConverter.getValue(country)); + names[--i] = new RDN(assertion); + } + + /** + * Constructs a name from an ASN.1 encoded value. The encoding * of the name in the stream uses DER (a BER/1 subset). - * + * * @param value a DER-encoded value holding an X.500 name. */ public X500Name(DerValue value) throws IOException { - this(value.toDerInputStream()); + this(value.toDerInputStream()); } /** - * Constructs a name from an ASN.1 encoded input stream. The encoding + * Constructs a name from an ASN.1 encoded input stream. The encoding * of the name in the stream uses DER (a BER/1 subset). - * + * * @param in DER-encoded data holding an X.500 name. */ - public X500Name (DerInputStream in) - throws IOException - { - parseDER (in); + public X500Name(DerInputStream in) + throws IOException { + parseDER(in); } /** - * Constructs a name from an ASN.1 encoded byte array. - * + * Constructs a name from an ASN.1 encoded byte array. + * * @param name DER-encoded byte array holding an X.500 name. */ - public X500Name (byte[] name) - throws IOException - { + public X500Name(byte[] name) + throws IOException { DerInputStream in = new DerInputStream(name); - parseDER (in); + parseDER(in); } /** * Constructs a X500Name from array of RDN. The RDNs are expected to * be in big endian order i.e. most significant first. + * * @param rdns an array of RDN. */ - public X500Name (RDN[] rdns) - throws IOException - { - names = (RDN[])rdns.clone(); + public X500Name(RDN[] rdns) + throws IOException { + names = (RDN[]) rdns.clone(); } /** * convenience method. + * * @param rdns a vector of rdns. */ - public X500Name (Vector<RDN> rdnVector) - throws IOException - { - int size = rdnVector.size(); - names = new RDN[size]; - for (int i = 0; i < size; i++) { - names[i] = (RDN)rdnVector.elementAt(i); - } + public X500Name(Vector<RDN> rdnVector) + throws IOException { + int size = rdnVector.size(); + names = new RDN[size]; + for (int i = 0; i < size; i++) { + names[i] = (RDN) rdnVector.elementAt(i); + } } /** * Compares this name with another, for equality. - * + * * @return true iff the names are identical. */ - synchronized public boolean equals (X500Name other) - { - int i; + synchronized public boolean equals(X500Name other) { + int i; - if (this == other) - return true; + if (this == other) + return true; - if (names.length != other.names.length) - return false; - for (i = 0; i < names.length; i++) { - if (!names [i].equals (other.names [i])) - return false; - } - return true; + if (names.length != other.names.length) + return false; + for (i = 0; i < names.length; i++) { + if (!names[i].equals(other.names[i])) + return false; + } + return true; } /** - * Sets private data to a null state + * Sets private data to a null state */ - private void clear() - { + private void clear() { dn = ""; names = null; @@ -337,15 +321,14 @@ public class X500Name implements Principal, GeneralNameInterface { * Returns the name component as a Java string, regardless of its * encoding restrictions. */ - private String getString (DerValue attribute) throws IOException - { - String value = attribute.getAsString (); + private String getString(DerValue attribute) throws IOException { + String value = attribute.getAsString(); - if (value == null) - throw new IOException ("not a DER string encoding, " - + attribute.tag); - else - return value; + if (value == null) + throw new IOException("not a DER string encoding, " + + attribute.tag); + else + return value; } /** @@ -356,128 +339,114 @@ public class X500Name implements Principal, GeneralNameInterface { } /** - * Returns a "Country" name component. If more than one + * Returns a "Country" name component. If more than one * such attribute exists, the topmost one is returned. - * + * * @return "C=" component of the name, if any. */ - public String getCountry () throws IOException - { - DerValue attr = findAttribute (countryName_oid); + public String getCountry() throws IOException { + DerValue attr = findAttribute(countryName_oid); - return getString (attr); + return getString(attr); } - /** - * Returns an "Organization" name component. If more than + * Returns an "Organization" name component. If more than * one such attribute exists, the topmost one is returned. - * + * * @return "O=" component of the name, if any. */ - public String getOrganization () throws IOException - { - DerValue attr = findAttribute (orgName_oid); + public String getOrganization() throws IOException { + DerValue attr = findAttribute(orgName_oid); - return getString (attr); + return getString(attr); } - /** - * Returns an "Organizational Unit" name component. If more + * Returns an "Organizational Unit" name component. If more * than one such attribute exists, the topmost one is returned. - * + * * @return "OU=" component of the name, if any. */ - public String getOrganizationalUnit () throws IOException - { - DerValue attr = findAttribute (orgUnitName_oid); + public String getOrganizationalUnit() throws IOException { + DerValue attr = findAttribute(orgUnitName_oid); - return getString (attr); + return getString(attr); } - /** - * Returns a "Common Name" component. If more than one such + * Returns a "Common Name" component. If more than one such * attribute exists, the topmost one is returned. - * + * * @return "CN=" component of the name, if any. */ - public String getCommonName () throws IOException - { - DerValue attr = findAttribute (commonName_oid); + public String getCommonName() throws IOException { + DerValue attr = findAttribute(commonName_oid); - return getString (attr); + return getString(attr); } - /** - * Returns a "UID" component. If more than one such + * Returns a "UID" component. If more than one such * attribute exists, the topmost one is returned. - * + * * @return "UID=" component of the name, if any. */ - public String getUserID () throws IOException - { - DerValue attr = findAttribute (uidName_oid); + public String getUserID() throws IOException { + DerValue attr = findAttribute(uidName_oid); - return getString (attr); + return getString(attr); } - /** - * Returns a "Locality" name component. If more than one + * Returns a "Locality" name component. If more than one * such component exists, the topmost one is returned. - * + * * @return "L=" component of the name, if any. */ - public String getLocality () throws IOException - { - DerValue attr = findAttribute (localityName_oid); + public String getLocality() throws IOException { + DerValue attr = findAttribute(localityName_oid); - return getString (attr); + return getString(attr); } - /** - * Returns a "State" name component. If more than one + * Returns a "State" name component. If more than one * such component exists, the topmost one is returned. - * + * * @return "S=" component of the name, if any. */ - public String getState () throws IOException - { - DerValue attr = findAttribute (stateName_oid); + public String getState() throws IOException { + DerValue attr = findAttribute(stateName_oid); - return getString (attr); + return getString(attr); } /** - * Returns a "Email" name component. If more than one + * Returns a "Email" name component. If more than one * such component exists, the topmost one is returned. - * + * * @return "E=" component of the name, if any. */ - public String getEmail() throws IOException - { - DerValue attr = findAttribute (email_oid); - if (attr == null) - return null; - return getString (attr); + public String getEmail() throws IOException { + DerValue attr = findAttribute(email_oid); + if (attr == null) + return null; + return getString(attr); } /** * Returns a Ldap DN String from the X500Name using the global default * LdapDNStrConverter + * * @see LdapDNStrConverter * @return Ldap DN string of this X500Name using the default converter. */ public String toLdapDNString() - throws IOException - { - if (dn == null) - generateDN(LdapDNStrConverter.getDefault()); - return dn; + throws IOException { + if (dn == null) + generateDN(LdapDNStrConverter.getDefault()); + return dn; } /** @@ -485,152 +454,140 @@ public class X500Name implements Principal, GeneralNameInterface { * using the specified LdapDNStrconverter. * For example, RFC1779String converter can be passed to convert the * DN to RFC1779 string syntax. + * * @see LdapDNStrConverter * @param ldapDNStrConverter a LdapDNStrConverter * @return Ldap DN string of the X500Name */ public String toLdapDNString(LdapDNStrConverter ldapDNStrConverter) - throws IOException - { + throws IOException { - if (dn == null) - generateDN(ldapDNStrConverter); - return dn; + if (dn == null) + generateDN(ldapDNStrConverter); + return dn; } /** * Returns a Ldap DN string, using the global default LdapDNStrConverter * or null if an error occurs in the conversion. */ - public String toString() - { - String s; - if(names == null) - { - s = ""; - return s; + public String toString() { + String s; + if (names == null) { + s = ""; + return s; } - try { - s = toLdapDNString(); - } - catch (IOException e) { - return null; - } - return s; + try { + s = toLdapDNString(); + } catch (IOException e) { + return null; + } + return s; } /** - * Returns the value of toString(). This call is needed to + * Returns the value of toString(). This call is needed to * implement the java.security.Principal interface. */ - public String getName () { return toString (); } - + public String getName() { + return toString(); + } - private String dn; // RFC 1779 style DN, or null - private RDN names[]; // RDNs + private String dn; // RFC 1779 style DN, or null + private RDN names[]; // RDNs /** * Find the first instance of this attribute in a "top down" * search of all the attributes in the name. */ - private DerValue findAttribute (ObjectIdentifier attribute) - { - int i; - DerValue retval = null; + private DerValue findAttribute(ObjectIdentifier attribute) { + int i; + DerValue retval = null; - for (i = 0; i < names.length; i++) { - retval = names [i].findAttribute (attribute); - if (retval != null) - break; - } - return retval; + for (i = 0; i < names.length; i++) { + retval = names[i].findAttribute(attribute); + if (retval != null) + break; + } + return retval; } /** * Returns an enumerator of RDNs in the X500Name. + * * @return enumeration of rdns in this X500Name. */ - public Enumeration<RDN> getRDNs() - { - return new RDNEnumerator(); + public Enumeration<RDN> getRDNs() { + return new RDNEnumerator(); } /** * Returns an array of RDN in the X500Name. + * * @return array of RDN in this X500name. */ - public RDN[] getNames() - { - return (RDN[])names.clone(); + public RDN[] getNames() { + return (RDN[]) names.clone(); } /** * Returns the number of RDNs in the X500Name. + * * @return number of RDNs in this X500Name. */ - public int getNamesLength() - { - return names.length; + public int getNamesLength() { + return names.length; } /****************************************************************/ - private void parseDER (DerInputStream in) throws IOException - { - // - // X.500 names are a "SEQUENCE OF" RDNs, which means one or - // more and order matters. We scan them in order, which - // conventionally is big-endian. - // - DerValue nameseq [] = in.getSequence (5); - int i; - - if(nameseq.length != 0) - { - names = new RDN [nameseq.length]; - } - else - { + private void parseDER(DerInputStream in) throws IOException { + // + // X.500 names are a "SEQUENCE OF" RDNs, which means one or + // more and order matters. We scan them in order, which + // conventionally is big-endian. + // + DerValue nameseq[] = in.getSequence(5); + int i; + + if (nameseq.length != 0) { + names = new RDN[nameseq.length]; + } else { clear(); } - - for (i = 0; i < nameseq.length; i++) - names [i] = new RDN (nameseq [i]); + for (i = 0; i < nameseq.length; i++) + names[i] = new RDN(nameseq[i]); } /** * Encodes the name in DER-encoded form. - * + * * @param out where to put the DER-encoded X.500 name */ - public void encode (DerOutputStream out) throws IOException - { - DerOutputStream tmp = new DerOutputStream (); - int i; + public void encode(DerOutputStream out) throws IOException { + DerOutputStream tmp = new DerOutputStream(); + int i; int len = 0; - if(names == null) - { - len = 0; - } - else - { + if (names == null) { + len = 0; + } else { len = names.length; } - for (i = 0; i < len; i++) - names [i].encode (tmp); + for (i = 0; i < len; i++) + names[i].encode(tmp); - out.write (DerValue.tag_Sequence, tmp); + out.write(DerValue.tag_Sequence, tmp); } /** * Gets the name in DER-encoded form. - * + * * @return the DER encoded byte array of this name, - * null if no names are present. + * null if no names are present. */ public byte[] getEncoded() throws IOException { @@ -639,12 +596,9 @@ public class X500Name implements Principal, GeneralNameInterface { int len = 0; - if (names == null) - { + if (names == null) { len = 0; - } - else - { + } else { len = names.length; } @@ -664,31 +618,29 @@ public class X500Name implements Principal, GeneralNameInterface { * */ private void generateDN(LdapDNStrConverter ldapDNStrConverter) - throws IOException - { - if(names == null) - return ; + throws IOException { + if (names == null) + return; - dn = ldapDNStrConverter.encodeDN(this); + dn = ldapDNStrConverter.encodeDN(this); } - private class RDNEnumerator implements Enumeration<RDN> - { - private int index; + private class RDNEnumerator implements Enumeration<RDN> { + private int index; - public RDNEnumerator() { index = 0; } + public RDNEnumerator() { + index = 0; + } - public boolean hasMoreElements() - { - return (index < names.length); - } + public boolean hasMoreElements() { + return (index < names.length); + } - public RDN nextElement() - { - if (index >= names.length) - return null; - return names[index++]; - } + public RDN nextElement() { + if (index >= names.length) + return null; + return names[index++]; + } } /****************************************************************/ @@ -697,10 +649,9 @@ public class X500Name implements Principal, GeneralNameInterface { * Maybe return a preallocated OID, to reduce storage costs * and speed recognition of common X.500 attributes. */ - static ObjectIdentifier intern (ObjectIdentifier oid) - throws IOException - { - return X500NameAttrMap.getDefault().getOid(oid); + static ObjectIdentifier intern(ObjectIdentifier oid) + throws IOException { + return X500NameAttrMap.getDefault().getOid(oid); } /* @@ -708,56 +659,43 @@ public class X500Name implements Principal, GeneralNameInterface { */ /** OID for the "CN=" attribute, denoting a person's common name. */ - public static final ObjectIdentifier - commonName_oid = X500NameAttrMap.getDefault().getOid("CN"); + public static final ObjectIdentifier commonName_oid = X500NameAttrMap.getDefault().getOid("CN"); /** OID for the "UID=" attribute, denoting a person's ID. */ - public static final ObjectIdentifier - uidName_oid = X500NameAttrMap.getDefault().getOid("UID"); + public static final ObjectIdentifier uidName_oid = X500NameAttrMap.getDefault().getOid("UID"); /** OID for the "C=" attribute, denoting a country. */ - public static final ObjectIdentifier - countryName_oid = X500NameAttrMap.getDefault().getOid("C"); + public static final ObjectIdentifier countryName_oid = X500NameAttrMap.getDefault().getOid("C"); /** OID for the "L=" attribute, denoting a locality (such as a city) */ - public static final ObjectIdentifier - localityName_oid = X500NameAttrMap.getDefault().getOid("L"); + public static final ObjectIdentifier localityName_oid = X500NameAttrMap.getDefault().getOid("L"); /** OID for the "O=" attribute, denoting an organization name */ - public static final ObjectIdentifier - orgName_oid = X500NameAttrMap.getDefault().getOid("O"); + public static final ObjectIdentifier orgName_oid = X500NameAttrMap.getDefault().getOid("O"); /** OID for the "OU=" attribute, denoting an organizational unit name */ - public static final ObjectIdentifier - orgUnitName_oid = X500NameAttrMap.getDefault().getOid("OU"); + public static final ObjectIdentifier orgUnitName_oid = X500NameAttrMap.getDefault().getOid("OU"); /** OID for the "S=" attribute, denoting a state (such as Delaware) */ - public static final ObjectIdentifier - stateName_oid = X500NameAttrMap.getDefault().getOid("ST"); + public static final ObjectIdentifier stateName_oid = X500NameAttrMap.getDefault().getOid("ST"); /** OID for the "STREET=" attribute, denoting a street address. */ - public static final ObjectIdentifier - streetAddress_oid = X500NameAttrMap.getDefault().getOid("STREET"); + public static final ObjectIdentifier streetAddress_oid = X500NameAttrMap.getDefault().getOid("STREET"); /** OID for the "T=" attribute, denoting a person's title. */ - public static final ObjectIdentifier - title_oid = X500NameAttrMap.getDefault().getOid("TITLE"); + public static final ObjectIdentifier title_oid = X500NameAttrMap.getDefault().getOid("TITLE"); /** OID for the "E=" attribute, denoting a person's email address. */ - public static final ObjectIdentifier - email_oid = X500NameAttrMap.getDefault().getOid("E"); + public static final ObjectIdentifier email_oid = X500NameAttrMap.getDefault().getOid("E"); /* * OIDs from other sources which show up in X.500 names we * expect to deal with often */ - private static final int ipAddress_data [] = // SKIP - { 1, 3, 6, 1, 4, 1, 42, 2, 11, 2, 1 }; + private static final int ipAddress_data[] = // SKIP + { 1, 3, 6, 1, 4, 1, 42, 2, 11, 2, 1 }; /** OID for "IP=" IP address attributes, used with SKIP. */ - public static final ObjectIdentifier - ipAddress_oid = new ObjectIdentifier (ipAddress_data); + public static final ObjectIdentifier ipAddress_oid = new ObjectIdentifier(ipAddress_data); } - - diff --git a/pki/base/util/src/netscape/security/x509/X500NameAttrMap.java b/pki/base/util/src/netscape/security/x509/X500NameAttrMap.java index 48bb8302..aac89e21 100644 --- a/pki/base/util/src/netscape/security/x509/X500NameAttrMap.java +++ b/pki/base/util/src/netscape/security/x509/X500NameAttrMap.java @@ -23,28 +23,26 @@ import java.util.Hashtable; import netscape.security.util.ObjectIdentifier; /** - * Maps an attribute name in an X500 AVA to its OID and a - * converter for the attribute type. The converter converts from a string to - * its DER encoded attribute value. * For example, "CN" maps to its OID of + * Maps an attribute name in an X500 AVA to its OID and a + * converter for the attribute type. The converter converts from a string to + * its DER encoded attribute value. * For example, "CN" maps to its OID of * 2.5.4.3 and the Directory String Converter. The Directory String - * Converter converts from a string to a DerValue with tag Printable, T.61 or + * Converter converts from a string to a DerValue with tag Printable, T.61 or * UniversalString. - * + * * @author Lily Hsiao, Slava Galperin at Netscape Communications, Inc. * */ -public class X500NameAttrMap -{ +public class X500NameAttrMap { // // public constructors. // - /** + /** * Construct a X500NameAttrMap. */ - public X500NameAttrMap() - { + public X500NameAttrMap() { } // @@ -53,164 +51,153 @@ public class X500NameAttrMap /** * Get the attribute name (keyword) of the specified OID. - * - * @param oid An ObjectIdentifier - * - * @return An attribute name (keyword string) for the OID. + * + * @param oid An ObjectIdentifier + * + * @return An attribute name (keyword string) for the OID. */ - public String getName(ObjectIdentifier oid) - { - // XXX assert oid != null - return oid2Name.get(oid); + public String getName(ObjectIdentifier oid) { + // XXX assert oid != null + return oid2Name.get(oid); } /** * Get the ObjectIdentifier of the attribute name. - * - * @param name An attribute name (string of ascii characters) - * - * @return An ObjectIdentifier for the attribute. + * + * @param name An attribute name (string of ascii characters) + * + * @return An ObjectIdentifier for the attribute. */ - public ObjectIdentifier getOid(String name) - { - // XXX assert name != null - return name2OID.get(name.toUpperCase()); + public ObjectIdentifier getOid(String name) { + // XXX assert name != null + return name2OID.get(name.toUpperCase()); } - /** + /** * Get the Attribute Value Converter for the specified attribute name. - * - * @param name An attribute name - * - * @return An attribute value converter for the attribute name + * + * @param name An attribute name + * + * @return An attribute value converter for the attribute name */ - public AVAValueConverter getValueConverter(String name) - { - ObjectIdentifier oid = - name2OID.get(name.toUpperCase()); - if (oid == null) return null; - return (AVAValueConverter)oid2ValueConverter.get(oid); + public AVAValueConverter getValueConverter(String name) { + ObjectIdentifier oid = + name2OID.get(name.toUpperCase()); + if (oid == null) + return null; + return (AVAValueConverter) oid2ValueConverter.get(oid); } - /** + /** * Get the Attribute Value Converter for the specified ObjectIdentifier. - * - * @param oid An ObjectIdentifier - * - * @return An AVAValueConverter for the OID. + * + * @param oid An ObjectIdentifier + * + * @return An AVAValueConverter for the OID. */ - public AVAValueConverter getValueConverter(ObjectIdentifier oid) - { - return (AVAValueConverter)oid2ValueConverter.get(oid); + public AVAValueConverter getValueConverter(ObjectIdentifier oid) { + return (AVAValueConverter) oid2ValueConverter.get(oid); } /** * Get an Enumeration of all attribute names in this map. - * - * @return An Enumeration of all attribute names. + * + * @return An Enumeration of all attribute names. */ - public Enumeration<String> getAllNames() - { - return name2OID.keys(); + public Enumeration<String> getAllNames() { + return name2OID.keys(); } /** * Get an Enumeration of all ObjectIdentifiers in this map. - * - * @return An Enumeration of all OIDs in this map. + * + * @return An Enumeration of all OIDs in this map. */ - public Enumeration<ObjectIdentifier> getAllOIDs() - { - return oid2Name.keys(); + public Enumeration<ObjectIdentifier> getAllOIDs() { + return oid2Name.keys(); } - /** + /** * Get the ObjectIdentifier object in the map for the specified OID. - * - * @param oid An ObjectIdentifier. - * @return The ObjectIdentifier object in this map for the OID. + * + * @param oid An ObjectIdentifier. + * @return The ObjectIdentifier object in this map for the OID. */ - public ObjectIdentifier getOid(ObjectIdentifier oid) - { - String name = oid2Name.get(oid); - if (name == null) - return null; - return name2OID.get(name); + public ObjectIdentifier getOid(ObjectIdentifier oid) { + String name = oid2Name.get(oid); + if (name == null) + return null; + return name2OID.get(name); } - // // public add methods. // - /** + /** * Adds a attribute name, ObjectIdentifier, AVAValueConverter entry * to the map. - * - * @param name An attribute name (string of ascii chars) - * @param oid The ObjectIdentifier for the attribute. - * @param valueConverter An AVAValueConverter object for converting - * an value for this attribute from a string to - * a DerValue and vice versa. + * + * @param name An attribute name (string of ascii chars) + * @param oid The ObjectIdentifier for the attribute. + * @param valueConverter An AVAValueConverter object for converting + * an value for this attribute from a string to + * a DerValue and vice versa. */ - public void addNameOID(String name, ObjectIdentifier oid, - AVAValueConverter valueConverter) - { - // normalize name for case insensitive compare. - ObjectIdentifier theOid; + public void addNameOID(String name, ObjectIdentifier oid, + AVAValueConverter valueConverter) { + // normalize name for case insensitive compare. + ObjectIdentifier theOid; Class<? extends AVAValueConverter> expValueConverter; - theOid = name2OID.get(name); - if (theOid != null) { - expValueConverter = oid2ValueConverter.get(theOid).getClass(); - if (!theOid.equals(oid) || - expValueConverter != valueConverter.getClass()) { - throw new IllegalArgumentException( - "Another keyword-oid-valueConverter triple already " + - "exists in the X500NameAttrMap "); - } - return; - } - name2OID.put(name.toUpperCase(), oid); - oid2Name.put(oid, name.toUpperCase()); - oid2ValueConverter.put(oid, valueConverter); + theOid = name2OID.get(name); + if (theOid != null) { + expValueConverter = oid2ValueConverter.get(theOid).getClass(); + if (!theOid.equals(oid) || + expValueConverter != valueConverter.getClass()) { + throw new IllegalArgumentException( + "Another keyword-oid-valueConverter triple already " + + "exists in the X500NameAttrMap "); + } + return; + } + name2OID.put(name.toUpperCase(), oid); + oid2Name.put(oid, name.toUpperCase()); + oid2ValueConverter.put(oid, valueConverter); } // // public static methods. // - /** + /** * Get the global default X500NameAttrMap. * - * @return The global default X500NameAttrMap. + * @return The global default X500NameAttrMap. */ - public static X500NameAttrMap getDefault() - { - return defMap; + public static X500NameAttrMap getDefault() { + return defMap; } /** - * Get the global default X500NamAttrMap using the DirStrConverter. - * - * @return The global default X500NameAttrMap using the DirStrConverter. + * Get the global default X500NamAttrMap using the DirStrConverter. + * + * @return The global default X500NameAttrMap using the DirStrConverter. */ - public static X500NameAttrMap getDirDefault() - { - return defDirMap; + public static X500NameAttrMap getDirDefault() { + return defDirMap; } - /** - * Set the global default X500NameAttrMap. - * - * @param newDefault The new default X500NameAttrMap. + /** + * Set the global default X500NameAttrMap. + * + * @param newDefault The new default X500NameAttrMap. */ - public static void setDefault(X500NameAttrMap newDefault) - { - // XXX assert newDef != null - defMap = newDefault; + public static void setDefault(X500NameAttrMap newDefault) { + // XXX assert newDef != null + defMap = newDefault; } // @@ -233,80 +220,79 @@ public class X500NameAttrMap * Create the default maps on initialization. */ static { - defMap = new X500NameAttrMap(); - AVAValueConverter directoryStr = new DirStrConverter(), - ia5Str = new IA5StringConverter(); - defMap.addNameOID("CN", - new ObjectIdentifier("2.5.4.3"), - directoryStr); - defMap.addNameOID("OU", - new ObjectIdentifier("2.5.4.11"), - directoryStr); - defMap.addNameOID("O", - new ObjectIdentifier("2.5.4.10"), - directoryStr); - // serialNumber added for CEP support - defMap.addNameOID("SERIALNUMBER", - new ObjectIdentifier("2.5.4.5"), - new PrintableConverter()); - defMap.addNameOID("C", - new ObjectIdentifier("2.5.4.6"), - new PrintableConverter()); - defMap.addNameOID("L", - new ObjectIdentifier("2.5.4.7"), - directoryStr); - defMap.addNameOID("ST", - new ObjectIdentifier("2.5.4.8"), - directoryStr); - defMap.addNameOID("STREET", - new ObjectIdentifier("2.5.4.9"), - directoryStr); - defMap.addNameOID("TITLE", - new ObjectIdentifier("2.5.4.12"), - directoryStr); - // RFC 1274 UserId, rfc822MailBox - defMap.addNameOID("UID", - new ObjectIdentifier("0.9.2342.19200300.100.1.1"), - directoryStr); - defMap.addNameOID("MAIL", - new ObjectIdentifier("0.9.2342.19200300.100.1.3"), - ia5Str); - // PKCS9 e-mail address - defMap.addNameOID("E", - new ObjectIdentifier("1.2.840.113549.1.9.1"), - ia5Str); - - // DC definition from draft-ietf-asid-ldap-domains-02.txt - defMap.addNameOID("DC", - new ObjectIdentifier("0.9.2342.19200300.100.1.25"), - ia5Str); - - // more defined in RFC2459 used in Subject Directory Attr extension - defMap.addNameOID("SN", // surname - new ObjectIdentifier("2.5.4.4"), - directoryStr); - defMap.addNameOID("GIVENNAME", - new ObjectIdentifier("2.5.4.42"), - directoryStr); - defMap.addNameOID("INITIALS", - new ObjectIdentifier("2.5.4.43"), - directoryStr); - defMap.addNameOID("GENERATIONQUALIFIER", - new ObjectIdentifier("2.5.4.44"), - directoryStr); - defMap.addNameOID("DNQUALIFIER", - new ObjectIdentifier("2.5.4.46"), - directoryStr); - - // these two added mainly for CEP support - // PKCS9 unstructured name - defMap.addNameOID("UNSTRUCTUREDNAME", - new ObjectIdentifier("1.2.840.113549.1.9.2"), - ia5Str); - // PKCS9 unstructured address - defMap.addNameOID("UNSTRUCTUREDADDRESS", - new