+2005-02-16 Mark Wielaard <mark@klomp.org>
+
+ * Makefile.am (ordinary_java_source_files): Add new files
+ gnu/java/security/ber/BER.java,
+ gnu/java/security/ber/BEREncodingException.java,
+ gnu/java/security/ber/BERReader.java,
+ gnu/java/security/ber/BERValue.java,
+ gnu/java/security/pkcs/PKCS7SignedData.java and
+ gnu/java/security/pkcs/SignerInfo.java.
+ * Makefile.in: Regenerated.
+
+2005-02-16 Casey Marshall <csm@gnu.org>
+
+ * gnu/java/security/provider/GnuDSAPrivateKey.java
+ (encodedKey): new field.
+ (getFormat): return "PKCS#8".
+ (getEncoded): implemented.
+ (toString): check for 'null' values.
+ * gnu/java/security/provider/GnuDSAPublicKey.java
+ (encodedKey): new field.
+ (getFormat): return "X.509".
+ (getEncoded): implemented.
+ (toString): check for 'null' values.
+
+2005-02-16 Michael Koch <konqueror@gmx.de>
+
+ * java/util/jar/JarFile.java: Imports reworked.
+
+2005-02-16 Mark Wielaard <mark@klomp.org>
+
+ * java/util/jar/JarFile.java (verify): Make package private.
+ (signaturesRead): Likewise.
+ (verified): Likewise.
+ (entryCerts): Likewise.
+ (DEBUG): Likewise.
+ (debug): Likewise.
+ (entries): Construct new JarEnumeration with reference to this.
+ (JarEnumeration): Make static.
+ (JarEnumeration.jarfile): New field.
+ (JarEnumeration.nextElement): Use and synchronize on jarfile.
+ Compare verified value to Boolean.TRUE or Boolean.False only
+ when verify is true.
+ (getEntry): Make synchronized. Compare value of verified to
+ Boolean.TRUE.
+ (getInputStream): Construct EntryInputStream with reference to this.
+ (getManifest): Make synchronized.
+ (EntryInputStream): Make static.
+ (EntryInputStream.jarfile): New field.
+ (EntryInputStream.EntryInputStream): Check if manifest exists,
+ before getting attributes.
+ (eof): Synchronize on jarfile.
+
+2005-02-16 Casey Marshall <csm@gnu.org>
+
+ * java/util/jar/JarFile.java (verify): return if the jar is signed
+ with an unsupported algorithm.
+
+2005-02-16 Mark Wielaard <mark@klomp.org>
+
+ * java/util/jar/JarFile.java (EntryInputStream): Add actual
+ InputStream as argument.
+ (getInputStream): Construct a new EntryInputStream with the result of
+ super.getInputStream(entry).
+
+2005-02-16 Casey Marshall <csm@gnu.org>
+
+ Signed JAR file support.
+ * java/net/URLClassLoader.java
+ (JarURLResource.getCertificates): re-read jar entry to ensure
+ certificates are picked up.
+ (findClass): fill in class `signers' field, too.
+ * java/util/jar/JarFile.java (META_INF): new constant.
+ (PKCS7_DSA_SUFFIX): new constant.
+ (PKCS7_RSA_SUFFIX): new constant.
+ (DIGEST_KEY_SUFFIX): new constant.
+ (SF_SUFFIX): new constant.
+ (MD2_OID): new constant.
+ (MD4_OID): new constant.
+ (MD5_OID): new constant.
+ (SHA1_OID): new constant.
+ (DSA_ENCRYPTION_OID): new constant.
+ (RSA_ENCRYPTION_OID): new constant.
+ (signaturesRead): new field.
+ (verified): new field.
+ (entryCerts): new field.
+ (DEBUG): new constant.
+ (debug): new method.
+ (JarEnumeration.nextElement): fill in entry certificates, read
+ signatures if they haven't been read.
+ (getEntry): likewise.
+ (getInputStream): verify stream if it hasn't been verified yet.
+ (readSignatures): new method.
+ (verify): new method.
+ (verifyHashes): new method.
+ (readManifestEntry): new method.
+ (EntryInputStream): new class.
+ * gnu/java/io/Base64InputStream.java (decode): new class
+ method.
+ * gnu/java/security/der/DERReader.java don't make class
+ final.
+ (in): made protected.
+ (encBuf): likewise.
+ (readLength): likewise.
+ * gnu/java/security/ber/BER.java,
+ * gnu/java/security/ber/BEREncodingException.java,
+ * gnu/java/security/ber/BERReader.java,
+ * gnu/java/security/ber/BERValue.java,
+ * gnu/java/security/pkcs/PKCS7SignedData.java,
+ * gnu/java/security/pkcs/SignerInfo.java:
+ new files.
+
2005-02-16 Tom Tromey <tromey@redhat.com>
* gnu/gcj/runtime/SharedLibHelper.java (findHelper): Delete
gnu/java/security/action/GetPropertyAction.java \
gnu/java/security/action/GetSecurityPropertyAction.java \
gnu/java/security/action/SetAccessibleAction.java \
+gnu/java/security/ber/BER.java \
+gnu/java/security/ber/BEREncodingException.java \
+gnu/java/security/ber/BERReader.java \
+gnu/java/security/ber/BERValue.java \
gnu/java/security/der/BitString.java \
gnu/java/security/der/DER.java \
gnu/java/security/der/DEREncodingException.java \
gnu/java/security/der/DERReader.java \
gnu/java/security/der/DERValue.java \
gnu/java/security/der/DERWriter.java \
+gnu/java/security/pkcs/PKCS7SignedData.java \
+gnu/java/security/pkcs/SignerInfo.java \
gnu/java/security/provider/CollectionCertStoreImpl.java \
gnu/java/security/provider/DSAKeyFactory.java \
gnu/java/security/provider/DSAKeyPairGenerator.java \
gnu/java/security/action/GetPropertyAction.java \
gnu/java/security/action/GetSecurityPropertyAction.java \
gnu/java/security/action/SetAccessibleAction.java \
+ gnu/java/security/ber/BER.java \
+ gnu/java/security/ber/BEREncodingException.java \
+ gnu/java/security/ber/BERReader.java \
+ gnu/java/security/ber/BERValue.java \
gnu/java/security/der/BitString.java \
gnu/java/security/der/DER.java \
gnu/java/security/der/DEREncodingException.java \
gnu/java/security/der/DERReader.java \
gnu/java/security/der/DERValue.java \
gnu/java/security/der/DERWriter.java \
+ gnu/java/security/pkcs/PKCS7SignedData.java \
+ gnu/java/security/pkcs/SignerInfo.java \
gnu/java/security/provider/CollectionCertStoreImpl.java \
gnu/java/security/provider/DSAKeyFactory.java \
gnu/java/security/provider/DSAKeyPairGenerator.java \
gnu/java/security/action/GetPropertyAction.lo \
gnu/java/security/action/GetSecurityPropertyAction.lo \
gnu/java/security/action/SetAccessibleAction.lo \
+ gnu/java/security/ber/BER.lo \
+ gnu/java/security/ber/BEREncodingException.lo \
+ gnu/java/security/ber/BERReader.lo \
+ gnu/java/security/ber/BERValue.lo \
gnu/java/security/der/BitString.lo \
gnu/java/security/der/DER.lo \
gnu/java/security/der/DEREncodingException.lo \
gnu/java/security/der/DERReader.lo \
gnu/java/security/der/DERValue.lo \
gnu/java/security/der/DERWriter.lo \
+ gnu/java/security/pkcs/PKCS7SignedData.lo \
+ gnu/java/security/pkcs/SignerInfo.lo \
gnu/java/security/provider/CollectionCertStoreImpl.lo \
gnu/java/security/provider/DSAKeyFactory.lo \
gnu/java/security/provider/DSAKeyPairGenerator.lo \
gnu/java/security/action/GetPropertyAction.java \
gnu/java/security/action/GetSecurityPropertyAction.java \
gnu/java/security/action/SetAccessibleAction.java \
+gnu/java/security/ber/BER.java \
+gnu/java/security/ber/BEREncodingException.java \
+gnu/java/security/ber/BERReader.java \
+gnu/java/security/ber/BERValue.java \
gnu/java/security/der/BitString.java \
gnu/java/security/der/DER.java \
gnu/java/security/der/DEREncodingException.java \
gnu/java/security/der/DERReader.java \
gnu/java/security/der/DERValue.java \
gnu/java/security/der/DERWriter.java \
+gnu/java/security/pkcs/PKCS7SignedData.java \
+gnu/java/security/pkcs/SignerInfo.java \
gnu/java/security/provider/CollectionCertStoreImpl.java \
gnu/java/security/provider/DSAKeyFactory.java \
gnu/java/security/provider/DSAKeyPairGenerator.java \
gnu/java/security/action/SetAccessibleAction.lo: \
gnu/java/security/action/$(am__dirstamp) \
gnu/java/security/action/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/ber/$(am__dirstamp):
+ @$(mkdir_p) gnu/java/security/ber
+ @: > gnu/java/security/ber/$(am__dirstamp)
+gnu/java/security/ber/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) gnu/java/security/ber/$(DEPDIR)
+ @: > gnu/java/security/ber/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/ber/BER.lo: gnu/java/security/ber/$(am__dirstamp) \
+ gnu/java/security/ber/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/ber/BEREncodingException.lo: \
+ gnu/java/security/ber/$(am__dirstamp) \
+ gnu/java/security/ber/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/ber/BERReader.lo: \
+ gnu/java/security/ber/$(am__dirstamp) \
+ gnu/java/security/ber/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/ber/BERValue.lo: \
+ gnu/java/security/ber/$(am__dirstamp) \
+ gnu/java/security/ber/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/der/$(am__dirstamp):
@$(mkdir_p) gnu/java/security/der
@: > gnu/java/security/der/$(am__dirstamp)
gnu/java/security/der/DERWriter.lo: \
gnu/java/security/der/$(am__dirstamp) \
