You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2005/09/25 02:32:39 UTC
svn commit: r291352 [10/10] - in /geronimo/trunk: applications/console-core/
applications/console-ear/src/plan/
applications/console-standard/src/java/org/apache/geronimo/console/util/
applications/console-standard/src/webapp/WEB-INF/ assemblies/j2ee-s...
Added: geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CRLObject.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CRLObject.java?rev=291352&view=auto
==============================================================================
--- geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CRLObject.java (added)
+++ geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CRLObject.java Sat Sep 24 17:31:10 2005
@@ -0,0 +1,388 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.util.jce.provider;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CRLException;
+import java.security.cert.Certificate;
+import java.security.cert.X509CRL;
+import java.security.cert.X509CRLEntry;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.geronimo.util.asn1.ASN1OutputStream;
+import org.apache.geronimo.util.asn1.DERObjectIdentifier;
+import org.apache.geronimo.util.asn1.DEROutputStream;
+import org.apache.geronimo.util.asn1.x509.CertificateList;
+import org.apache.geronimo.util.asn1.x509.TBSCertList;
+import org.apache.geronimo.util.asn1.x509.X509Extension;
+import org.apache.geronimo.util.asn1.x509.X509Extensions;
+import org.apache.geronimo.util.jce.X509Principal;
+
+/**
+ * The following extensions are listed in RFC 2459 as relevant to CRLs
+ *
+ * Authority Key Identifier
+ * Issuer Alternative Name
+ * CRL Number
+ * Delta CRL Indicator (critical)
+ * Issuing Distribution Point (critical)
+ */
+public class X509CRLObject
+ extends X509CRL
+{
+ private CertificateList c;
+
+ public X509CRLObject(
+ CertificateList c)
+ {
+ this.c = c;
+ }
+
+ /**
+ * Will return true if any extensions are present and marked
+ * as critical as we currently dont handle any extensions!
+ */
+ public boolean hasUnsupportedCriticalExtension()
+ {
+ Set extns = getCriticalExtensionOIDs();
+ if ( extns != null && !extns.isEmpty() )
+ {
+ return true;
+ }
+
+ return false;
+ }
+
+ private Set getExtensionOIDs(boolean critical)
+ {
+ if (this.getVersion() == 2)
+ {
+ HashSet set = new HashSet();
+ X509Extensions extensions = c.getTBSCertList().getExtensions();
+ Enumeration e = extensions.oids();
+
+ while (e.hasMoreElements())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+ X509Extension ext = extensions.getExtension(oid);
+
+ if (critical == ext.isCritical())
+ {
+ set.add(oid.getId());
+ }
+ }
+
+ return set;
+ }
+
+ return null;
+ }
+
+ public Set getCriticalExtensionOIDs()
+ {
+ return getExtensionOIDs(true);
+ }
+
+ public Set getNonCriticalExtensionOIDs()
+ {
+ return getExtensionOIDs(false);
+ }
+
+ public byte[] getExtensionValue(String oid)
+ {
+ X509Extensions exts = c.getTBSCertList().getExtensions();
+
+ if (exts != null)
+ {
+ X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+ if (ext != null)
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ try
+ {
+ dOut.writeObject(ext.getValue());
+
+ return bOut.toByteArray();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("error encoding " + e.toString());
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public byte[] getEncoded()
+ throws CRLException
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ try
+ {
+ dOut.writeObject(c);
+
+ return bOut.toByteArray();
+ }
+ catch (IOException e)
+ {