ObjectIdentifier("1.2.840.113549.1.9.8"), - new PrintableConverter()); + defMap = new X500NameAttrMap(); + AVAValueConverter directoryStr = new DirStrConverter(), ia5Str = new IA5StringConverter(); + defMap.addNameOID("CN", + new ObjectIdentifier("2.5.4.3"), + directoryStr); + defMap.addNameOID("OU", + new ObjectIdentifier("2.5.4.11"), + directoryStr); + defMap.addNameOID("O", + new ObjectIdentifier("2.5.4.10"), + directoryStr); + // serialNumber added for CEP support + defMap.addNameOID("SERIALNUMBER", + new ObjectIdentifier("2.5.4.5"), + new PrintableConverter()); + defMap.addNameOID("C", + new ObjectIdentifier("2.5.4.6"), + new PrintableConverter()); + defMap.addNameOID("L", + new ObjectIdentifier("2.5.4.7"), + directoryStr); + defMap.addNameOID("ST", + new ObjectIdentifier("2.5.4.8"), + directoryStr); + defMap.addNameOID("STREET", + new ObjectIdentifier("2.5.4.9"), + directoryStr); + defMap.addNameOID("TITLE", + new ObjectIdentifier("2.5.4.12"), + directoryStr); + // RFC 1274 UserId, rfc822MailBox + defMap.addNameOID("UID", + new ObjectIdentifier("0.9.2342.19200300.100.1.1"), + directoryStr); + defMap.addNameOID("MAIL", + new ObjectIdentifier("0.9.2342.19200300.100.1.3"), + ia5Str); + // PKCS9 e-mail address + defMap.addNameOID("E", + new ObjectIdentifier("1.2.840.113549.1.9.1"), + ia5Str); + + // DC definition from draft-ietf-asid-ldap-domains-02.txt + defMap.addNameOID("DC", + new ObjectIdentifier("0.9.2342.19200300.100.1.25"), + ia5Str); + + // more defined in RFC2459 used in Subject Directory Attr extension + defMap.addNameOID("SN", // surname + new ObjectIdentifier("2.5.4.4"), + directoryStr); + defMap.addNameOID("GIVENNAME", + new ObjectIdentifier("2.5.4.42"), + directoryStr); + defMap.addNameOID("INITIALS", + new ObjectIdentifier("2.5.4.43"), + directoryStr); + defMap.addNameOID("GENERATIONQUALIFIER", + new ObjectIdentifier("2.5.4.44"), + directoryStr); + defMap.addNameOID("DNQUALIFIER", + new ObjectIdentifier("2.5.4.46"), + directoryStr); + + // these two added mainly for CEP support + // PKCS9 unstructured name + defMap.addNameOID("UNSTRUCTUREDNAME", + new ObjectIdentifier("1.2.840.113549.1.9.2"), + ia5Str); + // PKCS9 unstructured address + defMap.addNameOID("UNSTRUCTUREDADDRESS", + new ObjectIdentifier("1.2.840.113549.1.9.8"), + new PrintableConverter()); }; static { @@ -319,17 +305,17 @@ public class X500NameAttrMap defDirMap.addNameOID("OU", new ObjectIdentifier("2.5.4.11"), directoryStr); - defDirMap.addNameOID("O", + defDirMap.addNameOID("O", new ObjectIdentifier("2.5.4.10"), directoryStr); // serialNumber added for CEP support defDirMap.addNameOID("SERIALNUMBER", new ObjectIdentifier("2.5.4.5"), directoryStr); - defDirMap.addNameOID("C", + defDirMap.addNameOID("C", new ObjectIdentifier("2.5.4.6"), directoryStr); - defDirMap.addNameOID("L", + defDirMap.addNameOID("L", new ObjectIdentifier("2.5.4.7"), directoryStr); defDirMap.addNameOID("ST", @@ -359,8 +345,8 @@ public class X500NameAttrMap directoryStr); // more defined in RFC2459 used in Subject Directory Attr extension - defDirMap.addNameOID("SN", // surname - new ObjectIdentifier("2.5.4.4"), + defDirMap.addNameOID("SN", // surname + new ObjectIdentifier("2.5.4.4"), directoryStr); defDirMap.addNameOID("GIVENNAME", new ObjectIdentifier("2.5.4.42"), @@ -387,4 +373,3 @@ public class X500NameAttrMap }; } - diff --git a/pki/base/util/src/netscape/security/x509/X500Signer.java b/pki/base/util/src/netscape/security/x509/X500Signer.java index 93be4ba8..75d8144b 100644 --- a/pki/base/util/src/netscape/security/x509/X500Signer.java +++ b/pki/base/util/src/netscape/security/x509/X500Signer.java @@ -26,44 +26,44 @@ import java.security.Signer; * This class provides a binding between a Signature object and an * authenticated X.500 name (from an X.509 certificate chain), which * is needed in many public key signing applications. - * - * <P>The name of the signer is important, both because knowing it is the - * whole point of the signature, and because the associated X.509 certificate - * is always used to verify the signature. - * - * <P><em>The X.509 certificate chain is temporarily not associated with + * + * <P> + * The name of the signer is important, both because knowing it is the whole point of the signature, and because the associated X.509 certificate is always used to verify the signature. + * + * <P> + * <em>The X.509 certificate chain is temporarily not associated with * the signer, but this omission will be resolved.</em> - * + * * @version 1.18 - * + * * @author David Brownell * @author Amit Kapoor * @author Hemma Prafullchandra */ -public final class X500Signer extends Signer -{ +public final class X500Signer extends Signer { /** * */ private static final long serialVersionUID = -3148659822293810158L; + /** - * Called for each chunk of the data being signed. That + * Called for each chunk of the data being signed. That * is, you can present the data in many chunks, so that * it doesn't need to be in a single sequential buffer. - * + * * @param buf buffer holding the next chunk of the data to be signed * @param offset starting point of to-be-signed data * @param len how many bytes of data are to be signed * @exception SignatureException on errors. */ public void update(byte buf[], int offset, int len) - throws SignatureException { - sig.update (buf, offset, len); + throws SignatureException { + sig.update(buf, offset, len); } /** * Produces the signature for the data processed by update(). - * + * * @exception SignatureException on errors. */ public byte[] sign() throws SignatureException { @@ -73,14 +73,14 @@ public final class X500Signer extends Signer /** * Returns the algorithm used to sign. */ - public AlgorithmId getAlgorithmId() { + public AlgorithmId getAlgorithmId() { return algid; } /** * Returns the name of the signing agent. */ - public X500Name getSigner() { + public X500Name getSigner() { return agent; } @@ -90,26 +90,26 @@ public final class X500Signer extends Signer */ // package private ----hmmmmm ????? public X500Signer(Signature sig, X500Name agent) { - if (sig == null || agent == null) - throw new IllegalArgumentException ("null parameter"); + if (sig == null || agent == null) + throw new IllegalArgumentException("null parameter"); - this.sig = sig; - this.agent = agent; + this.sig = sig; + this.agent = agent; - try { - this.algid = AlgorithmId.getAlgorithmId(sig.getAlgorithm()); - String alg = sig.getAlgorithm(); - if( alg.equals("DSA") ) { - alg = "SHA1withDSA"; - } - this.algid = AlgorithmId.getAlgorithmId(alg); + try { + this.algid = AlgorithmId.getAlgorithmId(sig.getAlgorithm()); + String alg = sig.getAlgorithm(); + if (alg.equals("DSA")) { + alg = "SHA1withDSA"; + } + this.algid = AlgorithmId.getAlgorithmId(alg); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException("internal error! " + e.getMessage()); - } + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException("internal error! " + e.getMessage()); + } } - - private Signature sig; - private X500Name agent; // XXX should be X509CertChain - private AlgorithmId algid; + + private Signature sig; + private X500Name agent; // XXX should be X509CertChain + private AlgorithmId algid; } diff --git a/pki/base/util/src/netscape/security/x509/X509AttributeName.java b/pki/base/util/src/netscape/security/x509/X509AttributeName.java index 4f62f61a..2f6c46cb 100644 --- a/pki/base/util/src/netscape/security/x509/X509AttributeName.java +++ b/pki/base/util/src/netscape/security/x509/X509AttributeName.java @@ -19,7 +19,7 @@ package netscape.security.x509; /** * This class is used to parse attribute names like "x509.info.extensions". - * + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.4 @@ -35,7 +35,7 @@ public class X509AttributeName { /** * Default constructor for the class. Name is of the form * "x509.info.extensions". - * + * * @param name the attribute name. */ public X509AttributeName(String name) { @@ -52,13 +52,13 @@ public class X509AttributeName { * Return the prefix of the name. */ public String getPrefix() { - return (prefix); + return (prefix); } /** * Return the suffix of the name. */ public String getSuffix() { - return (suffix); + return (suffix); } } diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java index a722216a..551e2804 100755 --- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java @@ -51,19 +51,16 @@ import netscape.security.util.ObjectIdentifier; * An implmentation for X509 CRL (Certificate Revocation List). * <p> * The X.509 v2 CRL format is described below in ASN.1: + * * <pre> * </pre> * <p> - * CertificateList ::= SEQUENCE { - * tbsCertList TBSCertList, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING } + * CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } * <p> - * A good description and profiling is provided in the IETF PKIX WG - * draft, Part I: X.509 Certificate and CRL Profile, - * <draft-ietf-pkix-ipki-part1-06.txt>. + * A good description and profiling is provided in the IETF PKIX WG draft, Part I: X.509 Certificate and CRL Profile, <draft-ietf-pkix-ipki-part1-06.txt>. * <p> * The ASN.1 definition of <code>tbsCertList</code> is: + * * <pre> * TBSCertList ::= SEQUENCE { * version Version OPTIONAL, @@ -82,7 +79,7 @@ import netscape.security.util.ObjectIdentifier; * -- if present, must be v2 * } * </pre> - * + * * @author Hemma Prafullchandra * @version 1.8 * @see X509CRL @@ -90,21 +87,21 @@ import netscape.security.util.ObjectIdentifier; public class X509CRLImpl extends X509CRL { // CRL data, and its envelope - private byte[] signedCRL = null; // DER encoded crl - private byte[] signature = null; // raw signature bits - private byte[] tbsCertList = null; // DER encoded "to-be-signed" CRL - private AlgorithmId sigAlgId; // sig alg in CRL + private byte[] signedCRL = null; // DER encoded crl + private byte[] signature = null; // raw signature bits + private byte[] tbsCertList = null; // DER encoded "to-be-signed" CRL + private AlgorithmId sigAlgId; // sig alg in CRL // crl information - private int version; - private AlgorithmId infoSigAlgId; // sig alg in "to-be-signed" crl - private X500Name issuer; - private Date thisUpdate = null; - private Date nextUpdate = null; -// private static final Hashtable revokedCerts = new Hashtable(); - private Hashtable<BigInteger,RevokedCertificate> revokedCerts = new Hashtable<BigInteger, RevokedCertificate>(); -// private static CRLExtensions extensions = null; - private CRLExtensions extensions = null; + private int version; + private AlgorithmId infoSigAlgId; // sig alg in "to-be-signed" crl + private X500Name issuer; + private Date thisUpdate = null; + private Date nextUpdate = null; + // private static final Hashtable revokedCerts = new Hashtable(); + private Hashtable<BigInteger, RevokedCertificate> revokedCerts = new Hashtable<BigInteger, RevokedCertificate>(); + // private static CRLExtensions extensions = null; + private CRLExtensions extensions = null; private boolean entriesIncluded = true; private final static boolean isExplicit = true; @@ -112,17 +109,17 @@ public class X509CRLImpl extends X509CRL { /** * Unmarshals an X.509 CRL from its encoded form, parsing the encoded - * bytes. This form of constructor is used by agents which + * bytes. This form of constructor is used by agents which * need to examine and use CRL contents. Note that the buffer * must include only one CRL, and no "garbage" may be left at * the end. - * + * * @param crlData the encoded bytes, with no trailing padding. * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(byte[] crlData) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { DerValue in = new DerValue(crlData); @@ -134,7 +131,7 @@ public class X509CRLImpl extends X509CRL { } public X509CRLImpl(byte[] crlData, boolean includeEntries) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { entriesIncluded = includeEntries; DerValue in = new DerValue(crlData); @@ -149,13 +146,13 @@ public class X509CRLImpl extends X509CRL { /** * Unmarshals an X.509 CRL from an input stream. Only one CRL * is expected at the end of the input stream. - * + * * @param inStrm an input stream holding at least one CRL * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(InputStream inStrm) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { DerValue val = new DerValue(inStrm); @@ -168,7 +165,7 @@ public class X509CRLImpl extends X509CRL { /** * Initial CRL constructor, no revoked certs, and no extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. @@ -181,18 +178,18 @@ public class X509CRLImpl extends X509CRL { /** * CRL constructor, revoked certs, no extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the array of revoked certificates. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, RevokedCertificate[] badCerts) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -205,19 +202,19 @@ public class X509CRLImpl extends X509CRL { /** * CRL constructor, revoked certs and extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the array of revoked certificates. * @param crlExts the CRL extensions. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, RevokedCertificate[] badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -237,13 +234,12 @@ public class X509CRLImpl extends X509CRL { } } - /** * CRL constructor, revoked certs and extensions. * This will be used by code that constructs CRL and uses * encodeInfo() in order to sign it using external means * (other than sign() method) - * + * * @param issuer the name of the CA issuing this CRL. * @param sigAlg signing algorithm id * @param thisUpdate the Date of this issue. @@ -253,29 +249,28 @@ public class X509CRLImpl extends X509CRL { */ public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, Date nextDate, RevokedCertificate[] badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { - this(issuer,thisDate,nextDate,badCerts,crlExts); + throws CRLException, X509ExtensionException { + this(issuer, thisDate, nextDate, badCerts, crlExts); infoSigAlgId = algId; } - /** * CRL constructor, revoked certs and extensions. - * + * * @param issuer the name of the CA issuing this CRL. * @param sigAlg signing algorithm id * @param thisUpdate the Date of this issue. * @param nextUpdate the Date of the next CRL. * @param badCerts the hashtable of revoked certificates. * @param crlExts the CRL extensions. - * + * * @exception CRLException on parsing/construction errors. * @exception X509ExtensionException on extension handling errors. */ public X509CRLImpl(X500Name issuer, AlgorithmId algId, Date thisDate, Date nextDate, - Hashtable<BigInteger,RevokedCertificate> badCerts, CRLExtensions crlExts) - throws CRLException, X509ExtensionException { + Hashtable<BigInteger, RevokedCertificate> badCerts, CRLExtensions crlExts) + throws CRLException, X509ExtensionException { this.issuer = issuer; this.thisUpdate = thisDate; this.nextUpdate = nextDate; @@ -287,10 +282,9 @@ public class X509CRLImpl extends X509CRL { infoSigAlgId = algId; } - /** * Returns the ASN.1 DER encoded form of this CRL. - * + * * @exception CRLException if an encoding error occurs. */ public byte[] getEncoded() throws CRLException { @@ -303,7 +297,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns true if signedCRL was set. - * + * * @param byte array of containing signed CRL. */ public boolean setSignedCRL(byte[] crl) { @@ -316,20 +310,20 @@ public class X509CRLImpl extends X509CRL { return done; } - public boolean hasUnsupportedCriticalExtension() { - // XXX NOT IMPLEMENTED - return true; - } + public boolean hasUnsupportedCriticalExtension() { + // XXX NOT IMPLEMENTED + return true; + } /** * Encodes the "to-be-signed" CRL to the OutputStream. - * + * * @param out the OutputStream to write to. * @exception CRLException on encoding errors. * @exception X509ExtensionException on extension encoding errors. */ public void encodeInfo(OutputStream out) - throws CRLException, X509ExtensionException { + throws CRLException, X509ExtensionException { try { DerOutputStream tmp = new DerOutputStream(); DerOutputStream rCerts = new DerOutputStream(); @@ -346,10 +340,9 @@ public class X509CRLImpl extends X509CRL { if (nextUpdate != null) tmp.putUTCTime(nextUpdate); - if (! revokedCerts.isEmpty()) { - for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); - e.hasMoreElements();) - ((RevokedCertImpl)e.nextElement()).encode(rCerts); + if (!revokedCerts.isEmpty()) { + for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); e.hasMoreElements();) + ((RevokedCertImpl) e.nextElement()).encode(rCerts); tmp.write(DerValue.tag_Sequence, rCerts); } @@ -361,26 +354,26 @@ public class X509CRLImpl extends X509CRL { tbsCertList = seq.toByteArray(); out.write(tbsCertList); } catch (IOException e) { - throw new CRLException("Encoding error: " + e.getMessage()); + throw new CRLException("Encoding error: " + e.getMessage()); } } /** * Verifies that this CRL was signed using the * private key that corresponds to the specified public key. - * + * * @param key the PublicKey used to carry out the verification. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ public void verify(PublicKey key) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException { verify(key, null); } @@ -389,36 +382,36 @@ public class X509CRLImpl extends X509CRL { * private key that corresponds to the specified public key, * and that the signature verification was computed by * the given provider. - * + * * @param key the PublicKey used to carry out the verification. * @param sigProvider the name of the signature provider. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ public void verify(PublicKey key, String sigProvider) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException { if (signedCRL == null) { throw new CRLException("Uninitialized CRL"); } - Signature sigVerf = null; + Signature sigVerf = null; String sigAlg = sigAlgId.getName(); if (sigProvider.equals("Mozilla-JSS")) { - if (sigAlg.equals("MD5withRSA")) { - sigAlg = "MD5/RSA"; - } else if (sigAlg.equals("MD2withRSA")) { - sigAlg = "MD2/RSA"; - } else if (sigAlg.equals("SHA1withRSA")) { - sigAlg = "SHA1/RSA"; - } else if (sigAlg.equals("SHA1withDSA")) { - sigAlg = "SHA1/DSA"; - } + if (sigAlg.equals("MD5withRSA")) { + sigAlg = "MD5/RSA"; + } else if (sigAlg.equals("MD2withRSA")) { + sigAlg = "MD2/RSA"; + } else if (sigAlg.equals("SHA1withRSA")) { + sigAlg = "SHA1/RSA"; + } else if (sigAlg.equals("SHA1withDSA")) { + sigAlg = "SHA1/DSA"; + } } sigVerf = Signature.getInstance(sigAlg, sigProvider); sigVerf.initVerify(key); @@ -436,12 +429,12 @@ public class X509CRLImpl extends X509CRL { /** * Encodes an X.509 CRL, and signs it using the key * passed. - * + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. @@ -449,21 +442,21 @@ public class X509CRLImpl extends X509CRL { * @exception X509ExtensionException on any extension errors. */ public void sign(PrivateKey key, String algorithm) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException, X509ExtensionException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException, X509ExtensionException { sign(key, algorithm, null); } /** * Encodes an X.509 CRL, and signs it using the key * passed. - * + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. * @param provider the name of the provider. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. @@ -471,8 +464,8 @@ public class X509CRLImpl extends X509CRL { * @exception X509ExtensionException on any extension errors. */ public void sign(PrivateKey key, String algorithm, String provider) - throws CRLException, NoSuchAlgorithmException, InvalidKeyException, - NoSuchProviderException, SignatureException, X509ExtensionException { + throws CRLException, NoSuchAlgorithmException, InvalidKeyException, + NoSuchProviderException, SignatureException, X509ExtensionException { try { if (readOnly) throw new CRLException("cannot over-write existing CRL"); @@ -484,7 +477,7 @@ public class X509CRLImpl extends X509CRL { sigEngine.initSign(key); - // in case the name is reset + // in case the name is reset sigAlgId = AlgorithmId.get(sigEngine.getAlgorithm()); infoSigAlgId = sigAlgId; @@ -515,12 +508,12 @@ public class X509CRLImpl extends X509CRL { /** * Returns a printable string of this CRL. - * + * * @return value of this CRL in a printable form. */ public String toString() { StringBuffer sb = new StringBuffer(); - sb.append("X.509 CRL v" + (version+1) + "\n"); + sb.append("X.509 CRL v" + (version + 1) + "\n"); sb.append("Signature Algorithm: " + sigAlgId.toString() + ", OID=" + (sigAlgId.getOID()).toString() + "\n"); sb.append("Issuer: " + issuer.toString() + "\n"); @@ -531,19 +524,18 @@ public class X509CRLImpl extends X509CRL { sb.append("\nNO certificates have been revoked\n"); else { sb.append("\nRevoked Certificates:\n"); - for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); - e.hasMoreElements();) - sb.append(((RevokedCertificate)e.nextElement()).toString()); + for (Enumeration<RevokedCertificate> e = revokedCerts.elements(); e.hasMoreElements();) + sb.append(((RevokedCertificate) e.nextElement()).toString()); } if (extensions != null) { for (int i = 0; i < extensions.size(); i++) { sb.append("\nCRL Extension[" + i + "]: " + - ((Extension)(extensions.elementAt(i))).toString()); + ((Extension) (extensions.elementAt(i))).toString()); } } - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String signaturebits = pp.toHexString(signature); + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String signaturebits = pp.toHexString(signature); sb.append("\nSignature:\n" + signaturebits); return sb.toString(); @@ -551,10 +543,10 @@ public class X509CRLImpl extends X509CRL { /** * Checks whether the given serial number is on this CRL. - * + * * @param serialNumber the number to check for. * @return true if the given serial number is on this CRL, - * false otherwise. + * false otherwise. */ public boolean isRevoked(BigInteger serialNumber) { if (revokedCerts == null || revokedCerts.isEmpty()) @@ -562,24 +554,26 @@ public class X509CRLImpl extends X509CRL { return revokedCerts.containsKey(serialNumber); } - public boolean isRevoked(Certificate cert) { - if (cert == null) - return false; - if (cert instanceof X509Certificate) { - return isRevoked(((X509Certificate)cert).getSerialNumber()); - } else { - return false; - } - } + public boolean isRevoked(Certificate cert) { + if (cert == null) + return false; + if (cert instanceof X509Certificate) { + return isRevoked(((X509Certificate) cert).getSerialNumber()); + } else { + return false; + } + } /** * Gets the version number from the CRL. * The ASN.1 definition for this is: + * * <pre> * Version ::= INTEGER { v1(0), v2(1), v3(2) } * -- v3 does not apply to CRLs but appears for consistency * -- with definition of Version for certs * </pre> + * * @return the version number. */ public int getVersion() { @@ -592,36 +586,39 @@ public class X509CRLImpl extends X509CRL { * issued the CRL). The issuer name field contains an * X.500 distinguished name (DN). * The ASN.1 definition for this is: + * * <pre> * issuer Name - * + * * Name ::= CHOICE { RDNSequence } * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName * RelativeDistinguishedName ::= * SET OF AttributeValueAssertion - * + * * AttributeValueAssertion ::= SEQUENCE { * AttributeType, * AttributeValue } * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * </pre> + * * The Name describes a hierarchical name composed of attributes, * such as country name, and corresponding values, such as US. * The type of the component AttributeValue is determined by the * AttributeType; in general it will be a directoryString. * A directoryString is usually one of PrintableString, * TeletexString or UniversalString. + * * @return the issuer name. */ public Principal getIssuerDN() { - return (Principal)issuer; + return (Principal) issuer; } /** * Gets the thisUpdate date from the CRL. * The ASN.1 definition for this is: - * + * * @return the thisUpdate date from the CRL. */ public Date getThisUpdate() { @@ -630,9 +627,9 @@ public class X509CRLImpl extends X509CRL { /** * Gets the nextUpdate date from the CRL. - * + * * @return the nextUpdate date from the CRL, or null if - * not present. + * not present. */ public Date getNextUpdate() { if (nextUpdate == null) @@ -643,25 +640,25 @@ public class X509CRLImpl extends X509CRL { /** * Get the revoked certificate from the CRL by the serial * number provided. - * + * * @return the revoked certificate or null if there is - * no entry in the CRL marked with the provided serial number. + * no entry in the CRL marked with the provided serial number. * @see RevokedCertificate */ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { if (revokedCerts == null || revokedCerts.isEmpty()) return null; RevokedCertificate badCert = - (RevokedCertificate)revokedCerts.get(serialNumber); + (RevokedCertificate) revokedCerts.get(serialNumber); return badCert; } /** * Gets all the revoked certificates from the CRL. * A Set of RevokedCertificate. - * + * * @return all the revoked certificates or null if there are - * none. + * none. * @see RevokedCertificate */ public Set<RevokedCertificate> getRevokedCertificates() { @@ -674,11 +671,11 @@ public class X509CRLImpl extends X509CRL { } @SuppressWarnings("unchecked") - public Hashtable<BigInteger,RevokedCertificate> getListOfRevokedCertificates() { - if (revokedCerts == null){ + public Hashtable<BigInteger, RevokedCertificate> getListOfRevokedCertificates() { + if (revokedCerts == null) { return null; - }else{ - return (Hashtable<BigInteger,RevokedCertificate>)revokedCerts.clone(); + } else { + return (Hashtable<BigInteger, RevokedCertificate>) revokedCerts.clone(); } } @@ -690,16 +687,15 @@ public class X509CRLImpl extends X509CRL { } /** - * Gets the DER encoded CRL information, the - * <code>tbsCertList</code> from this CRL. + * Gets the DER encoded CRL information, the <code>tbsCertList</code> from this CRL. * This can be used to verify the signature independently. - * + * * @return the DER encoded CRL information. * @exception CRLException on parsing errors. * @exception X509ExtensionException on extension parsing errors. */ public byte[] getTBSCertList() - throws CRLException { + throws CRLException { if (tbsCertList == null) throw new CRLException("Uninitialized CRL"); byte[] dup = new byte[tbsCertList.length]; @@ -709,7 +705,7 @@ public class X509CRLImpl extends X509CRL { /** * Gets the raw Signature bits from the CRL. - * + * * @return the signature. */ public byte[] getSignature() { @@ -722,7 +718,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns true if signature was set. - * + * * @param byte array of containing CRL signature. */ public boolean setSignature(byte[] crlSignature) { @@ -739,6 +735,7 @@ public class X509CRLImpl extends X509CRL { * Gets the signature algorithm name for the CRL * signature algorithm. For example, the string "SHA1withDSA". * The ASN.1 definition for this is: + * * <pre> * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, @@ -747,13 +744,13 @@ public class X509CRLImpl extends X509CRL { * -- registered for use with the * -- algorithm object identifier value * </pre> - * + * * @return the signature algorithm name. */ public String getSigAlgName() { if (sigAlgId == null) return null; - return sigAlgId.getName(); + return sigAlgId.getName(); } /** @@ -763,14 +760,14 @@ public class X509CRLImpl extends X509CRL { * <positive whole number>.<positive whole number>.<...> * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 * with DSA signature algorithm, as per the PKIX part I. - * + * * @return the signature algorithm oid string. */ public String getSigAlgOID() { if (sigAlgId == null) return null; - ObjectIdentifier oid = sigAlgId.getOID(); - return oid.toString(); + ObjectIdentifier oid = sigAlgId.getOID(); + return oid.toString(); } /** @@ -778,37 +775,36 @@ public class X509CRLImpl extends X509CRL { * CRL's signature algorithm. In most cases, the signature * algorithm parameters are null, the parameters are usually * supplied with the Public Key. - * + * * @return the DER encoded signature algorithm parameters, or * null if no parameters are present. */ public byte[] getSigAlgParams() { if (sigAlgId == null) return null; - try { - return sigAlgId.getEncodedParams(); - } catch (IOException e) { + try { + return sigAlgId.getEncodedParams(); + } catch (IOException e) { return null; - } + } } /** * Gets a Set of the extension(s) marked CRITICAL in the * CRL by OID strings. - * + * * @return a set of the extension oid strings in the - * CRL that are marked critical. + * CRL that are marked critical. */ public Set<String> getCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); - e.hasMoreElements();) { - ex = e.nextElement(); - if (ex.isCritical()){ - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { + ex = e.nextElement(); + if (ex.isCritical()) { + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); } } return extSet; @@ -817,21 +813,20 @@ public class X509CRLImpl extends X509CRL { /** * Gets a Set of the extension(s) marked NON-CRITICAL in the * CRL by OID strings. - * + * * @return a set of the extension oid strings in the - * CRL that are NOT marked critical. + * CRL that are NOT marked critical. */ public Set<String> getNonCriticalExtensionOIDs() { if (extensions == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration<Extension> e = extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { ex = e.nextElement(); - if ( ! ex.isCritical()) - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); - } + if (!ex.isCritical()) + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); + } return extSet; } @@ -842,23 +837,22 @@ public class X509CRLImpl extends X509CRL { * represented by a set of positive whole number separated * by ".", that means,<br> * <positive whole number>.<positive whole number>.<...> - * + * * @param oid the Object Identifier value for the extension. * @return the der encoded octet string of the extension value. */ public byte[] getExtensionValue(String oid) { if (extensions == null) return null; - try { - String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); + try { + String extAlias = OIDMap.getName(new ObjectIdentifier(oid)); Extension crlExt = null; if (extAlias == null) { // may be unknown ObjectIdentifier findOID = new ObjectIdentifier(oid); Extension ex = null; ObjectIdentifier inCertOID; - for (Enumeration<Extension> e=extensions.getElements(); - e.hasMoreElements();) { + for (Enumeration<Extension> e = extensions.getElements(); e.hasMoreElements();) { ex = e.nextElement(); inCertOID = ex.getExtensionId(); if (inCertOID.equals(findOID)) { @@ -868,35 +862,35 @@ public class X509CRLImpl extends X509CRL { } } else crlExt = extensions.get(extAlias); - if (crlExt == null) + if (crlExt == null) return null; - byte[] extData = crlExt.getExtensionValue(); + byte[] extData = crlExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); - out.putOctetString(extData); + DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; - } + } } public BigInteger getCRLNumber() { - try { - CRLExtensions exts = getExtensions(); - if (exts == null) - return null; - Enumeration<Extension> e = exts.getElements(); - while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); - if (ext instanceof CRLNumberExtension) { - CRLNumberExtension numExt = (CRLNumberExtension)ext; - return (BigInteger)numExt.get(CRLNumberExtension.NUMBER); - } + try { + CRLExtensions exts = getExtensions(); + if (exts == null) + return null; + Enumeration<Extension> e = exts.getElements(); + while (e.hasMoreElements()) { + Extension ext = (Extension) e.nextElement(); + if (ext instanceof CRLNumberExtension) { + CRLNumberExtension numExt = (CRLNumberExtension) ext; + return (BigInteger) numExt.get(CRLNumberExtension.NUMBER); + } + } + } catch (Exception e) { } - } catch (Exception e) { - } - return null; + return null; } public BigInteger getDeltaBaseCRLNumber() { @@ -906,10 +900,10 @@ public class X509CRLImpl extends X509CRL { return null; Enumeration<Extension> e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); + Extension ext = (Extension) e.nextElement(); if (ext instanceof DeltaCRLIndicatorExtension) { - DeltaCRLIndicatorExtension numExt = (DeltaCRLIndicatorExtension)ext; - return (BigInteger)numExt.get(DeltaCRLIndicatorExtension.NUMBER); + DeltaCRLIndicatorExtension numExt = (DeltaCRLIndicatorExtension) ext; + return (BigInteger) numExt.get(DeltaCRLIndicatorExtension.NUMBER); } } } catch (Exception e) { @@ -924,7 +918,7 @@ public class X509CRLImpl extends X509CRL { return false; Enumeration<Extension> e = exts.getElements(); while (e.hasMoreElements()) { - Extension ext = (Extension)e.nextElement(); + Extension ext = (Extension) e.nextElement(); if (ext instanceof DeltaCRLIndicatorExtension) { return true; } @@ -936,7 +930,7 @@ public class X509CRLImpl extends X509CRL { /** * Returns extensions for this impl. - * + * * @param extn CRLExtensions */ public CRLExtensions getExtensions() { @@ -947,18 +941,17 @@ public class X509CRLImpl extends X509CRL { return entriesIncluded; } - /*********************************************************************/ /* * Parses an X.509 CRL, should be used only by constructors. */ private void parse(DerValue val) - throws CRLException, IOException, X509ExtensionException { + throws CRLException, IOException, X509ExtensionException { parse(val, true); } private void parse(DerValue val, boolean includeEntries) - throws CRLException, IOException, X509ExtensionException { + throws CRLException, IOException, X509ExtensionException { // check if can over write the certificate if (readOnly) throw new CRLException("cannot over-write existing CRL"); @@ -991,22 +984,22 @@ public class X509CRLImpl extends X509CRL { // parse the information DerInputStream derStrm = seq[0].data; - DerValue tmp; - byte nextByte; + DerValue tmp; + byte nextByte; // version (optional if v1) - version = 0; // by default, version = v1 == 0 - nextByte = (byte)derStrm.peekByte(); + version = 0; // by default, version = v1 == 0 + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_Integer) { version = derStrm.getInteger().toInt(); - if (version != 1) // i.e. v2 + if (version != 1) // i.e. v2 throw new CRLException("Invalid version"); } tmp = derStrm.getDerValue(); // signature { AlgorithmId tmpId = AlgorithmId.parse(tmp); - if (! tmpId.equals(sigAlgId)) + if (!tmpId.equals(sigAlgId)) throw new CRLException("Signature algorithm mismatch"); infoSigAlgId = tmpId; @@ -1017,7 +1010,7 @@ public class X509CRLImpl extends X509CRL { // thisUpdate // check if UTCTime encoded or GeneralizedTime - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { thisUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { @@ -1028,10 +1021,10 @@ public class X509CRLImpl extends X509CRL { } if (derStrm.available() == 0) - return; // done parsing no more optional fields present + return; // done parsing no more optional fields present // nextUpdate (optional) - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if (nextByte == DerValue.tag_UtcTime) { nextUpdate = derStrm.getUTCTime(); } else if (nextByte == DerValue.tag_GeneralizedTime) { @@ -1039,22 +1032,22 @@ public class X509CRLImpl extends X509CRL { } // else it is not present if (derStrm.available() == 0) - return; // done parsing no more optional fields present + return; // done parsing no more optional fields present // revokedCertificates (optional) - nextByte = (byte)derStrm.peekByte(); + nextByte = (byte) derStrm.peekByte(); if ((nextByte == DerValue.tag_SequenceOf) - && (! ((nextByte & 0x0c0) == 0x080))) { + && (!((nextByte & 0x0c0) == 0x080))) { if (includeEntries) { DerValue[] badCerts = derStrm.getSequence(4); for (int i = 0; i < badCerts.length; i++) { RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]); if (entry.hasExtensions() && (version == 0)) throw new CRLException("Invalid encoding, extensions" + - " not supported in CRL v1 entries."); + " not supported in CRL v1 entries."); revokedCerts.put(entry.getSerialNumber(), - (RevokedCertificate)entry); + (RevokedCertificate) entry); } } else { derStrm.skipSequence(4); @@ -1062,11 +1055,11 @@ public class X509CRLImpl extends X509CRL { } if (derStrm.available() == 0) - return; // done parsing no extensions + return; // done parsing no extensions // crlExtensions (optional) tmp = derStrm.getDerValue(); - if (tmp.isConstructed() && tmp.isContextSpecific((byte)0)) { + if (tmp.isConstructed() && tmp.isContextSpecific((byte) 0)) { if (version == 0) throw new CRLException("Invalid encoding, extensions not" + " supported in CRL v1."); diff --git a/pki/base/util/src/netscape/security/x509/X509Cert.java b/pki/base/util/src/netscape/security/x509/X509Cert.java index 873d25ab..4675741a 100644 --- a/pki/base/util/src/netscape/security/x509/X509Cert.java +++ b/pki/base/util/src/netscape/security/x509/X509Cert.java @@ -41,14 +41,12 @@ import netscape.security.util.DerValue; /** * @author David Brownell * @version 1.5 - * + * * @see CertAndKeyGen - * @deprecated Use the new X509Certificate class. - * This class is only restored for backwards compatibility. + * @deprecated Use the new X509Certificate class. + * This class is only restored for backwards compatibility. */ -public -class X509Cert implements Certificate, Serializable -{ +public class X509Cert implements Certificate, Serializable { /** * @@ -62,224 +60,204 @@ class X509Cert implements Certificate, Serializable * decode</a> must later be called (or which may be deserialized). */ // XXX deprecated, delete this - public X509Cert () { } - + public X509Cert() { + } /** * Unmarshals a certificate from its encoded form, parsing the - * encoded bytes. This form of constructor is used by agents which - * need to examine and use certificate contents. That is, this is - * one of the more commonly used constructors. Note that the buffer + * encoded bytes. This form of constructor is used by agents which + * need to examine and use certificate contents. That is, this is + * one of the more commonly used constructors. Note that the buffer * must include only a certificate, and no "garbage" may be left at - * the end. If you need to ignore data at the end of a certificate, + * the end. If you need to ignore data at the end of a certificate, * use another constructor. - * + * * @param cert the encoded bytes, with no terminatu (CONSUMED) * @exception IOException when the certificate is improperly encoded. */ - public X509Cert ( - byte cert [] - ) throws IOException - { - DerValue in = new DerValue (cert); + public X509Cert( + byte cert[]) throws IOException { + DerValue in = new DerValue(cert); - parse (in); - if (in.data.available () != 0) - throw new CertParseError ("garbage at end"); - signedCert = cert; + parse(in); + if (in.data.available() != 0) + throw new CertParseError("garbage at end"); + signedCert = cert; } - /** * Unmarshals a certificate from its encoded form, parsing the - * encoded bytes. This form of constructor is used by agents which - * need to examine and use certificate contents. That is, this is + * encoded bytes. This form of constructor is used by agents which + * need to examine and use certificate contents. That is, this is * one of the most commonly used constructors. - * + * * @param buf the buffer holding the encoded bytes * @param offset the offset in the buffer where the bytes begin * @param len how many bytes of certificate exist - * + * * @exception IOException when the certificate is improperly encoded. */ - public X509Cert ( - byte buf [], - int offset, - int len - ) throws IOException - { - DerValue in = new DerValue (buf, offset, len); - - parse (in); - if (in.data.available () != 0) - throw new CertParseError ("garbage at end"); - signedCert = new byte [len]; - System.arraycopy (buf, offset, signedCert, 0, len); + public X509Cert( + byte buf[], + int offset, + int len) throws IOException { + DerValue in = new DerValue(buf, offset, len); + + parse(in); + if (in.data.available() != 0) + throw new CertParseError("garbage at end"); + signedCert = new byte[len]; + System.arraycopy(buf, offset, signedCert, 0, len); } - /** * Unmarshal a certificate from its encoded form, parsing a DER value. * This form of constructor is used by agents which need to examine * and use certificate contents. - * + * * @param derVal the der value containing the encoded cert. * @exception IOException when the certificate is improperly encoded. */ - public X509Cert (DerValue derVal) throws IOException - { - parse (derVal); - if (derVal.data.available () != 0) - throw new CertParseError ("garbage at end"); - signedCert = derVal.toByteArray (); + public X509Cert(DerValue derVal) throws IOException { + parse(derVal); + if (derVal.data.available() != 0) + throw new CertParseError("garbage at end"); + signedCert = derVal.toByteArray(); } - /** * Partially constructs a certificate from descriptive parameters. * This constructor may be used by Certificate Authority (CA) code, * which later <a href="#signAndEncode">signs and encodes</a> the - * certificate. Also, self-signed certificates serve as CA certificates, + * certificate. Also, self-signed certificates serve as CA certificates, * and are sometimes used as certificate requests. - * - * <P>Until the certificate has been signed and encoded, some of - * the mandatory fields in the certificate will not be available - * via accessor functions: the serial number, issuer name and signing - * algorithm, and of course the signed certificate. The fields passed - * to this constructor are available, and must be non-null. - * - * <P>Note that the public key being signed is generally independent of - * the signature algorithm being used. So for example Diffie-Hellman - * keys (which do not support signatures) can be placed in X.509 - * certificates when some other signature algorithm (e.g. DSS/DSA, - * or one of the RSA based algorithms) is used. - * + * + * <P> + * Until the certificate has been signed and encoded, some of the mandatory fields in the certificate will not be available via accessor functions: the serial number, issuer name and signing algorithm, and of course the signed certificate. The fields passed to this constructor are available, and must be non-null. + * + * <P> + * Note that the public key being signed is generally independent of the signature algorithm being used. So for example Diffie-Hellman keys (which do not support signatures) can be placed in X.509 certificates when some other signature algorithm (e.g. DSS/DSA, or one of the RSA based algorithms) is used. + * * @see CertAndKeyGen - * + * * @param subjectName the X.500 distinguished name being certified - * @param subjectPublicKey the public key being certified. This - * must be an "X509Key" implementing the "PublicKey" interface. + * @param subjectPublicKey the public key being certified. This + * must be an "X509Key" implementing the "PublicKey" interface. * @param notBefore the first time the certificate is valid * @param notAfter the last time the certificate is valid - * + * * @exception CertException if the public key is inappropriate */ - public X509Cert ( - X500Name subjectName, - X509Key subjectPublicKey, - Date notBefore, - Date notAfter - ) throws CertException - { - subject = subjectName; - - if (!(subjectPublicKey instanceof PublicKey)) - throw new CertException (CertException.err_INVALID_PUBLIC_KEY, - "Doesn't implement PublicKey interface"); + public X509Cert( + X500Name subjectName, + X509Key subjectPublicKey, + Date notBefore, + Date notAfter) throws CertException { + subject = subjectName; - /* - * The X509 cert API requires X509 keys, else things break. - */ - pubkey = subjectPublicKey; - notbefore = notBefore; - notafter = notAfter; - version = 0; - } + if (!(subjectPublicKey instanceof PublicKey)) + throw new CertException(CertException.err_INVALID_PUBLIC_KEY, + "Doesn't implement PublicKey interface"); + /* + * The X509 cert API requires X509 keys, else things break. + */ + pubkey = subjectPublicKey; + notbefore = notBefore; + notafter = notAfter; + version = 0; + } /** * Decode an X.509 certificate from an input stream. - * + * * @param in an input stream holding at least one certificate * @exception IOException when the certificate is improperly encoded. */ - public void decode (InputStream in) throws IOException - { - DerValue val = new DerValue (in); + public void decode(InputStream in) throws IOException { + DerValue val = new DerValue(in); - parse (val); - if (val.data.available () != 0) - throw new CertParseError ("garbage at end"); - signedCert = val.toByteArray (); + parse(val); + if (val.data.available() != 0) + throw new CertParseError("garbage at end"); + signedCert = val.toByteArray(); } - /** * Appends the certificate to an output stream. - * + * * @param out an input stream to which the certificate is appended. * @exception IOException when appending fails. */ - public void encode (OutputStream out) throws IOException - { out.write (getSignedCert ()); } - + public void encode(OutputStream out) throws IOException { + out.write(getSignedCert()); + } /** - * Compares two certificates. This is false if the + * Compares two certificates. This is false if the * certificates are not both X.509 certs, otherwise it * compares them as binary data. - * + * * @param other the object being compared with this one * @return true iff the certificates are equivalent */ - public boolean equals (Object other) - { - if (other instanceof X509Cert) - return equals ((X509Cert) other); - else - return false; + public boolean equals(Object other) { + if (other instanceof X509Cert) + return equals((X509Cert) other); + else + return false; } - /** * Compares two certificates, returning false if any data * differs between the two. - * + * * @param other the object being compared with this one * @return true iff the certificates are equivalent */ - public boolean equals (X509Cert src) - { - if (this == src) - return true; - if (signedCert == null || src.signedCert == null) - return false; - if (signedCert.length != src.signedCert.length) - return false; - for (int i = 0; i < signedCert.length; i++) - if (signedCert [i] != src.signedCert [i]) - return false; - return true; + public boolean equals(X509Cert src) { + if (this == src) + return true; + if (signedCert == null || src.signedCert == null) + return false; + if (signedCert.length != src.signedCert.length) + return false; + for (int i = 0; i < signedCert.length; i++) + if (signedCert[i] != src.signedCert[i]) + return false; + return true; } - /** Returns the "X.509" format identifier. */ - public String getFormat () // for Certificate - { return "X.509"; } - + public String getFormat() // for Certificate + { + return "X.509"; + } /** Returns <a href="#getIssuerName">getIssuerName</a> */ - public Principal getGuarantor () // for Certificate - { return getIssuerName (); } - + public Principal getGuarantor() // for Certificate + { + return getIssuerName(); + } /** Returns <a href="#getSubjectName">getSubjectName</a> */ - public Principal getPrincipal () - { return getSubjectName (); } - + public Principal getPrincipal() { + return getSubjectName(); + } /** * Throws an exception if the certificate is invalid because it is * now outside of the certificate's validity period, or because it - * was not signed using the verification key provided. Successfully + * was not signed using the verification key provided. Successfully * verifying a certificate does <em>not</em> indicate that one should * trust the entity which it represents. - * - * <P><em>Note that since this class represents only a single X.509 + * + * <P> + * <em>Note that since this class represents only a single X.509 * certificate, it cannot know anything about the certificate chain * which is used to provide the verification key and to establish trust. * Other code must manage and use those cert chains. - * + * * <P>For now, you must walk the cert chain being used to verify any * given cert. Start at the root, which is a self-signed certificate; * verify it using the key inside the certificate. Then use that to @@ -289,265 +267,255 @@ class X509Cert implements Certificate, Serializable * if any of the verification operations for its certificate chain * were unsuccessful. * </em> - * + * * @param issuerPublicKey the public key of the issuing CA * @exception CertException when the certificate is not valid. */ - public void verify (PublicKey issuerPublicKey) - throws CertException - { - Date now = new Date (); - - if (now.before (notbefore)) - throw new CertException (CertException.verf_INVALID_NOTBEFORE); - if (now.after (notafter)) - throw new CertException (CertException.verf_INVALID_EXPIRED); - if (signedCert == null) - throw new CertException (CertException.verf_INVALID_SIG, - "?? certificate is not signed yet ??"); - - // - // Verify the signature ... - // - String algName = null; - - try { - Signature sigVerf = null; - - algName = issuerSigAlg.getName(); - sigVerf = Signature.getInstance(algName); - sigVerf.initVerify (issuerPublicKey); - sigVerf.update (rawCert, 0, rawCert.length); - - if (!sigVerf.verify (signature)) { - throw new CertException (CertException.verf_INVALID_SIG, - "Signature ... by <" + issuer + "> for <" + subject + ">"); - } - - // Gag -- too many catch clauses, let most through. - - } catch (NoSuchAlgorithmException e) { - throw new CertException (CertException.verf_INVALID_SIG, - "Unsupported signature algorithm (" + algName + ")"); - - } catch (InvalidKeyException e) { - // e.printStackTrace(); - throw new CertException (CertException.err_INVALID_PUBLIC_KEY, - "Algorithm (" + algName + ") rejected public key"); - - } catch (SignatureException e) { - throw new CertException (CertException.verf_INVALID_SIG, - "Signature by <" + issuer + "> for <" + subject + ">"); - } + public void verify(PublicKey issuerPublicKey) + throws CertException { + Date now = new Date(); + + if (now.before(notbefore)) + throw new CertException(CertException.verf_INVALID_NOTBEFORE); + if (now.after(notafter)) + throw new CertException(CertException.verf_INVALID_EXPIRED); + if (signedCert == null) + throw new CertException(CertException.verf_INVALID_SIG, + "?? certificate is not signed yet ??"); + + // + // Verify the signature ... + // + String algName = null; + + try { + Signature sigVerf = null; + + algName = issuerSigAlg.getName(); + sigVerf = Signature.getInstance(algName); + sigVerf.initVerify(issuerPublicKey); + sigVerf.update(rawCert, 0, rawCert.length); + + if (!sigVerf.verify(signature)) { + throw new CertException(CertException.verf_INVALID_SIG, + "Signature ... by <" + issuer + "> for <" + subject + ">"); + } + + // Gag -- too many catch clauses, let most through. + + } catch (NoSuchAlgorithmException e) { + throw new CertException(CertException.verf_INVALID_SIG, + "Unsupported signature algorithm (" + algName + ")"); + + } catch (InvalidKeyException e) { + // e.printStackTrace(); + throw new CertException(CertException.err_INVALID_PUBLIC_KEY, + "Algorithm (" + algName + ") rejected public key"); + + } catch (SignatureException e) { + throw new CertException(CertException.verf_INVALID_SIG, + "Signature by <" + issuer + "> for <" + subject + ">"); + } } - /** * Creates an X.509 certificate, and signs it using the issuer * passed (associating a signature algorithm and an X.500 name). * This operation is used to implement the certificate generation * functionality of a certificate authority. - * + * * @see #getSignedCert * @see #getSigner * @see CertAndKeyGen - * + * * @param serial the serial number of the certificate (non-null) * @param issuer the certificate issuer (CA) (non-null) * @return the signed certificate, as returned by getSignedCert - * + * * @exception IOException if any of the data could not be encoded, - * or when any mandatory data was omitted + * or when any mandatory data was omitted * @exception SignatureException on signing failures */ - public byte [] - encodeAndSign ( - BigInt serial, - X500Signer issuer - ) throws IOException, SignatureException - { - rawCert = null; - - /* - * Get the remaining cert parameters, and make sure we have enough. - * - * We deduce version based on what attribute data are available - * For now, we have no attributes, so we always deduce X.509v1 ! - */ - version = 0; - serialnum = serial; - this.issuer = issuer.getSigner (); - issuerSigAlg = issuer.getAlgorithmId (); + public byte[] + encodeAndSign( + BigInt serial, + X500Signer issuer + ) throws IOException, SignatureException { + rawCert = null; - if (subject == null || pubkey == null - || notbefore == null || notafter == null) - throw new IOException ("not enough cert parameters"); + /* + * Get the remaining cert parameters, and make sure we have enough. + * + * We deduce version based on what attribute data are available + * For now, we have no attributes, so we always deduce X.509v1 ! + */ + version = 0; + serialnum = serial; + this.issuer = issuer.getSigner(); + issuerSigAlg = issuer.getAlgorithmId(); + + if (subject == null || pubkey == null + || notbefore == null || notafter == null) + throw new IOException("not enough cert parameters"); - /* - * Encode the raw cert, create its signature and put it - * into the envelope. - */ - rawCert = DERencode (); - signedCert = sign (issuer, rawCert); - return signedCert; + /* + * Encode the raw cert, create its signature and put it + * into the envelope. + */ + rawCert = DERencode(); + signedCert = sign(issuer, rawCert); + return signedCert; } - /** - * Returns an X500Signer that may be used to create signatures. Those + * Returns an X500Signer that may be used to create signatures. Those * signature may in turn be verified using this certificate (or a * copy of it). - * - * <P><em><b>NOTE:</b> If the private key is by itself capable of + * + * <P> + * <em><b>NOTE:</b> If the private key is by itself capable of * creating signatures, this fact may not be recognized at this time. * Specifically, the case of DSS/DSA keys which get their algorithm * parameters from higher in the certificate chain is not supportable * without using an X509CertChain API, and there is no current support * for other sources of algorithm parameters.</em> - * - * @param algorithm the signature algorithm to be used. Note that a - * given public/private key pair may support several such algorithms. + * + * @param algorithm the signature algorithm to be used. Note that a + * given public/private key pair may support several such algorithms. * @param privateKey the private key used to create the signature, - * which must correspond to the public key in this certificate + * which must correspond to the public key in this certificate * @return the Signer object - * + * * @exception NoSuchAlgorithmException if the signature - * algorithm is not supported + * algorithm is not supported * @exception InvalidKeyException if either the key in the certificate, - * or the private key parameter, does not support the requested - * signature algorithm - */ - public X500Signer getSigner (AlgorithmId algorithmId, - PrivateKey privateKey) - throws NoSuchAlgorithmException, InvalidKeyException - { - String algorithm; - Signature sig; - - if (privateKey instanceof Key) { - Key key = (Key)privateKey; - algorithm = key.getAlgorithm(); - } else { - throw new InvalidKeyException("private key not a key!"); - } - - sig = Signature.getInstance(algorithmId.getName()); - - if (!pubkey.getAlgorithm ().equals (algorithm)) { - - throw new InvalidKeyException( "Private key algorithm " + - algorithm + - " incompatible with certificate " + - pubkey.getAlgorithm()); - } - sig.initSign (privateKey); - return new X500Signer (sig, subject); + * or the private key parameter, does not support the requested + * signature algorithm + */ + public X500Signer getSigner(AlgorithmId algorithmId, + PrivateKey privateKey) + throws NoSuchAlgorithmException, InvalidKeyException { + String algorithm; + Signature sig; + + if (privateKey instanceof Key) { + Key key = (Key) privateKey; + algorithm = key.getAlgorithm(); + } else { + throw new InvalidKeyException("private key not a key!"); + } + + sig = Signature.getInstance(algorithmId.getName()); + + if (!pubkey.getAlgorithm().equals(algorithm)) { + + throw new InvalidKeyException("Private key algorithm " + + algorithm + + " incompatible with certificate " + + pubkey.getAlgorithm()); + } + sig.initSign(privateKey); + return new X500Signer(sig, subject); } - /** * Returns a signature object that may be used to verify signatures * created using a specified signature algorithm and the public key * contained in this certificate. - * - * <P><em><b>NOTE:</b> If the public key in this certificate is not by + * + * <P> + * <em><b>NOTE:</b> If the public key in this certificate is not by * itself capable of verifying signatures, this may not be recognized * at this time. Specifically, the case of DSS/DSA keys which get * their algorithm parameters from higher in the certificate chain * is not supportable without using an X509CertChain API, and there * is no current support for other sources of algorithm parameters.