gnu/java/security/der/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/pkcs/$(am__dirstamp):
+ @$(mkdir_p) gnu/java/security/pkcs
+ @: > gnu/java/security/pkcs/$(am__dirstamp)
+gnu/java/security/pkcs/$(DEPDIR)/$(am__dirstamp):
+ @$(mkdir_p) gnu/java/security/pkcs/$(DEPDIR)
+ @: > gnu/java/security/pkcs/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/pkcs/PKCS7SignedData.lo: \
+ gnu/java/security/pkcs/$(am__dirstamp) \
+ gnu/java/security/pkcs/$(DEPDIR)/$(am__dirstamp)
+gnu/java/security/pkcs/SignerInfo.lo: \
+ gnu/java/security/pkcs/$(am__dirstamp) \
+ gnu/java/security/pkcs/$(DEPDIR)/$(am__dirstamp)
gnu/java/security/provider/$(am__dirstamp):
@$(mkdir_p) gnu/java/security/provider
@: > gnu/java/security/provider/$(am__dirstamp)
-rm -f gnu/java/security/action/GetSecurityPropertyAction.lo
-rm -f gnu/java/security/action/SetAccessibleAction.$(OBJEXT)
-rm -f gnu/java/security/action/SetAccessibleAction.lo
+ -rm -f gnu/java/security/ber/BER.$(OBJEXT)
+ -rm -f gnu/java/security/ber/BER.lo
+ -rm -f gnu/java/security/ber/BEREncodingException.$(OBJEXT)
+ -rm -f gnu/java/security/ber/BEREncodingException.lo
+ -rm -f gnu/java/security/ber/BERReader.$(OBJEXT)
+ -rm -f gnu/java/security/ber/BERReader.lo
+ -rm -f gnu/java/security/ber/BERValue.$(OBJEXT)
+ -rm -f gnu/java/security/ber/BERValue.lo
-rm -f gnu/java/security/der/BitString.$(OBJEXT)
-rm -f gnu/java/security/der/BitString.lo
-rm -f gnu/java/security/der/DER.$(OBJEXT)
-rm -f gnu/java/security/der/DERValue.lo
-rm -f gnu/java/security/der/DERWriter.$(OBJEXT)
-rm -f gnu/java/security/der/DERWriter.lo
+ -rm -f gnu/java/security/pkcs/PKCS7SignedData.$(OBJEXT)
+ -rm -f gnu/java/security/pkcs/PKCS7SignedData.lo
+ -rm -f gnu/java/security/pkcs/SignerInfo.$(OBJEXT)
+ -rm -f gnu/java/security/pkcs/SignerInfo.lo
-rm -f gnu/java/security/provider/CollectionCertStoreImpl.$(OBJEXT)
-rm -f gnu/java/security/provider/CollectionCertStoreImpl.lo
-rm -f gnu/java/security/provider/DSAKeyFactory.$(OBJEXT)
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/action/$(DEPDIR)/GetPropertyAction.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/action/$(DEPDIR)/GetSecurityPropertyAction.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/action/$(DEPDIR)/SetAccessibleAction.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/ber/$(DEPDIR)/BER.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/ber/$(DEPDIR)/BEREncodingException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/ber/$(DEPDIR)/BERReader.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/ber/$(DEPDIR)/BERValue.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/BitString.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/DER.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/DEREncodingException.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/DERReader.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/DERValue.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/der/$(DEPDIR)/DERWriter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/pkcs/$(DEPDIR)/PKCS7SignedData.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/pkcs/$(DEPDIR)/SignerInfo.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/CollectionCertStoreImpl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/DSAKeyFactory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@gnu/java/security/provider/$(DEPDIR)/DSAKeyPairGenerator.Plo@am__quote@
-rm -rf gnu/java/rmi/server/.libs gnu/java/rmi/server/_libs
-rm -rf gnu/java/security/.libs gnu/java/security/_libs
-rm -rf gnu/java/security/action/.libs gnu/java/security/action/_libs
+ -rm -rf gnu/java/security/ber/.libs gnu/java/security/ber/_libs
-rm -rf gnu/java/security/der/.libs gnu/java/security/der/_libs
+ -rm -rf gnu/java/security/pkcs/.libs gnu/java/security/pkcs/_libs
-rm -rf gnu/java/security/provider/.libs gnu/java/security/provider/_libs
-rm -rf gnu/java/security/util/.libs gnu/java/security/util/_libs
-rm -rf gnu/java/security/x509/.libs gnu/java/security/x509/_libs
-rm -f gnu/java/security/$(am__dirstamp)
-rm -f gnu/java/security/action/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/java/security/action/$(am__dirstamp)
+ -rm -f gnu/java/security/ber/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/security/ber/$(am__dirstamp)
-rm -f gnu/java/security/der/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/java/security/der/$(am__dirstamp)
+ -rm -f gnu/java/security/pkcs/$(DEPDIR)/$(am__dirstamp)
+ -rm -f gnu/java/security/pkcs/$(am__dirstamp)
-rm -f gnu/java/security/provider/$(DEPDIR)/$(am__dirstamp)
-rm -f gnu/java/security/provider/$(am__dirstamp)
-rm -f gnu/java/security/util/$(DEPDIR)/$(am__dirstamp)
distclean: distclean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
- -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/tools/gcj_dbtool/$(DEPDIR) gnu/gcj/util/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/color/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/http/event/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/security/x509/ext/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) gnu/xml/aelfred2/$(DEPDIR) gnu/xml/dom/$(DEPDIR) gnu/xml/dom/ls/$(DEPDIR) gnu/xml/pipeline/$(DEPDIR) gnu/xml/transform/$(DEPDIR) gnu/xml/util/$(DEPDIR) gnu/xml/xpath/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/metadata/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/spi/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) javax/xml/$(DEPDIR) javax/xml/datatype/$(DEPDIR) javax/xml/namespace/$(DEPDIR) javax/xml/parsers/$(DEPDIR) javax/xml/transform/$(DEPDIR) javax/xml/transform/dom/$(DEPDIR) javax/xml/transform/sax/$(DEPDIR) javax/xml/transform/stream/$(DEPDIR) javax/xml/validation/$(DEPDIR) javax/xml/xpath/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) sysdep/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/tools/gcj_dbtool/$(DEPDIR) gnu/gcj/util/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/color/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/http/event/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/ber/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/pkcs/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/security/x509/ext/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) gnu/xml/aelfred2/$(DEPDIR) gnu/xml/dom/$(DEPDIR) gnu/xml/dom/ls/$(DEPDIR) gnu/xml/pipeline/$(DEPDIR) gnu/xml/transform/$(DEPDIR) gnu/xml/util/$(DEPDIR) gnu/xml/xpath/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/metadata/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/spi/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) javax/xml/$(DEPDIR) javax/xml/datatype/$(DEPDIR) javax/xml/namespace/$(DEPDIR) javax/xml/parsers/$(DEPDIR) javax/xml/transform/$(DEPDIR) javax/xml/transform/dom/$(DEPDIR) javax/xml/transform/sax/$(DEPDIR) javax/xml/transform/stream/$(DEPDIR) javax/xml/validation/$(DEPDIR) javax/xml/xpath/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) sysdep/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-libtool distclean-local distclean-tags
maintainer-clean: maintainer-clean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -rf $(top_srcdir)/autom4te.cache