+ throw new CRLException(e.toString());
+ }
+ }
+
+ public void verify(PublicKey key)
+ throws CRLException, NoSuchAlgorithmException,
+ InvalidKeyException, NoSuchProviderException,
+ SignatureException
+ {
+ verify(key, "BC");
+ }
+
+ public void verify(PublicKey key, String sigProvider)
+ throws CRLException, NoSuchAlgorithmException,
+ InvalidKeyException, NoSuchProviderException,
+ SignatureException
+ {
+ if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
+ {
+ throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList.");
+ }
+
+ Signature sig = Signature.getInstance(getSigAlgName(), sigProvider);
+
+ sig.initVerify(key);
+ sig.update(this.getTBSCertList());
+ if ( !sig.verify(this.getSignature()) )
+ {
+ throw new SignatureException("CRL does not verify with supplied public key.");
+ }
+ }
+
+ public int getVersion()
+ {
+ return c.getVersion();
+ }
+
+ public Principal getIssuerDN()
+ {
+ return new X509Principal(c.getIssuer());
+ }
+
+ public X500Principal getIssuerX500Principal()
+ {
+ try
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(c.getIssuer());
+
+ return new X500Principal(bOut.toByteArray());
+ }
+ catch (IOException e)
+ {
+ throw new IllegalStateException("can't encode issuer DN");
+ }
+ }
+
+ public Date getThisUpdate()
+ {
+ return c.getThisUpdate().getDate();
+ }
+
+ public Date getNextUpdate()
+ {
+ if (c.getNextUpdate() != null)
+ {
+ return c.getNextUpdate().getDate();
+ }
+
+ return null;
+ }
+
+ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
+ {
+ TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+ if ( certs != null )
+ {
+ for ( int i = 0; i < certs.length; i++ )
+ {
+ if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
+ return new X509CRLEntryObject(certs[i]);
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public Set getRevokedCertificates()
+ {
+ TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+ if ( certs != null )
+ {
+ HashSet set = new HashSet();
+ for ( int i = 0; i < certs.length; i++ )
+ {
+ set.add(new X509CRLEntryObject(certs[i]));
+
+ }
+
+ return set;
+ }
+
+ return null;
+ }
+
+ public byte[] getTBSCertList()
+ throws CRLException
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ try
+ {
+ dOut.writeObject(c.getTBSCertList());
+
+ return bOut.toByteArray();
+ }
+ catch (IOException e)
+ {
+ throw new CRLException(e.toString());
+ }
+ }
+
+ public byte[] getSignature()
+ {
+ return c.getSignature().getBytes();
+ }
+
+ public String getSigAlgName()
+ {
+ Provider[] provs = Security.getProviders();
+
+ //
+ // search every provider looking for a real algorithm
+ //
+ for (int i = 0; i != provs.length; i++)
+ {
+ String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+ if ( algName != null )
+ {
+ return algName;
+ }
+ }
+
+ return this.getSigAlgOID();
+ }
+
+ public String getSigAlgOID()
+ {
+ return c.getSignatureAlgorithm().getObjectId().getId();
+ }
+
+ public byte[] getSigAlgParams()
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+ if ( c.getSignatureAlgorithm().getParameters() != null )
+ {
+ try
+ {
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("exception getting sig parameters " + e);
+ }
+
+ return bOut.toByteArray();
+ }
+
+ return null;
+ }
+
+ /**
+ * Returns a string representation of this CRL.
+ *
+ * @return a string representation of this CRL.
+ */
+ public String toString()
+ {
+ return "X.509 CRL";
+ }
+
+ /**
+ * Checks whether the given certificate is on this CRL.
+ *
+ * @param cert the certificate to check for.
+ * @return true if the given certificate is on this CRL,
+ * false otherwise.