</em> - * + * * @param algorithm the algorithm of the signature to be verified * @return the Signature object * @exception NoSuchAlgorithmException if the signature - * algorithm is not supported + * algorithm is not supported * @exception InvalidKeyException if the key in the certificate - * does not support the requested signature algorithm + * does not support the requested signature algorithm */ public Signature getVerifier(String algorithm) - throws NoSuchAlgorithmException, InvalidKeyException - { - String algName; - Signature sig; + throws NoSuchAlgorithmException, InvalidKeyException { + String algName; + Signature sig; - sig = Signature.getInstance(algorithm); - sig.initVerify (pubkey); - return sig; + sig = Signature.getInstance(algorithm); + sig.initVerify(pubkey); + return sig; } - - /** * Return the signed X.509 certificate as a byte array. * The bytes are in standard DER marshaled form. * Null is returned in the case of a partially constructed cert. */ - public byte [] getSignedCert () - { return signedCert; } - + public byte[] getSignedCert() { + return signedCert; + } /** * Returns the certificate's serial number. * Null is returned in the case of a partially constructed cert. */ - public BigInt getSerialNumber () - { return serialnum; } - + public BigInt getSerialNumber() { + return serialnum; + } /** * Returns the subject's X.500 distinguished name. */ - public X500Name getSubjectName () - { return subject; } - + public X500Name getSubjectName() { + return subject; + } /** * Returns the certificate issuer's X.500 distinguished name. * Null is returned in the case of a partially constructed cert. */ - public X500Name getIssuerName () - { return issuer; } - + public X500Name getIssuerName() { + return issuer; + } /** * Returns the algorithm used by the issuer to sign the certificate. * Null is returned in the case of a partially constructed cert. */ - public AlgorithmId getIssuerAlgorithmId () - { return issuerSigAlg; } - + public AlgorithmId getIssuerAlgorithmId() { + return issuerSigAlg; + } /** * Returns the first time the certificate is valid. */ - public Date getNotBefore () - { return notbefore; } - + public Date getNotBefore() { + return notbefore; + } /** * Returns the last time the certificate is valid. */ - public Date getNotAfter () - { return notafter; } - + public Date getNotAfter() { + return notafter; + } /** - * Returns the subject's public key. Note that some public key + * Returns the subject's public key. Note that some public key * algorithms support an optional certificate generation policy * where the keys in the certificates are not in themselves sufficient - * to perform a public key operation. Those keys need to be augmented + * to perform a public key operation. Those keys need to be augmented * by algorithm parameters, which the certificate generation policy * chose not to place in the certificate. - * - * <P>Two such public key algorithms are: DSS/DSA, where algorithm - * parameters could be acquired from a CA certificate in the chain - * of issuers; and Diffie-Hellman, with a similar solution although - * the CA then needs both a Diffie-Hellman certificate and a signature - * capable certificate. + * + * <P> + * Two such public key algorithms are: DSS/DSA, where algorithm parameters could be acquired from a CA certificate in the chain of issuers; and Diffie-Hellman, with a similar solution although the CA then needs both a Diffie-Hellman certificate and a signature capable certificate. */ - public PublicKey getPublicKey () - { return pubkey; } - + public PublicKey getPublicKey() { + return pubkey; + } /** * Returns the X.509 version number of this certificate, zero based. @@ -555,85 +523,81 @@ class X509Cert implements Certificate, Serializable * and "0" indicates X.509v1 (1988). * Zero is returned in the case of a partially constructed cert. */ - public int getVersion () - { return version; } + public int getVersion() { + return version; + } - /** - * Calculates a hash code value for the object. Objects + * Calculates a hash code value for the object. Objects * which are equal will also have the same hashcode. */ - public int hashCode () - { - int retval = 0; + public int hashCode() { + int retval = 0; - for (int i = 0; i < signedCert.length; i++) - retval += signedCert [i] * i; - return retval; + for (int i = 0; i < signedCert.length; i++) + retval += signedCert[i] * i; + return retval; } - /** - * Returns a printable representation of the certificate. This does not + * Returns a printable representation of the certificate. This does not * contain all the information available to distinguish this from any - * other certificate. The certificate must be fully constructed + * other certificate. The certificate must be fully constructed * before this function may be called; in particular, if you are * creating certificates you must call encodeAndSign() before calling * this function. */ - public String toString () - { - String s; + public String toString() { + String s; - if (subject == null || pubkey == null - || notbefore == null || notafter == null - || issuer == null || issuerSigAlg == null - || serialnum == null) - throw new NullPointerException ("X.509 cert is incomplete"); + if (subject == null || pubkey == null + || notbefore == null || notafter == null + || issuer == null || issuerSigAlg == null + || serialnum == null) + throw new NullPointerException("X.509 cert is incomplete"); s = " X.509v" + (version + 1) + " certificate,\n"; s += " Subject is " + subject + "\n"; s += " Key: " + pubkey; s += " Validity <" + notbefore + "> until <" + notafter + ">\n"; s += " Issuer is " + issuer + "\n"; - s += " Issuer signature used " + issuerSigAlg.toString () + "\n"; - s += " Serial number = " + serialnum + "\n"; + s += " Issuer signature used " + issuerSigAlg.toString() + "\n"; + s += " Serial number = " + serialnum + "\n"; // optional v2, v3 extras return "[\n" + s + "]"; } - /** * Returns a printable representation of the certificate. - * + * * @param detailed true iff lots of detail is requested */ - public String toString (boolean detailed) - { return toString (); } - + public String toString(boolean detailed) { + return toString(); + } /* * Certificate data, and its envelope */ - private byte rawCert []; - private byte signature []; - private byte signedCert []; + private byte rawCert[]; + private byte signature[]; + private byte signedCert[]; /* * X509.v1 data (parsed) */ - private X500Name subject; // from subject - private X509Key pubkey; + private X500Name subject; // from subject + private X509Key pubkey; - private Date notafter; // from CA (constructor) - private Date notbefore; + private Date notafter; // from CA (constructor) + private Date notbefore; - private int version; // from CA (signAndEncode) - private BigInt serialnum; - private X500Name issuer; - private AlgorithmId issuerSigAlg; + private int version; // from CA (signAndEncode) + private BigInt serialnum; + private X500Name issuer; + private AlgorithmId issuerSigAlg; /* * X509.v2 extensions @@ -647,7 +611,6 @@ class X509Cert implements Certificate, Serializable * Other extensions ... Netscape, Verisign, SET, etc */ - /************************************************************/ /* @@ -660,214 +623,203 @@ class X509Cert implements Certificate, Serializable * This routine unmarshals the certificate, saving the signature * parts away for later verification. */ - private void parse (DerValue val) - throws IOException - { - DerValue seq [] = new DerValue [3]; + private void parse(DerValue val) + throws IOException { + DerValue seq[] = new DerValue[3]; - seq [0] = val.data.getDerValue (); - seq [1] = val.data.getDerValue (); - seq [2] = val.data.getDerValue (); - - if (val.data.available () != 0) - throw new CertParseError ("signed overrun, bytes = " - + val.data.available ()); - if (seq [0].tag != DerValue.tag_Sequence) - throw new CertParseError ("signed fields invalid"); + seq[0] = val.data.getDerValue(); + seq[1] = val.data.getDerValue(); + seq[2] = val.data.getDerValue(); - rawCert = seq [0].toByteArray (); // XXX slow; fixme! + if (val.data.available() != 0) + throw new CertParseError("signed overrun, bytes = " + + val.data.available()); + if (seq[0].tag != DerValue.tag_Sequence) + throw new CertParseError("signed fields invalid"); + rawCert = seq[0].toByteArray(); // XXX slow; fixme! - issuerSigAlg = AlgorithmId.parse (seq [1]); - signature = seq [2].getBitString (); + issuerSigAlg = AlgorithmId.parse(seq[1]); + signature = seq[2].getBitString(); - if (seq [1].data.available () != 0) { - // XXX why was this error check commented out? - // It was originally part of the next check. - throw new CertParseError ("algid field overrun"); - } + if (seq[1].data.available() != 0) { + // XXX why was this error check commented out? + // It was originally part of the next check. + throw new CertParseError("algid field overrun"); + } - if (seq [2].data.available () != 0) - throw new CertParseError ("signed fields overrun"); + if (seq[2].data.available() != 0) + throw new CertParseError("signed fields overrun"); - /* - * Let's have fun parsing the cert itself. - */ - DerInputStream in; - DerValue tmp; + /* + * Let's have fun parsing the cert itself. + */ + DerInputStream in; + DerValue tmp; - in = seq [0].data; + in = seq[0].data; /* - * Version -- this is optional (default zero). If it's there it's - * the first field and is specially tagged. - * - * Both branches leave "tmp" holding a value for the serial - * number that comes next. - */ - version = 0; - tmp = in.getDerValue (); - if (tmp.isConstructed () && tmp.isContextSpecific ()) { - version = tmp.data.getInteger ().toInt (); - if (tmp.data.available () != 0) - throw new IOException ("X.509 version, bad format"); - tmp = in.getDerValue (); - } + * Version -- this is optional (default zero). If it's there it's + * the first field and is specially tagged. + * + * Both branches leave "tmp" holding a value for the serial + * number that comes next. + */ + version = 0; + tmp = in.getDerValue(); + if (tmp.isConstructed() && tmp.isContextSpecific()) { + version = tmp.data.getInteger().toInt(); + if (tmp.data.available() != 0) + throw new IOException("X.509 version, bad format"); + tmp = in.getDerValue(); + } /* - * serial number ... an integer - */ - serialnum = tmp.getInteger (); + * serial number ... an integer + */ + serialnum = tmp.getInteger(); /* - * algorithm type for CA's signature ... needs to match the - * one on the envelope, and that's about it! different IDs - * may represent a signature attack. In general we want to - * inherit parameters. - */ - tmp = in.getDerValue (); - { - AlgorithmId algid; - + * algorithm type for CA's signature ... needs to match the + * one on the envelope, and that's about it! different IDs + * may represent a signature attack. In general we want to + * inherit parameters. + */ + tmp = in.getDerValue(); + { + AlgorithmId algid; - algid = AlgorithmId.parse(tmp); + algid = AlgorithmId.parse(tmp); - if (!algid.equals (issuerSigAlg)) - throw new CertParseError ("CA Algorithm mismatch!"); + if (!algid.equals(issuerSigAlg)) + throw new CertParseError("CA Algorithm mismatch!"); - this.algid = algid; - } + this.algid = algid; + } /* - * issuer name - */ - issuer = new X500Name (in); + * issuer name + */ + issuer = new X500Name(in); /* - * validity: SEQUENCE { start date, end date } - */ - tmp = in.getDerValue (); - if (tmp.tag != DerValue.tag_Sequence) - throw new CertParseError ("corrupt validity field"); + * validity: SEQUENCE { start date, end date } + */ + tmp = in.getDerValue(); + if (tmp.tag != DerValue.tag_Sequence) + throw new CertParseError("corrupt validity field"); - notbefore = tmp.data.getUTCTime (); - notafter = tmp.data.getUTCTime (); - if (tmp.data.available () != 0) - throw new CertParseError ("excess validity data"); + notbefore = tmp.data.getUTCTime(); + notafter = tmp.data.getUTCTime(); + if (tmp.data.available() != 0) + throw new CertParseError("excess validity data"); /* - * subject name and public key - */ - subject = new X500Name (in); + * subject name and public key + */ + subject = new X500Name(in); - tmp = in.getDerValue (); - pubkey = X509Key.parse (tmp); + tmp = in.getDerValue(); + pubkey = X509Key.parse(tmp); /* - * XXX for v2 and later, a bunch of tagged options follow - */ - - if (in.available () != 0) { - /* - * Until we parse V2/V3 data ... ignore it. - * - // throw new CertParseError ("excess cert data"); - System.out.println ( - "@end'o'cert, optional V2/V3 data unparsed: " - + in.available () - + " bytes" - ); - */ - } + * XXX for v2 and later, a bunch of tagged options follow + */ + + if (in.available() != 0) { + /* + * Until we parse V2/V3 data ... ignore it. + * + // throw new CertParseError ("excess cert data"); + System.out.println ( + "@end'o'cert, optional V2/V3 data unparsed: " + + in.available () + + " bytes" + ); + */ + } } - /* * Encode only the parts that will later be signed. */ - private byte [] DERencode () throws IOException - { - DerOutputStream raw = new DerOutputStream (); - - encode (raw); - return raw.toByteArray (); - } + private byte[] DERencode() throws IOException { + DerOutputStream raw = new DerOutputStream(); + encode(raw); + return raw.toByteArray(); + } /* * Marshal the contents of a "raw" certificate into a DER sequence. */ - private void encode (DerOutputStream out) throws IOException - { - DerOutputStream tmp = new DerOutputStream (); + private void encode(DerOutputStream out) throws IOException { + DerOutputStream tmp = new DerOutputStream(); - /* - * encode serial number, issuer signing algorithm, - * and issuer name into the data we'll return - */ - tmp.putInteger (serialnum); - issuerSigAlg.encode (tmp); - issuer.encode (tmp); + /* + * encode serial number, issuer signing algorithm, + * and issuer name into the data we'll return + */ + tmp.putInteger(serialnum); + issuerSigAlg.encode(tmp); + issuer.encode(tmp); - /* - * Validity is a two element sequence ... encode the - * elements, then wrap them into the data we'll return - */ - { - DerOutputStream seq = new DerOutputStream (); + /* + * Validity is a two element sequence ... encode the + * elements, then wrap them into the data we'll return + */ + { + DerOutputStream seq = new DerOutputStream(); - seq.putUTCTime (notbefore); - seq.putUTCTime (notafter); - tmp.write (DerValue.tag_Sequence, seq); - } + seq.putUTCTime(notbefore); + seq.putUTCTime(notafter); + tmp.write(DerValue.tag_Sequence, seq); + } - /* - * Encode subject (principal) and associated key - */ - subject.encode (tmp); - pubkey.encode (tmp); + /* + * Encode subject (principal) and associated key + */ + subject.encode(tmp); + pubkey.encode(tmp); - /* - * Wrap the data; encoding of the "raw" cert is now complete. - */ - out.write (DerValue.tag_Sequence, tmp); + /* + * Wrap the data; encoding of the "raw" cert is now complete. + */ + out.write(DerValue.tag_Sequence, tmp); } - /* * Calculate the signature of the "raw" certificate, * and marshal the cert with the signature and a * description of the signing algorithm. */ - private byte [] sign (X500Signer issuer, byte data []) - throws IOException, SignatureException - { - /* - * Encode the to-be-signed data, then the algorithm used - * to create the signature. - */ - DerOutputStream out = new DerOutputStream (); - DerOutputStream tmp = new DerOutputStream (); - - tmp.write (data); - issuer.getAlgorithmId ().encode(tmp); + private byte[] sign(X500Signer issuer, byte data[]) + throws IOException, SignatureException { + /* + * Encode the to-be-signed data, then the algorithm used + * to create the signature. + */ + DerOutputStream out = new DerOutputStream(); + DerOutputStream tmp = new DerOutputStream(); + tmp.write(data); + issuer.getAlgorithmId().encode(tmp); - /* - * Create and encode the signature itself. - */ - issuer.update (data, 0, data.length); - signature = issuer.sign (); - tmp.putBitString (signature); + /* + * Create and encode the signature itself. + */ + issuer.update(data, 0, data.length); + signature = issuer.sign(); + tmp.putBitString(signature); - /* - * Wrap the signed data in a SEQUENCE { data, algorithm, sig } - */ - out.write (DerValue.tag_Sequence, tmp); - return out.toByteArray (); + /* + * Wrap the signed data in a SEQUENCE { data, algorithm, sig } + */ + out.write(DerValue.tag_Sequence, tmp); + return out.toByteArray(); } - /** * Serialization write ... X.509 certificates serialize as * themselves, and they're parsed when they get read back. @@ -875,16 +827,18 @@ class X509Cert implements Certificate, Serializable * serialization subsystem, then the cert data.) */ private synchronized void - writeObject (java.io.ObjectOutputStream stream) - throws IOException - { encode(stream); } + writeObject(java.io.ObjectOutputStream stream) + throws IOException { + encode(stream); + } /** * Serialization read ... X.509 certificates serialize as * themselves, and they're parsed when they get read back. */ private synchronized void - readObject (ObjectInputStream stream) - throws IOException - { decode(stream); } + readObject(ObjectInputStream stream) + throws IOException { + decode(stream); + } } diff --git a/pki/base/util/src/netscape/security/x509/X509CertImpl.java b/pki/base/util/src/netscape/security/x509/X509CertImpl.java index a3b8b64f..a576ce39 100755 --- a/pki/base/util/src/netscape/security/x509/X509CertImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CertImpl.java @@ -54,29 +54,22 @@ import netscape.security.util.ObjectIdentifier; /** * The X509CertImpl class represents an X.509 certificate. These certificates * are widely used to support authentication and other functionality in - * Internet security systems. Common applications include Privacy Enhanced + * Internet security systems. Common applications include Privacy Enhanced * Mail (PEM), Transport Layer Security (SSL), code signing for trusted - * software distribution, and Secure Electronic Transactions (SET). There + * software distribution, and Secure Electronic Transactions (SET). There * is a commercial infrastructure ready to manage large scale deployments * of X.509 identity certificates. - * - * <P>These certificates are managed and vouched for by <em>Certificate - * Authorities</em> (CAs). CAs are services which create certificates by - * placing data in the X.509 standard format and then digitally signing - * that data. Such signatures are quite difficult to forge. CAs act as - * trusted third parties, making introductions between agents who have no - * direct knowledge of each other. CA certificates are either signed by - * themselves, or by some other CA such as a "root" CA. - * - * <P>RFC 1422 is very informative, though it does not describe much - * of the recent work being done with X.509 certificates. That includes - * a 1996 version (X.509v3) and a variety of enhancements being made to - * facilitate an explosion of personal certificates used as "Internet - * Drivers' Licences", or with SET for credit card transactions. - * - * <P>More recent work includes the IETF PKIX Working Group efforts, - * especially part 1. - * + * + * <P> + * These certificates are managed and vouched for by <em>Certificate + * Authorities</em> (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA. + * + * <P> + * RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions. + * + * <P> + * More recent work includes the IETF PKIX Working Group efforts, especially part 1. + * * @author Dave Brownell * @author Amit Kapoor * @author Hemma Prafullchandra @@ -84,7 +77,7 @@ import netscape.security.util.ObjectIdentifier; * @see X509CertInfo */ public class X509CertImpl extends X509Certificate -implements Serializable, DerEncoder { + implements Serializable, DerEncoder { // Serialization compatibility with the X509CertImpl in x509v1.jar // supporting the subset of X509Certificate on JDK1.1.x platforms. static final long serialVersionUID = -2048442350420423405L; @@ -131,10 +124,10 @@ implements Serializable, DerEncoder { private boolean readOnly = false; // Certificate data, and its envelope - private byte[] signedCert; - protected X509CertInfo info = null; - protected AlgorithmId algId; - protected byte[] signature; + private byte[] signedCert; + protected X509CertInfo info = null; + protected AlgorithmId algId; + protected byte[] signature; // recognized extension OIDS private static final String KEY_USAGE_OID = "2.5.29.15"; @@ -143,76 +136,77 @@ implements Serializable, DerEncoder { /** * Default constructor. */ - public X509CertImpl() { } + public X509CertImpl() { + } /** * Unmarshals a certificate from its encoded form, parsing the - * encoded bytes. This form of constructor is used by agents which - * need to examine and use certificate contents. That is, this is - * one of the more commonly used constructors. Note that the buffer + * encoded bytes. This form of constructor is used by agents which + * need to examine and use certificate contents. That is, this is + * one of the more commonly used constructors. Note that the buffer * must include only a certificate, and no "garbage" may be left at - * the end. If you need to ignore data at the end of a certificate, + * the end. If you need to ignore data at the end of a certificate, * use another constructor. - * + * * @param certData the encoded bytes, with no trailing padding. * @exception CertificateException on parsing and initialization errors. */ public X509CertImpl(byte[] certData) - throws CertificateException { - this(certData,null); + throws CertificateException { + this(certData, null); } - /** - * As a special optimization, this constructor acts as X509CertImpl(byte[]) - * except that it takes an X509CertInfo which it uses as a 'hint' for - * how to construct one field. - * - * @param certData the encode bytes, with no traiing padding - * @param certInfo the certInfo which has already been constructed - * from the certData - */ + /** + * As a special optimization, this constructor acts as X509CertImpl(byte[]) + * except that it takes an X509CertInfo which it uses as a 'hint' for + * how to construct one field. + * + * @param certData the encode bytes, with no traiing padding + * @param certInfo the certInfo which has already been constructed + * from the certData + */ public X509CertImpl(byte[] certData, X509CertInfo certInfo) - throws CertificateException { + throws CertificateException { - // setting info here causes it to skip decoding in the parse() - // method - info = certInfo; + // setting info here causes it to skip decoding in the parse() + // method + info = certInfo; try { - DerValue in = new DerValue(certData); + DerValue in = new DerValue(certData); parse(in); signedCert = certData; } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } - } + } /** * unmarshals an X.509 certificate from an input stream. - * + * * @param in an input stream holding at least one certificate * @exception CertificateException on parsing and initialization errors. */ public X509CertImpl(InputStream in) - throws CertificateException { + throws CertificateException { try { - DerValue val = new DerValue(in); + DerValue val = new DerValue(in); parse(val); signedCert = val.toByteArray(); } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } } /** * Construct an initialized X509 Certificate. The certificate is stored * in raw form and has to be signed to be useful. - * + * * @param certInfo the X509CertificateInfo which the Certificate is to be - * created from. + * created from. */ public X509CertImpl(X509CertInfo certInfo) { this.info = certInfo; @@ -222,36 +216,35 @@ implements Serializable, DerEncoder { * Unmarshal a certificate from its encoded form, parsing a DER value. * This form of constructor is used by agents which need to examine * and use certificate contents. - * + * * @param derVal the der value containing the encoded cert. * @exception CertificateException on parsing and initialization errors. */ public X509CertImpl(DerValue derVal) - throws CertificateException { + throws CertificateException { try { parse(derVal); signedCert = derVal.toByteArray(); } catch (IOException e) { - throw new CertificateException("Unable to initialize, " + e); + throw new CertificateException("Unable to initialize, " + e); } } - public boolean hasUnsupportedCriticalExtension() - { - // XXX NOT IMPLEMENTED - return true; + public boolean hasUnsupportedCriticalExtension() { + // XXX NOT IMPLEMENTED + return true; } /** * Decode an X.509 certificate from an input stream. - * + * * @param in an input stream holding at least one certificate * @exception CertificateException on parsing errors. * @exception IOException on other errors. */ public void decode(InputStream in) - throws CertificateException, IOException { - DerValue val = new DerValue(in); + throws CertificateException, IOException { + DerValue val = new DerValue(in); parse(val); signedCert = val.toByteArray(); @@ -259,12 +252,12 @@ implements Serializable, DerEncoder { /** * Appends the certificate to an output stream. - * + * * @param out an input stream to which the certificate is appended. * @exception CertificateEncodingException on encoding errors. */ public void encode(OutputStream out) - throws CertificateEncodingException { + throws CertificateEncodingException { if (signedCert == null) throw new CertificateEncodingException( "Null certificate to encode"); @@ -278,17 +271,17 @@ implements Serializable, DerEncoder { /** * DER encode this object onto an output stream. * Implements the <code>DerEncoder</code> interface. - * - * @param out - * the output stream on which to write the DER encoding. - * + * + * @param out + * the output stream on which to write the DER encoding. + * * @exception IOException on encoding error. */ - public void derEncode (OutputStream out) throws IOException { + public void derEncode(OutputStream out) throws IOException { if (signedCert == null) throw new IOException("Null certificate to encode"); - out.write(signedCert); + out.write(signedCert); } /** @@ -296,7 +289,7 @@ implements Serializable, DerEncoder { * assumed that each certificate type would have only a single * form of encoding; for example, X.509 certificates would * be encoded as ASN.1 DER. - * + * * @exception CertificateEncodingException if an encoding error occurs. */ public byte[] getEncoded() throws CertificateEncodingException { @@ -310,50 +303,50 @@ implements Serializable, DerEncoder { /** * Throws an exception if the certificate was not signed using the - * verification key provided. Successfully verifying a certificate + * verification key provided. Successfully verifying a certificate * does <em>not</em> indicate that one should trust the entity which * it represents. - * + * * @param key the public key used for verification. - * + * * @exception InvalidKeyException on incorrect key. * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void verify(PublicKey key) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { verify(key, null); } /** * Throws an exception if the certificate was not signed using the - * verification key provided. Successfully verifying a certificate + * verification key provided. Successfully verifying a certificate * does <em>not</em> indicate that one should trust the entity which * it represents. - * + * * @param key the public key used for verification. * @param sigProvider the name of the provider. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void verify(PublicKey key, String sigProvider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { if (signedCert == null) { throw new CertificateEncodingException("Uninitialized certificate"); } // Verify the signature ... - Signature sigVerf = null; + Signature sigVerf = null; sigVerf = Signature.getInstance(algId.getName(), sigProvider); sigVerf.initVerify(key); @@ -371,20 +364,20 @@ implements Serializable, DerEncoder { * passed (associating a signature algorithm and an X.500 name). * This operation is used to implement the certificate generation * functionality of a certificate authority. - * + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. - * + * * @exception InvalidKeyException on incorrect key. * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void sign(PrivateKey key, String algorithm) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { sign(key, algorithm, null); } @@ -393,21 +386,21 @@ implements Serializable, DerEncoder { * passed (associating a signature algorithm and an X.500 name). * This operation is used to implement the certificate generation * functionality of a certificate authority. - * + * * @param key the private key used for signing. * @param algorithm the name of the signature algorithm used. * @param provider the name of the provider. - * + * * @exception NoSuchAlgorithmException on unsupported signature - * algorithms. + * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public void sign(PrivateKey key, String algorithm, String provider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException { + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { try { if (readOnly) throw new CertificateEncodingException( @@ -420,7 +413,7 @@ implements Serializable, DerEncoder { sigEngine.initSign(key); - // in case the name is reset + // in case the name is reset algId = AlgorithmId.get(sigEngine.getAlgorithm()); DerOutputStream out = new DerOutputStream(); @@ -445,19 +438,19 @@ implements Serializable, DerEncoder { } catch (IOException e) { throw new CertificateEncodingException(e.toString()); - } + } } /** * Checks that the certificate is currently valid, i.e. the current * time is within the specified validity period. - * + * * @exception CertificateExpiredException if the certificate has expired. * @exception CertificateNotYetValidException if the certificate is not - * yet valid. + * yet valid. */ public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException { + throws CertificateExpiredException, CertificateNotYetValidException { Date date = new Date(); checkValidity(date); } @@ -466,21 +459,21 @@ implements Serializable, DerEncoder { * Checks that the specified date is within the certificate's * validity period, or basically if the certificate would be * valid at the specified date/time. - * + * * @param date the Date to check against to see if this certificate - * is valid at that date/time. - * + * is valid at that date/time. + * * @exception CertificateExpiredException if the certificate has expired - * with respect to the <code>date</code> supplied. + * with respect to the <code>date</code> supplied. * @exception CertificateNotYetValidException if the certificate is not - * yet valid with respect to the <code>date</code> supplied. + * yet valid with respect to the <code>date</code> supplied. */ public void checkValidity(Date date) - throws CertificateExpiredException, CertificateNotYetValidException { + throws CertificateExpiredException, CertificateNotYetValidException { CertificateValidity interval = null; try { - interval = (CertificateValidity)info.get(CertificateValidity.NAME); + interval = (CertificateValidity) info.get(CertificateValidity.NAME); } catch (Exception e) { throw new CertificateNotYetValidException("Incorrect validity period"); } @@ -491,12 +484,12 @@ implements Serializable, DerEncoder { /** * Return the requested attribute from the certificate. - * + * * @param name the name of the attribute. * @exception CertificateParsingException on invalid attribute identifier. */ public Object get(String name) - throws CertificateParsingException { + throws CertificateParsingException { X509AttributeName attr = new X509AttributeName(name); String id = attr.getPrefix(); if (!(id.equalsIgnoreCase(NAME))) { @@ -510,37 +503,37 @@ implements Serializable, DerEncoder { if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() != null) { try { - return info.get(attr.getSuffix()); + return info.get(attr.getSuffix()); } catch (IOException e) { throw new CertificateParsingException(e.toString()); } catch (CertificateException e) { throw new CertificateParsingException(e.toString()); } } else { - return(info); + return (info); } } else if (id.equalsIgnoreCase(ALG_ID)) { - return(algId); + return (algId); } else if (id.equalsIgnoreCase(SIGNATURE)) { - return(signature); + return (signature); } else if (id.equalsIgnoreCase(SIGNED_CERT)) { - return(signedCert); + return (signedCert); } else { throw new CertificateParsingException("Attribute name not " - + "recognized or get() not allowed for the same: " + id); + + "recognized or get() not allowed for the same: " + id); } } /** * Set the requested attribute in the certificate. - * + * * @param name the name of the attribute. * @param obj the value of the attribute. * @exception CertificateException on invalid attribute identifier. * @exception IOException on encoding error of attribute. */ public void set(String name, Object obj) - throws CertificateException, IOException { + throws CertificateException, IOException { // check if immutable if (readOnly) throw new CertificateException("cannot over-write existing" @@ -557,15 +550,15 @@ implements Serializable, DerEncoder { if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() == null) { - if (!(obj instanceof X509CertInfo)) { - throw new CertificateException("Attribute value should" + if (!(obj instanceof X509CertInfo)) { + throw new CertificateException("Attribute value should" + " be of type X509CertInfo."); - } - info = (X509CertInfo)obj; - signedCert = null; //reset this as certificate data has changed + } + info = (X509CertInfo) obj; + signedCert = null; //reset this as certificate data has changed } else { - info.set(attr.getSuffix(), obj); - signedCert = null; //reset this as certificate data has changed + info.set(attr.getSuffix(), obj); + signedCert = null; //reset this as certificate data has changed } } else { throw new CertificateException("Attribute name not recognized or " + @@ -575,13 +568,13 @@ implements Serializable, DerEncoder { /** * Delete the requested attribute from the certificate. - * + * * @param name the name of the attribute. * @exception CertificateException on invalid attribute identifier. * @exception IOException on other errors. */ public void delete(String name) - throws CertificateException, IOException { + throws CertificateException, IOException { // check if immutable if (readOnly) throw new CertificateException("cannot over-write existing" @@ -599,9 +592,9 @@ implements Serializable, DerEncoder { if (id.equalsIgnoreCase(INFO)) { if (attr.getSuffix() != null) { - info = null; + info = null; } else { - info.delete(attr.getSuffix()); + info.delete(attr.getSuffix()); } } else if (id.equalsIgnoreCase(ALG_ID)) { algId = null; @@ -626,20 +619,20 @@ implements Serializable, DerEncoder { elements.addElement(NAME + DOT + SIGNATURE); elements.addElement(NAME + DOT + SIGNED_CERT); - return(elements.elements()); + return (elements.elements()); } /** * Return the name of this attribute. */ public String getName() { - return(NAME); + return (NAME); } /** - * Returns a printable representation of the certificate. This does not + * Returns a printable representation of the certificate. This does not * contain all the information available to distinguish this from any - * other certificate. The certificate must be fully constructed + * other certificate. The certificate must be fully constructed * before this function may be called. */ public String toString() { @@ -652,9 +645,9 @@ implements Serializable, DerEncoder { sb.append(info.toString() + "\n"); sb.append(" Algorithm: [" + algId.toString() + "]\n"); - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String signaturebits = pp.toHexString(signature); + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String signaturebits = pp.toHexString(signature); sb.append(" Signature:\n" + signaturebits); sb.append("]"); @@ -665,144 +658,143 @@ implements Serializable, DerEncoder { /** * Gets the publickey from this certificate. - * + * * @return the publickey. */ public PublicKey getPublicKey() { if (info == null) return null; - try { - PublicKey key = (PublicKey)info.get(CertificateX509Key.NAME + try { + PublicKey key = (PublicKey) info.get(CertificateX509Key.NAME + DOT + CertificateX509Key.KEY); - return key; + return key; } catch (Exception e) { - return null; - } + return null; + } } /** * Gets the version number from the certificate. - * + * * @return the version number. */ public int getVersion() { if (info == null) return -1; - try { - int vers = ((Integer)info.get(CertificateVersion.NAME + try { + int vers = ((Integer) info.get(CertificateVersion.NAME + DOT + CertificateVersion.VERSION)).intValue(); - return vers; + return vers; } catch (Exception e) { return -1; - } + } } /** * Gets the serial number from the certificate. - * + * * @return the serial number. */ public BigInteger getSerialNumber() { if (info == null) return null; - try { - SerialNumber ser = (SerialNumber)info.get( + try { + SerialNumber ser = (SerialNumber) info.get( CertificateSerialNumber.NAME + DOT + - CertificateSerialNumber.NUMBER); - return ((BigInt)ser.getNumber()).toBigInteger(); + CertificateSerialNumber.NUMBER); + return ((BigInt) ser.getNumber()).toBigInteger(); } catch (Exception e) { return null; - } + } } /** * Gets the subject distinguished name from the certificate. - * + * * @return the subject name. */ public Principal getSubjectDN() { if (info == null) return null; - try { - Principal subject = (Principal)info.get( + try { + Principal subject = (Principal) info.get( CertificateSubjectName.NAME + DOT + - CertificateSubjectName.DN_NAME); - return subject; + CertificateSubjectName.DN_NAME); + return subject; } catch (Exception e) { return null; - } + } } /** * Gets the issuer distinguished name from the certificate. - * + * * @return the issuer name. */ public Principal getIssuerDN() { if (info == null) return null; - try { - Principal issuer = (Principal)info.get( + try { + Principal issuer = (Principal) info.get( CertificateIssuerName.NAME + DOT + - CertificateIssuerName.DN_NAME); - return issuer; + CertificateIssuerName.DN_NAME); + return issuer; } catch (Exception e) { return null; - } + } } /** * Gets the notBefore date from the validity period of the certificate. - * + * * @return the start date of the validity period. */ public Date getNotBefore() { if (info == null) return null; - try { - Date d = (Date) info.get(CertificateValidity.NAME + DOT + + try { + Date d = (Date) info.get(CertificateValidity.NAME + DOT + CertificateValidity.NOT_BEFORE); - return d; + return d; } catch (Exception e) { return null; - } + } } /** * Gets the notAfter date from the validity period of the certificate. - * + * * @return the end date of the validity period. */ public Date getNotAfter() { if (info == null) return null; - try { - Date d = (Date) info.get(CertificateValidity.NAME + DOT + + try { + Date d = (Date) info.get(CertificateValidity.NAME + DOT + CertificateValidity.NOT_AFTER); - return d; + return d; } catch (Exception e) { return null; - } + } } /** - * Gets the DER encoded certificate informations, the - * <code>tbsCertificate</code> from this certificate. + * Gets the DER encoded certificate informations, the <code>tbsCertificate</code> from this certificate. * This can be used to verify the signature independently. - * + * * @return the DER encoded certificate information. * @exception CertificateEncodingException if an encoding error occurs. */ public byte[] getTBSCertificate() throws CertificateEncodingException { if (info != null) { - return info.getEncodedInfo(); + return info.getEncodedInfo(); } else throw new CertificateEncodingException("Uninitialized certificate"); } /** * Gets the raw Signature bits from the certificate. - * + * * @return the signature. */ public byte[] getSignature() { @@ -817,169 +809,170 @@ implements Serializable, DerEncoder { * Gets the signature algorithm name for the certificate * signature algorithm. * For example, the string "SHA-1/DSA" or "DSS". - * + * * @return the signature algorithm name. */ public String getSigAlgName() { if (algId == null) return null; - return (algId.getName()); + return (algId.getName()); } /** * Gets the signature algorithm OID string from the certificate. * For example, the string "1.2.840.10040.4.3" - * + * * @return the signature algorithm oid string. */ public String getSigAlgOID() { if (algId == null) return null; - ObjectIdentifier oid = algId.getOID(); - return (oid.toString()); + ObjectIdentifier oid = algId.getOID(); + return (oid.toString()); } /** * Gets the DER encoded signature algorithm parameters from this * certificate's signature algorithm. - * + * * @return the DER encoded signature algorithm parameters, or * null if no parameters are present. */ public byte[] getSigAlgParams() { if (algId == null) return null; - try { - return algId.getEncodedParams(); - } catch (IOException e) { + try { + return algId.getEncodedParams(); + } catch (IOException e) { return null; - } + } } /** * Gets the Issuer Unique Identity from the certificate. - * + * * @return the Issuer Unique Identity. */ public boolean[] getIssuerUniqueID() { if (info == null) return null; - try { - UniqueIdentity id = (UniqueIdentity)info.get( + try { + UniqueIdentity id = (UniqueIdentity) info.get( CertificateIssuerUniqueIdentity.NAME - + DOT + CertificateIssuerUniqueIdentity.ID); + + DOT + CertificateIssuerUniqueIdentity.ID); if (id == null) return null; else return (id.getId()); } catch (Exception e) { return null; - } + } } /** * Gets the Subject Unique Identity from the certificate. - * + * * @return the Subject Unique Identity. */ public boolean[] getSubjectUniqueID() { if (info == null) return null; - try { - UniqueIdentity id = (UniqueIdentity)info.get( + try { + UniqueIdentity id = (UniqueIdentity) info.get( CertificateSubjectUniqueIdentity.NAME - + DOT + CertificateSubjectUniqueIdentity.ID); + + DOT + CertificateSubjectUniqueIdentity.ID); if (id == null) return null; else return (id.getId()); } catch (Exception e) { return null; - } + } } /** * Gets a Set of the extension(s) marked CRITICAL in the * certificate by OID strings. - * + * * @return a set of the extension oid strings in the - * certificate that are marked critical. + * certificate that are marked critical. */ public Set<String> getCriticalExtensionOIDs() { if (info == null) return null; - try { - CertificateExtensions exts = (CertificateExtensions)info.get( + try { + CertificateExtensions exts = (CertificateExtensions) info.get( CertificateExtensions.NAME); - if (exts == null) + if (exts == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration<Extension> e = exts.getAttributes(); e.hasMoreElements(); ) { + for (Enumeration<Extension> e = exts.getAttributes(); e.hasMoreElements();) { ex = e.nextElement(); - if (ex.isCritical()) - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); - } + if (ex.isCritical()) + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); + } return extSet; } catch (Exception e) { return null; - } + } } /** * Gets a Set of the extension(s) marked NON-CRITICAL in the * certificate by OID strings. - * + * * @return a set of the extension oid strings in the - * certificate that are NOT marked critical. + * certificate that are NOT marked critical. */ public Set<String> getNonCriticalExtensionOIDs() { if (info == null) return null; - try { - CertificateExtensions exts = (CertificateExtensions)info.get( + try { + CertificateExtensions exts = (CertificateExtensions) info.get( CertificateExtensions.NAME); - if (exts == null) + if (exts == null) return null; Set<String> extSet = new LinkedHashSet<String>(); Extension ex; - for (Enumeration<Extension> e = exts.getAttributes(); e.hasMoreElements(); ) { + for (Enumeration<Extension> e = exts.getAttributes(); e.hasMoreElements();) { ex = e.nextElement(); - if ( ! ex.isCritical()) - extSet.add(((ObjectIdentifier)ex.getExtensionId()).toString()); - } + if (!ex.isCritical()) + extSet.add(((ObjectIdentifier) ex.getExtensionId()).toString()); + } return extSet; } catch (Exception e) { return null; - } + } } public Extension getExtension(String oid) { try { - CertificateExtensions exts = (CertificateExtensions)info.get( + CertificateExtensions exts = (CertificateExtensions) info.get( CertificateExtensions.NAME); - if (exts == null) - return null; - ObjectIdentifier findOID = new ObjectIdentifier(oid); - Extension ex = null;; - ObjectIdentifier inCertOID; - for (Enumeration<Extension> e=exts.getAttributes(); e.hasMoreElements();) { - ex = e.nextElement(); - inCertOID = ex.getExtensionId(); - if (inCertOID.equals(findOID)) { - return ex; - } - } + if (exts == null) + return null; + ObjectIdentifier findOID = new ObjectIdentifier(oid); + Extension ex = null; + ; + ObjectIdentifier inCertOID; + for (Enumeration<Extension> e = exts.getAttributes(); e.hasMoreElements();) { + ex = e.nextElement(); + inCertOID = ex.getExtensionId(); + if (inCertOID.equals(findOID)) { + return ex; + } + } } catch (Exception e) { - } + } return null; } /** * Gets the DER encoded extension identified by the passed * in oid String. - * + * * @param oid the Object Identifier value for the extension. */ public byte[] getExtensionValue(String oid) { @@ -989,33 +982,34 @@ implements Serializable, DerEncoder { if (extAlias == null) { // may be unknown // get the extensions, search thru' for this oid - CertificateExtensions exts = (CertificateExtensions)info.get( + CertificateExtensions exts = (CertificateExtensions) info.get( CertificateExtensions.NAME); - if (exts == null) - return null; - - ObjectIdentifier findOID = new ObjectIdentifier(oid); - Extension ex = null;; - ObjectIdentifier inCertOID; - for (Enumeration<Extension> e=exts.getAttributes(); e.hasMoreElements();) { - ex = e.nextElement(); - inCertOID = ex.getExtensionId(); - if (inCertOID.equals(findOID)) { - certExt = ex; - break; - } - } + if (exts == null) + return null; + + ObjectIdentifier findOID = new ObjectIdentifier(oid); + Extension ex = null; + ; + ObjectIdentifier inCertOID; + for (Enumeration<Extension> e = exts.getAttributes(); e.hasMoreElements();) { + ex = e.nextElement(); + inCertOID = ex.getExtensionId(); + if (inCertOID.equals(findOID)) { + certExt = ex; + break; + } + } } else { // there's sub-class that can handle this extension - certExt = (Extension)this.get(extAlias); + certExt = (Extension) this.get(extAlias); } if (certExt == null) - return null; + return null; byte[] extData = certExt.getExtensionValue(); if (extData == null) return null; - DerOutputStream out = new DerOutputStream(); - out.putOctetString(extData); + DerOutputStream out = new DerOutputStream(); + out.putOctetString(extData); return out.toByteArray(); } catch (Exception e) { return null; @@ -1025,17 +1019,18 @@ implements Serializable, DerEncoder { /** * Get a boolean array representing the bits of the KeyUsage extension, * (oid = 2.5.29.15). + * * @return the bit values of this extension as an array of booleans. */ public boolean[] getKeyUsage() { try { - String extAlias = OIDMap.getName(new ObjectIdentifier( + String extAlias = OIDMap.getName(new ObjectIdentifier( KEY_USAGE_OID)); - if (extAlias == null) + if (extAlias == null) return null; - KeyUsageExtension certExt = (KeyUsageExtension)this.get(extAlias); - if (certExt == null) + KeyUsageExtension certExt = (KeyUsageExtension) this.get(extAlias); + if (certExt == null) return null; return certExt.getBits(); @@ -1047,22 +1042,22 @@ implements Serializable, DerEncoder { /** * Get the certificate constraints path length from the * the critical BasicConstraints extension, (oid = 2.5.29.19). + * * @return the length of the constraint. */ public int getBasicConstraints() { try { - String extAlias = OIDMap.getName(new ObjectIdentifier( + String extAlias = OIDMap.getName(new ObjectIdentifier( BASIC_CONSTRAINT_OID)); - if (extAlias == null) + if (extAlias == null) return -1; - BasicConstraintsExtension certExt = - (BasicConstraintsExtension)this.get(extAlias); - if (certExt == null) + BasicConstraintsExtension certExt = + (BasicConstraintsExtension) this.get(extAlias); + if (certExt == null) return -1; - if (((Boolean)certExt.get(BasicConstraintsExtension.IS_CA) - ).booleanValue() == true) - return ((Integer)certExt.get( + if (((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue() == true) + return ((Integer) certExt.get( BasicConstraintsExtension.PATH_LEN)).intValue(); else return -1; @@ -1080,11 +1075,11 @@ implements Serializable, DerEncoder { return false; BasicConstraintsExtension certExt = - (BasicConstraintsExtension)this.get(extAlias); + (BasicConstraintsExtension) this.get(extAlias); if (certExt == null) return false; - isCA = ((Boolean)certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); + isCA = ((Boolean) certExt.get(BasicConstraintsExtension.IS_CA)).booleanValue(); } catch (Exception e) { return false; } @@ -1110,7 +1105,7 @@ implements Serializable, DerEncoder { "cannot over-write existing certificate"); readOnly = true; - DerValue seq[] = new DerValue[3]; + DerValue seq[] = new DerValue[3]; seq[0] = val.data.getDerValue(); seq[1] = val.data.getDerValue(); @@ -1134,9 +1129,9 @@ implements Serializable, DerEncoder { throw new CertificateParsingException("signed fields overrun"); // The CertificateInfo - if (info == null) { - info = new X509CertInfo(seq[0]); - } + if (info == null) { + info = new X509CertInfo(seq[0]); + } } /** @@ -1146,7 +1141,7 @@ implements Serializable, DerEncoder { * serialization subsystem, then the cert data.) */ private synchronized void writeObject(ObjectOutputStream stream) - throws CertificateException, IOException { + throws CertificateException, IOException { encode(stream); } @@ -1155,7 +1150,7 @@ implements Serializable, DerEncoder { * themselves, and they're parsed when they get read back. */ private synchronized void readObject(ObjectInputStream stream) - throws CertificateException, IOException { + throws CertificateException, IOException { decode(stream); } @@ -1170,11 +1165,12 @@ implements Serializable, DerEncoder { /** * Construct the alternate Certificate class with the Certificate * type and Certificate encoding bytes. - * + * * <p> - * - * @param type the standard name of the Certificate type. <p> - * + * + * @param type the standard name of the Certificate type. + * <p> + * * @param data the Certificate data. */ protected CertificateRep1(String type, byte[] data) { @@ -1184,26 +1180,25 @@ implements Serializable, DerEncoder { /** * Resolve the Certificate Object. - * + * * <p> - * + * * @return the resolved Certificate Object. - * + * * @throws java.io.ObjectStreamException if the Certificate could not - * be resolved. + * be resolved. */ protected Object readResolve() throws java.io.ObjectStreamException { try { CertificateFactory cf = CertificateFactory.getInstance(type1); return new X509CertImpl(data1); -/* - return cf.generateCertificate - (new java.io.ByteArrayInputStream(data1)); -*/ + /* + return cf.generateCertificate + (new java.io.ByteArrayInputStream(data1)); + */ } catch (CertificateException e) { - throw new java.io.NotSerializableException - ("java.security.cert.Certificate: " + + throw new java.io.NotSerializableException("java.security.cert.Certificate: " + type1 + ": " + e.getMessage()); @@ -1216,8 +1211,7 @@ implements Serializable, DerEncoder { try { return new CertificateRep1("X.509", getEncoded()); } catch (CertificateException e) { - throw new java.io.NotSerializableException - ("java.security.cert.Certificate: " + + throw new java.io.NotSerializableException("java.security.cert.Certificate: " + "X.509" + ": " + e.getMessage()); diff --git a/pki/base/util/src/netscape/security/x509/X509CertInfo.java b/pki/base/util/src/netscape/security/x509/X509CertInfo.java index 1178d6a3..262e0e48 100644 --- a/pki/base/util/src/netscape/security/x509/X509CertInfo.java +++ b/pki/base/util/src/netscape/security/x509/X509CertInfo.java @@ -34,27 +34,23 @@ import netscape.security.util.DerInputStream; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** * The X509CertInfo class represents X.509 certificate information. - * - * <P>X.509 certificates have several base data elements, including:<UL> - * - * <LI>The <em>Subject Name</em>, an X.500 Distinguished Name for - * the entity (subject) for which the certificate was issued. - * - * <LI>The <em>Subject Public Key</em>, the public key of the subject. - * This is one of the most important parts of the certificate. - * - * <LI>The <em>Validity Period</em>, a time period (e.g. six months) - * within which the certificate is valid (unless revoked). - * - * <LI>The <em>Issuer Name</em>, an X.500 Distinguished Name for the - * Certificate Authority (CA) which issued the certificate. - * - * <LI>A <em>Serial Number</em> assigned by the CA, for use in - * certificate revocation and other applications. - * + * + * <P> + * X.509 certificates have several base data elements, including: + * <UL> + * + * <LI>The <em>Subject Name</em>, an X.500 Distinguished Name for the entity (subject) for which the certificate was issued. + * + * <LI>The <em>Subject Public Key</em>, the public key of the subject. This is one of the most important parts of the certificate. + * + * <LI>The <em>Validity Period</em>, a time period (e.g. six months) within which the certificate is valid (unless revoked). + * + * <LI>The <em>Issuer Name</em>, an X.500 Distinguished Name for the Certificate Authority (CA) which issued the certificate. + * + * <LI>A <em>Serial Number</em> assigned by the CA, for use in certificate revocation and other applications. + * * @author Amit Kapoor * @author Hemma Prafullchandra * @version 1.16 @@ -70,7 +66,7 @@ public class X509CertInfo implements CertAttrSet, Serializable { /** * Identifier for this attribute, to be used with the * get, set, delete methods of Certificate, x509 type. - */ + */ public static final String IDENT = "x509.info"; // Certificate attribute names public static final String NAME = "info"; @@ -87,19 +83,19 @@ public class X509CertInfo implements CertAttrSet, Serializable { // X509.v1 data protected CertificateVersion version = new CertificateVersion(); - protected CertificateSerialNumber serialNum = null; - protected CertificateAlgorithmId algId = null; - protected CertificateIssuerName issuer = null; - protected CertificateValidity interval = null; - protected CertificateSubjectName subject = null; - protected CertificateX509Key pubKey = null; - + protected CertificateSerialNumber serialNum = null; + protected CertificateAlgorithmId algId = null; + protected CertificateIssuerName issuer = null; + protected CertificateValidity interval = null; + protected CertificateSubjectName subject = null; + protected CertificateX509Key pubKey = null; + // X509.v2 & v3 extensions - protected CertificateIssuerUniqueIdentity issuerUniqueId = null; - protected CertificateSubjectUniqueIdentity subjectUniqueId = null; - + protected CertificateIssuerUniqueIdentity issuerUniqueId = null; + protected CertificateSubjectUniqueIdentity subjectUniqueId = null; + // X509.v3 extensions - protected CertificateExtensions extensions = null; + protected CertificateExtensions extensions = null; // Attribute numbers for internal manipulation private static final int ATTR_VERSION = 1; @@ -114,8 +110,8 @@ public class X509CertInfo implements CertAttrSet, Serializable { private static final int ATTR_EXTENSIONS = 10; // DER encoded CertificateInfo data - private byte[] rawCertInfo = null; - + private byte[] rawCertInfo = null; + // The certificate attribute name to integer mapping stored here private static