- -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/tools/gcj_dbtool/$(DEPDIR) gnu/gcj/util/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/color/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/http/event/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/security/x509/ext/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) gnu/xml/aelfred2/$(DEPDIR) gnu/xml/dom/$(DEPDIR) gnu/xml/dom/ls/$(DEPDIR) gnu/xml/pipeline/$(DEPDIR) gnu/xml/transform/$(DEPDIR) gnu/xml/util/$(DEPDIR) gnu/xml/xpath/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/metadata/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/spi/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) javax/xml/$(DEPDIR) javax/xml/datatype/$(DEPDIR) javax/xml/namespace/$(DEPDIR) javax/xml/parsers/$(DEPDIR) javax/xml/transform/$(DEPDIR) javax/xml/transform/dom/$(DEPDIR) javax/xml/transform/sax/$(DEPDIR) javax/xml/transform/stream/$(DEPDIR) javax/xml/validation/$(DEPDIR) javax/xml/xpath/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) sysdep/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) gnu/awt/$(DEPDIR) gnu/awt/j2d/$(DEPDIR) gnu/awt/xlib/$(DEPDIR) gnu/classpath/$(DEPDIR) gnu/gcj/$(DEPDIR) gnu/gcj/convert/$(DEPDIR) gnu/gcj/io/$(DEPDIR) gnu/gcj/runtime/$(DEPDIR) gnu/gcj/tools/gcj_dbtool/$(DEPDIR) gnu/gcj/util/$(DEPDIR) gnu/gcj/xlib/$(DEPDIR) gnu/java/awt/$(DEPDIR) gnu/java/awt/color/$(DEPDIR) gnu/java/awt/image/$(DEPDIR) gnu/java/awt/peer/$(DEPDIR) gnu/java/awt/peer/gtk/$(DEPDIR) gnu/java/beans/$(DEPDIR) gnu/java/beans/editors/$(DEPDIR) gnu/java/beans/info/$(DEPDIR) gnu/java/io/$(DEPDIR) gnu/java/lang/$(DEPDIR) gnu/java/lang/reflect/$(DEPDIR) gnu/java/locale/$(DEPDIR) gnu/java/math/$(DEPDIR) gnu/java/net/$(DEPDIR) gnu/java/net/protocol/core/$(DEPDIR) gnu/java/net/protocol/file/$(DEPDIR) gnu/java/net/protocol/gcjlib/$(DEPDIR) gnu/java/net/protocol/http/$(DEPDIR) gnu/java/net/protocol/http/event/$(DEPDIR) gnu/java/net/protocol/jar/$(DEPDIR) gnu/java/nio/$(DEPDIR) gnu/java/nio/channels/$(DEPDIR) gnu/java/nio/charset/$(DEPDIR) gnu/java/rmi/$(DEPDIR) gnu/java/rmi/dgc/$(DEPDIR) gnu/java/rmi/registry/$(DEPDIR) gnu/java/rmi/rmic/$(DEPDIR) gnu/java/rmi/server/$(DEPDIR) gnu/java/security/$(DEPDIR) gnu/java/security/action/$(DEPDIR) gnu/java/security/ber/$(DEPDIR) gnu/java/security/der/$(DEPDIR) gnu/java/security/pkcs/$(DEPDIR) gnu/java/security/provider/$(DEPDIR) gnu/java/security/util/$(DEPDIR) gnu/java/security/x509/$(DEPDIR) gnu/java/security/x509/ext/$(DEPDIR) gnu/java/text/$(DEPDIR) gnu/java/util/$(DEPDIR) gnu/java/util/prefs/$(DEPDIR) gnu/regexp/$(DEPDIR) gnu/xml/aelfred2/$(DEPDIR) gnu/xml/dom/$(DEPDIR) gnu/xml/dom/ls/$(DEPDIR) gnu/xml/pipeline/$(DEPDIR) gnu/xml/transform/$(DEPDIR) gnu/xml/util/$(DEPDIR) gnu/xml/xpath/$(DEPDIR) java/applet/$(DEPDIR) java/awt/$(DEPDIR) java/awt/color/$(DEPDIR) java/awt/datatransfer/$(DEPDIR) java/awt/dnd/$(DEPDIR) java/awt/dnd/peer/$(DEPDIR) java/awt/event/$(DEPDIR) java/awt/font/$(DEPDIR) java/awt/geom/$(DEPDIR) java/awt/im/$(DEPDIR) java/awt/im/spi/$(DEPDIR) java/awt/image/$(DEPDIR) java/awt/image/renderable/$(DEPDIR) java/awt/peer/$(DEPDIR) java/awt/print/$(DEPDIR) java/beans/$(DEPDIR) java/beans/beancontext/$(DEPDIR) java/io/$(DEPDIR) java/lang/$(DEPDIR) java/lang/ref/$(DEPDIR) java/lang/reflect/$(DEPDIR) java/math/$(DEPDIR) java/net/$(DEPDIR) java/nio/$(DEPDIR) java/nio/channels/$(DEPDIR) java/nio/channels/spi/$(DEPDIR) java/nio/charset/$(DEPDIR) java/nio/charset/spi/$(DEPDIR) java/rmi/$(DEPDIR) java/rmi/activation/$(DEPDIR) java/rmi/dgc/$(DEPDIR) java/rmi/registry/$(DEPDIR) java/rmi/server/$(DEPDIR) java/security/$(DEPDIR) java/security/acl/$(DEPDIR) java/security/cert/$(DEPDIR) java/security/interfaces/$(DEPDIR) java/security/spec/$(DEPDIR) java/sql/$(DEPDIR) java/text/$(DEPDIR) java/util/$(DEPDIR) java/util/jar/$(DEPDIR) java/util/logging/$(DEPDIR) java/util/prefs/$(DEPDIR) java/util/regex/$(DEPDIR) java/util/zip/$(DEPDIR) javax/accessibility/$(DEPDIR) javax/crypto/$(DEPDIR) javax/crypto/interfaces/$(DEPDIR) javax/crypto/spec/$(DEPDIR) javax/imageio/$(DEPDIR) javax/imageio/event/$(DEPDIR) javax/imageio/metadata/$(DEPDIR) javax/imageio/spi/$(DEPDIR) javax/imageio/stream/$(DEPDIR) javax/naming/$(DEPDIR) javax/naming/directory/$(DEPDIR) javax/naming/event/$(DEPDIR) javax/naming/ldap/$(DEPDIR) javax/naming/spi/$(DEPDIR) javax/net/$(DEPDIR) javax/net/ssl/$(DEPDIR) javax/print/$(DEPDIR) javax/print/attribute/$(DEPDIR) javax/print/attribute/standard/$(DEPDIR) javax/print/event/$(DEPDIR) javax/security/auth/$(DEPDIR) javax/security/auth/callback/$(DEPDIR) javax/security/auth/login/$(DEPDIR) javax/security/auth/spi/$(DEPDIR) javax/security/auth/x500/$(DEPDIR) javax/security/cert/$(DEPDIR) javax/security/sasl/$(DEPDIR) javax/sql/$(DEPDIR) javax/swing/$(DEPDIR) javax/swing/border/$(DEPDIR) javax/swing/colorchooser/$(DEPDIR) javax/swing/event/$(DEPDIR) javax/swing/filechooser/$(DEPDIR) javax/swing/plaf/$(DEPDIR) javax/swing/plaf/basic/$(DEPDIR) javax/swing/plaf/metal/$(DEPDIR) javax/swing/table/$(DEPDIR) javax/swing/text/$(DEPDIR) javax/swing/text/html/$(DEPDIR) javax/swing/text/html/parser/$(DEPDIR) javax/swing/tree/$(DEPDIR) javax/swing/undo/$(DEPDIR) javax/transaction/$(DEPDIR) javax/transaction/xa/$(DEPDIR) javax/xml/$(DEPDIR) javax/xml/datatype/$(DEPDIR) javax/xml/namespace/$(DEPDIR) javax/xml/parsers/$(DEPDIR) javax/xml/transform/$(DEPDIR) javax/xml/transform/dom/$(DEPDIR) javax/xml/transform/sax/$(DEPDIR) javax/xml/transform/stream/$(DEPDIR) javax/xml/validation/$(DEPDIR) javax/xml/xpath/$(DEPDIR) jni/classpath/$(DEPDIR) jni/gtk-peer/$(DEPDIR) org/ietf/jgss/$(DEPDIR) sysdep/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
/* Base64InputStream.java -- base-64 input stream.
- Copyright (C) 2003 Free Software Foundation, Inc.
+ Copyright (C) 2003, 2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
package gnu.java.io;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
eof = false;
}
+ // Class method.
+ // ------------------------------------------------------------------------
+
+ /**
+ * Decode a single Base-64 string to a byte array.
+ *
+ * @param base64 The Base-64 encoded data.
+ * @return The decoded bytes.
+ * @throws IOException If the given data do not compose a valid Base-64
+ * sequence.
+ */
+ public static byte[] decode(String base64) throws IOException
+ {
+ Base64InputStream in =
+ new Base64InputStream(new ByteArrayInputStream(base64.getBytes()));
+ ByteArrayOutputStream out =
+ new ByteArrayOutputStream((int) (base64.length() / 0.666));
+ byte[] buf = new byte[1024];
+ int len;
+ while ((len = in.read(buf)) != -1)
+ out.write(buf, 0, len);
+ return out.toByteArray();
+ }
+
// Instance methods.
// ------------------------------------------------------------------------
--- /dev/null
+/* BER.java -- basic encoding rules (BER) constants.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.ber;
+
+import gnu.java.security.der.DER;
+
+public interface BER extends DER
+{
+ BERValue END_OF_SEQUENCE = new BERValue(0, null);
+}
--- /dev/null
+/* BEREncodingException.java --- BER Encoding Exception
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.ber;
+
+import gnu.java.security.der.DEREncodingException;
+
+public class BEREncodingException extends DEREncodingException
+{
+ public BEREncodingException()
+ {
+ super ();
+ }
+
+ public BEREncodingException (String msg)
+ {
+ super (msg);
+ }
+}
--- /dev/null
+/* BERReader.java -- basic encoding rules (BER) reader.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.ber;
+
+import gnu.java.security.der.DERReader;
+import gnu.java.security.der.DERValue;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+
+public class BERReader extends DERReader implements BER
+{
+
+ /**
+ * Create a new DER reader from a byte array.
+ *
+ * @param in The encoded bytes.
+ */
+ public BERReader(byte[] in)
+ {
+ super(in);
+ }
+
+ public BERReader (byte[] in, int off, int len)
+ {
+ super(in, off, len);
+ }
+
+ /**
+ * Create a new DER readed from an input stream.
+ *
+ * @param in The encoded bytes.
+ */
+ public BERReader(InputStream in)
+ {
+ super(in);
+ }
+
+ public DERValue read() throws IOException
+ {
+ in.mark(2);
+ int tag = in.read();
+ if (tag == -1)
+ throw new EOFException();
+ int length = in.read();
+ if (length == 0)
+ {
+ if (tag == 0)
+ return END_OF_SEQUENCE;
+ return new BERValue(tag, CONSTRUCTED_VALUE, new byte[] { (byte) tag, 0 });
+ }
+ else
+ {
+ in.reset();
+ return super.read();
+ }
+ }
+
+ public int peek() throws IOException
+ {
+ in.mark(1);
+ int ret = in.read();
+ in.reset();
+ return ret;
+ }
+}
--- /dev/null
+/* BERReader.java -- basic encoding rules (BER) value.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.ber;
+
+import gnu.java.security.der.DERValue;
+
+public class BERValue extends DERValue
+{
+
+ private boolean indefinite;
+
+ public BERValue(int tag, Object value, byte[] encoded)
+ {
+ super(tag, 0, value, encoded);
+ indefinite = true;
+ }
+
+ public BERValue(int tag, int length, Object value, byte[] encoded)
+ {
+ super(tag, length, value, encoded);
+ }
+
+ public BERValue(int tag, Object value)
+ {
+ super(tag, 0, value, null);
+ }
+
+ public static boolean isIndefinite(DERValue value)
+ {
+ if (value instanceof BERValue)
+ return ((BERValue) value).getIndefinite();
+ return false;
+ }
+
+ public boolean getIndefinite()
+ {
+ return indefinite;
+ }
+
+ public int getLength()
+ {
+ if (indefinite)
+ return 0;
+ return super.getLength();
+ }
+}
*
* @author Casey Marshall (csm@gnu.org)
*/
-public final class DERReader implements DER
+public class DERReader implements DER
{
// Fields.