+ */
+ public boolean isRevoked(Certificate cert)
+ {
+ if ( !cert.getType().equals("X.509") )
+ {
+ throw new RuntimeException("X.509 CRL used with non X.509 Cert");
+ }
+
+ TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+
+ if ( certs != null )
+ {
+ BigInteger serial = ((X509Certificate)cert).getSerialNumber();
+
+ for ( int i = 0; i < certs.length; i++ )
+ {
+ if ( certs[i].getUserCertificate().getValue().equals(serial) )
+ {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+}
+
Added: geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CertificateObject.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CertificateObject.java?rev=291352&view=auto
==============================================================================
--- geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CertificateObject.java (added)
+++ geronimo/trunk/modules/util/src/java/org/apache/geronimo/util/jce/provider/X509CertificateObject.java Sat Sep 24 17:31:10 2005
@@ -0,0 +1,727 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geronimo.util.jce.provider;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateParsingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.geronimo.util.asn1.*;
+import org.apache.geronimo.util.asn1.misc.MiscObjectIdentifiers;
+import org.apache.geronimo.util.asn1.misc.NetscapeCertType;
+import org.apache.geronimo.util.asn1.misc.NetscapeRevocationURL;
+import org.apache.geronimo.util.asn1.misc.VerisignCzagExtension;
+import org.apache.geronimo.util.asn1.util.ASN1Dump;
+import org.apache.geronimo.util.asn1.x509.BasicConstraints;
+import org.apache.geronimo.util.asn1.x509.KeyUsage;
+import org.apache.geronimo.util.asn1.x509.X509CertificateStructure;
+import org.apache.geronimo.util.asn1.x509.X509Extension;
+import org.apache.geronimo.util.asn1.x509.X509Extensions;
+import org.apache.geronimo.util.jce.X509Principal;
+import org.apache.geronimo.util.jce.interfaces.PKCS12BagAttributeCarrier;
+import org.apache.geronimo.util.encoders.Hex;
+
+public class X509CertificateObject
+ extends X509Certificate
+ implements PKCS12BagAttributeCarrier
+{
+ private X509CertificateStructure c;
+ private Hashtable pkcs12Attributes = new Hashtable();
+ private Vector pkcs12Ordering = new Vector();
+
+ public X509CertificateObject(
+ X509CertificateStructure c)
+ {
+ this.c = c;
+ }
+
+ public void checkValidity()
+ throws CertificateExpiredException, CertificateNotYetValidException
+ {
+ this.checkValidity(new Date());
+ }
+
+ public void checkValidity(
+ Date date)
+ throws CertificateExpiredException, CertificateNotYetValidException
+ {
+ if (date.after(this.getNotAfter()))
+ {
+ throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime());
+ }
+
+ if (date.before(this.getNotBefore()))
+ {
+ throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime());
+ }
+ }
+
+ public int getVersion()
+ {
+ return c.getVersion();
+ }
+
+ public BigInteger getSerialNumber()
+ {
+ return c.getSerialNumber().getValue();
+ }
+
+ public Principal getIssuerDN()
+ {
+ return new X509Principal(c.getIssuer());
+ }
+
+ public X500Principal getIssuerX500Principal()
+ {
+ try
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(c.getIssuer());
+
+ return new X500Principal(bOut.toByteArray());
+ }
+ catch (IOException e)
+ {
+ throw new IllegalStateException("can't encode issuer DN");
+ }
+ }
+
+ public Principal getSubjectDN()
+ {
+ return new X509Principal(c.getSubject());
+ }
+
+ public X500Principal getSubjectX500Principal()
+ {
+ try
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ ASN1OutputStream aOut = new ASN1OutputStream(bOut);
+
+ aOut.writeObject(c.getSubject());
+
+ return new X500Principal(bOut.toByteArray());
+ }
+ catch (IOException e)
+ {
+ throw new IllegalStateException("can't encode issuer DN");
+ }
+ }
+
+ public Date getNotBefore()
+ {
+ return c.getStartDate().getDate();
+ }
+
+ public Date getNotAfter()
+ {
+ return c.getEndDate().getDate();
+ }
+
+ public byte[] getTBSCertificate()
+ throws CertificateEncodingException
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ try
+ {
+ dOut.writeObject(c.getTBSCertificate());
+
+ return bOut.toByteArray();
+ }
+ catch (IOException e)
+ {
+ throw new CertificateEncodingException(e.toString());
+ }
+ }
+
+ public byte[] getSignature()
+ {
+ return c.getSignature().getBytes();
+ }
+
+ /**
+ * return a more "meaningful" representation for the signature algorithm used in
+ * the certficate.
+ */
+ public String getSigAlgName()
+ {
+ Provider[] provs = Security.getProviders();
+
+ //
+ // search every provider looking for a real algorithm
+ //
+ for (int i = 0; i != provs.length; i++)
+ {
+ String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
+ if (algName != null)
+ {
+ return algName;
+ }
+ }
+
+ return this.getSigAlgOID();
+ }
+
+ /**
+ * return the object identifier for the signature.
+ */
+ public String getSigAlgOID()
+ {
+ return c.getSignatureAlgorithm().getObjectId().getId();
+ }
+
+ /**
+ * return the signature parameters, or null if there aren't any.