final Hashtable<String, Integer> map = new Hashtable<String, Integer>(); static { @@ -130,7 +126,7 @@ public class X509CertInfo implements CertAttrSet, Serializable { map.put(SUBJECT_ID, Integer.valueOf(ATTR_SUBJECT_ID)); map.put(EXTENSIONS, Integer.valueOf(ATTR_EXTENSIONS)); } - + /** * Construct an uninitialized X509CertInfo on which <a href="#decode"> * decode</a> must later be called (or which may be deserialized). @@ -140,19 +136,19 @@ public class X509CertInfo implements CertAttrSet, Serializable { /** * Unmarshals a certificate from its encoded form, parsing the - * encoded bytes. This form of constructor is used by agents which - * need to examine and use certificate contents. That is, this is - * one of the more commonly used constructors. Note that the buffer + * encoded bytes. This form of constructor is used by agents which + * need to examine and use certificate contents. That is, this is + * one of the more commonly used constructors. Note that the buffer * must include only a certificate, and no "garbage" may be left at - * the end. If you need to ignore data at the end of a certificate, + * the end. If you need to ignore data at the end of a certificate, * use another constructor. - * + * * @param cert the encoded bytes, with no trailing data. * @exception CertificateParsingException on parsing errors. */ public X509CertInfo(byte[] cert) throws CertificateParsingException { try { - DerValue in = new DerValue(cert); + DerValue in = new DerValue(cert); parse(in); } catch (IOException e) { @@ -164,7 +160,7 @@ public class X509CertInfo implements CertAttrSet, Serializable { * Unmarshal a certificate from its encoded form, parsing a DER value. * This form of constructor is used by agents which need to examine * and use certificate contents. - * + * * @param derVal the der value containing the encoded cert. * @exception CertificateParsingException on parsing errors. */ @@ -178,35 +174,36 @@ public class X509CertInfo implements CertAttrSet, Serializable { /** * Decode an X.509 certificate from an input stream. - * + * * @param in an input stream holding at least one certificate * @exception CertificateParsingException on decoding errors. * @exception IOException on other errors. */ public void decode(InputStream in) - throws CertificateParsingException, IOException { - DerValue val = new DerValue(in); + throws CertificateParsingException, IOException { + DerValue val = new DerValue(in); parse(val); } /** * Appends the certificate to an output stream. - * + * * @param out an output stream to which the certificate is appended. * @exception CertificateException on encoding errors. * @exception IOException on other errors. */ public void encode(OutputStream out) - throws CertificateException, IOException { + throws CertificateException, IOException { encode(out, false); } /** * Appends the certificate to an output stream. - * @param out An output stream to which the certificate is appended. - * @param ignoreCache Whether to ignore the internal cache when encoding. - * (the cache can easily become out of date). + * + * @param out An output stream to which the certificate is appended. + * @param ignoreCache Whether to ignore the internal cache when encoding. + * (the cache can easily become out of date). */ public void encode(OutputStream out, boolean ignoreCache) throws IOException, CertificateException { @@ -235,19 +232,19 @@ public class X509CertInfo implements CertAttrSet, Serializable { elements.addElement(SUBJECT_ID); elements.addElement(EXTENSIONS); - return(elements.elements()); + return (elements.elements()); } /** * Return the name of this attribute. */ public String getName() { - return(NAME); + return (NAME); } /** * Returns the encoded certificate info. - * + * * @exception CertificateEncodingException on encoding information errors. */ public byte[] getEncodedInfo() throws CertificateEncodingException { @@ -272,10 +269,10 @@ public class X509CertInfo implements CertAttrSet, Serializable { } /** - * Compares two X509CertInfo objects. This is false if the + * Compares two X509CertInfo objects. This is false if the * certificates are not both X.509 certs, otherwise it * compares them as binary data. - * + * * @param other the object being compared with this one * @return true iff the certificates are equivalent */ @@ -290,37 +287,37 @@ public class X509CertInfo implements CertAttrSet, Serializable { /** * Compares two certificates, returning false if any data * differs between the two. - * + * * @param other the object being compared with this one * @return true iff the certificates are equivalent */ public boolean equals(X509CertInfo other) { if (this == other) { - return(true); + return (true); } else if (rawCertInfo == null || other.rawCertInfo == null) { - return(false); + return (false); } else if (rawCertInfo.length != other.rawCertInfo.length) { - return(false); + return (false); } for (int i = 0; i < rawCertInfo.length; i++) { if (rawCertInfo[i] != other.rawCertInfo[i]) { - return(false); + return (false); } } - return(true); + return (true); } /** - * Calculates a hash code value for the object. Objects + * Calculates a hash code value for the object. Objects * which are equal will also have the same hashcode. */ public int hashCode() { - int retval = 0; + int retval = 0; for (int i = 1; i < rawCertInfo.length; i++) { retval += rawCertInfo[i] * i; } - return(retval); + return (retval); } /** @@ -329,8 +326,8 @@ public class X509CertInfo implements CertAttrSet, Serializable { public String toString() { if (subject == null || pubKey == null || interval == null - || issuer == null || algId == null || serialNum == null) { - throw new NullPointerException("X.509 cert is incomplete"); + || issuer == null || algId == null || serialNum == null) { + throw new NullPointerException("X.509 cert is incomplete"); } StringBuffer sb = new StringBuffer(); @@ -351,11 +348,11 @@ public class X509CertInfo implements CertAttrSet, Serializable { sb.append(" Subject Id:\n" + subjectUniqueId.toString() + "\n"); } if (extensions != null) { - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); for (int i = 0; i < extensions.size(); i++) { - sb.append(" Extension[" + i + "] = "); - Extension ext = (Extension)extensions.elementAt(i); + sb.append(" Extension[" + i + "] = "); + Extension ext = (Extension) extensions.elementAt(i); try { if (OIDMap.getClass(ext.getExtensionId()) == null) { sb.append(ext.toString()); @@ -364,7 +361,7 @@ public class X509CertInfo implements CertAttrSet, Serializable { DerOutputStream out = new DerOutputStream(); out.putOctetString(extValue); extValue = out.toByteArray(); - String extValuebits = pp.toHexString(extValue); + String extValuebits = pp.toHexString(extValue); sb.append("Extension unknown: " + "DER encoded OCTET string =\n" + extValuebits); @@ -382,14 +379,14 @@ public class X509CertInfo implements CertAttrSet, Serializable { /** * Set the certificate attribute. - * + * * @param name the name of the Certificate attribute. * @param val the value of the Certificate attribute. * @exception CertificateException on invalid attributes. * @exception IOException on other errors. */ public void set(String name, Object val) - throws CertificateException, IOException { + throws CertificateException, IOException { X509AttributeName attrName = new X509AttributeName(name); int attr = attributeMap(attrName.getPrefix()); @@ -403,81 +400,81 @@ public class X509CertInfo implements CertAttrSet, Serializable { switch (attr) { case ATTR_VERSION: if (attrName.getSuffix() == null) { - setVersion(val); + setVersion(val); } else { - version.set(attrName.getSuffix(),val); + version.set(attrName.getSuffix(), val); } break; case ATTR_SERIAL: if (attrName.getSuffix() == null) { - setSerialNumber(val); + setSerialNumber(val); } else { - serialNum.set(attrName.getSuffix(),val); + serialNum.set(attrName.getSuffix(), val); } break; case ATTR_ALGORITHM: if (attrName.getSuffix() == null) { - setAlgorithmId(val); + setAlgorithmId(val); } else { - algId.set(attrName.getSuffix(),val); + algId.set(attrName.getSuffix(), val); } break; case ATTR_ISSUER: if (attrName.getSuffix() == null) { - setIssuer(val); + setIssuer(val); } else { - issuer.set(attrName.getSuffix(),val); + issuer.set(attrName.getSuffix(), val); } break; case ATTR_VALIDITY: if (attrName.getSuffix() == null) { - setValidity(val); + setValidity(val); } else { - interval.set(attrName.getSuffix(),val); + interval.set(attrName.getSuffix(), val); } break; case ATTR_SUBJECT: if (attrName.getSuffix() == null) { - setSubject(val); + setSubject(val); } else { - subject.set(attrName.getSuffix(),val); + subject.set(attrName.getSuffix(), val); } break; case ATTR_KEY: if (attrName.getSuffix() == null) { - setKey(val); + setKey(val); } else { - pubKey.set(attrName.getSuffix(),val); + pubKey.set(attrName.getSuffix(), val); } break; case ATTR_ISSUER_ID: if (attrName.getSuffix() == null) { - setIssuerUniqueId(val); + setIssuerUniqueId(val); } else { - issuerUniqueId.set(attrName.getSuffix(),val); + issuerUniqueId.set(attrName.getSuffix(), val); } break; case ATTR_SUBJECT_ID: if (attrName.getSuffix() == null) { - setSubjectUniqueId(val); + setSubjectUniqueId(val); } else { - subjectUniqueId.set(attrName.getSuffix(),val); + subjectUniqueId.set(attrName.getSuffix(), val); } break; case ATTR_EXTENSIONS: if (attrName.getSuffix() == null) { - setExtensions(val); + setExtensions(val); } else { - extensions.set(attrName.getSuffix(),val); + extensions.set(attrName.getSuffix(), val); } break; } @@ -485,13 +482,13 @@ public class X509CertInfo implements CertAttrSet, Serializable { /** * Delete the certificate attribute. - * + * * @param name the name of the Certificate attribute. * @exception CertificateException on invalid attributes. * @exception IOException on other errors. */ public void delete(String name) - throws CertificateException, IOException { + throws CertificateException, IOException { X509AttributeName attrName = new X509AttributeName(name); int attr = attributeMap(attrName.getPrefix()); @@ -505,72 +502,72 @@ public class X509CertInfo implements CertAttrSet, Serializable { switch (attr) { case ATTR_VERSION: if (attrName.getSuffix() == null) { - version = null; + version = null; } else { - version.delete(attrName.getSuffix()); + version.delete(attrName.getSuffix()); } break; case (ATTR_SERIAL): if (attrName.getSuffix() == null) { - serialNum = null; + serialNum = null; } else { - serialNum.delete(attrName.getSuffix()); + serialNum.delete(attrName.getSuffix()); } break; case (ATTR_ALGORITHM): if (attrName.getSuffix() == null) { - algId = null; + algId = null; } else { - algId.delete(attrName.getSuffix()); + algId.delete(attrName.getSuffix()); } break; case (ATTR_ISSUER): if (attrName.getSuffix() == null) { - issuer = null; + issuer = null; } else { - issuer.delete(attrName.getSuffix()); + issuer.delete(attrName.getSuffix()); } break; case (ATTR_VALIDITY): if (attrName.getSuffix() == null) { - interval = null; + interval = null; } else { - interval.delete(attrName.getSuffix()); + interval.delete(attrName.getSuffix()); } break; case (ATTR_SUBJECT): if (attrName.getSuffix() == null) { - subject = null; + subject = null; } else { - subject.delete(attrName.getSuffix()); + subject.delete(attrName.getSuffix()); } break; case (ATTR_KEY): if (attrName.getSuffix() == null) { - pubKey = null; + pubKey = null; } else { - pubKey.delete(attrName.getSuffix()); + pubKey.delete(attrName.getSuffix()); } break; case (ATTR_ISSUER_ID): if (attrName.getSuffix() == null) { - issuerUniqueId = null; + issuerUniqueId = null; } else { - issuerUniqueId.delete(attrName.getSuffix()); + issuerUniqueId.delete(attrName.getSuffix()); } break; case (ATTR_SUBJECT_ID): if (attrName.getSuffix() == null) { - subjectUniqueId = null; + subjectUniqueId = null; } else { - subjectUniqueId.delete(attrName.getSuffix()); + subjectUniqueId.delete(attrName.getSuffix()); } break; case (ATTR_EXTENSIONS): if (attrName.getSuffix() == null) { - extensions = null; + extensions = null; } else { - extensions.delete(attrName.getSuffix()); + extensions.delete(attrName.getSuffix()); } break; } @@ -578,14 +575,14 @@ public class X509CertInfo implements CertAttrSet, Serializable { /** * Get the certificate attribute. - * + * * @param name the name of the Certificate attribute. - * + * * @exception CertificateException on invalid attributes. * @exception IOException on other errors. */ public Object get(String name) - throws CertificateException, IOException { + throws CertificateException, IOException { X509AttributeName attrName = new X509AttributeName(name); int attr = attributeMap(attrName.getPrefix()); @@ -597,72 +594,72 @@ public class X509CertInfo implements CertAttrSet, Serializable { switch (attr) { case (ATTR_VERSION): if (attrName.getSuffix() == null) { - return(version); + return (version); } else { - return(version.get(attrName.getSuffix())); + return (version.get(attrName.getSuffix())); } case (ATTR_SERIAL): if (attrName.getSuffix() == null) { - return(serialNum); + return (serialNum); } else { - return(serialNum.get(attrName.getSuffix())); + return (serialNum.get(attrName.getSuffix())); } case (ATTR_ALGORITHM): if (attrName.getSuffix() == null) { - return(algId); + return (algId); } else { - return(algId.get(attrName.getSuffix())); + return (algId.get(attrName.getSuffix())); } case (ATTR_ISSUER): if (attrName.getSuffix() == null) { - return(issuer); + return (issuer); } else { - return(issuer.get(attrName.getSuffix())); + return (issuer.get(attrName.getSuffix())); } case (ATTR_VALIDITY): if (attrName.getSuffix() == null) { - return(interval); + return (interval); } else { - return(interval.get(attrName.getSuffix())); + return (interval.get(attrName.getSuffix())); } case (ATTR_SUBJECT): if (attrName.getSuffix() == null) { - return(subject); + return (subject); } else { - return(subject.get(attrName.getSuffix())); + return (subject.get(attrName.getSuffix())); } case (ATTR_KEY): if (attrName.getSuffix() == null) { - return(pubKey); + return (pubKey); } else { - return(pubKey.get(attrName.getSuffix())); + return (pubKey.get(attrName.getSuffix())); } case (ATTR_ISSUER_ID): if (attrName.getSuffix() == null) { - return(issuerUniqueId); + return (issuerUniqueId); } else { if (issuerUniqueId == null) return null; else - return(issuerUniqueId.get(attrName.getSuffix())); + return (issuerUniqueId.get(attrName.getSuffix())); } case (ATTR_SUBJECT_ID): if (attrName.getSuffix() == null) { - return(subjectUniqueId); + return (subjectUniqueId); } else { if (subjectUniqueId == null) return null; else - return(subjectUniqueId.get(attrName.getSuffix())); + return (subjectUniqueId.get(attrName.getSuffix())); } case (ATTR_EXTENSIONS): if (attrName.getSuffix() == null) { - return(extensions); + return (extensions); } else { if (extensions == null) return null; else - return(extensions.get(attrName.getSuffix())); + return (extensions.get(attrName.getSuffix())); } } return null; @@ -672,9 +669,9 @@ public class X509CertInfo implements CertAttrSet, Serializable { * This routine unmarshals the certificate information. */ private void parse(DerValue val) - throws CertificateParsingException, IOException { - DerInputStream in; - DerValue tmp; + throws CertificateParsingException, IOException { + DerInputStream in; + DerValue tmp; if (val.tag != DerValue.tag_Sequence) { throw new CertificateParsingException("signed fields invalid"); @@ -685,11 +682,11 @@ public class X509CertInfo implements CertAttrSet, Serializable { // Version tmp = in.getDerValue(); - if (tmp.isContextSpecific((byte)0)) { + if (tmp.isContextSpecific((byte) 0)) { version = new CertificateVersion(tmp); tmp = in.getDerValue(); } - + // Serial number ... an integer serialNum = new CertificateSerialNumber(tmp); @@ -711,7 +708,7 @@ public class X509CertInfo implements CertAttrSet, Serializable { // If more data available, make sure version is not v1. if (in.available() != 0) { if (version.compare(CertificateVersion.V1) == 0) { - throw new CertificateParsingException("excess cert data"); + throw new CertificateParsingException("excess cert data"); } } else { return; @@ -719,19 +716,19 @@ public class X509CertInfo implements CertAttrSet, Serializable { // Get the issuerUniqueId if present tmp = in.getDerValue(); - if (tmp.isContextSpecific((byte)1)) { + if (tmp.isContextSpecific((byte) 1)) { issuerUniqueId = new CertificateIssuerUniqueIdentity(tmp); if (in.available() == 0) { - return; + return; } tmp = in.getDerValue(); } // Get the subjectUniqueId if present. - if (tmp.isContextSpecific((byte)2)) { + if (tmp.isContextSpecific((byte) 2)) { subjectUniqueId = new CertificateSubjectUniqueIdentity(tmp); if (in.available() == 0) { - return; + return; } tmp = in.getDerValue(); } @@ -740,7 +737,7 @@ public class X509CertInfo implements CertAttrSet, Serializable { if (version.compare(CertificateVersion.V3) != 0) { throw new CertificateParsingException("excess cert data"); } - if (tmp.isConstructed() && tmp.isContextSpecific((byte)3)) { + if (tmp.isConstructed() && tmp.isContextSpecific((byte) 3)) { extensions = new CertificateExtensions(tmp.data); } } @@ -749,7 +746,7 @@ public class X509CertInfo implements CertAttrSet, Serializable { * Marshal the contents of a "raw" certificate into a DER sequence. */ private void emit(DerOutputStream out) - throws CertificateException, IOException { + throws CertificateException, IOException { DerOutputStream tmp = new DerOutputStream(); // version number, iff not V1 @@ -790,7 +787,7 @@ public class X509CertInfo implements CertAttrSet, Serializable { * serialization subsystem, then the cert data.) */ private synchronized void writeObject(ObjectOutputStream stream) - throws CertificateException, IOException { + throws CertificateException, IOException { encode(stream); } @@ -799,8 +796,8 @@ public class X509CertInfo implements CertAttrSet, Serializable { * themselves, and they're parsed when they get read back. */ private synchronized void readObject(ObjectInputStream stream) - throws CertificateException, IOException { - decode(stream); + throws CertificateException, IOException { + decode(stream); } /** @@ -809,14 +806,14 @@ public class X509CertInfo implements CertAttrSet, Serializable { private int attributeMap(String name) { Integer num = map.get(name); if (num == null) { - return(0); + return (0); } - return(num.intValue()); + return (num.intValue()); } /** * Set the version number of the certificate. - * + * * @param val the Object class value for the Extensions * @exception CertificateException on invalid data. */ @@ -824,12 +821,12 @@ public class X509CertInfo implements CertAttrSet, Serializable { if (!(val instanceof CertificateVersion)) { throw new CertificateException("Version class type invalid."); } - version = (CertificateVersion)val; + version = (CertificateVersion) val; } /** * Set the serial number of the certificate. - * + * * @param val the Object class value for the CertificateSerialNumber * @exception CertificateException on invalid data. */ @@ -837,82 +834,82 @@ public class X509CertInfo implements CertAttrSet, Serializable { if (!(val instanceof CertificateSerialNumber)) { throw new CertificateException("SerialNumber class type invalid."); } - serialNum = (CertificateSerialNumber)val; + serialNum = (CertificateSerialNumber) val; } /** * Set the algorithm id of the certificate. - * + * * @param val the Object class value for the AlgorithmId * @exception CertificateException on invalid data. */ private void setAlgorithmId(Object val) throws CertificateException { if (!(val instanceof CertificateAlgorithmId)) { throw new CertificateException( - "AlgorithmId class type invalid."); + "AlgorithmId class type invalid."); } - algId = (CertificateAlgorithmId)val; + algId = (CertificateAlgorithmId) val; } /** * Set the issuer name of the certificate. - * + * * @param val the Object class value for the issuer * @exception CertificateException on invalid data. */ private void setIssuer(Object val) throws CertificateException { if (!(val instanceof CertificateIssuerName)) { throw new CertificateException( - "Issuer class type invalid."); + "Issuer class type invalid."); } - issuer = (CertificateIssuerName)val; + issuer = (CertificateIssuerName) val; } /** * Set the validity interval of the certificate. - * + * * @param val the Object class value for the CertificateValidity * @exception CertificateException on invalid data. */ private void setValidity(Object val) throws CertificateException { if (!(val instanceof CertificateValidity)) { throw new CertificateException( - "CertificateValidity class type invalid."); + "CertificateValidity class type invalid."); } - interval = (CertificateValidity)val; + interval = (CertificateValidity) val; } /** * Set the subject name of the certificate. - * + * * @param val the Object class value for the Subject * @exception CertificateException on invalid data. */ private void setSubject(Object val) throws CertificateException { if (!(val instanceof CertificateSubjectName)) { throw new CertificateException( - "Subject class type invalid."); + "Subject class type invalid."); } - subject = (CertificateSubjectName)val; + subject = (CertificateSubjectName) val; } /** * Set the public key in the certificate. - * + * * @param val the Object class value for the PublicKey * @exception CertificateException on invalid data. */ private void setKey(Object val) throws CertificateException { if (!(val instanceof CertificateX509Key)) { throw new CertificateException( - "Key class type invalid."); + "Key class type invalid."); } - pubKey = (CertificateX509Key)val; + pubKey = (CertificateX509Key) val; } /** * Set the Issuer Unique Identity in the certificate. - * + * * @param val the Object class value for the IssuerUniqueId * @exception CertificateException */ @@ -922,14 +919,14 @@ public class X509CertInfo implements CertAttrSet, Serializable { } if (!(val instanceof CertificateIssuerUniqueIdentity)) { throw new CertificateException( - "IssuerUniqueId class type invalid."); + "IssuerUniqueId class type invalid."); } - issuerUniqueId = (CertificateIssuerUniqueIdentity)val; + issuerUniqueId = (CertificateIssuerUniqueIdentity) val; } /** * Set the Subject Unique Identity in the certificate. - * + * * @param val the Object class value for the SubjectUniqueId * @exception CertificateException */ @@ -939,14 +936,14 @@ public class X509CertInfo implements CertAttrSet, Serializable { } if (!(val instanceof CertificateSubjectUniqueIdentity)) { throw new CertificateException( - "SubjectUniqueId class type invalid."); + "SubjectUniqueId class type invalid."); } - subjectUniqueId = (CertificateSubjectUniqueIdentity)val; + subjectUniqueId = (CertificateSubjectUniqueIdentity) val; } /** * Set the extensions in the certificate. - * + * * @param val the Object class value for the Extensions * @exception CertificateException */ @@ -955,9 +952,9 @@ public class X509CertInfo implements CertAttrSet, Serializable { throw new CertificateException("Invalid version"); } if (!(val instanceof CertificateExtensions)) { - throw new CertificateException( - "Extensions class type invalid."); + throw new CertificateException( + "Extensions class type invalid."); } - extensions = (CertificateExtensions)val; + extensions = (CertificateExtensions) val; } } diff --git a/pki/base/util/src/netscape/security/x509/X509ExtensionException.java b/pki/base/util/src/netscape/security/x509/X509ExtensionException.java index 5b65b9b7..c7174aed 100644 --- a/pki/base/util/src/netscape/security/x509/X509ExtensionException.java +++ b/pki/base/util/src/netscape/security/x509/X509ExtensionException.java @@ -21,9 +21,9 @@ import java.security.GeneralSecurityException; /** * X.509 Extension Exception. - * + * * @author Hemma Prafullchandra - * 1.2 + * 1.2 */ public class X509ExtensionException extends GeneralSecurityException { @@ -44,8 +44,8 @@ public class X509ExtensionException extends GeneralSecurityException { /** * Constructs the exception with the specified detail * message. A detail message is a String that describes this - * particular exception. - * + * particular exception. + * * @param message the detail message. */ public X509ExtensionException(String message) { diff --git a/pki/base/util/src/netscape/security/x509/X509Key.java b/pki/base/util/src/netscape/security/x509/X509Key.java index 81422ea4..54e00cad 100644 --- a/pki/base/util/src/netscape/security/x509/X509Key.java +++ b/pki/base/util/src/netscape/security/x509/X509Key.java @@ -37,19 +37,15 @@ import netscape.security.util.DerValue; /** * Holds an X.509 key, for example a public key found in an X.509 - * certificate. Includes a description of the algorithm to be used + * certificate. Includes a description of the algorithm to be used * with the key; these keys normally are used as * "SubjectPublicKeyInfo". - * - * <P>While this class can represent any kind of X.509 key, it may be - * desirable to provide subclasses which understand how to parse keying - * data. For example, RSA public keys have two members, one for the - * public modulus and one for the prime exponent. If such a class is - * provided, it is used when parsing X.509 keys. If one is not provided, - * the key still parses correctly. - * + * + * <P> + * While this class can represent any kind of X.509 key, it may be desirable to provide subclasses which understand how to parse keying data. For example, RSA public keys have two members, one for the public modulus and one for the prime exponent. If such a class is provided, it is used when parsing X.509 keys. If one is not provided, the key still parses correctly. + * * @version 1.74, 97/12/10 - * @author David Brownell + * @author David Brownell */ public class X509Key implements PublicKey { @@ -66,11 +62,12 @@ public class X509Key implements PublicKey { protected byte[] encodedKey; /** - * Default constructor. The key constructed must have its key + * Default constructor. The key constructed must have its key * and algorithm initialized before it may be used, for example * by using <code>decode</code>. */ - public X509Key() { } + public X509Key() { + } /* * Build and initialize as a "default" key. All X.509 key @@ -78,63 +75,59 @@ public class X509Key implements PublicKey { * about this particular algorithm is available. */ public X509Key(AlgorithmId algid, byte[] key) - throws InvalidKeyException { - this.algid = algid; - this.key = key; - encode(); + throws InvalidKeyException { + this.algid = algid; + this.key = key; + encode(); } /** - * Construct X.509 subject public key from a DER value. If + * Construct X.509 subject public key from a DER value. If * the runtime environment is configured with a specific class for - * this kind of key, a subclass is returned. Otherwise, a generic + * this kind of key, a subclass is returned. Otherwise, a generic * X509Key object is returned. * - * <P>This mechanism gurantees that keys (and algorithms) may be - * freely manipulated and transferred, without risk of losing - * information. Also, when a key (or algorithm) needs some special - * handling, that specific need can be accomodated. - * + * <P> + * This mechanism gurantees that keys (and algorithms) may be freely manipulated and transferred, without risk of losing information. Also, when a key (or algorithm) needs some special handling, that specific need can be accomodated. + * * @param in the DER-encoded SubjectPublicKeyInfo value * @exception IOException on data format errors */ - public static X509Key parse(DerValue in) throws IOException - { - AlgorithmId algorithm; - X509Key subjectKey; + public static X509Key parse(DerValue in) throws IOException { + AlgorithmId algorithm; + X509Key subjectKey; - if (in.tag != DerValue.tag_Sequence) - throw new IOException("corrupt subject key"); + if (in.tag != DerValue.tag_Sequence) + throw new IOException("corrupt subject key"); - algorithm = AlgorithmId.parse(in.data.getDerValue ()); - try { - subjectKey = buildX509Key(algorithm, in.data.getBitString ()); + algorithm = AlgorithmId.parse(in.data.getDerValue()); + try { + subjectKey = buildX509Key(algorithm, in.data.getBitString()); - } catch (InvalidKeyException e) { - throw