// ------------------------------------------------------------------------
- private InputStream in;
+ protected InputStream in;
- private final ByteArrayOutputStream encBuf;
+ protected final ByteArrayOutputStream encBuf;
// Constructor.
// ------------------------------------------------------------------------
return value;
}
+ protected int readLength() throws IOException
+ {
+ int i = in.read();
+ if (i == -1)
+ throw new EOFException();
+ encBuf.write(i);
+ if ((i & ~0x7F) == 0)
+ {
+ return i;
+ }
+ else if (i < 0xFF)
+ {
+ byte[] octets = new byte[i & 0x7F];
+ in.read(octets);
+ encBuf.write(octets);
+ return new BigInteger(1, octets).intValue();
+ }
+ throw new DEREncodingException();
+ }
+
// Own methods.
// ------------------------------------------------------------------------
}
}
- private int readLength() throws IOException
- {
- int i = in.read();
- if (i == -1)
- throw new EOFException();
- encBuf.write(i);
- if ((i & ~0x7F) == 0)
- {
- return i;
- }
- else if (i < 0xFF)
- {
- byte[] octets = new byte[i & 0x7F];
- in.read(octets);
- encBuf.write(octets);
- return new BigInteger(1, octets).intValue();
- }
- throw new DEREncodingException();
- }
-
private static String makeString(int tag, byte[] value)
throws IOException
{
--- /dev/null
+/* PKCS7SignedData.java -- reader for PKCS#7 signedData objects.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.pkcs;
+
+import gnu.java.security.OID;
+import gnu.java.security.ber.BER;
+import gnu.java.security.ber.BEREncodingException;
+import gnu.java.security.ber.BERReader;
+import gnu.java.security.ber.BERValue;
+import gnu.java.security.der.DERValue;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import java.math.BigInteger;
+
+import java.security.cert.CRL;
+import java.security.cert.CRLException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * The SignedData object in PKCS #7. This is a read-only implementation of
+ * this format, and is used to provide signed Jar file support.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class PKCS7SignedData
+{
+
+ public static final OID PKCS7_DATA = new OID("1.2.840.113549.1.7.1");
+ public static final OID PKCS7_SIGNED_DATA = new OID("1.2.840.113549.1.7.2");
+
+ private BigInteger version;
+ private Set digestAlgorithms;
+ private OID contentType;
+ private byte[] content;
+ private Certificate[] certificates;
+ private CRL[] crls;
+ private Set signerInfos;
+
+ private static final boolean DEBUG = false;
+ private static void debug(String msg)
+ {
+ System.err.print("PKCS7SignedData >> ");
+ System.err.println(msg);
+ }
+
+ public PKCS7SignedData(InputStream in)
+ throws CRLException, CertificateException, IOException
+ {
+ this(new BERReader(in));
+ }
+
+ /**
+ * Parse an encoded PKCS#7 SignedData object. The ASN.1 format of this
+ * object is:
+ *
+ * <pre>
+ * SignedData ::= SEQUENCE {
+ * version Version,
+ * digestAlgorithms DigestAlgorithmIdentifiers,
+ * contentInfo ContentInfo,
+ * certificates
+ * [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
+ * crls
+ * [1] IMPLICIT CertificateRevocationLists OPTIONAL,
+ * signerInfos SignerInfos }
+ *
+ * Version ::= INTEGER
+ *
+ * DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+ *
+ * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * ContentInfo ::= SEQUENCE {
+ * contentType ContentType,
+ * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
+ *
+ * ContentType ::= OBJECT IDENTIFIER
+ *
+ * ExtendedCertificatesAndCertificates ::=
+ * SET OF ExtendedCertificatesAndCertificate
+ *
+ * ExtendedCertificatesAndCertificate ::= CHOICE {
+ * certificate Certificate, -- from X.509
+ * extendedCertificate [0] IMPLICIT ExtendedCertificate }
+ *
+ * CertificateRevocationLists ::= SET OF CertificateRevocationList
+ * -- from X.509
+ *
+ * SignerInfos ::= SET OF SignerInfo
+ *
+ * SignerInfo ::= SEQUENCE {
+ * version Version,
+ * issuerAndSerialNumber IssuerAndSerialNumber,
+ * digestAlgorithm DigestAlgorithmIdentifier,
+ * authenticatedAttributes
+ * [0] IMPLICIT Attributes OPTIONAL,
+ * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
+ * encryptedDigest EncryptedDigest,
+ * unauthenticatedAttributes
+ * [1] IMPLICIT Attributes OPTIONAL }
+ *
+ * EncryptedDigest ::= OCTET STRING
+ * </pre>
+ *
+ * <p>(Readers who are confused as to why it takes 40 levels of indirection
+ * to specify "data with a signature", rest assured that the present author
+ * is as confused as you are).</p>
+ */
+ public PKCS7SignedData(BERReader ber)
+ throws CRLException, CertificateException, IOException
+ {
+ CertificateFactory x509 = CertificateFactory.getInstance("X509");
+ DERValue val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed ContentInfo");
+
+ val = ber.read();
+ if (val.getTag() != BER.OBJECT_IDENTIFIER)
+ throw new BEREncodingException("malformed ContentType");
+
+ if (!PKCS7_SIGNED_DATA.equals(val.getValue()))
+ throw new BEREncodingException("content is not SignedData");
+
+ val = ber.read();
+ if (val.getTag() != 0)
+ throw new BEREncodingException("malformed Content");
+
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed SignedData");
+
+ if (DEBUG)
+ debug("SignedData: " + val);
+
+ val = ber.read();
+ if (val.getTag() != BER.INTEGER)
+ throw new BEREncodingException("expecting Version");
+ version = (BigInteger) val.getValue();
+
+ if (DEBUG)
+ debug(" Version: " + version);
+
+ digestAlgorithms = new HashSet();
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed DigestAlgorithmIdentifiers");
+ if (DEBUG)
+ debug(" DigestAlgorithmIdentifiers: " + val);
+ int count = 0;
+ DERValue val2 = ber.read();
+ while (val2 != BER.END_OF_SEQUENCE &&
+ (val.getLength() > 0 && val.getLength() > count))
+ {
+ if (!val2.isConstructed())
+ throw new BEREncodingException("malformed AlgorithmIdentifier");
+ if (DEBUG)
+ debug(" AlgorithmIdentifier: " + val2);
+ count += val2.getEncodedLength();
+ val2 = ber.read();
+ if (val2.getTag() != BER.OBJECT_IDENTIFIER)
+ throw new BEREncodingException("malformed AlgorithmIdentifier");
+ if (DEBUG)
+ debug(" ID: " + val2.getValue());
+ List algId = new ArrayList(2);
+ algId.add(val2.getValue());
+ val2 = ber.read();
+ if (val2 != BER.END_OF_SEQUENCE)
+ {
+ count += val2.getEncodedLength();
+ if (val2.getTag() == BER.NULL)
+ algId.add(null);
+ else
+ algId.add(val2.getEncoded());
+ if (DEBUG)
+ debug(" params: " + new BigInteger(1, val2.getEncoded()).toString(16));
+ if (val2.isConstructed())
+ ber.skip(val2.getLength());
+ if (BERValue.isIndefinite(val))
+ val2 = ber.read();
+ }
+ else
+ algId.add(null);
+ digestAlgorithms.add(algId);
+ }
+
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed ContentInfo");
+ if (DEBUG)
+ debug(" ContentInfo: " + val);
+ val2 = ber.read();
+ if (val2.getTag() != BER.OBJECT_IDENTIFIER)
+ throw new BEREncodingException("malformed ContentType");
+ contentType = (OID) val2.getValue();
+ if (DEBUG)
+ debug(" ContentType: " + contentType);
+ if (BERValue.isIndefinite(val)
+ || (val.getLength() > 0 && val.getLength() > val2.getEncodedLength()))
+ {
+ val2 = ber.read();
+ if (val2 != BER.END_OF_SEQUENCE)
+ {
+ content = val2.getEncoded();
+ if (BERValue.isIndefinite(val))
+ val2 = ber.read();
+ if (DEBUG)
+ debug(" Content: " + new BigInteger(1, content).toString(16));
+ }
+ }
+
+ val = ber.read();
+ if (val.getTag() == 0)
+ {
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed ExtendedCertificatesAndCertificates");
+ if (DEBUG)
+ debug(" ExtendedCertificatesAndCertificates: " + val);
+ count = 0;
+ val2 = ber.read();
+ List certs = new LinkedList();
+ while (val2 != BER.END_OF_SEQUENCE &&
+ (val.getLength() > 0 && val.getLength() > count))
+ {
+ Certificate cert =
+ x509.generateCertificate(new ByteArrayInputStream(val2.getEncoded()));
+ if (DEBUG)
+ debug(" Certificate: " + cert);
+ certs.add(cert);
+ count += val2.getEncodedLength();
+ ber.skip(val2.getLength());
+ if (BERValue.isIndefinite(val) || val.getLength() > count)
+ val2 = ber.read();
+ }
+ certificates = (Certificate[]) certs.toArray(new Certificate[certs.size()]);
+ val = ber.read();
+ }
+
+ if (val.getTag() == 1)
+ {
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed CertificateRevocationLists");
+ if (DEBUG)
+ debug(" CertificateRevocationLists: " + val);
+ count = 0;
+ val2 = ber.read();
+ List crls = new LinkedList();
+ while (val2 != BER.END_OF_SEQUENCE &&
+ (val.getLength() > 0 && val.getLength() > count))
+ {
+ CRL crl = x509.generateCRL(new ByteArrayInputStream(val2.getEncoded()));
+ if (DEBUG)
+ debug (" CRL: " + crl);
+ crls.add(crl);
+ count += val2.getEncodedLength();
+ ber.skip(val2.getLength());
+ if (BERValue.isIndefinite(val) || val.getLength() > count)
+ val2 = ber.read();
+ }
+ this.crls = (CRL[]) crls.toArray(new CRL[crls.size()]);
+ val = ber.read();
+ }
+
+ signerInfos = new HashSet();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed SignerInfos");
+
+ if (DEBUG)
+ debug(" SignerInfos: " + val);
+
+ // FIXME read this more carefully.