+ */
+ public byte[] getSigAlgParams()
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+ if (c.getSignatureAlgorithm().getParameters() != null)
+ {
+ try
+ {
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ dOut.writeObject(c.getSignatureAlgorithm().getParameters());
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("exception getting sig parameters " + e);
+ }
+
+ return bOut.toByteArray();
+ }
+ else
+ {
+ return null;
+ }
+ }
+
+ public boolean[] getIssuerUniqueID()
+ {
+ DERBitString id = c.getTBSCertificate().getIssuerUniqueId();
+
+ if (id != null)
+ {
+ byte[] bytes = id.getBytes();
+ boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+ for (int i = 0; i != boolId.length; i++)
+ {
+ boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+ }
+
+ return boolId;
+ }
+
+ return null;
+ }
+
+ public boolean[] getSubjectUniqueID()
+ {
+ DERBitString id = c.getTBSCertificate().getSubjectUniqueId();
+
+ if (id != null)
+ {
+ byte[] bytes = id.getBytes();
+ boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()];
+
+ for (int i = 0; i != boolId.length; i++)
+ {
+ boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+ }
+
+ return boolId;
+ }
+
+ return null;
+ }
+
+ public boolean[] getKeyUsage()
+ {
+ byte[] bytes = this.getExtensionBytes("2.5.29.15");
+ int length = 0;
+
+ if (bytes != null)
+ {
+ try
+ {
+ ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+ DERBitString bits = (DERBitString)dIn.readObject();
+
+ bytes = bits.getBytes();
+ length = (bytes.length * 8) - bits.getPadBits();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("error processing key usage extension");
+ }
+
+ boolean[] keyUsage = new boolean[(length < 9) ? 9 : length];
+
+ for (int i = 0; i != length; i++)
+ {
+ keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
+ }
+
+ return keyUsage;
+ }
+
+ return null;
+ }
+
+ public List getExtendedKeyUsage()
+ throws CertificateParsingException
+ {
+ byte[] bytes = this.getExtensionBytes("2.5.29.37");
+ int length = 0;
+
+ if (bytes != null)
+ {
+ try
+ {
+ ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+ ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
+ ArrayList list = new ArrayList();
+
+ for (int i = 0; i != seq.size(); i++)
+ {
+ list.add(((DERObjectIdentifier)seq.getObjectAt(i)).getId());
+ }
+
+ return Collections.unmodifiableList(list);
+ }
+ catch (Exception e)
+ {
+ throw new CertificateParsingException("error processing extended key usage extension");
+ }
+ }
+
+ return null;
+ }
+
+ public int getBasicConstraints()
+ {
+ byte[] bytes = this.getExtensionBytes("2.5.29.19");
+
+ if (bytes != null)
+ {
+ try
+ {
+ ASN1InputStream dIn = new ASN1InputStream(new ByteArrayInputStream(bytes));
+ ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
+
+ if (seq.size() == 2)
+ {
+ if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+ {
+ return ((DERInteger)seq.getObjectAt(1)).getValue().intValue();
+ }
+ else
+ {
+ return -1;
+ }
+ }
+ else if (seq.size() == 1)
+ {
+ if (seq.getObjectAt(0) instanceof DERBoolean)
+ {
+ if (((DERBoolean)seq.getObjectAt(0)).isTrue())
+ {
+ return Integer.MAX_VALUE;
+ }
+ else
+ {
+ return -1;
+ }
+ }
+ else
+ {
+ return -1;
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("error processing key usage extension");
+ }
+ }
+
+ return -1;
+ }
+
+ public Set getCriticalExtensionOIDs()
+ {
+ if (this.getVersion() == 3)
+ {
+ HashSet set = new HashSet();
+ X509Extensions extensions = c.getTBSCertificate().getExtensions();
+
+ if (extensions != null)
+ {
+ Enumeration e = extensions.oids();
+
+ while (e.hasMoreElements())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+ X509Extension ext = extensions.getExtension(oid);
+
+ if (ext.isCritical())
+ {
+ set.add(oid.getId());
+ }
+ }
+