new IOException("subject key, " + e.getMessage()); - } + } catch (InvalidKeyException e) { + throw new IOException("subject key, " + e.getMessage()); + } - if (in.data.available () != 0) - throw new IOException ("excess subject key"); - return subjectKey; + if (in.data.available() != 0) + throw new IOException("excess subject key"); + return subjectKey; } /** - * Parse the key bits. This may be redefined by subclasses to take - * advantage of structure within the key. For example, RSA public + * Parse the key bits. This may be redefined by subclasses to take + * advantage of structure within the key. For example, RSA public * keys encapsulate two unsigned integers (modulus and exponent) as * DER values within the <code>key</code> bits; Diffie-Hellman and * DSS/DSA keys encapsulate a single unsigned integer. - * - * <P>This function is called when creating X.509 SubjectPublicKeyInfo - * values using the X509Key member functions, such as <code>parse</code> - * and <code>decode</code>. - * + * + * <P> + * This function is called when creating X.509 SubjectPublicKeyInfo values using the X509Key member functions, such as <code>parse</code> and <code>decode</code>. + * * @exception IOException on parsing errors. * @exception InvalidKeyException on invalid key encodings. */ protected void parseKeyBits() throws IOException, InvalidKeyException { - encode(); + encode(); } /* @@ -143,130 +136,129 @@ public class X509Key implements PublicKey { * See the description above. */ static X509Key buildX509Key(AlgorithmId algid, byte[] key) - throws IOException, InvalidKeyException - { - /* - * Use the algid and key parameters to produce the ASN.1 encoding - * of the key, which will then be used as the input to the - * key factory. - */ - DerOutputStream x509EncodedKeyStream = new DerOutputStream(); - encode(x509EncodedKeyStream, algid, key); - X509EncodedKeySpec x509KeySpec - = new X509EncodedKeySpec(x509EncodedKeyStream.toByteArray()); - - try { - // Instantiate the key factory of the appropriate algorithm - KeyFactory keyFac = null; - if (Security.getProvider("Mozilla-JSS") == null) { - keyFac = KeyFactory.getInstance(algid.getName()); - } else { - keyFac = KeyFactory.getInstance(algid.getName(), - "Mozilla-JSS"); + throws IOException, InvalidKeyException { + /* + * Use the algid and key parameters to produce the ASN.1 encoding + * of the key, which will then be used as the input to the + * key factory. + */ + DerOutputStream x509EncodedKeyStream = new DerOutputStream(); + encode(x509EncodedKeyStream, algid, key); + X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(x509EncodedKeyStream.toByteArray()); + + try { + // Instantiate the key factory of the appropriate algorithm + KeyFactory keyFac = null; + if (Security.getProvider("Mozilla-JSS") == null) { + keyFac = KeyFactory.getInstance(algid.getName()); + } else { + keyFac = KeyFactory.getInstance(algid.getName(), + "Mozilla-JSS"); + } + + // Generate the public key + PublicKey pubKey = keyFac.generatePublic(x509KeySpec); + + if (pubKey instanceof X509Key) { + /* + * Return specialized X509Key, where the structure within the + * key has been parsed + */ + return (X509Key) pubKey; + } + } catch (NoSuchAlgorithmException e) { + // Return generic X509Key with opaque key data (see below) + } catch (InvalidKeySpecException e) { + throw new InvalidKeyException(e.toString()); + } catch (Exception e) { + throw new InvalidKeyException(e.toString()); + } + + /* + * Try again using JDK1.1-style for backwards compatibility. + */ + String classname = ""; + try { + Properties props; + String keytype; + Provider sunProvider; + + sunProvider = Security.getProvider("SUN"); + if (sunProvider == null) + throw new InstantiationException(); + classname = sunProvider.getProperty("PublicKey.X.509." + + algid.getName()); + if (classname == null) { + throw new InstantiationException(); } - - // Generate the public key - PublicKey pubKey = keyFac.generatePublic(x509KeySpec); - - if (pubKey instanceof X509Key) { - /* - * Return specialized X509Key, where the structure within the - * key has been parsed - */ - return (X509Key)pubKey; - } - } catch (NoSuchAlgorithmException e) { - // Return generic X509Key with opaque key data (see below) - } catch (InvalidKeySpecException e) { - throw new InvalidKeyException(e.toString()); - } catch (Exception e) { - throw new InvalidKeyException(e.toString()); - } - - /* - * Try again using JDK1.1-style for backwards compatibility. - */ - String classname = ""; - try { - Properties props; - String keytype; - Provider sunProvider; - - sunProvider = Security.getProvider("SUN"); - if (sunProvider == null) - throw new InstantiationException(); - classname = sunProvider.getProperty("PublicKey.X.509." + - algid.getName()); - if (classname == null) { - throw new InstantiationException(); - } - - Class<?> keyClass = Class.forName(classname); - Object inst; - X509Key result; - - inst = keyClass.newInstance(); - if (inst instanceof X509Key) { - result = (X509Key) inst; - result.algid = algid; - result.key = key; - result.parseKeyBits(); - return result; - } - } catch (ClassNotFoundException e) { - } catch (InstantiationException e) { - } catch (IllegalAccessException e) { - // this should not happen. - throw new IOException (classname + " [internal error]"); - } - - X509Key result = new X509Key(); - result.algid = algid; - result.key = key; - return result; + + Class<?> keyClass = Class.forName(classname); + Object inst; + X509Key result; + + inst = keyClass.newInstance(); + if (inst instanceof X509Key) { + result = (X509Key) inst; + result.algid = algid; + result.key = key; + result.parseKeyBits(); + return result; + } + } catch (ClassNotFoundException e) { + } catch (InstantiationException e) { + } catch (IllegalAccessException e) { + // this should not happen. + throw new IOException(classname + " [internal error]"); + } + + X509Key result = new X509Key(); + result.algid = algid; + result.key = key; + return result; } /** * Returns the algorithm to be used with this key. */ - public String getAlgorithm() { - return algid.getName(); + public String getAlgorithm() { + return algid.getName(); } /** * Returns the algorithm ID to be used with this key. */ - public AlgorithmId getAlgorithmId () { return algid; } + public AlgorithmId getAlgorithmId() { + return algid; + } /** * Encode SubjectPublicKeyInfo sequence on the DER output stream. - * + * * @exception IOException on encoding errors. */ - public final void encode(DerOutputStream out) throws IOException - { - encode(out, this.algid, this.key); + public final void encode(DerOutputStream out) throws IOException { + encode(out, this.algid, this.key); } /** * Returns the DER-encoded form of the key as a byte array. */ public synchronized byte[] getEncoded() { - byte[] result = null; - try { - result = encode(); - } catch (InvalidKeyException e) { - } - return result; + byte[] result = null; + try { + result = encode(); + } catch (InvalidKeyException e) { + } + return result; } /** * Returns the format for this key: "X.509" */ public String getFormat() { - return "X.509"; + return "X.509"; } - + /** * Returns the raw key as a byte array */ @@ -276,85 +268,79 @@ public class X509Key implements PublicKey { /** * Returns the DER-encoded form of the key as a byte array. - * + * * @exception InvalidKeyException on encoding errors. */ public byte[] encode() throws InvalidKeyException { - if (encodedKey == null) { - try { - DerOutputStream out; - - out = new DerOutputStream (); - encode (out); - encodedKey = out.toByteArray(); - - } catch (IOException e) { - throw new InvalidKeyException ("IOException : " + - e.getMessage()); - } - } - return copyEncodedKey(encodedKey); + if (encodedKey == null) { + try { + DerOutputStream out; + + out = new DerOutputStream(); + encode(out); + encodedKey = out.toByteArray(); + + } catch (IOException e) { + throw new InvalidKeyException("IOException : " + + e.getMessage()); + } + } + return copyEncodedKey(encodedKey); } /* * Returns a printable representation of the key */ - public String toString () - { - netscape.security.util.PrettyPrintFormat pp = - new netscape.security.util.PrettyPrintFormat(" ", 20); - String keybits = pp.toHexString(key); - - return "algorithm = " + algid.toString () - + ", unparsed keybits = \n" + keybits; + public String toString() { + netscape.security.util.PrettyPrintFormat pp = + new netscape.security.util.PrettyPrintFormat(" ", 20); + String keybits = pp.toHexString(key); + + return "algorithm = " + algid.toString() + + ", unparsed keybits = \n" + keybits; } - /** - * Initialize an X509Key object from an input stream. The data on that - * input stream must be encoded using DER, obeying the X.509 - * <code>SubjectPublicKeyInfo</code> format. That is, the data is a + /** + * Initialize an X509Key object from an input stream. The data on that + * input stream must be encoded using DER, obeying the X.509 <code>SubjectPublicKeyInfo</code> format. That is, the data is a * sequence consisting of an algorithm ID and a bit string which holds - * the key. (That bit string is often used to encapsulate another DER + * the key. (That bit string is often used to encapsulate another DER * encoded sequence.) - * - * <P>Subclasses should not normally redefine this method; they should - * instead provide a <code>parseKeyBits</code> method to parse any - * fields inside the <code>key</code> member. - * - * <P>The exception to this rule is that since private keys need not - * be encoded using the X.509 <code>SubjectPublicKeyInfo</code> format, - * private keys may override this method, <code>encode</code>, and - * of course <code>getFormat</code>. - * + * + * <P> + * Subclasses should not normally redefine this method; they should instead provide a <code>parseKeyBits</code> method to parse any fields inside the <code>key</code> member. + * + * <P> + * The exception to this rule is that since private keys need not be encoded using the X.509 <code>SubjectPublicKeyInfo</code> format, private keys may override this method, <code>encode</code>, and of course <code>getFormat</code>. + * * @param in an input stream with a DER-encoded X.509 - * SubjectPublicKeyInfo value + * SubjectPublicKeyInfo value * @exception InvalidKeyException on parsing errors. */ public void decode(InputStream in) - throws InvalidKeyException - { - DerValue val; - - try { - val = new DerValue (in); - if (val.tag != DerValue.tag_Sequence) - throw new InvalidKeyException ("invalid key format"); - - algid = AlgorithmId.parse (val.data.getDerValue ()); - key = val.data.getBitString (); - parseKeyBits (); - if (val.data.available () != 0) - throw new InvalidKeyException ("excess key data"); - - } catch (IOException e) { - // e.printStackTrace (); - throw new InvalidKeyException("IOException : " + - e.getMessage()); - } + throws InvalidKeyException { + DerValue val; + + try { + val = new DerValue(in); + if (val.tag != DerValue.tag_Sequence) + throw new InvalidKeyException("invalid key format"); + + algid = AlgorithmId.parse(val.data.getDerValue()); + key = val.data.getBitString(); + parseKeyBits(); + if (val.data.available() != 0) + throw new InvalidKeyException("excess key data"); + + } catch (IOException e) { + // e.printStackTrace (); + throw new InvalidKeyException("IOException : " + + e.getMessage()); + } } public void decode(byte[] encodedKey) throws InvalidKeyException { - decode(new ByteArrayInputStream(encodedKey)); + decode(new ByteArrayInputStream(encodedKey)); } /** @@ -362,9 +348,9 @@ public class X509Key implements PublicKey { * themselves, and they're parsed when they get read back. */ private synchronized void - writeObject (java.io.ObjectOutputStream stream) - throws IOException { - stream.write(getEncoded()); + writeObject(java.io.ObjectOutputStream stream) + throws IOException { + stream.write(getEncoded()); } /** @@ -372,146 +358,144 @@ public class X509Key implements PublicKey { * themselves, and they're parsed when they get read back. */ private synchronized void - readObject (ObjectInputStream stream) - throws IOException { + readObject(ObjectInputStream stream) + throws IOException { - try { - decode(stream); + try { + decode(stream); - } catch (InvalidKeyException e) { - e.printStackTrace(); - throw new IOException("deserialized key is invalid: " + - e.getMessage()); - } + } catch (InvalidKeyException e) { + e.printStackTrace(); + throw new IOException("deserialized key is invalid: " + + e.getMessage()); + } } public boolean equals(Object object) { - if (this == object) { - return true; - } - - if (object instanceof Key) { - Key key = (Key)object; - - byte[] b1; - if (encodedKey != null) { - b1 = encodedKey; - } else { - b1 = getEncoded(); - } - byte[] b2 = key.getEncoded(); - - return java.security.MessageDigest.isEqual(b1, b2); - } - - return false; + if (this == object) { + return true; + } + + if (object instanceof Key) { + Key key = (Key) object; + + byte[] b1; + if (encodedKey != null) { + b1 = encodedKey; + } else { + b1 = getEncoded(); + } + byte[] b2 = key.getEncoded(); + + return java.security.MessageDigest.isEqual(b1, b2); + } + + return false; } - + /** * Calculates a hash code value for the object. Objects * which are equal will also have the same hashcode. */ public int hashCode() { int retval = 0; - byte[] b1 = getEncoded(); + byte[] b1 = getEncoded(); for (int i = 1; i < b1.length; i++) { retval += b1[i] * i; } - return(retval); + return (retval); } /* * Make a copy of the encoded key. */ private byte[] copyEncodedKey(byte[] encodedKey) { - int len = encodedKey.length; - byte[] copy = new byte[len]; - System.arraycopy(encodedKey, 0, copy, 0, len); - return copy; + int len = encodedKey.length; + byte[] copy = new byte[len]; + System.arraycopy(encodedKey, 0, copy, 0, len); + return copy; } /* * Produce SubjectPublicKey encoding from algorithm id and key material. */ static void encode(DerOutputStream out, AlgorithmId algid, byte[] key) - throws IOException { - DerOutputStream tmp = new DerOutputStream(); - algid.encode(tmp); - tmp.putBitString(key); - out.write(DerValue.tag_Sequence, tmp); + throws IOException { + DerOutputStream tmp = new DerOutputStream(); + algid.encode(tmp); + tmp.putBitString(key); + out.write(DerValue.tag_Sequence, tmp); + } + + /* + * parsePublicKey returns a PublicKey for use with package JSS from within netscape.security.*. + * This function provide an interim solution for migrating from using the netscape.security.* package + * to using the JSS package. + */ + + public static PublicKey parsePublicKey(DerValue in) throws IOException { + AlgorithmId algorithm; + PublicKey subjectKey; + + if (in.tag != DerValue.tag_Sequence) + throw new IOException("corrupt subject key"); + + algorithm = AlgorithmId.parse(in.data.getDerValue()); + try { + subjectKey = buildPublicKey(algorithm, in.data.getBitString()); + + } catch (InvalidKeyException e) { + throw new IOException("subject key, " + e.getMessage()); + } + + if (in.data.available() != 0) + throw new IOException("excess subject key"); + return subjectKey; } - /* - * parsePublicKey returns a PublicKey for use with package JSS from within netscape.security.*. + + /* buildPublicKey returns a PublicKey for use with the JSS package from within netscape.security.*. * This function provide an interim solution for migrating from using the netscape.security.* package - * to using the JSS package. + * to using the JSS package. */ - - public static PublicKey parsePublicKey(DerValue in) throws IOException - { - AlgorithmId algorithm; - PublicKey subjectKey; - - if (in.tag != DerValue.tag_Sequence) - throw new IOException("corrupt subject key"); - - algorithm = AlgorithmId.parse(in.data.getDerValue ()); - try { - subjectKey = buildPublicKey(algorithm, in.data.getBitString ()); - - } catch (InvalidKeyException e) { - throw new IOException("subject key, " + e.getMessage()); - } - - if (in.data.available () != 0) - throw new IOException ("excess subject key"); - return subjectKey; - } - /* buildPublicKey returns a PublicKey for use with the JSS package from within netscape.security.*. - * This function provide an interim solution for migrating from using the netscape.security.* package - * to using the JSS package. - */ - static PublicKey buildPublicKey(AlgorithmId algid, byte[] key) - throws IOException, InvalidKeyException - { - /* - * Use the algid and key parameters to produce the ASN.1 encoding - * of the key, which will then be used as the input to the - * key factory. - */ - DerOutputStream x509EncodedKeyStream = new DerOutputStream(); - encode(x509EncodedKeyStream, algid, key); - X509EncodedKeySpec x509KeySpec - = new X509EncodedKeySpec(x509EncodedKeyStream.toByteArray()); - - try { - // Instantiate the key factory of the appropriate algorithm - KeyFactory keyFac = null; - if (Security.getProvider("Mozilla-JSS") == null) { - keyFac = KeyFactory.getInstance(algid.getName()); - } else { - keyFac = KeyFactory.getInstance(algid.getName(), - "Mozilla-JSS"); - } - - // Generate the public key - PublicKey pubKey = keyFac.generatePublic(x509KeySpec); - - /* - * Return specialized X509Key, where the structure within the - * key has been parsed - */ - return pubKey; - } catch (NoSuchAlgorithmException e) { - // Return generic X509Key with opaque key data (see below) - throw new InvalidKeyException(e.toString()); - } catch (InvalidKeySpecException e) { - throw new InvalidKeyException(e.toString()); - } catch (Exception e) { - throw new InvalidKeyException(e.toString()); - } - - } + static PublicKey buildPublicKey(AlgorithmId algid, byte[] key) + throws IOException, InvalidKeyException { + /* + * Use the algid and key parameters to produce the ASN.1 encoding + * of the key, which will then be used as the input to the + * key factory. + */ + DerOutputStream x509EncodedKeyStream = new DerOutputStream(); + encode(x509EncodedKeyStream, algid, key); + X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(x509EncodedKeyStream.toByteArray()); + + try { + // Instantiate the key factory of the appropriate algorithm + KeyFactory keyFac = null; + if (Security.getProvider("Mozilla-JSS") == null) { + keyFac = KeyFactory.getInstance(algid.getName()); + } else { + keyFac = KeyFactory.getInstance(algid.getName(), + "Mozilla-JSS"); + } + // Generate the public key + PublicKey pubKey = keyFac.generatePublic(x509KeySpec); + + /* + * Return specialized X509Key, where the structure within the + * key has been parsed + */ + return pubKey; + } catch (NoSuchAlgorithmException e) { + // Return generic X509Key with opaque key data (see below) + throw new InvalidKeyException(e.toString()); + } catch (InvalidKeySpecException e) { + throw new InvalidKeyException(e.toString()); + } catch (Exception e) { + throw new InvalidKeyException(e.toString()); + } + + } } diff --git a/pki/base/util/test/com/netscape/security/extensions/GenericASN1ExtensionTest.java b/pki/base/util/test/com/netscape/security/extensions/GenericASN1ExtensionTest.java index cc2f24c3..74d082f0 100644 --- a/pki/base/util/test/com/netscape/security/extensions/GenericASN1ExtensionTest.java +++ b/pki/base/util/test/com/netscape/security/extensions/GenericASN1ExtensionTest.java @@ -55,9 +55,9 @@ public class GenericASN1ExtensionTest { Assert.assertEquals(name2, extension2.getName()); //Assert.assertNotNull(OIDMap.getClass(name2)); OutputStream outputStream = new ByteArrayOutputStream(); - extension1.encode(outputStream ); - extension2.encode(outputStream ); - + extension1.encode(outputStream); + extension2.encode(outputStream); + } @Test @@ -66,7 +66,7 @@ public class GenericASN1ExtensionTest { GenericASN1Extension extension = new GenericASN1Extension(true, value); OutputStream outputStream = new ByteArrayOutputStream(); - extension.encode(outputStream ); - + extension.encode(outputStream); + } } diff --git a/pki/base/util/test/com/netscape/security/util/BMPStringTest.java b/pki/base/util/test/com/netscape/security/util/BMPStringTest.java index 93ce0201..ffe13b23 100644 --- a/pki/base/util/test/com/netscape/security/util/BMPStringTest.java +++ b/pki/base/util/test/com/netscape/security/util/BMPStringTest.java @@ -13,13 +13,13 @@ public class BMPStringTest { public void testEncodingEmptyString() throws Exception { String string = ""; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -30,12 +30,12 @@ public class BMPStringTest { String input = ""; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -44,16 +44,16 @@ public class BMPStringTest { public void testEncodingNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -64,12 +64,12 @@ public class BMPStringTest { String input = StringTestUtil.NULL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -78,16 +78,16 @@ public class BMPStringTest { public void testEncodingPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -98,12 +98,12 @@ public class BMPStringTest { String input = StringTestUtil.PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -112,16 +112,16 @@ public class BMPStringTest { public void testEncodingNonPrintableCharacters() throws Exception { String string = StringTestUtil.NON_PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -132,12 +132,12 @@ public class BMPStringTest { String input = StringTestUtil.NON_PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -146,16 +146,16 @@ public class BMPStringTest { public void testEncodingControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -166,12 +166,12 @@ public class BMPStringTest { String input = StringTestUtil.CONTROL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -180,16 +180,16 @@ public class BMPStringTest { public void testEncodingMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -200,12 +200,12 @@ public class BMPStringTest { String input = StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -216,25 +216,27 @@ public class BMPStringTest { System.out.println("Encoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS + - StringTestUtil.MULTIBYTE_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS + + StringTestUtil.MULTIBYTE_CHARS; long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + JSSUtil.encode(tag, string); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + StringTestUtil.encode(tag, string); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } @@ -244,27 +246,29 @@ public class BMPStringTest { System.out.println("Decoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS + - StringTestUtil.MULTIBYTE_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS + + StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(tag, string); long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + JSSUtil.decode(tag, data); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + StringTestUtil.decode(tag, data); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } } diff --git a/pki/base/util/test/com/netscape/security/util/IA5StringTest.java b/pki/base/util/test/com/netscape/security/util/IA5StringTest.java index fca7f010..dd0af242 100644 --- a/pki/base/util/test/com/netscape/security/util/IA5StringTest.java +++ b/pki/base/util/test/com/netscape/security/util/IA5StringTest.java @@ -15,13 +15,13 @@ public class IA5StringTest { public void testEncodingEmptyString() throws Exception { String string = ""; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -32,12 +32,12 @@ public class IA5StringTest { String input = ""; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -46,16 +46,16 @@ public class IA5StringTest { public void testEncodingNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -66,12 +66,12 @@ public class IA5StringTest { String input = StringTestUtil.NULL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -80,13 +80,13 @@ public class IA5StringTest { public void testEncodingPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -97,12 +97,12 @@ public class IA5StringTest { String input = StringTestUtil.PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -111,13 +111,13 @@ public class IA5StringTest { public void testEncodingNonPrintableCharacters() throws Exception { String string = StringTestUtil.NON_PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -128,12 +128,12 @@ public class IA5StringTest { String input = StringTestUtil.NON_PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -142,13 +142,13 @@ public class IA5StringTest { public void testEncodingControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -159,12 +159,12 @@ public class IA5StringTest { String input = StringTestUtil.CONTROL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -173,18 +173,18 @@ public class IA5StringTest { public void testEncodingMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); System.out.println(" - expected: IOException"); try { byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -195,18 +195,18 @@ public class IA5StringTest { String input = StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(DerValue.tag_UTF8String, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); System.out.println(" - expected: IOException"); try { String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -217,24 +217,26 @@ public class IA5StringTest { System.out.println("Encoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS; long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + JSSUtil.encode(tag, string); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + StringTestUtil.encode(tag, string); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } @@ -244,26 +246,28 @@ public class IA5StringTest { System.out.println("Decoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS; byte[] data = JSSUtil.encode(tag, string); long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + JSSUtil.decode(tag, data); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + StringTestUtil.decode(tag, data); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } } diff --git a/pki/base/util/test/com/netscape/security/util/JSSUtil.java b/pki/base/util/test/com/netscape/security/util/JSSUtil.java index fc899d56..bbbabbf1 100644 --- a/pki/base/util/test/com/netscape/security/util/JSSUtil.java +++ b/pki/base/util/test/com/netscape/security/util/JSSUtil.java @@ -19,26 +19,26 @@ public class JSSUtil { ASN1Value value; switch (tag) { - case DerValue.tag_BMPString: - value = new BMPString(string); - break; - case DerValue.tag_IA5String: - value = new IA5String(string); - break; - case DerValue.tag_PrintableString: - value = new PrintableString(string); - break; - case DerValue.tag_T61String: - value = new TeletexString(string); - break; - case DerValue.tag_UniversalString: - value = new UniversalString(string); - break; - case DerValue.tag_UTF8String: - value = new UTF8String(string); - break; - default: - throw new Exception("Unsupported tag: "+tag); + case DerValue.tag_BMPString: + value = new BMPString(string); + break; + case DerValue.tag_IA5String: + value = new IA5String(string); + break; + case DerValue.tag_PrintableString: + value = new PrintableString(string); + break; + case DerValue.tag_T61String: + value = new TeletexString(string); + break; + case DerValue.tag_UniversalString: + value = new UniversalString(string); + break; + case DerValue.tag_UTF8String: + value = new UTF8String(string); + break; + default: + throw new Exception("Unsupported tag: " + tag); } return ASN1Util.encode(value); } @@ -47,26 +47,26 @@ public class JSSUtil { ASN1Template template; switch (tag) { - case DerValue.tag_BMPString: - template = new BMPString.Template(); - break; - case DerValue.tag_IA5String: - template = new IA5String.Template(); - break; - case DerValue.tag_PrintableString: - template = new PrintableString.Template(); - break; - case DerValue.tag_T61String: - template = new TeletexString.Template(); - break; - case DerValue.tag_UniversalString: - template = new UniversalString.Template(); - break; - case DerValue.tag_UTF8String: - template = new UTF8String.Template(); - break; - default: - throw new Exception("Unsupported tag: "+tag); + case DerValue.tag_BMPString: + template = new BMPString.Template(); + break; + case DerValue.tag_IA5String: + template = new IA5String.Template(); + break; + case DerValue.tag_PrintableString: + template = new