+ // Since we are just reading a file (probably) we just read until we
+ // reach the end.
+ while (true)
+ {
+ int i = ber.peek();
+ if (i == 0 || i == -1)
+ break;
+ signerInfos.add(new SignerInfo(ber));
+ }
+ }
+
+ public BigInteger getVersion()
+ {
+ return version;
+ }
+
+ public Certificate[] getCertificates()
+ {
+ return (certificates != null ? (Certificate[]) certificates.clone()
+ : null);
+ }
+
+ public OID getContentType()
+ {
+ return contentType;
+ }
+
+ public byte[] getContent()
+ {
+ return (content != null ? (byte[]) content.clone() : null);
+ }
+
+ public Set getDigestAlgorithms()
+ {
+ // FIXME copy contents too, they are mutable!!!
+ return Collections.unmodifiableSet(digestAlgorithms);
+ }
+
+ public Set getSignerInfos()
+ {
+ Set copy = new HashSet();
+ for (Iterator it = signerInfos.iterator(); it.hasNext(); )
+ copy.add(it.next());
+ return Collections.unmodifiableSet(copy);
+ }
+}
--- /dev/null
+/* SignerInfo.java -- a SignerInfo object, from PKCS #7.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.pkcs;
+
+import gnu.java.security.OID;
+import gnu.java.security.ber.BER;
+import gnu.java.security.ber.BEREncodingException;
+import gnu.java.security.ber.BERReader;
+import gnu.java.security.ber.BERValue;
+import gnu.java.security.der.BitString;
+import gnu.java.security.der.DERValue;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import java.math.BigInteger;
+
+import javax.security.auth.x500.X500Principal;
+
+public class SignerInfo
+{
+ private final BigInteger version;
+ private final BigInteger serialNumber;
+ private final X500Principal issuer;
+ private final OID digestAlgorithmId;
+ private final byte[] digestAlgorithmParams;
+ private final byte[] authenticatedAttributes;
+ private final OID digestEncryptionAlgorithmId;
+ private final byte[] digestEncryptionAlgorithmParams;
+ private final byte[] encryptedDigest;
+ private final byte[] unauthenticatedAttributes;
+
+ private static final boolean DEBUG = false;
+ private static void debug(String msg)
+ {
+ System.err.print("SignerInfo >> ");
+ System.err.println(msg);
+ }
+
+ /**
+ * Parse a SignerInfo object.
+ */
+ public SignerInfo(BERReader ber) throws IOException
+ {
+ DERValue val = ber.read();
+ if (DEBUG)
+ debug("SignerInfo: " + val);
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed SignerInfo");
+
+ val = ber.read();
+ if (val.getTag() != BER.INTEGER)
+ throw new BEREncodingException("malformed Version");
+ version = (BigInteger) val.getValue();
+
+ if (DEBUG)
+ debug(" Version: " + version);
+
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed IssuerAndSerialNumber");
+
+ if (DEBUG)
+ debug(" IssuerAndSerialNumber: " + val);
+
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed Issuer");
+ issuer = new X500Principal(val.getEncoded());
+ ber.skip(val.getLength());
+ if (DEBUG)
+ debug(" Issuer: " + issuer);
+
+ val = ber.read();
+ if (val.getTag() != BER.INTEGER)
+ throw new BEREncodingException("malformed SerialNumber");
+ serialNumber = (BigInteger) val.getValue();
+ if (DEBUG)
+ debug(" SerialNumber: " + serialNumber);
+
+ val = ber.read();
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed DigestAlgorithmIdentifier");
+ if (DEBUG)
+ debug(" DigestAlgorithmIdentifier: " + val);
+
+ int count = 0;
+ DERValue val2 = ber.read();
+ if (val2.getTag() != BER.OBJECT_IDENTIFIER)
+ throw new BEREncodingException("malformed AlgorithmIdentifier");
+ digestAlgorithmId = (OID) val2.getValue();
+ if (DEBUG)
+ debug(" OID: " + digestAlgorithmId);
+
+ if (BERValue.isIndefinite(val))
+ {
+ val2 = ber.read();
+ if (val2 != BER.END_OF_SEQUENCE)
+ {
+ digestAlgorithmParams = val2.getEncoded();
+ val2 = ber.read();
+ if (val2 != BER.END_OF_SEQUENCE)
+ throw new BEREncodingException("expecting BER end-of-sequence");
+ }
+ else
+ digestAlgorithmParams = null;
+ }
+ else if (val2.getEncodedLength() < val.getLength())
+ {
+ val2 = ber.read();
+ digestAlgorithmParams = val2.getEncoded();
+ if (val2.isConstructed())
+ ber.skip(val2.getLength());
+ }
+ else
+ digestAlgorithmParams = null;
+ if(DEBUG)
+ debug(" params: " + (digestAlgorithmParams == null ? null
+ : new BigInteger(digestAlgorithmParams).toString(16)));
+
+ val = ber.read();
+ if (val.getTag() == 0)
+ {
+ authenticatedAttributes = val.getEncoded();
+ val = ber.read();
+ if (val.isConstructed())
+ ber.skip(val.getLength());
+ if (DEBUG)
+ debug(" AuthenticatedAttributes: " + val);
+ val = ber.read();
+ }
+ else
+ authenticatedAttributes = null;
+
+ if (!val.isConstructed())
+ throw new BEREncodingException("malformed DigestEncryptionAlgorithmIdentifier");
+ if (DEBUG)
+ debug(" DigestEncryptionAlgorithmIdentifier: " + val);
+ count = 0;
+ val2 = ber.read();
+ if (val2.getTag() != BER.OBJECT_IDENTIFIER)
+ throw new BEREncodingException("malformed AlgorithmIdentifier");
+ digestEncryptionAlgorithmId = (OID) val2.getValue();
+ if (DEBUG)
+ debug(" OID: " + digestEncryptionAlgorithmId);
+
+ if (BERValue.isIndefinite(val))
+ {
+ val2 = ber.read();
+ if (val2 != BER.END_OF_SEQUENCE)
+ {
+ digestEncryptionAlgorithmParams = val2.getEncoded();
+ val2 = ber.read();
+ if (val2 != BER.END_OF_SEQUENCE)
+ throw new BEREncodingException("expecting BER end-of-sequence");
+ }
+ else
+ digestEncryptionAlgorithmParams = null;
+ }
+ else if (val2.getEncodedLength() < val.getLength())
+ {
+ val2 = ber.read();
+ digestEncryptionAlgorithmParams = val2.getEncoded();
+ if (val2.isConstructed())
+ ber.skip(val2.getLength());
+ }
+ else
+ digestEncryptionAlgorithmParams = null;
+ if(DEBUG)
+ debug(" params: " + (digestEncryptionAlgorithmParams == null ? null
+ : new BigInteger(digestEncryptionAlgorithmParams).toString(16)));
+
+ val = ber.read();
+ if (val.getTag() != BER.OCTET_STRING)
+ throw new BEREncodingException("malformed EncryptedDigest");
+ encryptedDigest = (byte[]) val.getValue();
+ if (DEBUG)
+ debug(" EncryptedDigest: " + new BigInteger(1, encryptedDigest).toString(16));
+
+ if (ber.peek() == 1)
+ unauthenticatedAttributes = ber.read().getEncoded();
+ else
+ unauthenticatedAttributes = null;
+
+ if (ber.peek() == 0)
+ ber.read();
+ }
+
+ public BigInteger getVersion()
+ {
+ return version;
+ }
+
+ public BigInteger getSerialNumber()
+ {
+ return serialNumber;
+ }
+
+ public X500Principal getIssuer()
+ {
+ return issuer;
+ }
+
+ public OID getDigestAlgorithmId()
+ {
+ return digestAlgorithmId;
+ }
+
+ public byte[] getDigestAlgorithmParams()
+ {
+ return (digestAlgorithmParams != null
+ ? (byte[]) digestAlgorithmParams.clone()
+ : null);
+ }
+
+ public byte[] getAuthenticatedAttributes()
+ {
+ return (authenticatedAttributes != null
+ ? (byte[]) authenticatedAttributes.clone()
+ : null);
+ }
+
+ public OID getDigestEncryptionAlgorithmId()
+ {
+ return digestEncryptionAlgorithmId;
+ }
+
+ public byte[] getDigestEncryptionAlgorithmParams()
+ {
+ return (digestEncryptionAlgorithmParams != null
+ ? (byte[]) digestEncryptionAlgorithmParams.clone()
+ : null);
+ }
+
+ public byte[] getEncryptedDigest()
+ {
+ return (encryptedDigest != null ? (byte[]) encryptedDigest.clone() : null);
+ }
+
+ public byte[] getUnauthenticatedAttributes()
+ {
+ return (unauthenticatedAttributes != null
+ ? (byte[]) unauthenticatedAttributes.clone()
+ : null);
+ }
+}
/* GnuDSAPrivateKey.java --- Gnu DSA Private Key
- Copyright (C) 1999 Free Software Foundation, Inc.
+ Copyright (C) 1999,2003,2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
package gnu.java.security.provider;
+import gnu.java.security.OID;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
import java.math.BigInteger;
+
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAParams;
import java.security.spec.DSAParameterSpec;
+import java.util.ArrayList;
+
public class GnuDSAPrivateKey implements DSAPrivateKey
{
+ private byte[] encodedKey;
BigInteger x;
BigInteger p;
BigInteger q;
public String getFormat()
{
- return null;
+ return "PKCS#8";
}
+ /**
+ * Encodes this key as a <code>PrivateKeyInfo</code>, as described in
+ * PKCS #8. The ASN.1 specification for this structure is:
+ *
+ * <blockquote><pre>
+ * PrivateKeyInfo ::= SEQUENCE {
+ * version Version,
+ * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+ * privateKey PrivateKey,
+ * attributes [0] IMPLICIT Attributes OPTIONAL }
+ *
+ * Version ::= INTEGER
+ *
+ * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
+ *
+ * PrivateKey ::= OCTET STRING
+ *
+ * Attributes ::= SET OF Attribute
+ * </pre></blockquote>
+ *
+ * <p>DSA private keys (in Classpath at least) have no attributes.