+ return set;
+ }
+ }
+
+ return null;
+ }
+
+ private byte[] getExtensionBytes(String oid)
+ {
+ X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+ if (exts != null)
+ {
+ X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid));
+ if (ext != null)
+ {
+ return ext.getValue().getOctets();
+ }
+ }
+
+ return null;
+ }
+
+ public byte[] getExtensionValue(String oid)
+ {
+ X509Extensions exts = c.getTBSCertificate().getExtensions();
+
+ if (exts != null)
+ {
+ X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid));
+
+ if (ext != null)
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ try
+ {
+ dOut.writeObject(ext.getValue());
+
+ return bOut.toByteArray();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("error encoding " + e.toString());
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public Set getNonCriticalExtensionOIDs()
+ {
+ if (this.getVersion() == 3)
+ {
+ HashSet set = new HashSet();
+ X509Extensions extensions = c.getTBSCertificate().getExtensions();
+
+ if (extensions != null)
+ {
+ Enumeration e = extensions.oids();
+
+ while (e.hasMoreElements())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+ X509Extension ext = extensions.getExtension(oid);
+
+ if (!ext.isCritical())
+ {
+ set.add(oid.getId());
+ }
+ }
+
+ return set;
+ }
+ }
+
+ return null;
+ }
+
+ public boolean hasUnsupportedCriticalExtension()
+ {
+ if (this.getVersion() == 3)
+ {
+ X509Extensions extensions = c.getTBSCertificate().getExtensions();
+
+ if (extensions != null)
+ {
+ Enumeration e = extensions.oids();
+
+ while (e.hasMoreElements())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+ if (oid.getId().equals("2.5.29.15")
+ || oid.getId().equals("2.5.29.19"))
+ {
+ continue;
+ }
+
+ X509Extension ext = extensions.getExtension(oid);
+
+ if (ext.isCritical())
+ {
+ return true;
+ }
+ }
+ }
+ }
+
+ return false;
+ }
+
+ public PublicKey getPublicKey()
+ {
+ return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
+ }
+
+ public byte[] getEncoded()
+ throws CertificateEncodingException
+ {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ DEROutputStream dOut = new DEROutputStream(bOut);
+
+ try
+ {
+ dOut.writeObject(c);
+
+ return bOut.toByteArray();
+ }
+ catch (IOException e)
+ {
+ throw new CertificateEncodingException(e.toString());
+ }
+ }
+
+ public void setBagAttribute(
+ DERObjectIdentifier oid,
+ DEREncodable attribute)
+ {
+ pkcs12Attributes.put(oid, attribute);
+ pkcs12Ordering.addElement(oid);
+ }
+
+ public DEREncodable getBagAttribute(
+ DERObjectIdentifier oid)
+ {
+ return (DEREncodable)pkcs12Attributes.get(oid);
+ }
+
+ public Enumeration getBagAttributeKeys()
+ {
+ return pkcs12Ordering.elements();
+ }
+
+ public String toString()
+ {
+ StringBuffer buf = new StringBuffer();
+ String nl = System.getProperty("line.separator");
+
+ buf.append(" [0] Version: " + this.getVersion() + nl);
+ buf.append(" SerialNumber: " + this.getSerialNumber() + nl);
+ buf.append(" IssuerDN: " + this.getIssuerDN() + nl);
+ buf.append(" Start Date: " + this.getNotBefore() + nl);
+ buf.append(" Final Date: " + this.getNotAfter() + nl);
+ buf.append(" SubjectDN: " + this.getSubjectDN() + nl);
+ buf.append(" Public Key: " + this.getPublicKey() + nl);
+ buf.append(" Signature Algorithm: " + this.getSigAlgName() + nl);
+
+ byte[] sig = this.getSignature();
+
+ buf.append(" Signature: " + new String(Hex.encode(sig, 0, 20)) + nl);
+ for (int i = 20; i < sig.length; i += 20)
+ {
+ if (i < sig.length - 20)
+ {
+ buf.append(" " + new String(Hex.encode(sig, i, 20)) + nl);
+ }
+ else
+ {
+ buf.append(" " + new String(Hex.encode(sig, i, sig.length - i)) + nl);
+ }
+ }
+
+ X509Extensions extensions = c.getTBSCertificate().getExtensions();
+
+ if (extensions != null)
+ {