PrintableString.Template(); + break; + case DerValue.tag_T61String: + template = new TeletexString.Template(); + break; + case DerValue.tag_UniversalString: + template = new UniversalString.Template(); + break; + case DerValue.tag_UTF8String: + template = new UTF8String.Template(); + break; + default: + throw new Exception("Unsupported tag: " + tag); } return ASN1Util.decode(new Tag(Tag.UNIVERSAL, tag), template, bytes).toString(); } diff --git a/pki/base/util/test/com/netscape/security/util/PrintableStringTest.java b/pki/base/util/test/com/netscape/security/util/PrintableStringTest.java index 6f0ba1d2..5808a265 100644 --- a/pki/base/util/test/com/netscape/security/util/PrintableStringTest.java +++ b/pki/base/util/test/com/netscape/security/util/PrintableStringTest.java @@ -15,13 +15,13 @@ public class PrintableStringTest { public void testEncodingEmptyString() throws Exception { String string = ""; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -32,12 +32,12 @@ public class PrintableStringTest { String input = ""; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -46,18 +46,18 @@ public class PrintableStringTest { public void testEncodingNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); System.out.println(" - expected: IOException"); try { byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -66,13 +66,13 @@ public class PrintableStringTest { public void testDecodingNullCharacters() throws Exception { byte[] data = { 0x13, 0x01, 0x00 }; - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); String expected = ""; // skip null chars (bug 359010) - System.out.println(" - expected: ["+expected+"]"); + System.out.println(" - expected: [" + expected + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(expected, output); } @@ -81,13 +81,13 @@ public class PrintableStringTest { public void testEncodingPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -98,12 +98,12 @@ public class PrintableStringTest { String input = StringTestUtil.PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -112,18 +112,18 @@ public class PrintableStringTest { public void testEncodingNonPrintableCharacters() throws Exception { String string = StringTestUtil.NON_PRINTABLE_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); System.out.println(" - expected: IOException"); try { byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -134,18 +134,18 @@ public class PrintableStringTest { String input = StringTestUtil.NON_PRINTABLE_CHARS; byte[] data = JSSUtil.encode(DerValue.tag_UTF8String, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); System.out.println(" - expected: IOException"); try { String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -154,18 +154,18 @@ public class PrintableStringTest { public void testEncodingControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); System.out.println(" - expected: IOException"); try { byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -176,18 +176,18 @@ public class PrintableStringTest { String input = StringTestUtil.CONTROL_CHARS; byte[] data = JSSUtil.encode(DerValue.tag_UTF8String, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); System.out.println(" - expected: IOException"); try { String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -196,18 +196,18 @@ public class PrintableStringTest { public void testEncodingMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); System.out.println(" - expected: IOException"); try { byte[] actual = StringTestUtil.encode(tag, StringTestUtil.MULTIBYTE_CHARS); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -218,18 +218,18 @@ public class PrintableStringTest { String input = StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(DerValue.tag_UTF8String, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); System.out.println(" - expected: IOException"); try { String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -243,18 +243,20 @@ public class PrintableStringTest { long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + JSSUtil.encode(tag, string); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + StringTestUtil.encode(tag, string); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } @@ -269,18 +271,20 @@ public class PrintableStringTest { long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + JSSUtil.decode(tag, data); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + StringTestUtil.decode(tag, data); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } } diff --git a/pki/base/util/test/com/netscape/security/util/StringTestUtil.java b/pki/base/util/test/com/netscape/security/util/StringTestUtil.java index cb536e7b..16810581 100644 --- a/pki/base/util/test/com/netscape/security/util/StringTestUtil.java +++ b/pki/base/util/test/com/netscape/security/util/StringTestUtil.java @@ -9,7 +9,7 @@ public class StringTestUtil { public final static String NULL_CHARS = "\u0000"; public final static String PRINTABLE_CHARS = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 \'()+,-./:=?"; + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 \'()+,-./:=?"; public final static String NON_PRINTABLE_CHARS = "\"\\"; @@ -20,8 +20,9 @@ public class StringTestUtil { public static String toString(byte[] array) { StringBuffer sb = new StringBuffer(); - for (int i=0; i<array.length; i++) { - if (i > 0) sb.append(" "); + for (int i = 0; i < array.length; i++) { + if (i > 0) + sb.append(" "); sb.append(Integer.toHexString(0xff & array[i] | 0x100).substring(1).toUpperCase()); } @@ -39,7 +40,7 @@ public class StringTestUtil { int length = value.length() - 2; DerOutputStream os = new DerOutputStream(); - os.putTag((byte)0, false, tag); + os.putTag((byte) 0, false, tag); os.putLength(length); os.write(tmp, 2, length); @@ -72,7 +73,7 @@ public class StringTestUtil { case DerValue.tag_UTF8String: return is.getDerValue().getUTF8String(); default: - throw new Exception("Unsupported tag: "+tag); + throw new Exception("Unsupported tag: " + tag); } } } diff --git a/pki/base/util/test/com/netscape/security/util/TeletexStringTest.java b/pki/base/util/test/com/netscape/security/util/TeletexStringTest.java index fc205455..69f46c22 100644 --- a/pki/base/util/test/com/netscape/security/util/TeletexStringTest.java +++ b/pki/base/util/test/com/netscape/security/util/TeletexStringTest.java @@ -15,13 +15,13 @@ public class TeletexStringTest { public void testEncodingEmptyString() throws Exception { String string = ""; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -32,12 +32,12 @@ public class TeletexStringTest { String input = ""; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -46,16 +46,16 @@ public class TeletexStringTest { public void testEncodingNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -66,12 +66,12 @@ public class TeletexStringTest { String input = StringTestUtil.NULL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -80,13 +80,13 @@ public class TeletexStringTest { public void testEncodingPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -97,12 +97,12 @@ public class TeletexStringTest { String input = StringTestUtil.PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -111,13 +111,13 @@ public class TeletexStringTest { public void testEncodingNonPrintableCharacters() throws Exception { String string = StringTestUtil.NON_PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -128,12 +128,12 @@ public class TeletexStringTest { String input = StringTestUtil.NON_PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -142,13 +142,13 @@ public class TeletexStringTest { public void testEncodingControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -159,12 +159,12 @@ public class TeletexStringTest { String input = StringTestUtil.CONTROL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -173,18 +173,18 @@ public class TeletexStringTest { public void testEncodingMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); System.out.println(" - expected: IOException"); try { byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -195,18 +195,18 @@ public class TeletexStringTest { String input = StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(DerValue.tag_UTF8String, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); System.out.println(" - expected: IOException"); try { String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IOException); } } @@ -217,24 +217,26 @@ public class TeletexStringTest { System.out.println("Encoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS; long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + JSSUtil.encode(tag, string); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + StringTestUtil.encode(tag, string); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } @@ -244,26 +246,28 @@ public class TeletexStringTest { System.out.println("Decoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS; byte[] data = JSSUtil.encode(tag, string); long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + JSSUtil.decode(tag, data); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + StringTestUtil.decode(tag, data); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } } diff --git a/pki/base/util/test/com/netscape/security/util/UTF8StringTest.java b/pki/base/util/test/com/netscape/security/util/UTF8StringTest.java index 7f98c17c..6bffb28b 100644 --- a/pki/base/util/test/com/netscape/security/util/UTF8StringTest.java +++ b/pki/base/util/test/com/netscape/security/util/UTF8StringTest.java @@ -13,13 +13,13 @@ public class UTF8StringTest { public void testEncodingEmptyString() throws Exception { String string = ""; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, ""); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, ""); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -30,12 +30,12 @@ public class UTF8StringTest { String input = ""; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -44,16 +44,16 @@ public class UTF8StringTest { public void testEncodingNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -64,12 +64,12 @@ public class UTF8StringTest { String input = StringTestUtil.NULL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -78,13 +78,13 @@ public class UTF8StringTest { public void testEncodingPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -95,12 +95,12 @@ public class UTF8StringTest { String input = StringTestUtil.PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -109,13 +109,13 @@ public class UTF8StringTest { public void testEncodingNonPrintableCharacters() throws Exception { String string = StringTestUtil.NON_PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -126,12 +126,12 @@ public class UTF8StringTest { String input = StringTestUtil.NON_PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -140,13 +140,13 @@ public class UTF8StringTest { public void testEncodingControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -157,12 +157,12 @@ public class UTF8StringTest { String input = StringTestUtil.CONTROL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -171,13 +171,13 @@ public class UTF8StringTest { public void testEncodingMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -188,12 +188,12 @@ public class UTF8StringTest { String input = StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -204,25 +204,27 @@ public class UTF8StringTest { System.out.println("Encoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS + - StringTestUtil.MULTIBYTE_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS + + StringTestUtil.MULTIBYTE_CHARS; long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + JSSUtil.encode(tag, string); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + StringTestUtil.encode(tag, string); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } @@ -232,27 +234,29 @@ public class UTF8StringTest { System.out.println("Decoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS + - StringTestUtil.MULTIBYTE_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS + + StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(tag, string); long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + JSSUtil.decode(tag, data); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + StringTestUtil.decode(tag, data); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } } diff --git a/pki/base/util/test/com/netscape/security/util/UniversalStringTest.java b/pki/base/util/test/com/netscape/security/util/UniversalStringTest.java index 53d45920..5f09f1f8 100644 --- a/pki/base/util/test/com/netscape/security/util/UniversalStringTest.java +++ b/pki/base/util/test/com/netscape/security/util/UniversalStringTest.java @@ -13,13 +13,13 @@ public class UniversalStringTest { public void testEncodingEmptyString() throws Exception { String string = ""; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -30,12 +30,12 @@ public class UniversalStringTest { String input = ""; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -44,16 +44,16 @@ public class UniversalStringTest { public void testEncodingNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -64,12 +64,12 @@ public class UniversalStringTest { String input = StringTestUtil.NULL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -78,13 +78,13 @@ public class UniversalStringTest { public void testEncodingPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -95,12 +95,12 @@ public class UniversalStringTest { String input = StringTestUtil.PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -109,13 +109,13 @@ public class UniversalStringTest { public void testEncodingNonPrintableCharacters() throws Exception { String string = StringTestUtil.NON_PRINTABLE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -126,12 +126,12 @@ public class UniversalStringTest { String input = StringTestUtil.NON_PRINTABLE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+input+"]"); + System.out.println(" - expected: [" + input + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+output+"]"); + System.out.println(" - actual : [" + output + "]"); Assert.assertEquals(input, output); } @@ -140,13 +140,13 @@ public class UniversalStringTest { public void testEncodingControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Encoding: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Encoding: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -157,12 +157,12 @@ public class UniversalStringTest { String input = StringTestUtil.CONTROL_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -171,13 +171,13 @@ public class UniversalStringTest { public void testEncodingMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Encoding: ["+string+"]"); + System.out.println("Encoding: [" + string + "]"); byte[] expected = JSSUtil.encode(tag, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = StringTestUtil.encode(tag, string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -188,12 +188,12 @@ public class UniversalStringTest { String input = StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(tag, input); - System.out.println("Decoding: ["+StringTestUtil.toString(data)+"]"); + System.out.println("Decoding: [" + StringTestUtil.toString(data) + "]"); - System.out.println(" - expected: ["+StringTestUtil.toString(input.getBytes())+"]"); + System.out.println(" - expected: [" + StringTestUtil.toString(input.getBytes()) + "]"); String output = StringTestUtil.decode(tag, data); - System.out.println(" - actual : ["+StringTestUtil.toString(output.getBytes())+"]"); + System.out.println(" - actual : [" + StringTestUtil.toString(output.getBytes()) + "]"); Assert.assertEquals(input, output); } @@ -204,25 +204,27 @@ public class UniversalStringTest { System.out.println("Encoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS + - StringTestUtil.MULTIBYTE_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS + + StringTestUtil.MULTIBYTE_CHARS; long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + JSSUtil.encode(tag, string); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.encode(tag, string); + for (int i = 0; i < 10000; i++) + StringTestUtil.encode(tag, string); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } @@ -232,27 +234,29 @@ public class UniversalStringTest { System.out.println("Decoding time:"); String string = StringTestUtil.NULL_CHARS + - StringTestUtil.PRINTABLE_CHARS + - StringTestUtil.NON_PRINTABLE_CHARS + - StringTestUtil.CONTROL_CHARS + - StringTestUtil.MULTIBYTE_CHARS; + StringTestUtil.PRINTABLE_CHARS + + StringTestUtil.NON_PRINTABLE_CHARS + + StringTestUtil.CONTROL_CHARS + + StringTestUtil.MULTIBYTE_CHARS; byte[] data = JSSUtil.encode(tag, string); long t0 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) JSSUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + JSSUtil.decode(tag, data); long t1 = System.currentTimeMillis(); - for (int i=0; i<10000; i++) StringTestUtil.decode(tag, data); + for (int i = 0; i < 10000; i++) + StringTestUtil.decode(tag, data); long t2 = System.currentTimeMillis(); long time1 = t1 - t0; long time2 = t2 - t1; - System.out.println(" - JSS : "+time1+" ms"); + System.out.println(" - JSS : " + time1 + " ms"); System.out.println(" - Internal: " + time2 + " ms"); } } diff --git a/pki/base/util/test/com/netscape/security/x509/DirStrConverterTest.java b/pki/base/util/test/com/netscape/security/x509/DirStrConverterTest.java index 2abf0571..0549dec9 100644 --- a/pki/base/util/test/com/netscape/security/x509/DirStrConverterTest.java +++ b/pki/base/util/test/com/netscape/security/x509/DirStrConverterTest.java @@ -15,13 +15,13 @@ public class DirStrConverterTest { public void testEmptyString() throws Exception { String string = ""; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_PrintableString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new DirStrConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -30,13 +30,13 @@ public class DirStrConverterTest { public void testNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Converting: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Converting: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_T61String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new DirStrConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -45,13 +45,13 @@ public class DirStrConverterTest { public void testPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_PrintableString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new DirStrConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -60,13 +60,13 @@ public class DirStrConverterTest { public void testControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Converting: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Converting: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_T61String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new DirStrConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -75,13 +75,13 @@ public class DirStrConverterTest { public void testMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_UniversalString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new DirStrConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -90,15 +90,15 @@ public class DirStrConverterTest { public void testPrintableCharactersWithTags() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_IA5String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new DirStrConverter(), string, new byte[] { - DerValue.tag_IA5String, DerValue.tag_UTF8String + DerValue.tag_IA5String, DerValue.tag_UTF8String }); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -107,15 +107,15 @@ public class DirStrConverterTest { public void testMultibyteCharactersWithTags() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_UTF8String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new DirStrConverter(), string, new byte[] { - DerValue.tag_IA5String, DerValue.tag_UTF8String + DerValue.tag_IA5String, DerValue.tag_UTF8String }); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } diff --git a/pki/base/util/test/com/netscape/security/x509/GenericValueConverterTest.java b/pki/base/util/test/com/netscape/security/x509/GenericValueConverterTest.java index 1962d1bf..46ea86cc 100644 --- a/pki/base/util/test/com/netscape/security/x509/GenericValueConverterTest.java +++ b/pki/base/util/test/com/netscape/security/x509/GenericValueConverterTest.java @@ -15,13 +15,13 @@ public class GenericValueConverterTest { public void testEmptyString() throws Exception { String string = ""; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_PrintableString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new GenericValueConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -30,13 +30,13 @@ public class GenericValueConverterTest { public void testNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Converting: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Converting: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_IA5String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new GenericValueConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -45,13 +45,13 @@ public class GenericValueConverterTest { public void testPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_PrintableString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new GenericValueConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -60,13 +60,13 @@ public class GenericValueConverterTest { public void testControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Converting: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Converting: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_IA5String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new GenericValueConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -75,16 +75,16 @@ public class GenericValueConverterTest { public void testMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_BMPString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new GenericValueConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); actual = StringTestUtil.normalizeUnicode(actual); - System.out.println(" - norm. : "+StringTestUtil.toString(actual)); + System.out.println(" - norm. : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -93,15 +93,15 @@ public class GenericValueConverterTest { public void testPrintableCharactersWithTags() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_T61String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new GenericValueConverter(), string, new byte[] { - DerValue.tag_T61String, DerValue.tag_UniversalString + DerValue.tag_T61String, DerValue.tag_UniversalString }); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -110,15 +110,15 @@ public class GenericValueConverterTest { public void testMultibyteCharactersWithTags() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_UniversalString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new GenericValueConverter(), string, new byte[] { - DerValue.tag_T61String, DerValue.tag_UniversalString + DerValue.tag_T61String, DerValue.tag_UniversalString }); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } diff --git a/pki/base/util/test/com/netscape/security/x509/IA5StringConverterTest.java b/pki/base/util/test/com/netscape/security/x509/IA5StringConverterTest.java index a7361ccb..ba99218a 100644 --- a/pki/base/util/test/com/netscape/security/x509/IA5StringConverterTest.java +++ b/pki/base/util/test/com/netscape/security/x509/IA5StringConverterTest.java @@ -15,13 +15,13 @@ public class IA5StringConverterTest { public void testEmptyString() throws Exception { String string = ""; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_IA5String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new IA5StringConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -30,13 +30,13 @@ public class IA5StringConverterTest { public void testNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Converting: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Converting: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_IA5String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new IA5StringConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -45,13 +45,13 @@ public class IA5StringConverterTest { public void testPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_IA5String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new IA5StringConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -60,13 +60,13 @@ public class IA5StringConverterTest { public void testControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Converting: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Converting: [" + StringTestUtil.toString(string.getBytes()) + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_IA5String, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new IA5StringConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -75,18 +75,18 @@ public class IA5StringConverterTest { public void testMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); System.out.println(" - expected: IllegalArgumentException"); try { byte[] actual = ConverterTestUtil.convert(new IA5StringConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IllegalArgumentException); } } diff --git a/pki/base/util/test/com/netscape/security/x509/PrintableConverterTest.java b/pki/base/util/test/com/netscape/security/x509/PrintableConverterTest.java index e85d1182..a7acc9c9 100644 --- a/pki/base/util/test/com/netscape/security/x509/PrintableConverterTest.java +++ b/pki/base/util/test/com/netscape/security/x509/PrintableConverterTest.java @@ -15,13 +15,13 @@ public class PrintableConverterTest { public void testEmptyString() throws Exception { String string = ""; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_PrintableString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new PrintableConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -30,18 +30,18 @@ public class PrintableConverterTest { public void testNullCharacters() throws Exception { String string = StringTestUtil.NULL_CHARS; - System.out.println("Converting: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Converting: [" + StringTestUtil.toString(string.getBytes()) + "]"); System.out.println(" - expected: IllegalArgumentException"); try { byte[] actual = ConverterTestUtil.convert(new PrintableConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IllegalArgumentException); } } @@ -50,13 +50,13 @@ public class PrintableConverterTest { public void testPrintableCharacters() throws Exception { String string = StringTestUtil.PRINTABLE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); byte[] expected = JSSUtil.encode(DerValue.tag_PrintableString, string); - System.out.println(" - expected: "+StringTestUtil.toString(expected)); + System.out.println(" - expected: " + StringTestUtil.toString(expected)); byte[] actual = ConverterTestUtil.convert(new PrintableConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.assertArrayEquals(expected, actual); } @@ -65,18 +65,18 @@ public class PrintableConverterTest { public void testControlCharacters() throws Exception { String string = StringTestUtil.CONTROL_CHARS; - System.out.println("Converting: ["+StringTestUtil.toString(string.getBytes())+"]"); + System.out.println("Converting: [" + StringTestUtil.toString(string.getBytes()) + "]"); System.out.println(" - expected: IllegalArgumentException"); try { byte[] actual = ConverterTestUtil.convert(new PrintableConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IllegalArgumentException); } } @@ -85,18 +85,18 @@ public class PrintableConverterTest { public void testMultibyteCharacters() throws Exception { String string = StringTestUtil.MULTIBYTE_CHARS; - System.out.println("Converting: ["+string+"]"); + System.out.println("Converting: [" + string + "]"); System.out.println(" - expected: IllegalArgumentException"); try { byte[] actual = ConverterTestUtil.convert(new PrintableConverter(), string); - System.out.println(" - actual : "+StringTestUtil.toString(actual)); + System.out.println(" - actual : " + StringTestUtil.toString(actual)); Assert.fail(); } catch (Exception e) { - System.out.println(" - actual : "+e.getClass().getSimpleName()); + System.out.println(" - actual : " + e.getClass().getSimpleName()); Assert.assertTrue(e instanceof IllegalArgumentException); } } |