+ */
public byte[] getEncoded()
{
+ if (encodedKey != null)
+ return (byte[]) encodedKey.clone();
+ try
+ {
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ ArrayList pki = new ArrayList(3);
+ pki.add(new DERValue(DER.INTEGER, BigInteger.ZERO));
+ ArrayList algId = new ArrayList(2);
+ algId.add(new DERValue(DER.OBJECT_IDENTIFIER,
+ new OID("1.2.840.10040.4.1")));
+ ArrayList algParams = new ArrayList(3);
+ algParams.add(new DERValue(DER.INTEGER, p));
+ algParams.add(new DERValue(DER.INTEGER, q));
+ algParams.add(new DERValue(DER.INTEGER, g));
+ algId.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, algParams));
+ pki.add(new DERValue(DER.OCTET_STRING, x.toByteArray()));
+ DERWriter.write(out, new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, pki));
+ return (byte[]) (encodedKey = out.toByteArray()).clone();
+ }
+ catch (IOException ioe)
+ {
return null;
}
+ }
public DSAParams getParams()
{
public String toString()
{
- return "GnuDSAPrivateKey: x=" + x.toString(16) + " p=" + p.toString(16)
- + " q=" + q.toString(16) + " g=" + g.toString(16);
+ return "GnuDSAPrivateKey: x="
+ + (x != null ? x.toString(16) : "null") + " p="
+ + (p != null ? p.toString(16) : "null") + " q="
+ + (q != null ? q.toString(16) : "null") + " g="
+ + (g != null ? g.toString(16) : "null");
}
}
/* GnuDSAPublicKey.java --- Gnu DSA Public Key
- Copyright (C) 1999,2003 Free Software Foundation, Inc.
+ Copyright (C) 1999,2003,2004 Free Software Foundation, Inc.
This file is part of GNU Classpath.
package gnu.java.security.provider;
+import gnu.java.security.OID;
+import gnu.java.security.der.BitString;
+import gnu.java.security.der.DER;
+import gnu.java.security.der.DERValue;
+import gnu.java.security.der.DERWriter;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
import java.math.BigInteger;
+
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.DSAParams;
import java.security.spec.DSAParameterSpec;
+import java.util.ArrayList;
+
public class GnuDSAPublicKey implements DSAPublicKey
{
+ private byte[] encodedKey;
BigInteger y;
BigInteger p;
BigInteger q;
public String getFormat()
{
- return null;
+ return "X.509";
}
+ /**
+ * The encoded form of DSA public keys is:
+ *
+ * <blockquote><pre>
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ * </pre></blockquote>
+ */
public byte[] getEncoded()
{
+ if (encodedKey != null)
+ return (byte[]) encodedKey.clone();
+ try
+ {
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ ArrayList spki = new ArrayList(2);
+ ArrayList alg = new ArrayList(2);
+ alg.add(new DERValue(DER.OBJECT_IDENTIFIER,
+ new OID("1.2.840.113549.1.1.1")));
+ ArrayList params = new ArrayList(3);
+ params.add(new DERValue(DER.INTEGER, p));
+ params.add(new DERValue(DER.INTEGER, q));
+ params.add(new DERValue(DER.INTEGER, g));
+ alg.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, params));
+ spki.add(new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, alg));
+ spki.add(new DERValue(DER.BIT_STRING, new BitString(y.toByteArray())));
+ DERWriter.write(out, new DERValue(DER.CONSTRUCTED|DER.SEQUENCE, spki));
+ return (byte[]) (encodedKey = out.toByteArray()).clone();
+ }
+ catch (IOException ioe)
+ {
return null;
}
+ }
public DSAParams getParams()
{
+ if (p == null || q == null || g == null)
+ return null;
return (DSAParams)(new DSAParameterSpec(p,q,g));
}
public String toString()
{
- return "GnuDSAPublicKey: y=" + y.toString(16) + " p=" + p.toString(16)
- + " q=" + q.toString(16) + " g=" + g.toString(16);
+ return
+ "GnuDSAPublicKey: y=" + (y != null ? y.toString(16) : "(null)") +
+ " p=" + (p != null ? p.toString(16) : "(null)") +
+ " q=" + (q != null ? q.toString(16) : "(null)") +
+ " g=" + (g != null ? g.toString(16) : "(null)");
}
}
Manifest manifest;
Attributes attributes;
String classPathString;
-
+
if ((manifest = jarfile.getManifest()) != null
&& (attributes = manifest.getMainAttributes()) != null
&& ((classPathString
Certificate[] getCertificates()
{
- return entry.getCertificates();
+ // We have to get the entry from the jar file again, because the
+ // certificates will not be available until the entire entry has
+ // been read.
+ return ((JarEntry) ((JarURLLoader) loader).jarfile.getEntry(name))
+ .getCertificates();
}
URL getURL()
// And finally construct the class!
SecurityManager sm = System.getSecurityManager();
+ Class result = null;
if (sm != null && securityContext != null)
{
- return (Class)AccessController.doPrivileged
+ result = (Class)AccessController.doPrivileged
(new PrivilegedAction()
{
public Object run()
}, securityContext);
}
else
- return defineClass(className, classData, 0, classData.length, source);
+ result = defineClass(className, classData, 0, classData.length, source);
+
+ super.setSigners(result, resource.getCertificates());
+ return result;
}
catch (IOException ioe)
{
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
+
package java.util.jar;
+import gnu.java.io.Base64InputStream;
+import gnu.java.security.OID;
+import gnu.java.security.pkcs.PKCS7SignedData;
+import gnu.java.security.pkcs.SignerInfo;
+
+import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
+import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.InvalidKeyException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CRLException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
import java.util.zip.ZipEntry;
import java.util.zip.ZipException;
import java.util.zip.ZipFile;
* Note that this class is not a subclass of java.io.File but a subclass of
* java.util.zip.ZipFile and you can only read JarFiles with it (although
* there are constructors that take a File object).
- * <p>
- * XXX - verification of Manifest signatures is not yet implemented.
*
* @since 1.2
* @author Mark Wielaard (mark@klomp.org)
+ * @author Casey Marshall (csm@gnu.org) wrote the certificate and entry
+ * verification code.
*/
public class JarFile extends ZipFile
{
/** The name of the manifest entry: META-INF/MANIFEST.MF */
public static final String MANIFEST_NAME = "META-INF/MANIFEST.MF";
+ /** The META-INF directory entry. */
+ private static final String META_INF = "META-INF/";
+
+ /** The suffix for PKCS7 DSA signature entries. */
+ private static final String PKCS7_DSA_SUFFIX = ".DSA";
+
+ /** The suffix for PKCS7 RSA signature entries. */
+ private static final String PKCS7_RSA_SUFFIX = ".RSA";
+
+ /** The suffix for digest attributes. */
+ private static final String DIGEST_KEY_SUFFIX = "-Digest";
+
+ /** The suffix for signature files. */
+ private static final String SF_SUFFIX = ".SF";
+
+ // Signature OIDs.
+ private static final OID MD2_OID = new OID("1.2.840.113549.2.2");
+ private static final OID MD4_OID = new OID("1.2.840.113549.2.4");
+ private static final OID MD5_OID = new OID("1.2.840.113549.2.5");
+ private static final OID SHA1_OID = new OID("1.3.14.3.2.26");
+ private static final OID DSA_ENCRYPTION_OID = new OID("1.2.840.10040.4.1");
+ private static final OID RSA_ENCRYPTION_OID = new OID("1.2.840.113549.1.1.1");
+
/**
* The manifest of this file, if any, otherwise null.
* Read when first needed.
private Manifest manifest;
/** Whether to verify the manifest and all entries. */
- private boolean verify;
+ boolean verify;
/** Whether the has already been loaded. */
private boolean manifestRead = false;
+ /** Whether the signature files have been loaded. */
+ boolean signaturesRead = false;
+
+ /**
+ * A map between entry names and booleans, signaling whether or
+ * not that entry has been verified.
+ * Only be accessed with lock on this JarFile*/
+ HashMap verified = new HashMap();
+
+ /**
+ * A mapping from entry name to certificates, if any.
+ * Only accessed with lock on this JarFile.
+ */
+ HashMap entryCerts;
+
+ static boolean DEBUG = false;
+ static void debug(Object msg)
+ {
+ System.err.print(JarFile.class.getName());
+ System.err.print(" >>> ");
+ System.err.println(msg);
+ }
+
// Constructors
/**
*/
public Enumeration entries() throws IllegalStateException
{
- return new JarEnumeration(super.entries());
+ return new JarEnumeration(super.entries(), this);
}
/**
* Wraps a given Zip Entries Enumeration. For every zip entry a
* JarEntry is created and the corresponding Attributes are looked up.
- * XXX - Should also look up the certificates.
*/
- private class JarEnumeration implements Enumeration
+ private static class JarEnumeration implements Enumeration
{
private final Enumeration entries;
+ private final JarFile jarfile;
- JarEnumeration(Enumeration e)
+ JarEnumeration(Enumeration e, JarFile f)
{
entries = e;
+ jarfile = f;
}
public boolean hasMoreElements()
Manifest manifest;
try
{
- manifest = getManifest();
+ manifest = jarfile.getManifest();
}
catch (IOException ioe)
{
{
jar.attr = manifest.getAttributes(jar.getName());
}
- // XXX jar.certs
+
+ synchronized(jarfile)
+ {
+ if (!jarfile.signaturesRead)
+ try
+ {
+ jarfile.readSignatures();
+ }
+ catch (IOException ioe)
+ {
+ if (JarFile.DEBUG)
+ {
+ JarFile.debug(ioe);
+ ioe.printStackTrace();
+ }
+ jarfile.signaturesRead = true; // fudge it.