+ Enumeration e = extensions.oids();
+
+ if (e.hasMoreElements())
+ {
+ buf.append(" Extensions: \n");
+ }
+
+ while (e.hasMoreElements())
+ {
+ DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
+ X509Extension ext = extensions.getExtension(oid);
+
+ if (ext.getValue() != null)
+ {
+ byte[] octs = ext.getValue().getOctets();
+ ByteArrayInputStream bIn = new ByteArrayInputStream(octs);
+ ASN1InputStream dIn = new ASN1InputStream(bIn);
+ buf.append(" critical(" + ext.isCritical() + ") ");
+ try
+ {
+ if (oid.equals(X509Extensions.BasicConstraints))
+ {
+ buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject()) + nl);
+ }
+ else if (oid.equals(X509Extensions.KeyUsage))
+ {
+ buf.append(new KeyUsage((DERBitString)dIn.readObject()) + nl);
+ }
+ else if (oid.equals(MiscObjectIdentifiers.netscapeCertType))
+ {
+ buf.append(new NetscapeCertType((DERBitString)dIn.readObject()) + nl);
+ }
+ else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL))
+ {
+ buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject()) + nl);
+ }
+ else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension))
+ {
+ buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject()) + nl);
+ }
+ else
+ {
+ buf.append(oid.getId());
+ buf.append(" value = " + ASN1Dump.dumpAsString(dIn.readObject()) + nl);
+ //buf.append(" value = " + "*****" + nl);
+ }
+ }
+ catch (Exception ex)
+ {
+ buf.append(oid.getId());
+ // buf.append(" value = " + new String(Hex.encode(ext.getValue().getOctets())) + nl);
+ buf.append(" value = " + "*****" + nl);
+ }
+ }
+ else
+ {
+ buf.append(nl);
+ }
+ }
+ }
+
+ return buf.toString();
+ }
+
+ public final void verify(
+ PublicKey key)
+ throws CertificateException, NoSuchAlgorithmException,
+ InvalidKeyException, NoSuchProviderException, SignatureException
+ {
+ Signature signature = null;
+
+ if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+ {
+ throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
+ }
+
+ try
+ {
+ signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId(), "BC");
+ }
+ catch (Exception e)
+ {
+ signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId());
+ }
+
+ signature.initVerify(key);
+
+ signature.update(this.getTBSCertificate());
+
+ if (!signature.verify(this.getSignature()))
+ {
+ throw new InvalidKeyException("Public key presented not for certificate signature");
+ }
+ }
+
+ public final void verify(
+ PublicKey key,
+ String sigProvider)
+ throws CertificateException, NoSuchAlgorithmException,
+ InvalidKeyException, NoSuchProviderException, SignatureException
+ {
+ Signature signature = Signature.getInstance(c.getSignatureAlgorithm().getObjectId().getId(), sigProvider);
+
+ if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature()))
+ {
+ throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
+ }
+
+ signature.initVerify(key);
+
+ signature.update(this.getTBSCertificate());
+
+ if (!signature.verify(this.getSignature()))
+ {
+ throw new InvalidKeyException("Public key presented not for certificate signature");
+ }
+ }
+}
Modified: geronimo/trunk/sandbox/spring-assembly/src/conf/server-gbean.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/sandbox/spring-assembly/src/conf/server-gbean.xml?rev=291352&r1=291351&r2=291352&view=diff
==============================================================================
--- geronimo/trunk/sandbox/spring-assembly/src/conf/server-gbean.xml (original)
+++ geronimo/trunk/sandbox/spring-assembly/src/conf/server-gbean.xml Sat Sep 24 17:31:10 2005
@@ -91,9 +91,6 @@
<uri>geronimo-spec/jars/geronimo-spec-corba-2.3-rc4.jar</uri>
</dependency>
<dependency>
- <uri>bouncycastle/jars/bcprov-jdk14-124.jar</uri>
- </dependency>
- <dependency>
<uri>avalon/jars/avalon-framework-4.1.4.jar</uri>
</dependency>
<dependency>