+ }
+
+ // Include the certificates only if we have asserted that the
+ // signatures are valid. This means the certificates will not be
+ // available if the entry hasn't been read yet.
+ if (jarfile.entryCerts != null
+ && jarfile.verified.get(zip.getName()) == Boolean.TRUE)
+ {
+ Set certs = (Set) jarfile.entryCerts.get(jar.getName());
+ if (certs != null)
+ jar.certs = (Certificate[])
+ certs.toArray(new Certificate[certs.size()]);
+ }
+ }
return jar;
}
}
* It actually returns a JarEntry not a zipEntry
* @param name XXX
*/
- public ZipEntry getEntry(String name)
+ public synchronized ZipEntry getEntry(String name)
{
ZipEntry entry = super.getEntry(name);
if (entry != null)
if (manifest != null)
{
jarEntry.attr = manifest.getAttributes(name);
- // XXX jarEntry.certs
+ }
+
+ if (!signaturesRead)
+ try
+ {
+ readSignatures();
+ }
+ catch (IOException ioe)
+ {
+ if (DEBUG)
+ {
+ debug(ioe);
+ ioe.printStackTrace();
+ }
+ signaturesRead = true;
+ }
+ // See the comments in the JarEnumeration for why we do this
+ // check.
+ if (DEBUG)
+ debug("entryCerts=" + entryCerts + " verified " + name
+ + " ? " + verified.get(name));
+ if (entryCerts != null && verified.get(name) == Boolean.TRUE)
+ {
+ Set certs = (Set) entryCerts.get(name);
+ if (certs != null)
+ jarEntry.certs = (Certificate[])
+ certs.toArray(new Certificate[certs.size()]);
}
return jarEntry;
}
}
/**
- * XXX should verify the inputstream
- * @param entry XXX
+ * Returns an input stream for the given entry. If configured to
+ * verify entries, the input stream returned will verify them while
+ * the stream is read, but only on the first time.
+ *
+ * @param entry The entry to get the input stream for.
* @exception ZipException XXX
* @exception IOException XXX
*/
public synchronized InputStream getInputStream(ZipEntry entry) throws
ZipException, IOException
{
- return super.getInputStream(entry); // XXX verify
+ // If we haven't verified the hash, do it now.
+ if (!verified.containsKey(entry.getName()) && verify)
+ {
+ if (DEBUG)
+ debug("reading and verifying " + entry);
+ return new EntryInputStream(entry, super.getInputStream(entry), this);
+ }
+ else
+ {
+ if (DEBUG)
+ debug("reading already verified entry " + entry);
+ if (verify && verified.get(entry.getName()) == Boolean.FALSE)
+ throw new ZipException("digest for " + entry + " is invalid");
+ return super.getInputStream(entry);
+ }
}
/**
* Returns the manifest for this JarFile or null when the JarFile does not
* contain a manifest file.
*/
- public Manifest getManifest() throws IOException
+ public synchronized Manifest getManifest() throws IOException
{
if (!manifestRead)
manifest = readManifest();
return manifest;
}
+
+ // Only called with lock on this JarFile.
+ private void readSignatures() throws IOException
+ {
+ Map pkcs7Dsa = new HashMap();
+ Map pkcs7Rsa = new HashMap();
+ Map sigFiles = new HashMap();
+
+ // Phase 1: Read all signature files. These contain the user
+ // certificates as well as the signatures themselves.
+ for (Enumeration e = super.entries(); e.hasMoreElements(); )
+ {
+ ZipEntry ze = (ZipEntry) e.nextElement();
+ String name = ze.getName();
+ if (name.startsWith(META_INF))
+ {
+ String alias = name.substring(META_INF.length());
+ if (alias.lastIndexOf('.') >= 0)
+ alias = alias.substring(0, alias.lastIndexOf('.'));
+
+ if (name.endsWith(PKCS7_DSA_SUFFIX) || name.endsWith(PKCS7_RSA_SUFFIX))
+ {
+ if (DEBUG)
+ debug("reading PKCS7 info from " + name + ", alias=" + alias);
+ PKCS7SignedData sig = null;
+ try
+ {
+ sig = new PKCS7SignedData(super.getInputStream(ze));
+ }
+ catch (CertificateException ce)
+ {
+ IOException ioe = new IOException("certificate parsing error");
+ ioe.initCause(ce);
+ throw ioe;
+ }
+ catch (CRLException crle)
+ {
+ IOException ioe = new IOException("CRL parsing error");
+ ioe.initCause(crle);
+ throw ioe;
+ }
+ if (name.endsWith(PKCS7_DSA_SUFFIX))
+ pkcs7Dsa.put(alias, sig);
+ else if (name.endsWith(PKCS7_RSA_SUFFIX))
+ pkcs7Rsa.put(alias, sig);
+ }
+ else if (name.endsWith(SF_SUFFIX))
+ {
+ if (DEBUG)
+ debug("reading signature file for " + alias + ": " + name);
+ Manifest sf = new Manifest(super.getInputStream(ze));
+ sigFiles.put(alias, sf);
+ if (DEBUG)
+ debug("result: " + sf);
+ }
+ }
+ }
+
+ // Phase 2: verify the signatures on any signature files.
+ Set validCerts = new HashSet();
+ Map entryCerts = new HashMap();
+ for (Iterator it = sigFiles.entrySet().iterator(); it.hasNext(); )
+ {
+ int valid = 0;
+ Map.Entry e = (Map.Entry) it.next();
+ String alias = (String) e.getKey();
+
+ PKCS7SignedData sig = (PKCS7SignedData) pkcs7Dsa.get(alias);
+ if (sig != null)
+ {
+ Certificate[] certs = sig.getCertificates();
+ Set signerInfos = sig.getSignerInfos();
+ for (Iterator it2 = signerInfos.iterator(); it2.hasNext(); )
+ verify(certs, (SignerInfo) it2.next(), alias, validCerts);
+ }
+
+ sig = (PKCS7SignedData) pkcs7Rsa.get(alias);
+ if (sig != null)
+ {
+ Certificate[] certs = sig.getCertificates();
+ Set signerInfos = sig.getSignerInfos();
+ for (Iterator it2 = signerInfos.iterator(); it2.hasNext(); )
+ verify(certs, (SignerInfo) it2.next(), alias, validCerts);
+ }
+
+ // It isn't a signature for anything. Punt it.
+ if (validCerts.isEmpty())
+ {
+ it.remove();
+ continue;
+ }
+
+ entryCerts.put(e.getValue(), new HashSet(validCerts));
+ validCerts.clear();
+ }
+
+ // Phase 3: verify the signature file signatures against the manifest,
+ // mapping the entry name to the target certificates.
+ this.entryCerts = new HashMap();
+ for (Iterator it = entryCerts.entrySet().iterator(); it.hasNext(); )
+ {
+ Map.Entry e = (Map.Entry) it.next();
+ Manifest sigfile = (Manifest) e.getKey();
+ Map entries = sigfile.getEntries();
+ Set certificates = (Set) e.getValue();
+
+ for (Iterator it2 = entries.entrySet().iterator(); it2.hasNext(); )
+ {
+ Map.Entry e2 = (Map.Entry) it2.next();
+ String entryname = String.valueOf(e2.getKey());
+ Attributes attr = (Attributes) e2.getValue();
+ if (verifyHashes(entryname, attr))
+ {
+ if (DEBUG)
+ debug("entry " + entryname + " has certificates " + certificates);
+ Set s = (Set) this.entryCerts.get(entryname);
+ if (s != null)
+ s.addAll(certificates);
+ else
+ this.entryCerts.put(entryname, new HashSet(certificates));
+ }
+ }
+ }
+
+ signaturesRead = true;
+ }
+
+ /**
+ * Tell if the given signer info is over the given alias's signature file,
+ * given one of the certificates specified.
+ */
+ private void verify(Certificate[] certs, SignerInfo signerInfo,
+ String alias, Set validCerts)
+ {
+ Signature sig = null;
+ try
+ {
+ OID alg = signerInfo.getDigestEncryptionAlgorithmId();
+ if (alg.equals(DSA_ENCRYPTION_OID))
+ {
+ if (!signerInfo.getDigestAlgorithmId().equals(SHA1_OID))
+ return;
+ sig = Signature.getInstance("SHA1withDSA");
+ }
+ else if (alg.equals(RSA_ENCRYPTION_OID))
+ {
+ OID hash = signerInfo.getDigestAlgorithmId();
+ if (hash.equals(MD2_OID))
+ sig = Signature.getInstance("md2WithRsaEncryption");
+ else if (hash.equals(MD4_OID))
+ sig = Signature.getInstance("md4WithRsaEncryption");
+ else if (hash.equals(MD5_OID))
+ sig = Signature.getInstance("md5WithRsaEncryption");
+ else if (hash.equals(SHA1_OID))
+ sig = Signature.getInstance("sha1WithRsaEncryption");
+ else
+ return;
+ }
+ else
+ {
+ if (DEBUG)
+ debug("unsupported signature algorithm: " + alg);
+ return;
+ }
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ if (DEBUG)
+ {
+ debug(nsae);
+ nsae.printStackTrace();
+ }
+ return;
+ }
+ ZipEntry sigFileEntry = super.getEntry(META_INF + alias + SF_SUFFIX);
+ if (sigFileEntry == null)
+ return;
+ for (int i = 0; i < certs.length; i++)
+ {
+ if (!(certs[i] instanceof X509Certificate))
+ continue;
+ X509Certificate cert = (X509Certificate) certs[i];
+ if (!cert.getIssuerX500Principal().equals(signerInfo.getIssuer()) ||
+ !cert.getSerialNumber().equals(signerInfo.getSerialNumber()))
+ continue;
+ try
+ {
+ sig.initVerify(cert.getPublicKey());
+ InputStream in = super.getInputStream(sigFileEntry);
+ if (in == null)
+ continue;
+ byte[] buf = new byte[1024];
+ int len = 0;
+ while ((len = in.read(buf)) != -1)
+ sig.update(buf, 0, len);
+ if (sig.verify(signerInfo.getEncryptedDigest()))
+ {
+ if (DEBUG)
+ debug("signature for " + cert.getSubjectDN() + " is good");
+ validCerts.add(cert);
+ }
+ }
+ catch (IOException ioe)
+ {
+ continue;
+ }
+ catch (InvalidKeyException ike)
+ {
+ continue;
+ }
+ catch (SignatureException se)
+ {
+ continue;
+ }
+ }
+ }
+
+ /**
+ * Verifies that the digest(s) in a signature file were, in fact, made
+ * over the manifest entry for ENTRY.
+ *
+ * @param entry The entry name.
+ * @param attr The attributes from the signature file to verify.
+ */
+ private boolean verifyHashes(String entry, Attributes attr)
+ {
+ int verified = 0;
+
+ // The bytes for ENTRY's manifest entry, which are signed in the
+ // signature file.
+ byte[] entryBytes = null;
+ try
+ {
+ entryBytes = readManifestEntry(super.getEntry(entry));
+ }
+ catch (IOException ioe)
+ {
+ if (DEBUG)
+ {
+ debug(ioe);
+ ioe.printStackTrace();
+ }
+ return false;
+ }
+
+ for (Iterator it = attr.entrySet().iterator(); it.hasNext(); )
+ {
+ Map.Entry e = (Map.Entry) it.next();
+ String key = String.valueOf(e.getKey());
+ if (!key.endsWith(DIGEST_KEY_SUFFIX))
+ continue;
+ String alg = key.substring(0, key.length() - DIGEST_KEY_SUFFIX.length());
+ try
+ {
+ byte[] hash = Base64InputStream.decode((String) e.getValue());
+ MessageDigest md = MessageDigest.getInstance(alg);
+ md.update(entryBytes);
+ byte[] hash2 = md.digest();
+ if (DEBUG)
+ debug("verifying SF entry " + entry + " alg: " + md.getAlgorithm()
+ + " expect=" + new java.math.BigInteger(hash).toString(16)
+ + " comp=" + new java.math.BigInteger(hash2).toString(16));
+ if (!Arrays.equals(hash, hash2))
+ return false;
+ verified++;
+ }
+ catch (IOException ioe)
+ {
+ if (DEBUG)
+ {
+ debug(ioe);
+ ioe.printStackTrace();
+ }
+ return false;
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ if (DEBUG)
+ {
+ debug(nsae);
+ nsae.printStackTrace();
+ }
+ return false;
+ }
+ }
+
+ // We have to find at least one valid digest.
+ return verified > 0;
+ }
+
+ /**
+ * Read the raw bytes that comprise a manifest entry. We can't use the
+ * Manifest object itself, because that loses information (such as line
+ * endings, and order of entries).
+ */
+ private byte[] readManifestEntry(ZipEntry entry) throws IOException
+ {
+ InputStream in = super.getInputStream(super.getEntry(MANIFEST_NAME));
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ byte[] target = ("Name: " + entry.getName()).getBytes();
+ int t = 0, c, prev = -1, state = 0, l = -1;
+
+ while ((c = in.read()) != -1)
+ {
+// if (DEBUG)
+// debug("read "
+// + (c == '\n' ? "\\n" : (c == '\r' ? "\\r" : String.valueOf((char) c)))
+// + " state=" + state + " prev="
+// + (prev == '\n' ? "\\n" : (prev == '\r' ? "\\r" : String.valueOf((char) prev)))
+// + " t=" + t + (t < target.length ? (" target[t]=" + (char) target[t]) : "")
+// + " l=" + l);
+ switch (state)
+ {
+
+ // Step 1: read until we find the "target" bytes: the start
+ // of the entry we need to read.
+ case 0:
+ if (((byte) c) != target[t])
+ t = 0;
+ else
+ {
+ t++;
+ if (t == target.length)
+ {
+ out.write(target);
+ state = 1;
+ }
+ }
+ break;
+
+ // Step 2: assert that there is a newline character after
+ // the "target" bytes.
+ case 1:
+ if (c != '\n' && c != '\r')
+ {
+ out.reset();
+ t = 0;
+ state = 0;
+ }
+ else
+ {
+ out.write(c);
+ state = 2;
+ }
+ break;
+
+ // Step 3: read this whole entry, until we reach an empty
+ // line.
+ case 2:
+ if (c == '\n')
+ {
+ out.write(c);
+ // NL always terminates a line.
+ if (l == 0 || (l == 1 && prev == '\r'))
+ return out.toByteArray();
+ l = 0;
+ }
+ else
+ {
+ // Here we see a blank line terminated by a CR,
+ // followed by the next entry. Technically, `c' should
+ // always be 'N' at this point.
+ if (l == 1 && prev == '\r')
+ return out.toByteArray();
+ out.write(c);
+ l++;
+ }
+ prev = c;
+ break;
+
+ default:
+ throw new RuntimeException("this statement should be unreachable");
+ }
+ }
+
+ // The last entry, with a single CR terminating the line.
+ if (state == 2 && prev == '\r' && l == 0)
+ return out.toByteArray();
+
+ // We should not reach this point, we didn't find the entry (or, possibly,
+ // it is the last entry and is malformed).
+ throw new IOException("could not find " + entry + " in manifest");
+ }
+
+ /**
+ * A utility class that verifies jar entries as they are read.
+ */
+ private static class EntryInputStream extends FilterInputStream
+ {
+ private final JarFile jarfile;
+ private final long length;
+ private long pos;
+ private final ZipEntry entry;
+ private final byte[][] hashes;
+ private final MessageDigest[] md;
+ private boolean checked;
+
+ EntryInputStream(final ZipEntry entry,
+ final InputStream in,
+ final JarFile jar)
+ throws IOException
+ {
+ super(in);
+ this.entry = entry;
+ this.jarfile = jar;
+
+ length = entry.getSize();
+ pos = 0;
+ checked = false;
+
+ Attributes attr;
+ Manifest manifest = jarfile.getManifest();
+ if (manifest != null)
+ attr = manifest.getAttributes(entry.getName());
+ else
+ attr = null;
+ if (DEBUG)
+ debug("verifying entry " + entry + " attr=" + attr);
+ if (attr == null)
+ {
+ hashes = new byte[0][];
+ md = new MessageDigest[0];
+ }
+ else
+ {
+ List hashes = new LinkedList();
+ List md = new LinkedList();
+ for (Iterator it = attr.entrySet().iterator(); it.hasNext(); )
+ {
+ Map.Entry e = (Map.Entry) it.next();
+ String key = String.valueOf(e.getKey());
+ if (key == null)
+ continue;
+ if (!key.endsWith(DIGEST_KEY_SUFFIX))
+ continue;
+ hashes.add(Base64InputStream.decode((String) e.getValue()));
+ try
+ {
+ md.add(MessageDigest.getInstance
+ (key.substring(0, key.length() - DIGEST_KEY_SUFFIX.length())));
+ }
+ catch (NoSuchAlgorithmException nsae)
+ {
+ IOException ioe = new IOException("no such message digest: " + key);
+ ioe.initCause(nsae);
+ throw ioe;
+ }
+ }
+ if (DEBUG)
+ debug("digests=" + md);
+ this.hashes = (byte[][]) hashes.toArray(new byte[hashes.size()][]);
+ this.md = (MessageDigest[]) md.toArray(new MessageDigest[md.size()]);
+ }
+ }
+
+ public boolean markSupported()
+ {
+ return false;
+ }
+
+ public void mark(int readLimit)
+ {
+ }
+
+ public void reset()
+ {
+ }
+
+ public int read() throws IOException
+ {
+ int b = super.read();
+ if (b == -1)
+ {
+ eof();
+ return -1;
+ }
+ for (int i = 0; i < md.length; i++)
+ md[i].update((byte) b);
+ pos++;
+ if (length > 0 && pos >= length)
+ eof();
+ return b;
+ }
+
+ public int read(byte[] buf, int off, int len) throws IOException
+ {
+ int count = super.read(buf, off, (int) Math.min(len, (length != 0
+ ? length - pos
+ : Integer.MAX_VALUE)));
+ if (count == -1 || (length > 0 && pos >= length))
+ {
+ eof();
+ return -1;
+ }
+ for (int i = 0; i < md.length; i++)
+ md[i].update(buf, off, count);
+ pos += count;
+ if (length != 0 && pos >= length)
+ eof();
+ return count;
+ }
+
+ public int read(byte[] buf) throws IOException
+ {
+ return read(buf, 0, buf.length);
+ }
+
+ public long skip(long bytes) throws IOException
+ {
+ byte[] b = new byte[1024];
+ long amount = 0;
+ while (amount < bytes)
+ {
+ int l = read(b, 0, (int) Math.min(b.length, bytes - amount));
+ if (l == -1)
+ break;
+ amount += l;
+ }
+ return amount;
+ }
+
+ private void eof() throws IOException
+ {
+ if (checked)
+ return;
+ checked = true;
+ for (int i = 0; i < md.length; i++)
+ {
+ byte[] hash = md[i].digest();
+ if (DEBUG)
+ debug("verifying " + md[i].getAlgorithm() + " expect="
+ + new java.math.BigInteger(hashes[i]).toString(16)
+ + " comp=" + new java.math.BigInteger(hash).toString(16));
+ if (!Arrays.equals(hash, hashes[i]))
+ {
+ synchronized(jarfile)
+ {
+ if (DEBUG)
+ debug(entry + " could NOT be verified");
+ jarfile.verified.put(entry.getName(), Boolean.FALSE);
+ }
+ return;
+ // XXX ??? what do we do here?
+ // throw new ZipException("message digest mismatch");
+ }
+ }
+
+ synchronized(jarfile)
+ {
+ if (DEBUG)
+ debug(entry + " has been VERIFIED");
+ jarfile.verified.put(entry.getName(), Boolean.TRUE);
+ }
+ }
+ }
}
OSDN Git Service
